Donna Beatty, Digital Identity Industry Expert, Digital Identity
Vittorio Bertocci, Principal Architect, Auth0
Daniel Goldscheider, CEO, yes.com
Don Thibeau, Executive Director, OpenID Foundation
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Let's Get this panel going. This is bringing the global assured identity network gain to reality. We're actually, this is a self moderating panel and I'll introduce Daniel gold Schneider from yes.com. Who's gonna take it from here. Thank you. Thank you very much. We'll keep the introductions brief because this is already day three, then gold Che. I am one of the co-founders and CEO of yes.com. And I'm also one of 154 co-authors of a paper describing a global assured identity network or gain in short, I have three other co-authors here.
Maybe we should keep the introductions very, very brief, but Victoria, of course, from of zero and also an international podcast superstar, we have Donna BTI until very recently with JP Morgan chase. And I think you have something new to announce today. Yeah. I'm not going to steal the funder. And then Don Tebow, 10 year executive director of the open ID foundation co-founder of the open identity exchange and co-chair of the digital trust initiative of the international Institute of finance.
And I, I do have to correct the introduce. This will hardly be a self moderating panel.
So Yes, I'm in a, in a somewhat unofficial capacity as the moderator, but we're also very happy to self moderate. I think if we, we know each other well, as If we could, We thought about me asking a few questions on your behalf and if you have questions by all means, you know, I think it's much more interesting for you to ask questions. I'll start with a couple of questions to get us going, and then we'll see if there are any, any questions in the audience Just to quickly, there is this app.
You can, you can, you can use the app to erase questions and they will arrive at this iPad. So if you just pull down, then you get the, the questions very can build them into your discussion. Whoever is moderating. I don't Know. Excellent.
Keep, keep the questions coming in and you will be moderating. And I will try to do your, your questions, justice, maybe a, a very fundamental first question. What is gain or what is gain not Well, we know one thing that it's not, it's not a opportunity to create new standards. We have sufficient standards available to us today, and it's not an opportunity to create a new org for the industry. We've got plenty of orgs today.
What it is, is I think a fascinating sense of the community as expressed through the 150 authors about an opportunity to address a burning business problem, which is one of global interoperability and identity. So that's my start. Just to add on to what Don says, it's also an opportunity we see that this moment in time is a, is a tipping point in a way. And we would like to see more action on this topic, which is why this paper is quickly now turning into proof of concept opportunities we're moving away from.
And you see this generally across the industry from an era of paper tigers to an era of production pilots. And we want this to be a step in that direction as well.
Well, I'm going to offer you my blue collar. Very concrete perspective gain is not an end point is not a gateway. It's not code waiting for messages. It's an idea. What GA gain really is, is open to connect with high assurance. It is using well proven well adopted technologies are in widespread adoption today to build this particular network and fulfill this particular function. But as was mentioned, it's mostly an ideal that operators may decided to participate into. But from a technology perspective is all existing standards.
You talk about existing standards, some of these standards have existed for some time. We have had oof and open ID connect for, for some time. Why now and why hasn't this happened 10 years ago, 15 years ago.
One, I think that one really important point is that opend connect now has been used for years. And so it has proven itself to be viable for really a wide range of scenarios and in particular for high value transaction. And not only that from the, the early beginnings of the opend connect core, the layers that have been built on top of it to meet the I'd say was more advanced scenarios also had an opportunity to be tested, to be adopted. And so people voted with dollars to actually build systems that rely on that for that critical part.
So to me doing it before would've been possible, but now really there is no excuse. And I would just add to that and add to the last, the last next speech that we just heard, the acceleration of cyber crime and the era of COVID actually has really helped. Right? If you look at what's happened to the standards world, the self certification capabilities, it's all accelerated within the last two years. And the other thing that's happening with much more enthusiasm is that the governments and regulatory bodies are being involved.
And these standards organizations and calling out open ID foundation, and oy specifically are making a huge effort to keep up with and in fact, shape those organizations through the wider community that they're already working with. So I think that's used it really, that the world is a as a whole is at a tipping point. And it's nothing digital identity has never been recognized as more important than in this moment.
Well, I always think of when things change as a result of two things, fear and greed, and I think the private sector sees the global efforts to regulate. What's called open banking, open finance, which is perfectly appropriate in each jurisdiction for regulators to look at new ways to protect the privacy and security of their citizens. But they also have a second duty, which is to promote the economic health of their economies.
So what we have now is the growth of systems within each region, notably in the UK recently in Brazil, Australia, and that's all well and good, but the question is how are we going to connect those systems on a global basis? How can we combine the requirements for technical conformance of interoperability with legal compliance on a global basis? So the paper really is an attempt to take up that challenge and be very pragmatic, not dogmatic. There are a lot of initiatives.
Donna, you said that digital identity is really a red hot topic at the moment. Now, a lot of what we hear is about self-sovereign identity and the, the efforts of the European commission. How do you see the different architectures and the different models like open ID connect, self sovereign identity? How does That play into, into gain? This is gonna be a journey, right?
I, I think we're sitting amongst leaders in this space, in this very room, but the, the pragmatic answer to the question today is global interoperability is not gonna happen tomorrow. And it, you can just take a cue from the different jurisdictional leaders, look at the UK stance and DCMS, what are they saying? They're saying, oh, that little problem about interoperability, private industry is gonna figure that out. The European commission has a slightly different view on it. They're gonna spend a lot of focus on at least creating a toolkit.
So that member states have some guidance, a bit more closer to a blueprint of how to do that. But it is one of the reasons why some of the most valuable bits of the game paper are in the appendices, cuz it talks about there is a foundation of open standards. I think there it'll be interesting to see how it evolves over time. I do see an opportunity for new evangelists and new industry sectors popping up to provide that mapping between different jurisdictions. Open ID will certainly help with that, but I do.
I don't think there will ever be one completely federated digital ID around the world. But what I do think gain provides a basis for is to uplift all of the individual jurisdictional regimes and help them work together. But it certainly won't be magic, but it provides a foundation for that that will lift up all of the players in the ecosystem Players. Most importantly, the citizens, the folks that are largely disenfranchised and those that are not able to participate fully in this global economy.
We think that if we can get the kinds of trust frameworks organized on a global basis, that will be a great boom to developing economies as well as the traditional ones that we know. So well, I have to choose my word very carefully because I am a, I have to say I have a particular stance on the SSI side, but without delving much into that, I would say that gain is a concrete step toward harnessing a huge, low hanging fruit. The institutions that are mentioned in gain already had their own reasons, their own processes for proving their identity over customers or their members.
And they already have that intelligence. They already have a trust of the people that work with them. They already have a trust of other institutions that already collaborate with them. And all again is doing is finding a way of harnessing that power. And this is not a novel topology. This is not a novel scenario that requires new technologies such as for example, SSI, which truly provides a capabilities that we have. We didn't have with traditional technologies. Whatever problem we are trying to solve here is very simple, is very traditional.
It's a matter of using existing proven standards to harness the credibility and the processes and the wealth of information that we have about the users so that it can be used across the board. I see a lot of white hair in the rooms. So you remember service oriented architectures here is like, you have always capabilities. You just need to make them available in a programmatic fashion so we can use it.
So to me, that the way in which I understand the initiative is that's the goal, the most salient thing. Then this is based on open standards, which made that hallmark to be able to connect different things and plug different aspects. And so if part of this is something based on SSI, I see no technical or architectural reason not to issue very credentials that can come from one of the gang members.
So the reason contradiction between the two, but I think it's important to keep the eye on the prize, which is taking advantage of these very like almost trivial to apology that we just didn't put together because we didn't make the effort to, we did multiple efforts, which failed, but now we have a right of tools to finally succeed and to actually make everything work together that it is intended.
And just one more point on this is the open ID foundation and all the work around being able to assert what networks you support at what assurance levels that goes a long way to making interoperable interoperability work. So I can say is an IDP. I support E I a, I support the UK trust framework. I trust marked in both and I support low assurance or the highest assurance, right?
That, that just, that makes the world a much easier place to, I operate in. You can imagine with 150 cooks in the kitchen, it was a rather robust debate, but it was a radical experiment in, in democracy to try and get what became kind of a viral group of experts and researchers to see if we couldn't do something that would result in something very practical, but also something that would address banks. And it would address what Tony McLaughlin and say bank have called the upcoming age of consent.
So if we're to have true consent, both technically, and at the policy level, we need to find the kind of interoperability that the paper seeks to to explain. And the kind of simplicity of approach that gain has, which is to be a thin layer that enables interoperability. And as Donna mentioned, the strengthens, the, the national efforts in each country, I think one of the things Don that you mentioned that we try to always live up to is to be pragmatic rather than dogmatic.
And, you know, there is a simple reason why in the end open ID connect in the flavor of open ID connect for identity assurance was chosen. And that is simply because it is in use today at scale, a lot of developers know exactly how to work with open ID connect. And I think the non dogmatic part means that if another standard becomes as pervasive as open ID connect, then gain should be bilingual. And if one day maybe there is a new standard that, you know, supersedes open ID connect and becomes the dominat de dominating standard.
I think no one had gain will have, you know, a religious affiliation to any one standard. So the idea is basically to take a very pragmatic look at the world and to see where the world is at today, but also to be as inclusive as possible. I think we were all really happy when authors from companies like secure key join, for instance, that are self-sovereign identity companies to say, how can efforts like bank ID in Sweden or bank ID in Norway become compatible with secure key in Canada? Can we find a common language?
Because to me that is one of the driving forces behind gain that we say, whatever our conviction, whate wherever we are on, on in, in, on some of these arguments, we all share one conviction and that is interoperability is fundamentally good. And in the interest of almost everyone involved.
And, and that to me at least was one of the things that really tied all the different voices in game together and enabled 154 people in the end to agree with a framework. The other thing that tied all these authors, all these cooks in the kitchen together is that we all agreed to drop our organizational affiliations, to leave our day jobs at the door. So we could speak with client candor and talk in a context that we call no logos, no sponsors, all pro bono, so that we really could try and make an impact on the community at large.
And those of you in this audience and in Munich and online, because we wanted again, to, to act as a catalyst, to provide a blueprint, to have a starting point for discussions. So I think that was embedded in the process of the paper and it fits the message that we've been talking about. I had a last question, which is what is next, but we have three questions from the audience so far, and I'd love to go through those before we tackle the question. What's next. The first question is, so if gain is not an organization, what is gain, who is behind gain, who controls gain?
Well, if you ask the editors of the paper, they will say it's a, Rabel, it's really a, a volunteer function, not only of technologists, but we had some of the world's best lawyers. We had government representatives, we had a real diverse demographically skillset, geographically group. So we knew that we were creating something that would have only one life and would be a catalyst. So if you and gain as open source. So from here on in, you'll hear lots of different interpretations of the Bible, But it's meant not to be owned. That's the point of it? I think.
And at the end of the day, I think based on some of the feedback that we've already gotten on the paper, we probably sold ourselves short a little bit because, and it came up in some of the other presenters yesterday, we put forth this bank focus and IDP provider focus. And it really isn't limited to that. So perhaps we did ourselves a disservice there. So you should read it much more broadly than that. It certainly wasn't meant to be limited to that.
And in fact, you know, coming from JP Morgan, just within the, within a few weeks ago, I'd say, you know, banks are well positioned in a way cuz they already are identity service providers, but their, their own identity service provider. So they're relying party as well. And their life is pretty complicated for them to be an provider outside of themselves, opens themselves up to big liabilities. It could be, you know, they need a new legal infrastructure to perform, be a custodian of identities. It's a completely different business from what they're used to. So I think absolutely.
Are they committed to standards? Are they involved in all these forums? Absolutely. But should you wait for banks to conquer the world on this? Absolutely not.
Just, just don't do it. You know, you have seen a few logos in the, the addendums of organizations that we believe are able to take the gain momentum for it. Hopefully the open ID foundation, the open identity exchange. And I'm really happy to look at the executive director of the open ID foundation and the open identity exchange here, as well as the chairman of the open ID foundation who is here, we have the pleasure that the cloud signature consortium is really interested in this.
Adobe started it, but DocuSign and many others joined the CSE, but also gly for instance, and the, the, the IIF. It's really nice to see, you know, everyone who is here, this really feels more like, like family than anything else. The hope is that this is not going to become yet another organization because there are so many organizations and all of these organizations, you know, I'm looking at Microsoft here, all of these organizations will eventually come to your door and say, we're a nonprofit organization. You want to be a sustaining member, 50,250,000. You get a board seat.
The idea is that gain will not be one of those organizations. No one will knock on your door and ask for membership fees from gain. But rather that gain will function a little more like the G 20, that it will be a forum where organizations that exist and people who have an interest in this can come together and discuss topics that are important to make standards work holistically together. And those could be technical standards. Those could be scheme rules, those could be governance standards.
So the goal is not to invent another company, not to invent someone who will compete with the open ID foundation or trust over IP or the cloud signature consortium for funding dollars and for mind chair, but rather to have a safe space for these discussions to happen, to end up with something that is truly interoperable beyond the borders of these organizations.
Imagine if you had the technical standards for validating identities, working collaboratively with the organization, that's providing technical standards for validating organizations collaborate, and that's what you find directionally in the participation of the G life foundation and others in our work, We have six minutes and three more questions. Okay. So we should, now I will become the moderator. Next question from the audience, who do you feel?
What do you feel is the compelling cross border use case that would bring the millions of investment that will be required and all the banks and relying parties to play? Maybe that's a good segue into some of the relying parties and identity providers that are part of the POC Victoria. I haven't worked as so close on the POC. So you guys have more details.
I mean, let's use that as a segue to the POC. We do have a list of candidates for both IDPs and relying parties joining us on that. But we're looking for more, right?
The, the idea is that a POC will be more successful with a diverse set of relying party participants as well as identity service provider. So that's a great forum for us to test those things out and you know, what will ultimately be those test cases?
You know, some of the initial ones certainly will come out of the current environment we're in economically. So cross border payments certainly comes to top of mind. Also some of the, the thing that we've been dealing with, COVID obviously you've all seen a lot of work on the health passes and all that kind of good stuff, made some headway with IATA and some of the health services, but it's, that's a still very fragmented space. And for loads of us who tried to unite it, we've kind of sort of taken a step back for the most part on that one. But I think these things will continue to come up.
You know, the one that's the, the things that are top of mind is let's watch see what's happened with open banking and those sort of initiatives globally, as well as cross border payments. But I think over time, the whole idea of this is that it should be much more broader than public services use cases and financial services use cases. And if you look at the ecosystems at the past, and I'll talk a little bit about this at, at the five 30 session as well, they were pioneered by governments and or bank coalition. So that was the focus.
So I think in the era of C it's become obvious that every digital interaction in the marketplace is at risk. So there's an opportunity for these things to rise to the top and they'll be led and shaped by people who come join things like the game POC. So I look forward to that. So it's a great question and watch this space for an answer. We Do have questions come in faster than we can answer them.
So I, I would urge you all to be brief in your, in your, in your answers, but Don, if you have a quick answer, so just quickly, who are the people or the organizations that are in the POC already, both Adobe and DocuSign are also part of the POC. They have a vested interest in, in assured identity information for electronic signatures. Disney is involved. They also surprisingly for me, they have over 900 million identities and they have a vested interest in this space.
Salesforce is joining the, the POC and we have a very large social network that has struggled with check marks that verify people. And they have a, a big interest in this as well. The hope is that there will be others also. So when you look at the, you know, sharing economy, you look at sharing apartments or sharing a riot. We believe there are really a lot of use cases that will greatly benefit.
The next question is, is it correct to see gain as a Federation, similar to EDU gain, but built on top of open ID connect instead of SAML and open to anybody instead of closed for ed educational institutions in the interest of time? I would say yes, It's also in the interest of self-promotion, but that's alright. E U I D toolbox work is about to start what's the relationship with toolbox and gain, or rather where you see gain in relation to the EU E I D. And a question that is related is, do you have anyone from E U SSI lab in your organization?
So we don't have anyone, unfortunately from E SSI lab in the organization, or is one of the co-authors he COO of its me and he is consulting with the European commission. So I think we have hopefully some of the, the viewpoint of the European commission reflected in the paper. And so that I'm not the moderator and talking too much. Does anyone want to discuss U ID?
Well, some of us as individuals are also helping shape that as well as between the open ID foundation and OIS, we're all plugged into you're, we're all providing comments for the RFCs are coming about, on everything having to do with European commission stuff, coming out on the toolkit, and we will participate in those toolkit drafts as they're available. We have only two more minutes. And one question that both came in here and I had as well, what is next? And what should people do who want to participate in the POC?
What's next is the proof of the pudding is in the eating and white papers are fine. We all read a whole lot of them, but you have to test, you have to prove it out and you need somebody smart and savvy and pragmatic to lead that effort. And I'm really pleased that the open ID foundation has agreed to host the proof of concept. And the only thing that remains is how do you contact the leaders of that POC? Any ideas I have this great idea that just has occurred to me. You can contact me.
So we already have a great lead from a technology perspective on the PA on, on the, from the O I D foundation and that store sitting in the room and I'll be taking any new nominations, qualifications, any com, any questions on joining, and I hope you all will give me a call. I look forward to speaking with you And we are five seconds before the deadline. Thank you very much. Thank you. I have a, you know,