Hey, thank you very much. Thank, can everyone hear me fine and see me fine, because I can't see.
Okay, great. I think I can see my screen now. Okay. Start from the beginning. Okay. Thank first, thank you very much and to the EIC team for giving me this opportunity to present on decentralized federation, which I'll explain what I mean throughout my presentation.
And, and also obviously thank you very much for the audience. I can't see you.
I'm sorry, I can't, I can't be there in person. I also can't see you, but, but whoever who will stay until almost the last minute attend my presentation. Thank you. Thank you very much.
And yes, I'm, I, I'm, and as you can see, I wear a few hats in the identity space, but today I'm, I'm not talking particularly with any particular hat on I am, but only as an avid member of identity community.
So a little bit more about me. So you kind of like know where I I'm coming from.
So I, I'm, I don't have a tech, I don't have a technical background, even though now I call me myself a technologist. But I am essentially, I'm a business business person. I'm an entrepreneur and a business strategist. So the way I've been approaching digital identity since almost like five years ago when I first started in this space, is really looking at how as a business person I can kind of contribute to, to make e emerging technology emerging center, particularly in the identity space, like very useful and also do good to the world.
So that's kind of how, where, where my passion has been in, in the past five, five years. And particularly seeing how, how much, how much things have been accelerated, especially in the digital world since the beginning of covid.
And as you notice, a lot of my work on, on the word in, in the covid world and now still expanded into the house world. So I'm gonna speak.
So, so today what I'm talking about trust feuding and, and a lot of the experience is really drawing from, from that experience. But before, before I get get to that, I, I want to share with you some kind of my per personal story, very, very relevant to, to today's topic.
So, so as you can see, I, I have, I have like my, my first, I actually had two degrees when I was back in China. So I moved to Canada about eight years ago.
So what I, I, I did dig out from my, from my locker last night is like a pile of documents. You probably can see some of the envelopes and also some of the, some of the, the papers.
I have a pile of papers and document and, and envelopes in my hand. So what are these? So these are my, my Deploy two diplomas and also the transcripts associated with a diploma when I got it, oh, can see my slides focus works now continue, like you can see like this pile of document that in my hand.
So, so I got it when I was, before I moved to Canada and I got a bunch of extra, 'cause I used a lot, a lot of them to apply for my MBA in Canada. And I got a lot of extra because I don't know how many, how many of them I would need after I moved to Canada. So I know that what, what has happened, like really, I know that in the past few years I've noticed a lot of efforts in the credential world, especially in education space.
So I believe even if, I hope that, you know, if, if I need some of those credentials and, and from back in China, I could probably get some digital version.
I wouldn't be surprised I can do it today. And even if icon, I know that there are a lot of initiative in the identity world that I really, and also in education that really kind of digitizing diplomas and transcripts. So that's hopefully, you know, like even if I didn't get the, the, the, the vantage back then, but hopefully more and more immigrants like me, when you're moving to another country, you will able, you'll be able to get digital credentials like for your diplomas and, and, and for your transcripts and many other things.
But that, that, that only saw one part of my challenge as an immigrant. Another challenge I had, so when I was looking for per job post my MBA in Toronto was really how I, I realized that Canadian job market, like really values more Canadian professional and academic experience.
So I'm not saying this as com complaint because I'm really saying coming from a place where of understanding because how a Canadian the job market or how a Canadian employer can understand what these things means, right?
Like the diplomas, what, you know, a, a master degree, what a undergrad degree in China means, and also like how, how, you know, however, however well I did back in China probably doesn't translate directly to, you know, what it means in a Canadian context. So that's, that's the challenge. That's another challenge. As you know, whoever, you know, carrying credentials, whether it's digital form work, we're a fiscal form form when you're going from one country to another country or when you're going from one industry to another industry when like the trust it needs to cross ecosystem, right?
That's how to actually even like, have point equivalence of things in the, in the world of knowledge.
You know, it's, it's really, really hard. So this is like one, this is actually, it's gonna bring up like my topic today, really how to build trust online in the first place with all like the new kind of digital tech technology emerging like with credentialing, with all, all kinds of digital trust ecosystems emerging in, in, in, in our life. So before I, I dive into the, the topic I, I do wanna, because there are two terms.
One is decentralized federation, which, which I'm gonna dive into another term that I use in the topic and in the slot in the topic is trust registries. I just wanna make sure at least, you know, I bring, you know, everyone on the same page of what I mean by trust registry before we dive more into what decentralized federation is. So what I mean by trust registry is a registry of author authorized parties that can participate in electronic transactions within an ecosystem, ecosystem based on the governance of ecosystem.
For, for example, I got my, you know, there, there are a lists, a list of, of, you know, universities like listed, you know, and managed were governed by the Ministry of education when I was back in China and I got like my degrees and you know, went from those universities. So there are a list of things, right? This whether, you know, but now, like if those universities are issuing in, you know, the diplomas and transcript in digital form, yeah, there are one, there will be one on one of the list of the authorized parties who can do that.
And so what is really happening, like what, like what was really happening, like in in the world is if you think I'm only one of immigrants like that are coming to Canada, that has come to Canada, there are so many immigrants like in, you know, from India, from Europe, from Latin America, from all different parts of the world.
They're all from like, they're all edu you know, they were educated back in their home country.
Like from, they have their own kind of like their own home country have their own way of how they govern universities and how they govern educational institutions, right? They probably all have a list where more than one list of, you know, institutions that within a country.
But the idea is really when one, one credential, when I take my diploma back, back from China into a new country into Canada, like how that credential can be verified across how one credential from one ecosystem could be meaningfully interpreted and verified in another ecosystem where you have like, you know, its own trust registries and own govern governing authorities. There are more and more of these cross ecosystem or emerging around credentials that are, you know, are are are coming to our lives.
And, and like you, like each, you know, each and every organization will probably encounter so many scenarios where like the credentials from a different industry, from a different jurisdiction or from a different sector. So how to really, really first know who are the, who are the, you know, people with nations on the side, on the other side issuing that and under what rules they're issuing. We really figuring that out is really, really difficult. So who have, who, who else has been naming this issue?
So, so I stole a slides from John Bradley. So Kalil was at, at like this Martin Lee Young was at, at at last week and she took a photo of a slide from John Bradley's presentation where he was kind of speaking to the similar issues or the same issues. So one thing I wanna highlight and, and on his slide is really the last one, but the multilateral trust relationship rather than bilateral.
It's really, if you think about like the, the diagram is shared in the earlier slide is really there. It's things will have to be multilateral, right?
Because you don't know how many new, so you don't know first, first and foremost how many already how many trust ecosystems are already out there and you don't know how many more are coming, right? So the the question of really how to enable digital ecosystem to build multilateral trust relationship in an effective manner. That's something that's really, really important question. I'm glad that a lot more and more people are naming these questions.
And my experience really when I was, you know, when I became an immigrant, I didn't think too much about all these kind of trust issues, but only I start thinking more about it after i, I work on covid credentials. So like, as you can see, if I started to work in early 2020 and in, in, in 2021, there are already like so many ecosystems are out there.
So I listed some of the, some of the major ones that I've worked with and, and I, and so like the list you can see like what, what some of them there was a y and behind it someone was an n the ones with a YI mean actually is a trust, trust ecosystem that have their own governance, have applied their own standards. And also there are things like for example, like smart house card. They're not necessarily a trust ecosystem, but there are technical, a set of technical standards and then enable a trust ecosystem to implement credentials.
And which means not only one can implement it or many out there who can implement it. Like an example is really the vaccine credential initiative which implemented small house card. They're a big one. But there are, I also know there's single countries who are not part of any bigger ecosystem there implements smart house card as well.
They themselves is actually a small ecosystem, right? So there's so many out there.
I I don't, even though I work on on this issue for almost three years, I didn't, I don't, I don't think I know everyone who was out there. So the and and and and the really, what we really saw during covid is more and more kind of emerging every, pretty much every single week and every single day, but really keeping track of them.
So until like really mid 2021, like the, the, the community that I work with really realize what, what we can't stop people from com, you know, having their own, like having their own policies, having starting their own ecosystem is really to think about how to bring these ecosystems together that are, are, are really big problem, we're gonna become bigger and bigger. So one, one of like our biggest takeaway, just really looking at what, what like from a problem space point of view is really the goal we're trying to achieve is what I call here like semantic interoperability.
It's really how an credential from one ecosystem when an enter another ecosystem can be, can be interpreted like, you know, in a meaningful way. So that's kind of like the end goal, like semantic interoperability. So what I have worked on a lot, especially in early on, like in in the covid world, is really how like the, the technical standard that enable, that enable like interop, like the technical standard that will enable part of the interoperability, like the data models, writing what kind of format you're using, the schema and the signatures. These are all very, very important work.
And I know there are a lot of, like others who are in the community have been very, very involved in the technical interoperability part of work.
But what we're kind of missing and also still missing you no matter which kind of like space or looking at this education, we're in a house where other spaces is really how we don't have like in a good mechanism to really help like ecosystem or how, how whoever need to verify credentials to, to discover who is out there and as they more and more kind of emergent and also especially as technology, in technology for issuing and verifying and holding credentials becoming like cheaper and also like more mature, right?
Like more and more will definitely come and, you know, be and form their own digital ecosystem. But how to find them is one thing. And second is how really, because they're all like using not all, like there a lot of 'em are using different stand technical standards, apply their policies, but there's not a lot of theirs because they're serving their own needs.
So, but really how to help each other find what under what rules a credentials issue or, and what rules data are being operated, right? These are the things that are like, there's no a good solution to it. So this is like really the discoverability and a trust interoperability that's kind of the emerging problem space we identified in 20, like mid 20, 21.
And we have been working, when I say we as a group of people who I, I worked with in the covid world and still working together to really try to help find kind of mechanism like define a new model that can actually address these, these two problems based.
And so before we, you know, we, we actually think about like a new solution or a new model, we really looked into like what, what has been in place and also what people like ecosystem have were doing to really kind of like to find kind like interoperable to interoperate with each other.
So one thing that was really is really, and that's what actually John also like kind of touched upon in slide, like bilateral relationships, right? So we, we saw a lot of that and in covid time really kind of mini like a country leveraging their diplomatic relationship to get in touch with o with another country's ministry of, of foreign affairs and which can actually direct them to ministry of health and to be able to have conversations of having, you know, potentially getting public keys, getting information about how a country, another country issue, credentials.
So those kind of bilateral conversations happen. And especially if a country at that point of time was not part of any kind of bigger ecosystem. And if imagine like how many like the, the, the ecosystem like are out there, right? It's so hard.
Like for, for anyone to really kind of negotiate that kind of relationship is pretty much like everyone like in the world has to do the same thing. It's really duplicate at first.
And I, and also the, that the outcome of it's also not ideal because a lot of the like the, the kind of like key sharing are kind of really manually being done and whenever there's updates and there, there are no way of really doing it in, in a scalable manner. So another way I think probably a lot of you're very, very familiar with is like the, our conventional centralized way of centralized federation is really you, we have a centralized federation services where like the, you know, the keys can be hosted other, you know, the metadata can be hosted revocation and in all the data, right?
Whoever our participating in that centralized service, they have to bring everything into that platform and which also like ended up for the users of it like to, to be, to to have to, you know, download everything into their own, onto their own kind of like backend server to be able to access it. So like the, I i, so as like the, the ecosystem, like the number of ecosystem keep growing probably, and it will be in an exponentially in manner. It's really hosting everything first.
Bringing everyone onto a centralized like service and hosting everything in a centralized way is gonna be really, it is not gonna be, be like the most efficient, also like, effective way of doing it. Especially if you think about like when a government entities or when a jurisdictions are involved, when they have their own regulations and their policies, their rules, it is really hard to kind of like ask everyone to follow like the same set of rules.
And that's, that's stuff that's already difficult like during covid time, but it will be more difficult, you know, when, because during covid time will people have to kind of like make way, make things work because there are a lot of kind of, there are emergency situation, but now that we're looking at long term, right? That doesn't sound ideal or even realistic for everyone in the world to be able to like, even in one industry to follow just one simple set of rules. So that's kind of like, there are a lot of challenges like to really do it in, in an old way.
So like our thinking kind of landed in, in what, what what I call decentralized federation. It's really like knowing that there's gonna be a growing number of ecosystem, right? How can we have a lightweight platform where we allow those ecosystem to actually share a minimum set of information, right?
It could be, you know, what, you know, what's, what's their name, right?
And what's, you know, what's what, you know, very simple information, a website and, and can and also can be like to be accept to to more their website and very, very basic information to who, you know, who are the responsible like person and also who are the who, what is the governance, right? What, what is the, you know, their technical policies, what is their like, you know, reg related regulatory policy.
But ideas really kind of defined a set of like an information that everyone needs to provide in order to participate in a, in a, in a platform and gather information vetted and, and as well as all like, so, and also instead of asking them to share all the, you know, their public keys where they all like metadata, where all the revocation data they can, we can enable them to really expose the endpoint to their existing system so they're able to so other, other, so like the, the users and engage with endpoint in a secure manner.
So at the end of the day, like we're not looking at a giant and centralized platform where everything's on that one platform. It's really, you can go on a platform is what we call actually is a trusted, secure yellow Pages, right? You can go on a platform and really find out who is out there and when you find out who is out there, you can also, you're sure this, you know, the the, the entity is being, being vetted. You can be sure that, you know, the information being provided is actually from that entity.
And also you have a mechanism, mechanism to be able to engage with, with their system directly through the endpoint rather than getting all the data from a centralized platform. So what the users will end up having is really like, you can decide, it's, the idea is like if you go on a platform every, we should trust everyone on the platform.
It's just really, you can go and find them and decide whether you wanna trust them. If you wanna trust them, 'em, you can add their them to their own list and you will be able to have to engage with them to kind of a mediator.
So like, it, it, it, it's definitely doing more than yellow page because like making sure that you're engaging with the entity, you think who they are and also having secure endpoints engage with, it's very, it's very important. So this is kind of the, and I also the idea of how only having sharing like a minimum set of information also endpoint on the platform doesn't affect what an ecosystem they're using from like what technology standards you're implementing, right? What policies you're following, because at the end of the day, it's for the users who evaluate whether they can trust or not.
So this is essentially what we call decentralized federation. And, and so, so this model, so this model can be done in so many, so many different ways.
So, but what we, we ended up doing is we started really trying, looking for, to building a build an infrastructure that can enable such interactions like decentralized, feder, federated interactions to happen on, on, on a, on a, on a platform. And, and we do have, we have built something and, and this is now a project at the, at UNDP called digital trust infrastructure for, for discovery and validation.
Given the limited of time, I'm not gonna go into dive into it, but what I want to highlight is, so we do, we, we, we didn't start from scratch, we leveraged a very, very good existing open source project called Train, which came out of the European self identity labs.
And, and, and the really good thing of it actually, it actually enables, like, you know, it, it's technology agnostic. It's based on existing technology, like really leveraging like DNS like domain name system and DNS stack, which whoever, which means whoever like already have a domain name.
And you should be able to kind of leverage our tools to build your infrastructure in a, on a DNS separate DNS zone to allow you to participate in a decentralized, federated platform. And I want the last thing, I I, you're gonna have the slide, so I'm gonna dive, I'm not gonna dive into this. So I wanna give you an idea like of the governance. So what I said earlier about really defining what really having a group of, of of stakeholders really come together and define that, that who can participate on a, on a decentralized federated platform.
And so what are the mini set minimum set of information to be, to share and to, and also endpoint to expose on a platform as well as how to do the vetting where all the governance pieces around this is, is only, I, I think I re I saw, I remember seeing a link in post yesterday, but also another John John's presentation at EIC is really talking about like it's decentralization is only getting more, getting things more complicated.
Yes.
And the government is definitely not the easiest piece, but we did a, a governance consultation with all the major covid participants like IKL, like A WHO, you are all in the room to really discussing what are the minimum set of governance questions we need to answer and provide some preliminary answers, which I shared the link to.
So lastly, what, what I'm gonna touch upon, like what, what, what the work I, you know, I'm, I've been working on pretty much what first is what we have been focusing on really anchoring like the, our UNDP projects to really help solve a real world problem, which is called the Global Digital House Certificate Network, now launched by WHO pretty much as a continuation of the covid work. And it has been doing, and also they took over the EU covid certificate system.
So we're really trying to leverage the infrastructure we have building leveraging train to really support a real world, real world infrastructure and real world network.
Another thing where we're, we're we're, we're focusing on is really because these existing systems have all built on different kind of trust registries, different kind of trust list.
So one of the things that we're, we're, we're gonna focus on in the next year or so is, is really understanding the existing trust registries and how our, how our platform can really kind of connect kind of similarly with the trust registries so that when you have endpoint, right, expose an endpoint, like one ecosystem can speak to another ecosystem in a secure manner. So these are the things like we, these, you know, I'm, I'm up to and I look forward to hearing it from more of you who are thinking about this problem and working on this problem.
Okay, thank you very much.
Thank you Lucy, for bringing that, these ideas to light for us, for bringing us along the journey for the beginning work that's being done and where it's going. We do have a question from the audience. Is there any relationship between this and open ID Federation or dicom?
Not directly.
So it's, it's pretty much like the last slides we, I shared. So we, we, we know that Open ID federation is, is now like really entering like the trust list, kind of trust registry space. So that's why I, I actually, I went to the John Bradley session and I to learn more about it where it's, the hope is really to making sure our technology can actually connect with all kind of trust registry registry out there.
Whether you are the com based, I'm not sure com is particularly for trust registry, but whether it, you know, whatever technology you are based, our goal is really trying to interate with that and, and because a lot of those already, you know, based on open standard, right? And up 80% of our work is also based on open standard at the, and the end of the day is how to kind of make like INTERATE with all these open technologies is one of 'em the top priorities we have at this point. And I do wanna add one thing, like our technology is only one way approaching it.
I believe there are so many other ways of approaching decentralized federation without using ours. I encourage you two to also look at that as well.
Thank you so much for that clarification and your work here. Thank you.
Thank you. Thanks everyone.