All right, so I think people have met me by now, I won't bore you. Can everybody just say a word about who you are, where you come from and what your relation is to the subject? Sure. No problem. Hi.
Rob Otto, EMEA Field CTO at Ping Identity. My relation to the subject, there we go, welcome, is that I absolutely love customer experience, I absolutely love CIAM, and really excited about the opportunities that we have through digital wallets, decentralized identity, to really improve that experience. Cool.
Hi, everyone. My name is Nick Lambert. I'm the CEO of Dock Labs. We've built and run a verifiable credential issuance and verification platform, and we work with customers in kind of KYC, background check, biometric space. Currently I've been in the identity space for about five years, but really interested in kind of privacy-focused technology solutions for about 10 years. Great. Hi. Nice to meet you all. My name is Satrik. I'm jointly with my sisters and my family, part of the cidaas team.
We are the leading European cloud identity and access management solution, mainly focusing on customer identity and access management. So we do everything around authentication, concept management, B2B delegation, as we've seen, and more. We'll have to share, sorry. Hello. I'm Roger. I'm one of the cofounders of VerID, and we are also champagne salesmen. We're outside with the champagne. And we are the integrator of all wallets as a SaaS solution for platforms that don't want to integrate and aggregate ID wallets and ID apps. Hello. My name is Nick Price. I am a travel technologist.
I've been working in travel for travel and hospitality for 25 years. I do that professionally in my spare time. I am the co-chair of the hospitality and travel special interest group at the Decentralized Identity Foundation, and it's the DIFF, H&T, SIG that I'm here to represent today. Fantastic. Thank you for doing all the introductions. We have multiply defined Nicks here, so I will have to be really clear. So please enter your questions into the app if you have any, and we'll try and get those. But I have some questions for you all.
The first one is identity verification has sort of come into the spotlight as really kind of a sore spot for IAM, for SIAM in recent times because of poor experiences. Tell me a little bit about how your perspective on identity verification, its importance, its uses, and what really has been going wrong today? All right. Let me start. So I think where we are with identity verification is that it tends to be a very high assurance way of onboarding and authenticating a user, but it also tends to be a very high friction way of doing so.
The complexities in the back end, I guess, around all of the things that you need to do around taking selfies and making sure that they're live and, you know, taking a picture of a passport or an ID document and making sure that the lighting is right and extracting all the right information, all of that, it's a pretty complicated process, and it's not a process that always translates well into a sort of a good and a quick user experience.
I think, and again, not to sort of jump too quickly to the conclusion here, but knowing what this panel is about, I think that one of the sort of real benefits we're hoping to get from using wallets is to really try and cut down on the number of times that users have to go through that very sort of frictionful process and being able to reuse that sort of level of KYC across different relying parties, across different verifiers.
I'd probably also add, like, from a, you know, that's true from a user perspective, but also from an organizational perspective, centrally holding all that data obviously is a challenge. You know, it's a honeypot for adversaries to come and obviously target and then sell, and of course there's all the compliance risk that comes with storing that centrally held data as well. So obviously GDPR in Europe and also CCPA in the U.S.,
and so all these companies that certainly we speak to are very, very keen to get that liability away, and again, like Rob was saying, potentially putting that over to the user is a win-win situation potentially, but again, I don't want to draw conclusions too early, but. I want to kind of just jump over to Nick Rice because you're in hospitality and coming to Europe it used to be you always have to show your passport, and I once spoke with a, you know, a large hotel customer who was stressing about how to store that passport information, so is that still a thing?
Yeah, it is still a thing, and there's many countries in Europe that do require passport validation or identity validation at point of entry. Very few do it, and even fewer do it well, and you know, sort of holding a passport at arm's length and just saying, yeah, you kind of look like that person over there, you're good to go is not good enough, and so it's a real risk, and certainly the technology in play here helps dramatically, promises a substantial improvement.
So maybe one of the sore spots of the current system is all of those service providers store the information that they're getting, and of course it's high quality, and that seems to be a risk.
Yeah, I think what we always miss, it's back to the user experience topic, we always think about how can we do the ID verification, what's the technical capabilities, but we also always need to focus on the business case, so if you take the hospitality, I maybe need to store the passport, but I might not need to show it while I check in, so if I do the online check-in earlier, the same is for a car rental, so if I do a car rental, why do I need to show the driver license, maybe when I just rent a car, maybe I booked it already and I can do it during the booking process, do the driver license check, so I think we often lack including the business case, and thereby we do the customer journey, or the user journey in general, not as good as it's possible.
I think that's one issue. All right, if no other thoughts on that, maybe we can just move to the next one, and everyone can certainly participate, you know, yeah, okay, go, go.
Yeah, sure, yeah, no, but this is a very interesting one, so there is legislation coming up in Europe that will not allow to keep a passport copy, and our company usually works for organizations that have to work in regulated markets, and I think tourism is going to be one of them, because even in tourism, there will be the cost of no compliance, and I think that wallets will help a lot in regulated markets to assure that you are compliant. Cool.
Yeah, I think it is not just the compliance, it's the fact that you come in with your passport, and then immediately after you scan it, the hotel says, have you ever stayed here before, and you stayed there 20 or 30 times, so hotels travel has a very, very, very large number of customers on file, and very, very, very low quality and actionable customer information. So this reusability, and Rob, you went there, you brought it up first, is it seems like it's more pointed and more valuable for any kind of verification, onboarding, registration than for routine authentication?
Is that, could that be true? Yeah, and I mean, I think at the risk of being sort of slightly controversial to the others on the panel here, when we start to talk about decentralized, we start to talk about wallet-based credentials, I always shy away from the privacy argument as the reason for doing it.
Now, I understand that there are governments that legislate for privacy, and I think that's probably a good thing for governments to be doing. And to consumers, very few of them actually care about it, right? I think from the perspective of consumers, what they really want is that value exchange in terms of when I give you data, do something useful with it, exactly as you said, and use it as a way to improve my experience.
And this is the thing that I find really exciting about this, because you don't need decentralized identity to figure out that you're coming to the same hotel for the 30th time, you just need to have a system that's not stupid, right? But all of the obstacles to getting that good quality customer data on board, the obstacles to customers wanting to provide that, or finding an easy way to provide that, I think is what's actually stopping people giving them that good experience.
So 15 years ago, 20 years ago, it was common to put on a slide, well, people are filling out this web form, and that's kind of a pain, and that's why we need federation. Where are we at now, and what does the new solution look like?
Yeah, I mean, I think, to Rob's point as well, I think that privacy is something that people often say they do care about, but then the practicality is that they'll only do it if it's really uber convenient for them to do. So even like using another web browser or something, it seems to be too troublesome. But I think you can still provide that privacy. I genuinely do think people want it, but I think it's incumbent upon us to package it in such a way where they do get that privacy, and also they can provide that control.
Because really, they do want the control, and we've talked about that today. If you're providing information to hiring a car or checking into a hotel, you only want to provide them with the information that they require to get through that process. So I maybe slightly disagree with Rob on the privacy thing, but I gave you some contentious stuff, so I know you're looking for that.
Yeah, I would say in particular in that aspect, that's in particular the point. So the hotel or the car provider needs to know the user is verified or have the verification status, but it doesn't need to keep the copy of the passport or anything, because it just has the need to have a trusted source to know, okay, this is a verified user, the driver license check is verified, the age check, whatever is required is checked, but I do not need to know all the details of the passport. I don't need to have a copy of the passport or the video data or whatever is utilized.
I just need to have the status or as part of the user data, the status and some more details maybe on that. Any thoughts there? Yeah. Yeah.
I mean, it's a little bit, it's two worlds. So you have the regulatory part that says you need to do this, and then you have the marketing part. And one of them is something that you need to do, and of course in both needs to give consent and digital wallets are very good in three things, authentication, disclosures and digital signatures. And that's the good part, that you can have one flow where you can do everything. But then there's always a second part, and the second part is marketing. And that's about exactly what you said, like, oh, yeah, but is there somebody coming to the hotel?
And you can tell them, oh, well, you're a valued customer and you've been in 30 times. But in very a lot of cases, it's just not necessary to, it's necessary to do data minimization. So this is always the tension.
Yeah, but it's more than just passports, right? It's more than just ID. Travel is not about just the transaction or just the crossing border. It's about this is me, this is what I want, this is who I am. So I'm a vegetarian, I like a high floor, I want an aisle seat, I don't eat meat, I, my favorite color is whatever, you know, this is what actually makes travel and hospitality work and what it is. And we need that information, the customer, the traveler wants to give us that information, but they don't have the tools to do it.
Sorry, if I can, can I just add one thing to that, right, which I feel very strongly about, right? I travel a lot as well. There are days when I walk through the airport and I'm feeling on top of the world and I want to high five everybody I walk past and be the most outgoing extroverted person in the world. There are other days where somebody comes near me, I'm going to kill them, right? I want to be able to signal that.
I want, I want the check-in staff to know that this is how I'm feeling today and I don't actually want you to agree. Exactly. I'm imagining a credential that says, you know, introvert or extrovert right now. It's kind of what would be useful. We're going to run out of time here.
Are there, are there questions from the audience? Yes. Yay. Awesome. Bring them up. And actually, yeah, there was a question that came in that was fitting just perfectly with the direction this conversation was going and I thought I'd ask on behalf of one of our audience members, all identity apps have different credentials. How do I know what credentials to use for my SIAM use case fitting in here? How can I signal this exactly? Is it only determined by the organization? Can it come from the other side in all of these different permutations?
I wonder if they need to define credential because, you know, in the before time credential usually meant your authentication credential that was associated with an account. And in the decentralized world, a credential takes on a kind of a new meaning, which you guys can certainly elucidate on. And in travel and hospitality, they might be self-attested and they most likely will be for a lot of the valuable information that makes travel work. And I was going to say, you know, certainly travel and hospitality and many of us have traveled here.
We, we're frequent travelers. We understand all of your modalities that you've got, Rob. But like retail writ large and actually any kind of consumer interaction with services out there. It's full of instances where we want to be known well enough to get what we want when we're in a good enough mood for it, it seems.
So yeah, we want that meta credential that's like, stay away from me, I'm toxic right now. So like, are there examples in the world today of where the decentralized model is sort of being deployed and being used? What I'm just trying to say is, are we only talking about travel?
Well, no, no, no. It's funny. We've gone down a travel track, which is very evocative, but no, no, any, any vertical will do. I was just thinking, yeah, there's one, like in Siam's case, just because of, you can tell from accent, I'm from Scotland. So there's actually a large Siam specialist in Edinburgh called Condatus, I actually think they're speaking tomorrow and they actually have this in practice. So they're basically eating their own dog food. And so they have adapted and started using credentials to enable staff to actually enter their offices using these credentials.
I'm guessing they're just using an app on their phone to create a QR code and scanning in. And they're also using that same technology to be able to access systems remotely and to enable their teams to track their movement through their systems. So there are examples of this, but I would say they're scant because there's lots of, like we talked about, and Rob mentioned at the start, there are problems with integrating this technology with legacy systems. So these are not like, from what I can see, commonly spread. So there are a few examples, but not many.
What we do as a company is that we connect decentralized identity to open ID and zero protocols, which most every system can talk to. So we solved that chicken and egg problem with decentralized identity and legacy systems. In Holland, we have quite a mature decentralized identity ecosystem where banks and even municipalities, you can use decentralized identity for authentication. You can use it to do on board, from businesses to accountants to insurance companies where you can ask for your insurance history. In Holland, it's already on the way.
And I think that it depends really on different use cases. So while in certain use cases, it's already quite spread, in other use cases, it's still difficult. I think that's an issue what the consumers face. They don't know what to use. So it's basically the same issue what we have today. So if they sign up to the onboarding themselves, it's easy, but which wallet is it what I should use? Do I have 10, 20, 30 wallets finally on my smartphone? So that's hard for the consumers to download the wallet just for one use case and another one for another use case.
So I think that's something which needs to emerge in the next years, that there are really bigger use cases emerging. So just because we have one minute left, maybe just a quick summary there about, you know, there's legacy and then there's kind of a proliferation of the newer tools that need to work together, and we're not sure how yet.
And Rob, I'll give you... No, sorry. In Holland, we solved that by putting a service provider between wallets and platforms. That has a multi-wallet selector and multi-credential selector. Okay. Sort of a broker approach. Yeah. Yeah. That's the approach we have now in the Netherlands. Okay. Good to know.
Rob, any questions, comments here? I mean, to scale that up a little bit, there are others who have solved it too. What I would say is, you know, let's always focus on the simplicity of the user experience. Let's make sure that we bring users along with us as we do these things. And I think evolution rather than revolution, it's going to be a journey towards a world where maybe everything one day is decentralized and wallet-based. But we've got to start somewhere, and we've got to get the cars on the road towards that destination. Okay. Three words from anybody for lightning round. Go for it.
Practical experience, megaproject, Middle East, building a seamless travel, business, decentralized identity, journey for the visitor across multiple dissimilar travel providers, airport, airline, ground transport, hotels, down into the tourism and experience world and back again. Okay. Can I ask a question? I still have 50 bottles of champagne I have to finish in two hours. You're more than welcome to talk about what we do in a few minutes.
I would say that to finally sum it up, user experience is one of the key things we need to convince the consumers, because only if they join us in that journey, it will work. If we decide ourselves what we want to do and no one uses it, it will not be. Yeah. And final point for me, I think it was mentioned a couple times yesterday, is it needs to be the user experience needs to be at least as good as or better than what people have today. And if it's not, like, it's not going to be adopted. So that has to be the focus. Yeah.
Andy Tobin was saying, you know, it has to be he saw Apple and Google interoperating. It has to be better than that. That's a big challenge. UX is king. Yeah. I'm hearing you clearly. Thank you all. Thank you.
