Your
Show. Excellent.
Thank you, Martin. It's very good to be here. I think this is my fourth or fifth year and great to see many of the familiar faces and catch up with you. So this is, you know, you notice I change the title, trying to set an example by leading by scenarios, as opposed to tech two technologies coming together. Right. Blockchain. I think we were just joking over there. When you say blockchain and identity, there's, there's many things that we can dream about. So trying to lead by scenarios over here, trying to lead by customer pain points and calling it decentralized identity, right?
And this is not a new topic to most of you, right? I've been here a few years and I know we've been talking about it for at least three, four years right now, very, very, you know, pleased to see the audience in the work group yesterday.
I think we had close to maybe 150, 200 people in the room. It was a room full, right. Which is awesome. Shows that it's no longer a hype still not mature yet, but I think there's, there's getting some traction. So what I wanna do in this session is to, you know, as technologists, we tend to chase after shiny objects, right? Okay.
Blockchain identity or decentralized identity or AI. And we talk about it and we run to the next shiny object today. Wanna do is, you know, yes, we have been talking about it, reflect back on it in a true agile spirit to say, we have experimented with it. We have worked with clients. Let me come back and report to you to see how we can take that feedback and continue to mature this technology.
So with that in mind, my goal is to share some of the scenarios and adoption patterns that we've seen with the hope that some of you would also be encouraged by that and, and start to mature the standards and this technology so quickly talking about the context here, most of you may not be familiar with this, right?
So what's a problem, basically three things, right? Number one is, you know, both from a user perspective, as well as the organizations. First one is a security aspect, right?
The fact that, you know, 80 million IDs have been compromised and you're sitting there helplessly, it's, it's an issue both from a consumer site, as well as from an organization site, right. It's not nice to see their name in their headlines. The second thing is there's a lot of lack of control of the identity information, right? How I want to use the information, you know, I just wanna go have a beer after this. Right. I don't need to show everything about me, where I live my date of birth and address.
And, and, and all I need to show is I'm drinking age, right? So that, that information is, is something from a consumer perspective. They're right. But at the, from an organization perspective, they have to spend money to demonstrate compliance.
And, and, and then the, the third aspect is the,
The, the way that, you know, we, we, we have a centralized mechanism of doing things, right. That causes us to be a one sided equation between the experience, the experience of the end user. We talk about multiple passwords and it's a norm, but I think as a generation is getting more and more impatient, I couldn't find a better word, right? They want faster results. They want to be able to use technology. They want a more personalized experience.
And, and we can keep going back to passwords as the only way, right? So these are the three reasons I see.
And, and the solution is, is what we call decentralized identity. And the idea here is to replicate some of the things that we do as best as possible in the physical world. I live in the us, you know, when I want to come to Germany, I pick up my passport and I, I, I come in and I spend literally like less than five minutes, assuming that I get through the line quickly at the immigration.
And based on the fact that they're looking at some claims in my passport, they're allowing me into, into Germany, right? There's not my ID per se. Pre-provision.
I think we wanna provide that same experience in the digital world where the idea idea is to move the identity to the end points to users and devices and applications. So they are in control of their own information. And then based on where they're going, how they're going, they can assert the right level of information, right. Using the principles of what we call self-sovereign identity.
Now, if you do this, I think we solve the three problems we are talking about, right. Users will have better experience, right? They are in more control of their data and there's better security. And that results in cost savings, risk savings, more business opportunities for the organizations, as well as having a, a mechanism to focus on their own business.
So let's, let's take a quick look at the, you know, how does this work at a very high level?
And, and I know there's a lot of math behind us, but I'm trying to hide the math on purpose at the lowest level. What we are trying to do is, you know, we have the concept of decentralized identity is I go and create my own, you know, digital identity, you know, how it's created with a dead, that's a math part, but there's a public portion of it, which is stored in a public ledger.
And, and there's bound to be number of such public ledgers. There's not any personal information shared over here. So the idea over here is the end user can create their own identity, get some claims and go and assert that claim to a service provider or a relying party. And the relying party may have a similar relationship with the ledger and they can validate the, the claims through some cryptographic mechanisms, right? So the relationships peer to peer, as opposed to everybody going to a server and the server asserting identity to a different server.
So at the root of this, at the bottom of this is a set of public ledgers. And, and these could be, you know, open ledgers to proprietary ledgers, to commercial ledgers, to government ledgers, to, and Countrywide ledgers, using variety of different technologies.
Once we have that ledger, right, we need to then create that peer to peer network. We need to figure out how to talk to between different ledgers, right? I may have an identity in the us, but I may want to conduct business in India or China. I don't wanna go create an identity.
There, there needs to be a mechanism for me to talk to my, you know, relying party in a peer-to-peer manner. So these protocols think of them as creating a pipe, right, creating a pipe between the user and the service provider.
Now, once you create a pipe, you gotta put something in that pipe, right? You can put oil, gas, water, what have you, right in the physical world, in a digital world, it's a credentials, it's a verifiable credentials, so that we can now start flowing information in a, in a secure manner so that I can go and go to a bar and say like, you know, trust me, I am, or the drinking age, so that I can go get a beer, right. And there could be different types of claims.
Now all of this is a lot of technology, so, and different parties coming together. So we need to think about mechanisms to govern that.
And that's where the governance layer comes in. And then top of that, you know, are the applications. So it's a very simplified stack that most of the people who are working in this area of decentralized identity is aware of this stack in one way, shape or form, right. We think of this as a reference architecture. And the way to make all of this work is no magic, right?
It, it, it has to be through a, a number of standards coming together. And, and the adoption of this is based on the maturity of these standards, the faster these standards mature, the faster we can get to some level of decentralized identity.
And, and right now, I think, you know, we have standard, we have standards for every part, there's some gaps for sure, but we are continuing to mature the standards of how we issue the ID. How do you represent a digital ID? How do you represent a verifiable claim? How do you find out that if I'm in India versus China, how do I get back to my mothership? Right? How do I go and do cryptography in a, in a decentralized world, these are all the different standards that are emerging, and you can see some of the open standards, and that's the only way to be successful over here.
So enough of context, right? That's a context of, what's the problem? What are we trying to do? How does it work and, and what needs to be a success criteria for this to come together?
The only talk of blockchain is okay, the ledgers, you saw the ledgers at the bottom of that reference architecture. There can be many, many, many technologies of how that ledger can be created. Blockchain lends itself to be a technology that helps in many ways, it can help with the, the cryptography. It can help with the decentralized nature of blockchain.
It can help with not having like a single entity with all the information in there. It helps with the immutability of it. It helps with the privacy of it. So there's a number of reasons why people are gravitating toward that to help accelerate this concept. Right? You can do these with other mechanisms, but blockchain helps in certain ways with these principles.
So with that context, I'm in a unique position, like working for a company like IBM, I've got the privilege of seeing many, many different types of clients engaged with us at a large scale, right.
You know, working with MES and, and the whole shipping industry of how can we change the shipping industry. Right. I think the last time where there was a huge revolution of the shipping industry is when goods where transported is, is individual entities and tomatoes and potatoes and eggs were all put together. And the cost of shipping was quite a bit. And then they came the containers so that it helped revolution as to a certain extent, this is a similar sort of revolution that's going on over there in terms of how do you keep the supply chain working together?
We see the food network from Walmart in the us dealing with, you know, how do you provide food safety, right.
So pretty unique opportunity. And I'm fairly privileged to start stepping back and trying to look at patterns, right? The three things that I see that is exciting, the are clients, number one, it's an opportunity to go and improve the digital experience of many, many business transformations. How do you engage with the millennial generation? How do you engage with the X generation? How do you go make it very personalized, right?
How do you alleviate the need for passwords and, and go toward passwordless journey? Second is we see is compliance.
You know, whether it's GDPR in, in this neck of the world was the CCA. I mean, California privacy law in, in the us, or Kave Kaka in Turkey, every organization, and every region has some sort of a regulatory body that is forcing us to do certain ways, right? This helps us address that by keeping the control back to the end user and, and being able to only share what they want.
You can, you can restrict, or you can alleviate the need for things like right to forget, right. Or having more data than necessary that in case of a breach now of a sudden you have to demonstrate compliance, but it helps in some of those use cases. The third thing is governance, right?
We have a, in a unique opportunity, right? Remember the governance aspect in the reference architecture that governance can be carried over to other types of governance, where we get multiple entities to work together on a common problem, like KYC, right. Multiple banks working together, to be able to say, yep, I'm gonna expedite the transaction for this client or AML. Right. Other types of use cases.
So let's get a little bit more specific, right? So there's four key client use cases that I wanna share with you. Right?
Number one is around the network aspect, working with the healthcare and insurance, and apart from the food safety and the shipping, right? This is a common problem where there's a lot of networks. If you look at the healthcare, we've got the, you know, you've got the hospital network, you've got the insurance network, the claims processing, and me as a patient, don't have a very good experience in trying to go and get medical care, right. There's not a centralized way to share information for a variety of reasons.
So the industry is shaping up in terms of, you know, how can I go get an MRI and be able to share that information with a doctor so that I can go and get treatment and get a pharmacy to work with it, have an insurance process. It seamlessly without having to have a one to one relationship each and every network, right? That's a really cool way of modernizing the healthcare, modernizing the insurance, modernizing anything which is network effect. The second use case is around, you know, K YC and a L we just talked about it a couple of minutes ago, right?
We see a number of financial institutions trying to simplify the process of KYC. And I've seen some hideous processes taking close to 14 documents, validation at points, right. To demonstrate KYC and imagine the poor
Client or poor consumer having to do that with multiple, you know, banks or financial institutions. Right. Instead I think, you know, decentralized identities helping in terms of digital notary.
You know, I take a look at somebody's ID. Yes. I attest that I've done it, put a notary on it. And then that helps in taking that claims to somebody else.
So as, and when an information is processed, I get a verifiable claim that I can take it to someplace else and build on top of it versus having to have a central way of managing document validation that is expediting transaction processing in the financial institutions.
The third one is in the education, right?
This is, this is something which started with the IBM. Actually we use something called a claim, right? So as we go through education process, we get what we call badges, right? The fact that I went through a security and privacy course badge, right.
And, and the idea was, you know, as we partner with universities, as we partner with other institutions, how can we grow that to something bigger? So that education stays with the consumer or the student revolutionizing the education where students may want to consume in any way, shape or form. I may want to take a class at IBM, or I may want to supplement that with the university and pull that together to enhance my knowledge versus a structured, you know, master of engineering or master of science or PhD, or what have you, right.
How do you, how do you basically keep the learning lifelong and with, with the individual? And that's how MIT started this with verifiable claims for the transcripts that you can use with other institutions. The last one is, is a little bit of a low hanging fruit. Most of the clients that I engage with follower here, they're basically saying, okay, this is cool technology.
How do I use
Self strong identity principles to basically make the registration and authentication simple from a business perspective, it is awesome because they don't have to go through the process of registration and create more and more IDs and clean up the repositories after some time. Right? So instead, you're basically able to pull it all together in a manner that you can consume identities from different sources and trust them based on their value.
Based on the verifiable credentials in, in, in, in the tokens,
A good example is something close to close to my heart, which is the, a use case from a public safety department in the United States, state government. Most of you, some of you are from the us. Some of you are not, but there's a constant medical emergency, some sort of a state of emergency at schools, whether it's health related, whether it's offense related, that requires some sort of a professional help, and sometimes bad things happen because professional help and first responders can come to the school quickly.
And E even if they come, they're not able to get to the right door or the right place because they don't have access in the school system. So this state government created a system to be able to consume verifiable credentials that they issue to all the first responders in this state, to be able to use that wherever they're close to school, to basically respond quickly and, and help support a situation.
So the idea would be that instead of having the school to go and create access to all the blueprints, you know, the, the first responders are getting access, you know, on demand and for that specific use.
So the last point I wanna make over here is that now, where does this put us for all the enterprises, right. Existing identity and access management system, doesn't go away. Right? So access management system privilege access, you know, whether it's on-prem cloud, all of that is, is still relevant.
But as you are embarking on your passwordless journey from, you know, your QR code to push notification auto band authentication to 5 0 2, where you're now moving the credential from a central place to a token in Fido with decentralized, you're moving it all the way to the end user. So in case something bad happens, maybe one or two users would be impacted versus whole 80 to 70 million users. Right. That's the way to think about it as you're experimenting in that.
So I wanna end with a quick 32nd summary of, you know, number one, right.
You know, yes, we have seen a lot of scenarios and there's an opportunity for maturity, but I think we need to start with what your use cases are and start to embark on this journey, because it's not a product out there that you can go and say, let me get a piece of it, right? It's a, it's a philosophy that you need to adopt to help your business. And then as you adopt more standards, extend your IM you can get the benefits. Thank you.
Thank you very much. It was a very insightful presentation.
And I think it, it puts together a lot of things we discussed over the first one and a half days of this or two days of this conference. And I think it's very interesting also to see that large organizations, very large vendors are going down at path, because this is always what is important to add to the momentum of such initiative. So thank you for your insight, a pleasure to have you here as thank you every year, and let's directly move to our next.