Hi, everyone, and welcome to today's webinar. We'll be discussing decentralized identity, and particularly that it's a key to reusing identity for improved security and user experiences. My name is Annie Bailey. I'm a senior analyst with KuppingerCole.
And today, I've got Darrell Geusz with us, who is the product lead for PingOneNeo at Ping Identity. Hi, Darrell. Thanks for being here today. Thank you for having me. I really appreciate it. So before we really dive in, I have a couple notes for you. First of all, you are muted centrally, so you don't need to worry about muting or unmuting yourself. So be relaxed, but not too relaxed, please, because we'd like to keep this interactive. We have a few polls scattered throughout our talks today, and we'd love to hear your input and opinions.
So I'll let you know about those poll questions, what to do, how to submit your answers there. And at the end of the session, we'll take a look at the results, and we can talk about those. Also at the end, we'll take all of your questions and be ready to answer those. You can submit your questions at any time throughout the webinar. Please use the question panel on our webinar platform. And those will be sent to me. I'll moderate those after both Daryl and I have spoken. So don't be shy. Please send those in.
You'll also get a recording of this webinar, and the slide decks that we're using, those will be made available to you in the next few days. So let's begin with our first poll question.
Of course, our topic today is decentralized identity. And we'd like to know, where do you expect to see the biggest impact of decentralized identity? Do you anticipate that in reusable consumer identities, and workforce, or partner onboarding, privacy for user data? Or do you simply need to know more about it? And if that's the case, then you've certainly joined the right webinar. You can submit your answer, and I'll leave a little bit of time for you to do that before moving on. Let's continue by looking at our agenda.
I'll kick it off today discussing a unified user journey, and how reusability is a key foundation here. Daryl will be building off of that, looking at creating instant trust in the modern digital era with decentralized identity.
Then, as I mentioned before, we'll look at the survey results, and answer your questions. So please send those in. OK. Our topic today, of course, is decentralized identity. But rather than talking about the technology from that perspective, I'd like to go to where it's really useful. What is its application? Why is it interesting for us? And so we'll go back to the basics of a user journey. And what is this all about at its most fundamental? And it's really about going from being unknown to becoming known.
In the real world, or in the physical world, I should say, we have ideas at what this could be. But it's really quite flexible. It could be anything from recognizing a person's face, shaking their hand, asking their name, all sorts of possibilities. And in the digital world, these interactions are really mediated through a digital identity. This is our key from going from being unknown to being known. That involves being able to consume digital identity, being able to store it, being able to share it, being able to trust it. There's a lot of aspects that go into your digital identity.
And the second portion to think about is, who is the user? It's very easy to think just of the consumer. But really, there's all sorts of users, all sorts of people, services, processes that could be considered a user with a user journey, where that is mediated by a digital identity. So let's take a step further and think about all of those different potential user journeys. Exactly your consumer, your customers, partners, suppliers, workforce, services, devices, and things all go through this process of being unknown to being known.
That begins with a first interaction, for example, onboarding. But this also begins again when that known user goes away, comes back, and would like to re-engage, for example, via authentication. There's still a moment in time where that user is still unknown until they re-announce themselves, so to speak, to us. And what is the piece that gets us here? We've already talked about digital identity. But within that, how do we trust that really this unknown user on the left side is really the known user on the right side? And identity verification is a glue here.
It's getting us from one side to the other. For example, onboarding. You have a couple of different methods that this happens. You have remote identity verification, which, in a nutshell, the user takes a government-issued ID, scans it with a mobile device, or maybe uses their mobile device to read the embedded chip in that identity document, takes a selfie or a selfie video, compares those two, and matches that to each other and against a government repository. And you are known as a customer or a partner, for example.
There's also federated options against an EID or verified data such as with your bank. Or there are wallet options as well, which is our first inkling of our topic today of decentralized identity. And this is a different setup where the information is staying with the user, and they are choosing to share this verified information to onboard and to prove who they are. And this can follow us through these different types of interactions, through authentication and through high-value transactions, being able to step up the identity assurance here.
Now, to be really honest, identity verification is usually not what people get excited about when they're signing up for a service or when they are submitting an application for a loan or some high-value transaction. It's annoying, and wouldn't it be great to just do it once and have it over with? And so that's why reusability is a really key piece here.
Again, going back to the idea of identity verification, it's a really key piece here. Again, going back to our original statement, the user journey is going from unknown to becoming known. Having a reusable identity verification really improves this process, both from the experience side and the security side. There are many different technology methods to do identity verification. There are many different combinations of physical-to-digital interactions.
Of course, we have exclusively in-person identity verification methods, all the way to completely remote and all digital, where there's not even another person on the other side that you're interacting with to verify your identity. And down at the bottom, the bottom row is user-centric. And this is a different paradigm than what we've seen before. This is the user's ability to hold and share verified information about themselves that is able to be trusted by the party that they share it with. And this is building off of a one-time identity verification process.
For example, being able to scan your identity document, match that with a biometric selfie or fingerprint, that's good for a snapshot in time. And by bringing this into a wallet solution, a decentralized solution, you're then able to hold on to that snapshot in time and verify that at multiple points in the future. So now we've made it all the way from digital identity as a large umbrella concept to identity verification to now understanding, OK, we really need a reusable verified identity.
And what are the most important components here that are underpinning a user-centric and reusable verified identity? It, first of all, has to be trusted. When this is being shared with another organization, that organization has to be able to verify it, that the source of that verification is adequate for those purposes. So it must be underpinned by a robust identity verification process. Reusability, we've already touched on. But what does that really mean? Components here is that it needs to be securely stored. This is typically in a user-centric or a wallet-based approach.
But there are other options here as well. And it needs to be reusable, in some cases, within an ecosystem, so within a family of brands or partners. But it gets really interesting when you're able to use this across ecosystems with organizations that really have nothing to do with each other. To get there, you need interoperability built on common standards. And interoperability here could mean interoperability across different use cases. So going from onboarding to authentication to stepping up your identity assurance for high-value transactions. But this also could be for personas.
You acting as a private person or as an employee or as a contractor, this reusable verified identity should be able to cross all of those options. And particularly important, because we're moving in the direction of a multi-credential, multi-wallet world. So what should you do with this information? A Kuping or Kohl recommendation would be to set the foundation for your future use cases, not just your current ones. A reusable identity verification is a modular piece in your user journey. Because as we've seen before, there are many different users.
And the reusable identity portion is the foundation for each of those different user journeys. So you begin by identifying your relevant use cases, whether that be consumer onboarding, thinking about employees or suppliers. A fraud reduction is a big focus here, or rather, moving towards passwordless. It's important to then pick out, what are your big wins here? It's important to make this decision based on your own context and needs.
But example variables to guide this decision would be the complexity it takes to implement such a solution, the potential efficiency, cost savings, again, customized to your needs. And then to reflect, after implementing such a solution for your big win use case, how does that change the threshold for other use cases? How does the efficiency increase? Because you already have a foundational piece of the user journey in place. So to close out, I have a few recommendations for you, which would be to, of course, consider which identity solutions your organization needs as a starting point.
But to be curious, focus on early adopter groups that are already implementing solutions like this. Design your user journeys with digital identity in mind and understand how that can improve it. Understand, of course, the compliance requirements. Learn from the success stories of others. And get started. Start building a pilot and taking an iterative approach.
With that, thank you very much for your attention. Please send in your questions. You can take a moment now to send those in, and we'll address those at the end of both of our sessions. And before I hand it over to Daryl, we have a second poll question as well.
So again, considering decentralized identity, how important will decentralized employee identities be for your business in the next 12 months? I'll give a pause here so you have time to submit your answer. And then I'll hand it over to Daryl.
Thanks, Annie. So really, what are we trying to accomplish whenever we start looking at this new paradigm of decentralized identity and verifiable credentials?
Well, they are transformative, and we're going to explain some reasons why they are. But really, it's about creating instant trust. The industry has been talking about zero trust for a long time. But the truth is, that's very off-putting to our users to always be distrusted, not trusted. So why not enable them and empower them to get instant trust instead? And that's really the goal. And keep in mind as we go through this, that this is a marathon, not a sprint. This is still the early days of this technology and its rollout.
So as we walk through, we're going to actually look at some real use cases being built now. But keep in mind, the potential here is amazing. It's a green field, and we just started plowing the field to plant the crops and have them grow. So with that, I'll go to my first slide. And when you look at it, you'll say, wait a minute. I thought this webinar was about digital credentials and digital wallets.
Well, don't worry. It is. Annie shared the importance of reusable verified identities, and she shared some of the different digital identity technology methods that are currently in use. But it's important to frame the conversation to understand why most of the ways that we interact today in the digital space are actually not in our best interest.
You see, physical and paper credentials have been around for a long, long time. They've been used in society, and they continue to be so. Why is that?
Well, because they meet human requirements, not just business or government ones. We carry them wherever we go, and they deliver us ultimate portability as a result. They include standards that can be recognized and accepted in a lot of places quickly. They can be used over and over again for a lot of use cases, adding more convenience in our life. And when we use them, the issuer doesn't know where we have used them, adding key privacy in our life. They cannot track us. Each one represents various roles or personas that we have in our lives.
For example, my employee badge is optimized to be used when I'm at work. We can also use them in combination very easily, increasing our individual level of trust as we present each additional physical or paper credential. So you can see why paper and physical credentials continue to persist.
And now, if you've been paying attention, they're actually increasingly relied on as the root of trust when registering into the digital world. Meanwhile, humans have had a much more difficult time interacting in the digital world. We use current data sharing constructs and seemingly infinite variety of interaction methods and authentication methods that we have to keep learning and to keep up with. It's a constant context switching and management nightmare.
Today, so-called trusted third parties usually sit between us as users and the application or the service provider we're going to interact with. Many times, we don't even know that they're being used or who they are underneath the covers. And in this way, we're actually peripheral to the ultimate transaction. And we have no idea what data was really shared about us or if the recipient was legitimate or not or if the data is being harvested by somebody in the transaction and sometimes even sold to third parties or has been breached or stolen.
This traditional construct also involves fairly complex integrations and infrastructure that has to be stood up and managed in a point-to-point fashion, increasing the attack surface of both organizations on each end of that integration. In addition, because of the intrinsic nature of federated architectures, every transaction can be tracked by that trusted third party. You can't get around it. Consent management is very complex and difficult to implement and enforce in this federated model as well, including the ever-important right to be forgotten.
So as we demand access to more and more digital services, the number of these point-to-point connections that have to be built on the back end rose rapidly. And most organizations cannot manage that many new connections, plus the existing ones they're already managing, demonstrating that this traditional federated architecture is not scalable. This federated model and the application or the service provider also frequently warehouses stale copies of data that they get, making it a nightmare to refresh that data as it proliferates and it also creates a liability due to potential breaches.
So, whoops, there we go. So now it's time to make the user what we call the trusted first party in the equation. By decentralizing the architecture and the user attributes by leveraging a secure wallet as the transport mechanism, we empower the user to have choice, consent and control over their information.
In fact, consent is built into the architecture by default and mechanisms like selective disclosure allows the users to choose what data to share and when, plus things called zero knowledge proofs are available where an attribute that proves the user, for example, is a certain age can be shared instead of the entire birth date of the user. So it unifies and it simplifies the user experience. And here's the cool thing, it does it across all the channels, it becomes omni-channel.
It opens up the opportunity to also deliver in-person and even offline experiences that match those experiences you have online using the same wallet and the same credentials. Finally, it's more affordable to implement and manage and it's fully scalable because you don't need those complex backend integrations anymore. This will fundamentally transform how we interact and share data with machines, applications and service providers and even one another.
If implemented properly, this approach can simultaneously increase security and lower risk to all parties involved, increase our privacy and improve the user experience. And finally, industry standards are available that provide an open way to issue these digital credentials and compliment or replace physical counterparts like driver's licenses, permits, licenses, badges, certificates, other official documents that we get from public or even private organizations. And this is the impetus of EI-2, which you may have heard about lately that was just passed in the European Union.
Finally, another key area is our digital accounts will actually move from the backend to our wallets. This includes profiles, entitlements, privileges and any detailed or summary data or metadata about us can also be stored there as well and be transported.
In fact, these digital credentials can be instrumental to deliver use cases well beyond just sharing our identity or asserting our identity or our privileges because of the flexibility of what can be included in that credential and the strength of the cryptographic functions, including binding the data to a person's identity or privilege within the wallet. These digital credentials can include biographic data, biometric data like our selfie or maybe our voice and even pin codes like a six digit pin matched on a server. They can include affiliation information related to the issuer.
How do we relate to that issue? Are we a VIP? Are we a member? As well as verify data from third parties. A person's eligibility can be included including entitlements, permissions or privileges all within the credential. Information regarding our purpose and timeframe. In other words, are you supposed to be here today can also be included in red by the verifier quickly.
Finally, extended attributes, including how and when the credential can be used, the user's account or policy details, for example, their current deductible for health insurance or the current balance or threshold in our bank account can also be included. Proofing details about the user, how they were proofed and vetted can also be included including any assurance levels and standards around that.
And really anything that you wanna put in the wallet can be there either temporarily or permanently, even long enough for me to just transport the data to a destination like a prescription for getting drugs or my medical records, or maybe even a work order that I share out when I show up to do my contracting work to prove I'm supposed to be there today. Remember, although wallets live in our personal smart devices, typically they can also live in our home computer, our work computer, or even in the cloud, or as what we call a browser extension and still be personally controlled by us.
In fact, whoops, too far. There we go.
In fact, few technologies come along that can make both our digital physical world more secure, more private, and more enjoyable and save us all time and money simultaneously. Verifiable credentials, decentralized identity can do that when they're implemented properly. So that's why it's a real transformational technology.
Sorry, I went back too far. The top picture here depicts our current experiences in the digital world. We have all these trusted third parties in between us and the applications we're trying to experience, and they can behave badly. Given the cost and complexity of the scaling of this, the lack of scaling, we're not surprised that developers and administrators are struggling to keep up and keep us safe.
As with the new threat of adversarial and generative AI, that ever-growing threat and that centralized and easily accessible attack surface that keeps growing with more point integrations becomes more and more vulnerable over time, more than ever before. So it's time for us to be the trusted first party again and benefit from choice, control, and consent in every transaction and increase our personal safety and privacy. We want username-less, we want password-less, we want personalized, we want unified experiences, so both online and in-person.
And we can use tools and adapters to make sure that existing applications can begin to support this new shift without requiring the service providers and the application developers to make major infrastructure changes. So we can start solving tactical problems now and have the foundation to solve the art of the possible in the future. Here's some market segments we're seeing. In workforce and supply chain management, the goal is to be able to trust workers and contractors instantly for both online and in-person interactions. And we're gonna dig into that a little bit here in a moment.
In financial services, the focus is on improving the mobile banking user experiences, including these reusable identity proofs to apply for new services, delegating access to our partners and family members to do certain things on our accounts, empowering corporate customers also to enable employees to access account functions individually. And finally, monetizing the strong proofing that banks conduct through a bank ID that could be reused by third parties, including for onboarding and ongoing identification. Brokerage investment and insurance also benefit significantly.
In healthcare, think about access to patient records, sharing records with providers, taking them with us wherever we go with consent and digital signature and maintaining a regulatory compliance. Those are the most important areas of interest to our customers in healthcare. In addition, healthcare insurance can be completely transformed, especially here in the US and across borders. In hospitality and retail, creating VIP and a personalized user experience is the major focus, both online and in person.
Everything from instant age verification, dropping off and picking up your car at the valet, event ticketing, access to venues and sharing personal identity, and then concierge services as well could all be included. And finally, of course, government. They have a huge ROI through paper reduction acts by enabling users to autofill data in the digital form, as well as digitizing all their existing physical and paper documents, such as driver's licenses and national ID programs. So we're seeing a new phenomenon in the workforce. We're gonna dig in a little bit to workforce use cases.
These are real world use cases being either implemented or planned by our customers. We're deep in with them, working with them, workshopping, because it's a new technology, making sure that their applications can support them. There's a new phenomenon out there. It's really plaguing organizations. It's called bait and switch in the interview process. Right now for about 150 bucks an hour, you can have someone else interview for you on your behalf for just about any industry.
Sometimes the interviews that you have for a job are with peers and other teams that may never even work with you or see you again. Sometimes you have to take tests or complete projects as part of your interview process. And remote workers are much more common since the pandemic. A person may never visit an office before they start working remotely. One of our large systems integrators we talked to in the work with our technology says that 15% of the software developers they interview and test are not the same people that they ultimately hire. 15% they have to deal with.
So we need a stronger chain of trust earlier in the process to ensure that no bait and switch happens. When it comes to contractors and the supply chain, this bait and switch tactic can have serious consequences. It can dramatically increase liability for companies that don't verify the identity, the affiliation, and all the required skills levels and certifications needed of those contractors. And commonly, those greeting and checking in the contractors, they don't know these contractors. They're meeting them for the very first time.
And they're not aware of the work or the service the contractor may be performing. Consequently, they may have to make phone calls, check data systems through third parties, send emails, or even call the contractor's employer on the phone as part of that check-in process. This all takes precious time. It can be fooled fairly easily. Sometimes this can take hours, especially when the facility resource is critical infrastructure or higher security. And those existing processes, they can be circumvented.
The only way to prevent it, again, is these big back-end integrations or third parties to broker the relationship and manage it all. So we want to get away from that. In the workforce side, by combining an increasing level of identity proofing throughout the process and also decentralized identity, the employer can create a stronger chain of trust earlier in the process.
In the case of one large bank we're supporting, their plan that they're implementing now is to take their mobile app that's used for day-to-day authentication by the employees to log into applications and also make it more of an interview assistant app as well. To incentivize participation by applicants, the app will help the applicant navigate through the company's interview process and hiring process. It'll provide information of who they're going to interview with next, complete with a profile and when, including proactive notification if there's any changes that happen.
The app's going to help them guide them through any tests that they have to take. And the applicant will also be able to interact with the recruiter right in the app and read FAQs.
In effect, the app's going to provide assurance also to the applicant that their time and privacy has not been compromised or wasted through a false company or a false opportunity. It gives the applicant a VIP-like experience and makes them feel more welcome and valued. It also demonstrates the technical savviness of the organization, making many applicants more interested to work for that company because they see the innovations being rolled out. And as part of the process, the person will create a basic profile inside the app and take a selfie.
They'll have proofing based on device and mobile phone number up front, and then a temporary credential will be issued out to that wallet. They'll then verify their identity using that temporary credential through verification, including selfie matching sometimes, either manually or using automated methods, leading through like interviews. Once they're hired, the candidate credential is verified one last time, and then government ID proofing is done right inside the app to strengthen that level of proofing.
Then when they show up to a third-party service provider to get fingerprinted, because here in the United States, banks go through a full criminal history check for most of their employees, including fingerprint background check, they're then verified in person by that service provider to make sure it's the same person. Once cleared, their temporary credential is replaced by a digital employee digital badge that can be either on their own device or on a device issued by the company.
And then that workforce credential is going to be used downstream for many different use cases for both logical access control and physical access control. For contractor trust, we have a customer that's considered the Uber of trucking here in the United States. They actually match organizations that need loads of goods moved with drivers and trucking companies, including just in time at the last minute. Some of their customers include FedEx, UPS, as well as other large logistics companies and retailers.
The challenge they have is once a driver or company has been vetted and their identity proofed, again, that bait and switch problem can rise up and be a problem. So instead of the approved driver picking up the load, picking up the trailer with the load on it, someone else will be substituted without their approval. And sometimes the person that shows up to take the truck or take the trailer doesn't even have insurance or it may not even have a commercial driver's license. There's also a threat of intercepting the load by theft rings or gangs.
Many times the person greeting again or checking in that driver has never met them before in their life. And they may not know the details of the workload that's gonna be taken care of. But now with identity proofing, tightly bound to decentralized identity, the drivers issued a digital credential that can prove their identity, their affiliation with the trucking company, their certifications, as well as their purpose for being there, be it a work order or even a way bill for the load preloaded on the driver's wallet that can be shared out.
Now, when they check in a device to device verification, even two smartphones to each other can quickly make sure that the driver is legitimately supposed to be there. It's the right driver, and then they can allow them to take the trailer or truck and to load with them. So the risk and liability for all parties in the transaction, including that service provider in the middle, the matchmaker, are greatly reduced. What about financial services?
Well, as customers apply for additional services at a bank, many of the times they must repeat identity proofing processes, where many of the checks are identical when they applied for a service previously. The applicant also has to fill out redundant forms. It takes precious time and adds friction to the user experience. In addition, currently many mobile users experience suboptimal user experiences on protocols like OIDC.
So ensuring a strong method of authentication and digital signing and a strong chain of trust throughout a payment transaction can also be expensive and complex to implement and operate using these legacy approaches, the traditional federation approaches. With privacy and data sharing laws and regulations on the rise, sharing data across jurisdictional boundaries via backend integrations is fraught with risk and liability.
Finally, because banks invest so much into identity proofing and vetting, and they do it so well, many organizations would like to benefit from their work when they encounter the same person for a retail transaction or for another type of transaction, both for registration purposes as well as ongoing identification to help them reduce their fraud without paying very expensive rates for proofing. They don't wanna have to go through that lengthy proofing process like banks go through, and nor can they scale up and manage such a network for these traditional approaches.
So the banks providing a digital credential, a bank ID that can be portable and be used across organizations can be very valuable. We're gonna talk about that. So in the case of reusable identity and proofing at the same bank, decentralized identity can make the user experience much better. And this is kind of a low-hanging fruit for banks to get started with, just use it for internal applications and use cases. On one of our first deployments we're working on with a major bank in the UK, mobile banking is the norm. The majority of the customers have and use mobile bank apps.
So once the applicant is proofed by the bank and their service is turned on, they're gonna have a digital credential or KYC credential issued out to the banking app in the wallet. And then an account credential will be issued alongside that identification credential for that first service that they sign up for. And that'll be used downstream when interacting with that particular account. The user will never even know, by the way, that they have a wallet app or that they have a wallet inside the app, except for a new icon that may appear and a new improved user experience.
It doesn't have to include images of cards in a Rolodex like Apple Wallet or Google Wallet does. It's not necessary. Once the user wants to apply for that second service, they simply pre-fill a lot of the data and share their previous identity proof to be considered and determine eligibility for the new service. After receiving the second service, a second account credential is issued and put into the wallet and the service is activated.
And then the identification credential can also be updated with any additional proofing or higher levels of assurance that the customer has achieved as a result of the second service. Now, once you have a payment card account, credit card, debit card, those kinds of things, the identification credential can be very useful downstream when interacting with a merchant. In this case, the same UK bank wants to insert a wedge into the payment transaction flow that reaches out to the user via a push notification to the wallet in the bank's mobile app.
It'll present the credit card It'll present the merchant information, the amount of the transaction, and ask the user to give their approval and to identify themselves. The goal here is to strengthen the regulatory compliance and reduce fraud even further by including and checking key identifiers that are protected inside of the credential itself. This enables server-side verifications to happen instead of relying only on authentication methods that are tied to the device. This creates a new paradigm at time of payment.
For example, you may have heard of the term card-present or card-not-present based on transaction type. And that usually refers to an online transaction where the card's not present versus an in-person transaction where you're swiping the card or sticking the card in the smart card reader. Now we're gonna introduce wallet-present and wallet-not-present transactions instead in the online world, including the required credentials inside the wallet. This will further reduce risk and liability for payment transactions.
The wallet becomes a new secure channel of interaction between the bank and the user. And think about it in the future, the payment card and the identification and account credential tied to that payment card can all be bound together within the wallet and even presented all simultaneously. And when that happens, you won't even have to type in your card numbers anymore. It'll all happen automagically when you present your card online.
What about when the user wants to travel to another country or either physically or virtually online and utilize their bank identification and account credentials to, for example, transfer funds between their two banks? They may have a bank in two different countries. We have two banks working together right now to work out the mechanisms and the data schemas using decentralized identity. This will be revolutionary. You'll be able to live as a citizen in one country and be able to do banking in another using some of the credential information from your first country, from your first bank.
You can present your identification credential and your account credential that came from your hometown bank to enable the transfer of money without typing anything except the amount of money to transfer. Now, of course, a lightweight legal agreement may be needed to honor one another's credentials, for these banks to honor one another's credentials, but the public signing key for the credential can simply be tied to the bank's internet domain using standards like what's called DID-Web, and they can be referenced rapidly during the verification.
That's the only integration you need between the banks, nothing else. So you can look at this as the next generation of open banking that does not require any backend integrations or APIs that simply open banks up to new attack surfaces, including the new frightening wave of adversarial and generative AI that's certainly upon us.
Finally, to close out, one European bank is leading the way in planning for the implementation of the bank ID as we talked about earlier, using decentralized identity and digital wallets. There is a lot of organizations they've already spoken to, including many of their corporate clients. Be assured, most of the banks we have talked to are very interested in doing this, and without having to build big consortiums of banks or without having to work with the government and do public-private entities.
In this model, the bank just issues a strong identification credential and a digital wallet based on strong proofing, and then it can be leveraged by partners, subsidiaries, affiliates, and other third parties. Organizations that trust the level of proofing conducted by that bank can leverage this identification credential to quickly onboard the person. Sometimes it might be for transactions that involve the bank, like getting a loan to buy a car.
So the car dealership would love to have the pre-approval for the loan to flow through the wallet and be presented by the user at the time of buying the vehicle. However, even organizations that do not do as much proofing today at time of registration or that need to interact with the bank directly can benefit as well for any kind of transaction type. It raises the bar and reduces the fraud in their own business or market sector without spending the kind of money that the bank spends to do such a high level of proofing.
And of course, to reward the bank for their hard work, the third party will pay a bank a transaction fee. It's substantially less than the proofing costs that they would have incurred otherwise to get the same level of proofing assurance. This makes the entire ecosystem or network of participants through a decentralized network more secure and reduces fraud. So finally, thank you very much. My email's there, website's there. We really appreciate your time and we're going to open it up to questions now, I think, and answering some of the ones that have already been posted.
But keep in mind, this is a marathon, not a sprint. This is going to take time, but you should start looking at this right away to see how it can benefit your organization in the future. And if you're a user, start learning about this because we do believe this is the next big wave in identity and access management.
Thank you, Daryl. That was a great presentation and really opened it up to a lot of interesting questions, interesting perspectives. Let's first take a look at our survey results. And this gives you a couple extra minutes to send in your questions. If you have any questions on Daryl's presentation, do send those in and we'll get to those. So our first poll question was, where do you expect to see the biggest impact of decentralized identity? We've got a clear leader here on reusable consumer identities. And this is really interesting. It ties in perfectly with what Daryl said at the end here.
This is a marathon. There are a lot of different interesting use cases available for decentralized identity. And some of those are easier to get to first or are easier to see the advantages of first. And in this audience, and also from the Kuping or Cole perspective, consumer identities is a big leader here. These other ones may depend more on what sector you're in, where are you in the journey, or what are your particular needs? So not saying that this one particular flavor of decentralized identity for consumer identities is the right answer.
That's not what we're saying, but it is a really interesting use case that many people are ready to take on first. Daryl, do you have any comments here given these results?
No, I'm not surprised. I think, you know, consumers, even us as individual consumers desire the kind of capabilities that it's gonna bring is increase our privacy and security. We're tired of hearing about all these data breaches where we have copies and copies and copies of our data everywhere. So I think that this new model does make sense that consumers are gonna benefit the most out of this. Absolutely.
All right, let's take a look at our second poll question, which was particularly about decentralized employee identities. Okay, so this is one use case out of many and with a relatively short timeframe, so just the next 12 months. And we can also see this marathon, yeah, reality that we have here with decentralized identity. We're at the beginning stages here.
And that's also reflected in your answers here that some don't have this on the radar, some are feeling neutral about it, but that's already a bigger step and indicates some awareness about what could be coming in the next few years, not just the next 12 months. And some who see this as important are very important.
Yeah, it reflects the educational work that we're doing at Ping. We even have slide decks that have no logos, no nothing on it. They're just strictly for educational purposes to be used internally at organizations. So right now we are in a huge education wave. There's no doubt about it. And we're trying our best. There's a lot of great market resources as well, industry resources. I think the key is tying these together in a package for organizations to understand what this technology is and how it can change their world. Absolutely. So let's move into your questions.
So again, this is your last call. If you have a question to ask us, put it into the field and those will be bounced over to me. So our first question is relating to the idea of a first interaction. And does this have to begin with onboarding or could it rather start with obtaining a foundational identity where you think this is established within the context? And that's absolutely correct.
You know, a first interaction being onboarding is one example of many. And in the case of employee identities or onboarding suppliers or contractors, it absolutely does not start with onboarding. So that's a great observation there.
Daryl, do you have any thoughts? I totally agree.
And, you know, we all want the governments to step forward and have a root of trust and a digital credential from the government, but it's gonna take them time. We do see digital efforts going on now, but they're mostly federated around the world. They're using the old model, what I call the old model, the current traditional model. And so we're just starting to see with EIDAS 2 passing in Europe, that is really gonna help the bow wave for these governments to start issuing out, you know, true root of trust credentials that can be used, for example, at onboarding and anytime in any interaction.
And you can combo those with credentials that are issued by private organizations because government IDs don't have all the data you need to interact in various transaction types. So there'll always be additional data added on to enable to satisfy a transaction. Mm-hmm. And that leads in really well to the next question that was asked, which is about interoperability. So the question is, interoperability means having norms or standards. Are there some in this area today?
Yeah, Darrell, you've already mentioned EIDAS 2.0. Do you wanna take it away?
Sure, why not? I mean, I think the first milestone I think of this was when Microsoft Workday and Ping in summer of 2022 had production grade interoperability, a profile for workforce that actually included like 12 different standards. You have to because there's all aspects to the transaction. And so that was a huge milestone in the industry. And I think since then, we see a lot more vendors doing interoperability events, ISO standards for mobile driver's licenses.
The EIDAS will certainly have interop events coming where vendors and relying parties are gonna get together and make sure everything works together. Standards can be very helpful, but it's how you implement them, how you package them together that counts into what we call a profile. And only then can you really achieve gorgeous user experiences.
So yeah, absolutely. There's standards for both issuance that's coming. Verifications are already pretty much here. Microsoft and us can verify each other's credentials already and then there's standards around the wallets. There's an open wallet foundation under the Linux effort that will give you all the keys and tools you need to build wallets that are open source. So it's exciting times. It's still a marathon though, and we got work to do. Don't get me wrong.
Yeah, yeah. And these questions are leading perfectly one to the next. We have a question on the different examples that you showed, Daryl, in your presentation. And they seem to indicate that there will be multiple wallets depending on your use case. And that may not be exactly what the user's looking for. It would be much easier just to have one wallet for everything.
Yeah, no doubt. Early days, we're gonna see wallets within mobile apps and you're gonna be interacting through those. In the future, we'll see the platform wallets embracing more standards because some things they haven't embraced yet. Embracing more standards, and then we can have a common repository of the credentials that multiple apps can use. But that's gonna take time. Keep in mind though, that users don't even have to know they have a wallet.
Like I mentioned, most of the customers we're talking to, they're not gonna instantiate a credential like you would an Apple wallet or Google wallet. It's gonna be an icon and a new user experience. The wallet's underneath the covers, but you never really know, right? That can be addressed later. That could be exposed later as we start getting into more interoperability and more activity. But you can still solve problems today even with wallets and apps. Think about an airline app.
You get a boarding pass, an Apple wallet or Google wallet, and you can present it at the checkpoint, but you can't change your seat assignment. You can't see a picture of the airplane where your seat is, right? That happens in the app. So mobile apps will always have a richer experience and be able to do experiences sooner before the platform wallets typically.
Mm-hmm, absolutely. Next question. There are a lot of sources for bring your own ID. And so how do you synchronize those users which may use two or more identities? For example, an EIDIS or EID, a bank ID, some of these examples.
Yeah, I think what I mentioned before, a lot of these are gonna be root of trust credentials, but you're still gonna need to transmit through your wallet, carry with you additional attributes about yourself, privileges, capabilities, entitlements, certification, skills, training that you don't see on a national ID card. So these credentials will be complementary with each other. And the cool thing about even the standards allow you to, the verifier, to ask for multiple credentials at a time.
Attribute, even attribute selective ones across multiple credentials. So we have the mechanisms to combo these together as needed to perform transactions. And so you can't have too many in my mind in one sense, because it just means you have more to work with and more places you can go and more things you can do.
Mm-hmm, yeah. We've got another question going back to the function of decentralized identity. So how can you trust, or rather, how can you trust who brings the identity or who has issued the identity? Who has issued the identity. So the way it works is the digital credential, whenever it's packaged up, it uses the public key of the wallet for encryptography usually to encrypt the data. And then the signing event is the private key of the issuer. So the issuer's private key is used to protect or sign the payload. And so what's cool about it is it'll also only work in that specific wallet.
So that means if somebody tries to take it out of that wallet and use it, it ain't gonna work, right? The good news is the verifier can then very quickly look at the public key of the issuer. And I mentioned DidWeb as one of our favorites because it ties to the domain. Like if it's sony.com, it's very unlikely that anybody but Sony is operating that domain. So if the credential and the verifier knows that to reach out to Sony's website to pull that public key, you can rely on that, right? In addition though, there'll be governance models in the future.
Even EIDS2 has significant governance models that have to be built up and managed to help manage certain people that attest certain attributes or issuers, government issuers. So there's governments models. And then ultimately blockchain can be very useful too because it can be everywhere quickly. And all you're using it for is to validate that public key or maybe a status list, a revocation list very quickly. So there's different models, different ways to make sure the trust is there. Currently our favorite is DidWeb. It's standards-based and it's tied to the domain.
And for large organizations, at least say the Fortune 3000, pretty reliable. An important component here is along with the trust, who's taking the liability? Where does that fall? Good question. I think if you believe a bank has a good proofing and vetting process and you trust it and you choose to honor that credential, the liability is somewhat on you. You're saying, hey, I trust that bank's ID. I'm gonna use it for my own purposes. Can you go back and sue the bank?
Maybe, that hasn't been tested out yet. The other idea is to have a lightweight memorandum of understanding, a lightweight legal agreement between the organizations to help establish that, whatever, to honor each other's credentials and how verifiers will function. But you don't need to do any backend, deep technical integrations like we do today.
Yeah, a last question. Considering our poll on decentralized identity for the workforce and employee IDs, what timeframe seems more realistic? Is this more on a five plus year? And particularly that the value is understood, but perhaps there's a challenge in getting leadership to buy in. I think for employee credentials, just for internal consumption, people struggle. But when you start talking about contractors and like B2B interactions, and you have a community of trust that you need to create, I think those could grow pretty quick.
And even if one organization's doing all the issuing out to the contractors and then using their own verifier to read their own credential that's been issued out to the contractor, I think there's big value in that. And that's what we're seeing with the Uber of trucking I talked about. They're empowering verifiers through their own network. They have like 90,000 customers, some crazy number. And so they're going to light up all these verifiers using creds that they're issuing and to verify with. So it's kind of a closed community. It's not quite open yet, but over time it will be.
Eventually one of those verifiers are going to say, hey, I don't want to use your provided verifier, I'm going to use my own. And that'll be fine with the standards. So I think we will see workforce climbing, but I think it's going to be in those communities of trust with contractors that'll drive it, the supply chain, because that's where it's really transformational.
Yeah, great insights there, Daryl. Thanks for sharing some of these more tangible stories and doing the education piece that you were mentioning earlier. Thanks to our audience for all of your great questions. It was really brought a lot to the discussion and the presentations we were able to give you. Just to close out today, I'll let you know what else you can be looking forward to coming up. Daryl will also be here at the EIC, the European Identity and Cloud Conference in Berlin. So if you're curious to hear more, definitely join us there in person or online.
We'll have a really great lineup of presentations, workshops, networking opportunities, all sorts. If you're more interested in reading about this or listening about this, we've got a podcast out I think from the last week or so and a couple different leadership compasses. Those are our flagship reports that take a look at a particular industry and a deep dive on the vendors that are active there. So take a look at reusable verified identity or identity fabrics for some reading.
With that, another big thank you to Daryl for joining us here, to you the audience for listening in and for asking your questions. And I look forward to continuing the conversation at EIC.
Thank you, Annie. Thank you, everyone. Thank you. Bitte sehr. Tschüss.
