 Excellent. Well, welcome everybody. It's a pleasure to be here at Fosn. This is my first time attending Fosn. My friend Boris tells me about it every year and got me excited. So when I saw the opportunity to submit to the blockchain dev room, I said, I've got to do this. And Arjun helped me polish up my proposal. So thank you for that, Arjun. I work for Evernim. Evernim is a company that produces digital identity solutions to help organizations take advantage of the new customer relationships that modern digital identity is going to bring. So that's what we do. I'm a product manager, and I'm responsible for our contributions to the open-source upstream that's the Indian hyperledger ecosystem. We'll talk about that more in a moment. And the goal today is to explain how blockchain, how distributed ledgers finally brings about usable digital identities. It's more digital ledgers than blockchain. But a usable digital identity, we call self-sovereign. We're going to talk about that term. It depends on verifiable credentials. We're going to talk about that some. Indi is the project that makes this happen. And we're going to talk about the governance that's necessary for a self-sovereign identity to be useful. So let's talk about self-sovereign identity. Throughout history, there are a lot of different ways that we've communicated identity. Whether it's the scepter and crown of a ruler, to a signet ring, to coins, these carriers of identity have some things in common. They can be presented by the person who owns them. And the ruler can decide, today I'm going to go out as a peasant. I'm not going to wear the crown and scepter. They only have meaning to the people who understand them. So what might be a symbol of authority in ancient Greece was very different than a symbol of authority in China or the Mayan and Inca civilizations. It has to do with the environment that's in. They can transfer authority. So a signet ring or a cartouche would be used to imprint authority on an object that's being transferred. To say, yes, I signed this letter. I approved this letter. This is a royal edict. It can be used like a coin to say, this is a symbol of identity. The bearer of this coin has value that can be transferred in exchange. A key says the bearer of this key has authority to access an object or an area. It's interesting how uniforms convey identity. A police badge or medals say things that a person's allowed to do or represent things a person's done in the past. And again, they can be set aside when convenient. A cop doesn't have to bear his police badge when he's out at a movie. He can take that off when he's off duty. He can keep it on as a representative of his authority when he's on duty. Diploma is an interesting carrier of identity. It represents the things that you experience as you've had during a course of study which might or might not bear upon an employment relationship or future courses or other opportunities. That it's up to the person who receives that appointment to say, this applies or this doesn't. I trust this or I don't. And even if my university has gone out of business and no longer provides diplomas, I can still show people that I completed that course of study and that I went through that experience. Stamps show that the person who sent the letter paid for it. And so I imply that stamp. It can also be similar to an official seal. Government IDs are interesting because they contain a lot of information but mostly they're simply used to say, I'm a real person. And yes, I live in this place. In my driver's license I end up using for all sorts of things that have nothing to do with driving. And the government doesn't know every time I present my driver's license. It's my choice who I present it to and they can say, yes, this is valid without the government being able to track all those exchanges. Similarly with passport documents that give me the right to travel. But it's interesting that not all identities are issued, not all credentials are issued by a third party. I can create my own business card. I can say, hey, I work for my own consulting company and I decide how I want to represent myself and it's up to other people to decide what sort of exchanges that's useful for them to accept or not. A license plate is a very interesting thing because it's a very interesting use case because it's very analogous to an internet of things. I've attached my identity to a vehicle that I own and that vehicle can move through space without me being with it and my identity is still attached to say I'm authorized to operate that vehicle. All that vehicle is authorized through me, it's insured through me and I'm responsible for how it behaves. So these are all interesting carries of identity that we've used throughout millennia. Unfortunately on the internet, they don't really apply. It's very hard to validate most of these things on the internet and our relationships on the internet can be very transitory and so it's hard to know the context and the situations where those symbols, those carries of identity are valid and where they're not. So we created alternatives and different organizations, different corporations have said we'll be your carrier of identity, use us. And that works, it allows us to log into websites and do some basic things but it doesn't have the principles, the same attributes that those offline analogues used to have. Whenever I engage in a transaction on the internet these people can monitor it, they can see exactly what I'm doing, who I'm talking with, they can intercept those communications and they can take away my identity at any time and they largely behave reasonably except when they don't and that's the problem. They create these hunting pots of data that even when the actor is trying to follow good governance policies there's a lot of incentive for other people to get in there and take the information that's been collected and of course they don't always act with our best interests at heart. Sometimes they're doing things that are deliberately bad because it's a good business model for them. And as we look at future digital identity solutions we need to pay attention to how do we avoid these types of scenarios. That's where self-sovereign identity comes from. A number of years ago people started saying the thing that a digital identity needs to be usable is it needs to be mine. I need to have sovereignty. Now that term is kind of scary in the United States. It's often used by people who are carrying guns and saying they don't want to pay taxes. That's not the way we're talking about it here. We're saying sovereignty means your acting is a peer with everyone else on the Internet with everyone else in the digital ecosystem and I'm in control of my identity. So Christopher Allen is an early adopter of these principles. He's running a business building self-sovereign identity on the blockchain ecosystem and he's formulated these 10 principles that are pretty good summary of what makes the self-sovereign identity. That I as a user have an independent existence of anybody else. No organization can take away my existence. I'm in control of my identity. I have access to my data. It's got to be transparent. So this is where open source is really valuable because it allows me to see how that identity is formed and used. It needs to be long-lived. It needs to be transportable. I should be able to use it anywhere I want to use it so I need to consent to my identity getting used. I should be able to minimize the disclosure of claims. I only need to tell you what you need to know. I shouldn't have to tell you everything it's on my driver's license for you to know that I'm an adult. And similarly, it should be protecting my rights as a user. And this was in 2016. RISC regulation in Europe with GDPR have formulated a lot of these principles into law. And so what we found is that modern digital identity solutions need to, by embracing self-sovereignty, they become compliant with a lot of these new regulations. So self-sovereignty is also known as user-centric identity, user-controlled identity, user-owned. Gartner calls it brain-grown identity. Gartner is a major analyst firm. And they say that it's going to exponentially grow. That brain-grown identity solutions are going to be a significant influence in the market within the next two years. So what makes a self-sovereignty work is that I'm owning credentials. I'm owning statements of proof about things that pertain to me. And they need to be verifiable for them to have meaning. The World Wide Web Consortium has a proposal for a standard on verifiable credentials. And it has three main actors. The holder is the person who owns that credential. And they want to provide it as a proof to a verifier. And the verifier needs to look at that proof and say, do I trust it or not? And the issuer is the one who signs the credential and gives it to the holder. And you'll notice there's no connection between the verifier and the issuer. When the issuer sends out a credential, they register the keys that they used to sign it on a public blockchain or a decentralized ledger. And it's got what's called a did, a decentralized identifier, which anybody who receives that credential can say, oh, I understand which ledger I go to and I understand how to find the keys that sign this credential. And that public blockchain is what allows this work without the centralized authority. We want to be careful that people can't track us through this ecosystem. So we establish a distinct, pseudonymous relationship with everybody we're talking to. So the connection we have with the issuer is different from the connection we have with the verifier. And they can't coordinate. And we also want to keep those dids, any personal information off of the global ledger, because the global ledger cannot be, nothing can be deleted from it. And so we only put on the issuer keys, as an organization, they don't have the same privacy concerns that individuals have. And so the issuer keys are what goes on the ledger. Individual keys stay in individual wallets and passed around, but never go on that global ledger. And we use zero-knowledge proof, zero-knowledge cryptography that allows us to mix and match these claims and present them in a credential to be verified in a way that preserves privacy in a maximum way possible. We'll talk about that more in a second. Let's make this specific. I want to buy a tiger. I've always wanted a tiger. My kids want a tiger. Let's get a tiger. So I'm going to order a tiger, but I want to off the internet. I shop around. Alias International, they sell tigers. But they sell tigers that you're going to save. They're rescued tigers. I want to rescue a tiger. But how do I know that's true? There's a QR code. I take out my phone and I scan it. And it says, hey, Tiger Stewardship Advocates has issued a claim that they've inspected Alias International. And these are captive bred animals that can't be released. And, you know, great, I feel good. I'm not going to be damaging the global tiger population by taking care of this tiger. Now, of course, I have to do some research. Who is Tiger Stewardship Advocates? Do I trust them? Do I look around on the internet? They seem well respected. OK, I'm going to trust them. So there's a new QR code that says I'm going to make an individual connection. I'm going to share my DID. I'm going to generate a new DID and share it with Alias International. That's great. Now, they want some information from me. They want to know that I'm allowed to have a tiger in my city, that I'm an adult and can make this decision. I need to prove that I have tiger handler training and that I have access to a vet. Well, I've got a wallet full of credentials. And on the left, I've got four of these credentials that pertain to this. You know, Salt Lake City says I'm allowed to have a tiger. I have a relationship with a veterinarian. I've gone and established that relationship, got a credential that says that's true. I went to school. And in addition to my computer science classes, I took some tiger handling classes. So that's handled. And my Department of Motor Vehicles says where I live. And my birthday, my age, things like that. It doesn't have anything to do with driving, but it's what's on that credential. So using the wonders of zero-knowledge proofs, I can take pieces out of these credentials and generate a new proof that I'm going to hand to the vendor, to Alias International. And you'll see that in some of these ways, some of these proofs, I've reduced the specificity. So I don't have to give my birthday. I can just say I am, in fact, over 18. And the Department of Motor Vehicles says so. I can share the proof that I can have an exotic species. But I can also say this is the class I want you to know about, but I'm not sharing my grade. It wasn't that great. And I'm not telling you about my other classes, just the one that you've asked about. So I send that proof request over. That's great. I get a response. Everything's OK. It's going to be shipped by Speedy Delivery Incorporated. They give me a claim. That claim allows the bearer of this credential to act on their behalf. So that's great. So I'm here in Brussels. I'm not going to accept delivery of my tiger. So I've got a smart tiger cage on my front porch, and my delivery person can put it in there. So I've got to load that credential in there so they know that the cage can respond when it gets the right credential and a lot of access to that. However, Speedy Delivery doesn't do tigers. So Advanced Delivery is going to do it instead. The vendor can revoke that claim. And now whenever it's presented, they're going to go to the distribute ledger and say, oh, wait, this has been revoked. It's no longer valid. But somebody else is going to do that work. So they issue a new credential. So I can go to that box, and I can revoke the credential I gave it. They said that Speedy Delivery could do things. And instead, Advanced Delivery can do it. It can interact with that box. Now, that tiger doesn't want to sit in that box until I'm fortunate I'm home in the United States. Oh, so when they do the delivery, the individual employee can say, I have a credential that says I'm an individual employee. And by doing that, they can interact with the box. But the box can also issue a credential and can say, yes, I have in fact received, that employee came and interacted with me. And so that employee has proof that they completed their job. They can share with their employer and can use if there's ever even a future. Now, a tiger doesn't want to be in the box until I'm back to the States. So I can issue a credential to my neighbor and say, my neighbor can access the box and my neighbor can access my house. They're taking care of my house. I don't know how often they're going to need to access that house. But they can let the tiger in so it can play in the house with my kids while I'm away. Because that'll work out well. So that's a little bit of the back and forth of how these credentials work in a very practical use case that allows you to see some of the capabilities that a digital credential can have. Now, of course, most of us aren't going to have tigers in our backyards. But we will be interacting with vendors and organizations and neighbors digitally in the near future. And that's what we're enabling. To do that, we need a global public utility for identity. And my employer, Evernim, worked to found the Sovereign Foundation. The Sovereign Foundation runs a network that's intended to be this global public utility. And it's engineered solely for privacy enhancing self-sovereign identity. And it's engineered to be as cheap as possible so that people can use it in emerging economies who can't afford the transaction costs of an expensive network. It's all open source. And we use Hyperledger Indy to do that. So that's the project I spend most of my time working on. Indy is one of the blockchains that is part of the Hyperledger project. Hyperledger is a Linux Foundation project. So it received governance oversight for Linux Foundation. It specializes... Most of the projects that Hyperledger hosts are meant to be private blockchains. But it's interesting to see them expand as people have seen those use cases expand. Indy is a public permissioned block chain. So we don't use proof-of-stake or proof-of-work. Both of those are fairly expensive transaction settlement mechanisms. Instead, we use a Byzantine fault-tolerance consensus algorithm. And that allows the ledger to be resilient in the case of one-third of the nodes being defectors. And then when people enter the ecosystem, they have to make certain commitments to be good actors. And as long as they're following those commitments, we consider unlikely that more than a third would have a problem at the same time and be able to collude. There are a few key projects within the Indy project. URSA is the cryptographic backend. It's a library that's shared among all the Hyperledger projects. And you're welcome to use it for any cryptographic needs you have. It handles a non-cred, zero-knowledge proofs, various versions of that, Z-snarks and ZK-snarks, and various other cryptographic primitives we need. It's been analyzed by a number of stakeholders, a number of cryptographers from various organizations. A few people have done their doctoral work analyzing the library, so we have a lot of confidence in it. On top of URSA, then, is Plenum. Plenum is the actual ledger implementation that does the BFT algorithm. And then that's embodied in Node, which provides the networking and everything else necessary to be a server. We're actually forming the network. The network consists of 25 consensus nodes, and then there's other peers that can provide, we're deploying other peers that can provide read-only access as well. To interact with the network, you use an SDK. And so LibIndy knows how to talk to the network. The VCX is for Verifiable Claims Exchange. It handles talking to other agents in the ecosystem to provide those exchanges of credentials. And LibNolPay is a stub, an API for payment exchange because a lot of time you want to pay for credentials, as well as being able to pay the fees on the network for doing consensus. And then there's a wallet for containing these credentials. There's a variety of wrappers, so you can consume the SDK in the language of your choice, and you consume those by building agents. And an agent is what's actually interacting. It's your representative on the internet. And your mobile edge agent is what lives on your phone and allows you to provide credentials and accept credentials. And then issuers will also have their own agents that have wallets and can store and generate credentials. But these edge agents, the issuer and the consumer edge agents, they can be intermittent. You lose your phone, sometimes you turn it off, you're on a plane, whatever. We need something that provides persistency, persistent connectivity to the internet, and we call that a cloud agent. And a cloud agent buffers requests and delivers it when you're available. And it can also take some actions on your behalf when you're not available. There's two other use cases we pay attention to. On your mobile agent, you want, on your phone, you want one agent. You don't want a separate wallet for your bank and your government and your school. It's not just your identity. So you have thin agents that know how to talk to that full-fledged mobile agent to be able to allow your fitness tracker to issue credentials around your fitness or other kind of thin use cases. And then you have static agents. A static agent has no wallet. It has one key and one connection and knows how to attach a datagram, a credential to that connection. So this is the internet of things use case. It's your car, it's your thermometer, it's your sprinkler system that knows how to interact with your credentials. And Catalyst is a very interesting use case. It allows you to bootstrap your ecosystem. So it's currently used by the government in British Columbia, Canada. And they use Catalyst to create and hold credentials for all the organizations in the province who have business licenses. This has been live for a couple of months. Most of these organizations don't know anything about the software identity or verifiable credentials. But they all have a credential and it's owned by the org book that's an instance of Catalyst. And when the time comes that they want to control their own identity, that they want to take it away from the government stewardship, they can then claim that credential and bring it into their personal agent. So that's what Catalyst does is it provides that org book. It's not quite an agent, but it's very similar. The main design goal of Indy is to avoid correlation. That linkability is what creates the ad model use cases that a lot of these bad actors in the ecosystem have built their businesses around. And there's a variety of ways that correlation can be created and can be used against you. So the most obvious one is identifier-based correlation. My name, my IP address, my phone number, that can be used to track me through an ecosystem. Similarly, just attributes about me, knowing that I'm a white male from the western United States who works in software means that you can probably figure out, especially if you attach open source to that cloud of tags, you can track me pretty well through the internet and through most of my professional life even without knowing my name. Similarly, taking a signature or a hash of this information, that can be tracked because it's a one-way thing and you end up with the same signature each time. So we need to be careful that the hashes are intractable. Timing can be a concern in that you can track everywhere I check, if I'm in the same place every night at 10 or 11 o'clock, it's probably my house. And so that timing can be used to find out things that I don't necessarily want to share. Similarly, we need to be careful that multiple parties don't collude against us. And so we need to divide that ecosystem by having those pair-wise connections. So as a result, my verifiable claims I need to be able to ensure my privacy by choosing when I disclose, choosing what I share, choosing how precise it's going to be, making sure that the issuer and the verifier that I'm using different IDs with each one so they can't communicate about me, I should be able to use my identity with any verifier I want, be able to mix and match credentials for multiple identifiers, and that it can be revoked anonymously so that if my driver's license doesn't get... so that people can't go and look and say, oh, the State of Utah has revoked all the following driver's licenses. That can be embarrassing for me in a very different way than me trying to present my driver's license and the verifier seeing that it's been revoked. It's important to recognize that there's more than code associated with a successful blockchain solution. Governance in every human endeavor, there is governance in our interactions. It's either if we are not explicit about it, it's going to happen implicitly. And that governance is what allows us to have trust in our interactions. Bruce Schneier is a security researcher. He has this great book called Liars and Outliers where he explains that when we're in relationships, as a society, we need to protect society against liars against bad actors who are defecting against the public good. But at the same time, we need to enable outliers. That society moves forward because Jesus' and Gandhi's and Martin Luther King Jr.'s and political activists and humanitarian activists are breaking the rules, they're putting pressure on our institutions to help us be better. Otherwise, we're stuck the same forever. And so we need to be careful that the systems we create still allow that human interaction of improvement while protecting us against the bad actors. And there's four ways we do that. There's moral pressure, ethics and lists of do's and do nots and why you need to be a moral being. Reputational pressure that if I do this, it's going to damage my reputation and you're going to act differently towards me. Institutional pressure where as an organization, as an employer, as a fraternity or civic institution or a government, they police the actions of their citizens and their members. And then there's technological solutions. And a lot of the problems we have is that we try to use the wrong tear to address a concern. Things that should be handled in technology instead we allow humans to make mistakes in. Similarly, things that humans should be allowed to make judgments about we try to solve with technology. We end up with situations where the speedlight camera doesn't realize that I'm rushing to the hospital, whereas a human cop would say, oh, I should escort you. And that's where we need to make sure we're using the right tear for a solution. So we call that the BLT, business legal technical. We got to pay attention to all three tiers of that ecosystem to make sure that the solution can be adopted and deployed. In credential exchange, you can think about like a credit card network. The policies in the credit card network would allow that business to accept a visa or a master card and know they're going to get money. And in a self-sovereign identity, digital credential, you need to have that same trust framework that allows you to say, yes, I can have confidence in that credential. So Dr. Ed Reid, our chief trust officer and one of my colleagues, he talks about how every credential is going to have a trust framework. It's going to say who can issue this credential, what is the process to issue it, what policies have to be followed, and what the content of the credential should be. And there'll be lots of these. Universities in the West of the United States will have one set of credentials for computer science. And insurers in Eastern Canada will have one set of credentials for that kind of insurance. And businesses in the European Union will have a set of credentials that are governed by their regulation. So you don't expect just one. There's going to be a lot of these. And people are already forming these trust frameworks to standardize these. And so you end up with a situation where the digital credential can't exist without a trust framework, a governance framework, that you need both in order to have confidence that you can consume and reuse that digital credential. Similarly, there has to be rules around the blockchain that distribute the ledger. Andy isn't actually a blockchain, but that distributed ledger that allows you to have confidence that it's being... that the stewards and the consensus are acting on the best interests of the users, that they're preserving privacy, that they're following security best practices, and thankfully they'll get hacked. And that's what allows our business default tolerance system to be reliable for the global public utility, while still keeping the cost to individuals as low as possible because we need this to be adopted in humanitarian cases. So sovereign... the sovereign foundation is the facilitator of that governance framework, but all the different participants in the ecosystem have representation in negotiating that governance framework. In conclusion, let's summarize a few of the principles that make a digital identity usable, that a usable digital identity is self-sovereign. It's built with open source and open standards. It's got a decentralized root of authority so you don't have a single actor that can fail. It keeps personal data off the public ledger and allows selective disclosure to resist correlation and exist within a trust framework. As these principles that the sovereign has embodied in their identity network, the INDI is the project that deploys that and the Evernim is working to bring to market. So thank you very much. I open the floor for questions. I just wanted to ask how we know that we can trust the issuer of the credential. You mentioned the framework, so let's say with the government we should be able to, I don't know, import a list of trusted private public keys which are allowed to issue the credentials and who controls the list of these issuers, how this is implemented. Because this is the key part of the system. Yeah, and that's the next question. It's the next question. The best way to think about it is how do you know when I went to the grocery store and signed submitted credit card? They're not used to American credit cards that have this archaic signature and they look and they see my signature is illegible. So they want to see my ID. So I hand them my ID from the state of Utah. How does that person know to trust that ID? The answer is they looked at it and they trusted it. In normal, offline life we decide what we'll trust. And for that signature it was a thing of milk, it's like 2 euro. It doesn't matter, she's just going to trust it. But if I was trying to get by a house from that person I'd have to submit a lot more documentation to the list of centralized authorities. Instead, each credential has an issuer and you have to look it's you as the consumer that credential has to look and say, do I trust that issuer? And that's your decision. So that was an excellent question, thank you. Wait for the mic so it's in the recording. So the question is how do I join the network and is you work so Indy is built with a BFT consensus network and so this blockchain it has 25 consensus nodes and the pool those 25 nodes are drawn from currently is about 60 and they're selected, they're rotated due to various criteria that's been selected in the sovereign governance framework. So to become a steward to participate in the consensus pool you have to submit to the sovereign foundation and say I want to be a steward and I submit that I will have a machine of the following characteristics it's going to have good firewall rules I promise to be around for 24-7 support that kind of thing and then you get to participate in that consensus pool and it is a democratic process they have regular meetings where they decide how that will work but you can consume those credentials without being a steward so that's just the consensus pool and that's why we're a public permission consensus pool we found that proof of stake and proof of work it kept the cost too high for these credentials we need them to be super cheap to validate and so that's why we followed this model and that's why that governance framework that the sovereign networks governed by is so important because it does provide a gatekeeper that you're going to talk with a node who's met some minimal some minimal level of reputation and we can kick them out if they don't comply because we got a pool of other nodes that want to exist yes so who currently consists of that governance pool on the ledger in the SDK you can query and get the list of all those participants currently we have we have a number of different representatives IBM has a node my employer Evernim has a node there's a node by an organization in France called Twin Peak there's a node hosted at the University of Switzerland there's a node in Brazil I don't remember who's hosting it so we're really trying hard to have a variety of organizations and jurisdictions as well as a technological diversity in that consensus pool currently we only support Ubuntu which is a bit of a vulnerability we're going to widen that technological diversity but we have a public non-profit and corporate representatives in that pool today yes excellent question so the question was about whether we've looked at risks emerging risks like quantum computing and resilience to that that Hyperledger ERSA project I know they've had some conversations on the crypto tier about how to be quantum resilient but I don't know much about it sorry I didn't see you have the mic so I have just a small comment sort of a question start a discussion the comment is when you're presenting blockchain please don't talk about buying tigers because it's not like it's not what this stuff is going to be for it's not where it's going to be the most interesting in the long term and people can take it wrong and the kind of the question is so you said about you're going to have lots of issuers and the issuers are going to they're going to make statements and it's up to the person who is accepting that credential to validate the statement but if you've got lots of issuers who are validating the issuers and doesn't that just become a web of trust can't you just treat that as a web of trust where I trust this and so therefore I have a certain level of trust in all of these things yes the difference is that it's a distributed web of trust there's multiple webs of trust and there's multiple governance frameworks and you can decide which ones you accept and which ones don't and it's up to you as an individual to make that decision rather than some PKI infrastructure about the use cases we talk about it's hard in a presentation most of the time you're going to be interacting with yourself sovereign identity it's going to be I'm buying a stamp at the post office I'm buying a gallon of milk is the day-to-day stuff that doesn't make for an interesting conversation but the examples you'll find in any project are all around presenting your diploma that you get at a university these kind of daily life things that's what we expect people will have thousands of credentials some of them will be many of them will be issued by third parties some of them will be issued by themselves about themselves that they want to share with people it will become an everyday part of our interactions with other people yep absolutely so thank you so much to the speaker again thank you and again we wait five minutes for the next round