KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
This Panel Session will discuss approaches to “reusable identity”, the catchphrase for streamlining onboarding, using Decentralized Identity standards. Discussion will cover the goals and requirements, production deployments, and work in the OASIS “Lightweight Verifiable Credential Schema and Process” Technical Committee to develop common schemas.
This Panel Session will discuss approaches to “reusable identity”, the catchphrase for streamlining onboarding, using Decentralized Identity standards. Discussion will cover the goals and requirements, production deployments, and work in the OASIS “Lightweight Verifiable Credential Schema and Process” Technical Committee to develop common schemas.
The topic today. Reusable identity and bootstrapping decentralized identity ecosystems. So self-sovereign identity. Reusable identity, decentralized identity. Maybe we should start first by saying what we're talking about. So tell us about Hi Riley. Welcome. We have Riley, he's in the Kit Kat room. Can you hear my, can you hear me? Yes. Yes. Thank you for joining us. So we actually just started and I wanted to tee up the discussion by saying, you know, the title relates to reusable identity and bootstrapping decentralized identity ecosystems. We wanted to start by asking what is this?
What is reusable identity and how does it relate to the other terms that we're using here? And I'll actually start with ri. Can We? Sure.
Well, thanks a lot for having me. Oh, wish I could be there in person with everybody.
Oh, We're inter Oh, hi everyone. Hi. Nice to meet you. I'm Kim Hamilton Duffy, executive director of Decentralized Identity Foundation. And actually first we should go around and ask the panelists to introduce themselves.
Sam, Sam Kern. I am an architect and a deputy CTO with in dio O. Yeah. So this is Abby and I have two hats closer.
Yeah, you got closer. So I Have two hats today. It's the Account Identity Association plus the Oasis Identity Trust Member section And ri Oh yeah, I think it was Adjusted back. Do it again. Yeah. So this is Abby with Two Hats. Today I am with the Accountable Digital Identity Association and OS Identity Trust Member section. And Riley, over to you. Hey everybody, I'm ri, I'm Co-founder and CEO of Irin. Great. Thank you. And welcome everyone.
So okay, after much delay and I apologize for that. So we do wanna start by talking about what is reusable identities or a common consensus around what this is? Is it a vibe ri, why don't you get us kicked off?
Yeah, I think reusable identity is a conceptual term to talk about the value proposition that a lot of folks see in things like decentralized identity, which I view as more of a technology term. So reusable identity is just the idea that I can have some persistent representation of my identity that I can use in multiple places, which is portable and controlled by me. Great.
Sam, can you, do you have anything to add to that? No, that's Pretty good. I think the, there's some terms associated KYC is a, is the know your customer process. Everyone desires to lower KYC, cost and friction. And so this is one of those applications where reusable Identity has an obvious application, Agree and concept about the definition. The still not talking, I feel, I feel some discrimination guys, Not exactly sure what you're doing with these, these, these microphones, you put 'em into the head that they stop working.
It's the fact, the fact We need accountability and this is why the name and the idea. So we agree on what reusability mean. The $64 million question is how, so you cannot just take a credential and use it or you cannot just take some a searching from a wallet that this is Abby. The question become, how can you prove that Abby is the presenter of this credential And if this credential issued to me by some entity that I do trust, and this is where idea come to the equation. So provide the framework between regions. So it's basically we follow like what the DNS system is. It's system of systems.
Your identity is uniquely resolvable within a system with a given assurance level across the whole participants in the ecosystem. The issuer is onboarded, the user is onboarded and we provide an overlay that do all the stuff that John, where is John that John run away that talk about, okay, someone need to do translation and someone need to do resolution and including protocol and, and data. So what this led us to, to the work that we're doing in Oasis, it's like at the end of the day there should be a core enable of credential with a non schema and non assurance level.
And this is needed at least at the core minimum to bootstrap why we need to do that. Because the verifier need to know before the transaction start, if you want to go with some entity that I have all the attributes to create an account for you or not, if not this, it's gonna lead into into conflict. Thank you. Abby. And I did wanna spend a little more time on the sort of problem or what is reusable identity and talking about in fact why it's valuable. I wanted to call attention to Abby's recording is not showing on the video, so I'm just kidding to the microphone. I had this, no. Okay.
So yeah, well let's just sticking a little bit more on reusable identity. Why is it valuable in, where are you seeing it used? And I'm gonna go back to you ri So yes, reusable identity, what's the value? Where are you seeing it play out in Irin?
Yeah, as Irin, just background for people who don't know Irin is, has for, has been around for five years and for four of those years we are really a general purpose platform for verifiable credentials which people would use for reusable identities of, of various kinds, right? Physician's licenses, education credentials and so forth. And the place where we saw the most reusability, the most sort of consistency in terms of the adoption was in just a basic identity credential, right?
So sort of identity verification that was completed and instead of taking the result of the identity verification and throwing it away or, or just keeping it in your own database, you allow the user to take control of the results of the identity verification. And as Abby said, you, you know, there's some, you, you know, you associate it with some way for them to prove that it's really them when they're representing it and things like that.
And then, so anyway, that, that's the number one place where we see reusable identity right now is basically substitute for identity verification. Interesting.
Sam, are you seeing, is that resonate? Are you seeing use cases like that others?
It does, but I wanna talk about why, why it's useful and specifically why decentralized identity plays a role here. The, the general model of sort of und decentralized identity, if you will, centralized identity is that you often trust the data because of where it came from. Meaning a relying party will get it directly from the, you know, from the source of the data and that's why they trust it. The use of verifiable credentials makes that trust portable. And so the source of the data can issue a signed verifiable credential to the, to the individual.
The individual can then present it and the data can still be trusted because of the signature validation and of course checking the issuer and all the stuff that John was talking about. But that makes the, the trusted data portable in a way that we haven't really had in an organized way before. There's other methods that have done it, but this is sort of the largest, most recent effort to, to make that occur. And that's why it's valuable is that it changes how the information flows in a way that makes it very regulation compliant.
You require consent from the user for their information to be passed. If you provide them the information and then they provide it to, you know, the party that wants it, then they are by their action supplying the consent for their information to be provided. So it makes it architectural and automatic to be compliant with regulation, which is very useful. And from a privacy perspective, lots of companies are realizing they don't wanna hold onto everyone's data and there's a liability there.
And so it's the architecture of how that works that makes this particularly useful in decentralized identity through verifiable credentials. Yeah, so a little bit of agreement and disagreement. Okay.
So the agreement is on the way the convenience of sharing data and how you change the trust, but the good benefit will come from, at least for KYC is where you as a relying party or verifier where you go to get the data about the user today because you want to reduce the friction with the consumer, you end to go to a third party data aggregators, which means that data is conducted behind the consumer and not the consumer is not involved.
So if you come in with one least common benefit is the user presenting the data they have control now on their data as opposed to filling or trying to take a test and exam about data collected behind their back because they were profiled and this changed the, the, the name by the, the game because now you have more trusted data as a verifier, number one. Number two, you can correct the data that's wrong about you.
And the older days you could not do that without big expense, you know, so if you had identity theft in the other data days and you have to answer KBA questions, you have to answer the questions based on who stole your data because this is what's collected behind. And that One question I wanted to get to, 'cause it sounds like you two are violently agreeing and not disagreeing, so I was all the time I was hoping for a little controversy for a spicy panel. Just curious to just follow up on that. Are you seeing Sam, any any aspects of that that are, that I missed out on?
No, I think I agree, but you know, we have to, you know, yes, sometimes manufactured controversy is better than no controversy. Yeah. Okay. Excellent. So I think let's go next to, okay, so we talked about reusable identity and what, what are the benefits of it? And in Riley's case for example, it sounds really easy, right? So a verification event is happening and you're recording it and reusing it, but I imagine there's a lot more to it. What else is needed to get there?
Yeah, there, there's a lot I think, I think the answer is it depends on the context, right? And so you mentioned levels of assurance just a a minute ago, but, but I think that that's an important point is that, you know, businesses are always trying to find this balance between, you know, as Abby says, friction, right? And as Sam says fees and, and I'll add one more, which is fraud risk, right? Those are the three Fs we think about it.
Intrinsic fraud, friction fees associated with identity verification and you know, you can dial certain things up and down depending on your, you know, level of, depending on your requirements along those three dimensions. So things like, you know, other things like corroborating data with third party data sources like, like Abby alluded to, which is maybe not ideal for, for certain reasons, but is helpful for, for, for other reasons. Things like real time liveness verification and, and proof of human type of stuff, right?
And then associating it with some authentication that is suitable for the relying parties level of assurance, for example, from a mobile app or using PAs keys or something like that. Great.
Sam, what do you have to add? Let's go to the Abby first and then I'll follow Up.
Okay, that sounds great. Well I think for this work we should have proper ecosystem with the issuers get compensated and I think it's still missing out, you know, so an issuer is gonna assume liability is gonna do, so any deployment model should take into account that the issuer get compensated. And I don't think we have a solution for that today.
It's either the verifier has to pay the issuer or have a, a relationship between the, between them and the, and and the issuer, meaning quote unquote the choice on the holder, which is the user get minimal because, you know, so it's another way of controlling who get to be decent of gravity for this to work as decentralization, the consumer should have choice and the choice should be based on what transaction is done and what the context of the interaction should be and it should be separation. So this also apply to which wallet you want to use.
So you, you will have some wallet that hold some breather documents because you need high assurance type transaction, that's fine, but you can have also other wallets that allow you to be human meaning quote unquote. I don't want the other wallets to know. So I think this will be one thing that we need to really solve it and make sure there is an ecosystem for it.
Yeah, But, but just to to, to bring in maybe a question here, and I think there are situations where an issuer requires a compensation when you, when you issue something, which is for instance, based on a strong type of identity verification, but I also envision that we, when we have a huge amount of, of verifiable credentials, many of these are issued because someone wants to issue them. So may want to issue something that says Martin's working at co call analysts, so, and has a certain role. And so I I think yes, we are have use cases where it's super important to pay for that.
So to to to compensate for that. And others where, and I hopefully see that we probably have most we we won't do, won't need this, but where, where, where the issuer trust want to issue. Let me intercept for a second because we have a first in decentralized identity that we've made it this far and no one said the G word, which is governance. And we haven't talked about trust frameworks and I think the economic models are still evolving. I imagine that, you know, maybe before, well, so I would like to come back to what you're saying.
It is, it does get tied to governance. It's sort of what comes first.
It does, and I, and I don't disagree with the, with the, the, the fact that some ecosystems will need payment models to make them work. But I wanna highlight the fact that the thing that makes reusability work is that it's all under the reusability is understood within a context. I like to call that an ecosystem and I wanna highlight that some ecosystems are enormous. Abby is working on very large ecosystems and some of them are tiny, like a single company that's going to issue credentials to their employees.
And the the nature of the economic model depends substantially on, on the size and the nature of the ecosystem itself. The governance thing though, and I wanna be really specific since governance is used a lot to mean a lot of different things, is that an ecosystem has to have unambiguous declarations of which issuers should be trusted for which credentials and possibly also verifiers, although not required in order to sort of set the rules of the ecosystem, there's usually an ecosystem authority in existing ecosystems.
There's already an organization that should serve in that role because they're, they're the existing authority. And if they can express those opinions about who's authorized to do what, then all of the players in the ecosystem understand exactly how that works. Many ecosystems, particularly early ones, the main issuer of credentials in the ecosystem will be the authority and they state, you know, who's authorized to issue them and it will be the, you know, themselves more or less.
And then, and then who perhaps the authorized verifiers are, or what the schemas are, are, are in use for the different types of credentials. So a country that issues its own passports is an authority on who, or at least the offices within the government that are authorized to issue passports for that country as an example of what I mean by an ecosystem authority. And so that governance piece, the coordinating piece, so that everyone understands the rules of how that work is, is really incredibly important in, in every ecosystem of every size is going to need it.
Very large ones, very small ones to make that work. And if I can slide in one more comment and then I'll give Abby the mic.
The, the having published governance for ecosystems that are not intended to be closed and some are useful to be closed allows the ecosystem to expand in use. If it's, if it's possible to discover the governance that an ecosystem is running under, then you can validate according to the rules of that ecosystem in a really useful way.
And, and this allows someone to verify another ecosystem's, credentials or join, join that ecosystem as a verifier of those credentials in a really powerful way. And so this is a mechanism, I believe to not only make it run, but help it expand.
Yeah, I mean in general I agree. And then with it works, yeah, it works By The way then Mike Martin, every issuer will issue me a credential, but at the end of the day, like in my wallet, I have a few credit cards that I always use and some as a backup. So the value of the credential to the end user is determined by the whole ecosystem.
So, you know, if it's no value to me, you can issue me a credential and it stays, right? So the trick here is to enable the, the economics of issuing a credential where you have business model that come out out of it. And what this mean is like within category of what you want to do, like finance, healthcare, social, whatever, there will be different issuers that are trusted per the category of what need to be done because people aggregate. Okay.
And, you know, and this change, it's not fixed, you know. Fantastic. And actually I'm going to, so I enjoyed Martin's question and I also wanna leave some time for questions from the audience. So before we do that, I wanna just go around and see, ask for one last parting statement or anything that hasn't been addressed yet before we turn over to q and a and while the panelists think about theirs, I'll add mine. It's that reusable identity I think. Yeah.
Who, who knows exactly what it means yet, but I think part of where we're seeing the benefits of it and where it's catching on in financial use cases, travel, things like that, is that it's not necessarily meaning that the issuer is issuing a credential that the relying party uses in whole to take their word for it. It might just be about shaving off margins that at scale really add up. So that's what I wanna call out. I will turn to Riley to see if he has any closing thoughts.
I do, thank you so much. That was a good, great comment Kim. And I think, you know, if give governance is the thing that always, you know, needs to come up on a panel like this, I think that thing that we often don't talk about enough is product. So we talked about economic models, governance. I think the, the really, really important and missing conversation is product. As we looked at irin across our, you know, hundreds of companies that have, you know, used our platform to try to build something and tried to deduce what is the common denominator for the ones that succeed and get adoption.
The most predictable thing is not whether they have governance or whether they have business model or whether they have good technology or whether they have whatever, it's, it's product, it's building good product, it's building a product that the issuers want to use because it adds value to them. Maybe 'cause they're getting paid, maybe not. It's a product that's easy for consumers to adopt.
It's a product that integrates well with relying party's existing systems and it really, really, really all comes down to, well, I shouldn't say all, but, but I would say the, the largest determinant of the success of a reusable identity product or, or offering or ecosystem is really the quality of the product that is distributed into that ecosystem to enable the players. I love that in your, in general your passionate advocacy for the user and focus on that in really delivering value.
Sam, I wanna highlight that there's a lot of attention on very large identity efforts. The, the European digital wallet is one of them and there will be a lot of value provided by those, but they're unlikely to replace the value that you can gain in now by using verifiable credentials in your own ecosystems within companies or industry verticals or other things that happen there.
When the, when the, when the digital, you know, the national, the large projects, not just national but large project digital identities will help and particularly with onboarding, but it's unlikely to completely solve your problem. And my encouragement is to look now at the value you can get by using verifiable credentials and begin now and then add the value that comes when, when large scale identity projects bring additional credentials to the table because you're unlikely to see a full replacement of your business value by the national projects.
And so leverage the ecosystems you have now and get going and, and don't wait to, to, to, to reap the value that's, that's available. Yeah. So keep it simple, interoperable, do it one step at a time. You cannot do rep and replace. So this is complimentary and replacement and user interface is the key. If the user rejected it does not really matter what it solve. It has to work. The common user should be able to use that with no difficulty. Fantastic. Thank you to all the panelists and thank you everyone.
We do have a few minutes for audience questions and Martin or any remote attendee attendees. So I think we don't have remote yet, but I, we take, should we take this question down? Thanks very much everyone. Kim. I always find myself asking questions at your panels. I think that's a good sign. You've run very inspiring ones. I work at a company called Civic. We actually have almost the opposite trajectory to, to ride the intrinsic in that we've been working on reusable identity for something like eight years.
We found ourselves having to add some new strings to our bow in the last couple of years. And the main reason for that is that what we found is that relying parties tend to not want to experiment when it comes to KYC. They want to take an off the shelf solution, even if it's more expensive than a, an innovative one because they want to make sure that they're, they're regulation compliant, et cetera.
Qualified really quickly is that I'm an engineering, I'm not a sales and are experienced even then was, is a couple of years old on this and based in the US so I'd be interested to hear from the panel whether things have changed in the last few years and whether things like the, whether e IDAs and other kind of more self-sovereign facing regulations are making this now a more lucrative and potentially interesting area.
Great question, Abby or anyone who, Yeah, can I tell you from what we're seeing from side the appetite to experiment, it's getting there and the reason for that is the old out of the box solutions, they really do not work anymore. Account take offer becoming so sophisticated and the call center cost for most companies are high.
So, you know, I think the time is ripe, but you need to do it where it's easy. Not 180 degrees, you know, switch. But I think there is room for, for adoption, I think there's this high desire for someone else to solve their problem.
Like, you know, if, if government can come along with a magic paintbrush and just fix it and everyone says great, now I don't have to think about it. That's, there's this kind of desire and it's a little bit frustrating for people when they realize that that's likely not going to happen even with a very successful government project.
And, and I don't mean to, to knock the value that these large projects provide because they, they do, except that the, the great potential is so much larger than just what's focused on there that I, that I think people are there. So we have some customers that are stuck on that and we have some customers that have just decided to move way beyond and let it catch up.
And so we, we see a spectrum of of options there. Okay.
Yeah, I'll Phil, I I would say that, okay. Oh, sorry.
Yeah, I think we pick one more question, so be better have one answer on one question instead of losing questions. So Phil, yes. So Sam said, you know, I think there may be some value for payments within credential ecosystems, so I'm just curious what the panelists think payments, the lack of payments in current credential systems is doing to adoptability in and development of ecosystems. Okay.
Who, who off the panel wants to take the question? Riley.
Riley, okay. Is that you? Yeah. Okay.
Yeah, I, I tend to think Phil, that the it, it may hamper it at scale. I don't necessarily see the lack of good interoperability between all the verifiable credential space or whatever being a blocker to creating initial ecosystems that that like the ones that Sam is talking about.
And the, I would say the same thing about payments, right? I think within those initially sort of constrained ecosystems, the providers of the software and the product to those ecosystems generally step in to solve that somehow. Some use crypto, some use just whatever stripe stripes API. But I think that's totally doable for now.
I think when you start to think about like fully decentralized, fully transitive trust, I show up, you know, in Japan with my credential from Germany and it's like I expect it to work and the payment to just work, then you'll need something that is much more scalable like interoperable payment associated with interoperable credentials. Okay, great Perspective. So thank you very much. I think we are running a bit out of time now. Thank you very much. To the panelists, raise your hands.