The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back


W3C CCG Weekly Teleconference

Transcript for 2023-06-27

Our Robot Overlords are scribing.
Harrison_Tang: Hi everyone so welcome to this week's w3c ccg credentials communities group meeting so this week we have a little special session we invited filled with only one of the SSI Pioneers to discuss his new book learning digital identity this session is Taylor for the general audience usually talk about a little bit more technical stuff so so this session is a little bit different and.
Harrison_Tang: actually had the opportunity to provide.
Harrison_Tang: From people to learn more about sobriety and decentralized identity space so so that's that's our fun but before we get to the main agenda I just want to go over some admin stuff first of all just want to remind everyone about the code of ethics and professional conduct reminder more or less just one make sure that we make respectful comments and acknowledge each other's opinions.
Harrison_Tang: a quick I keynote anyone can participate.
Harrison_Tang: Overall substantive contributions to the ccg work items must be members of the CCT with for IP our agreement sign know make sure you have the w3c account and you encounter any issues just let any of the co-chairs now.
Harrison_Tang: And minutes are being recorded we will we have the ultimate risk Riker and the minutes are automatically published in a day or two we use GT chat to skew speakers during the call and you can type in Cube plus to add yourself to the queue or q- to remove it.
Harrison_Tang: All right let's get to that introductions and reintroductions if anyone is new to the community or want to re-engage the with the community please feel free to unmute and introduce yourself.
Harrison_Tang: We have a lot of new folks today so you know hopefully you have the chance to if you like the content today and also are interested in the decentralized alcibiades space hopefully you can rejoin us on Tuesday 9:00 a.m. Pacific time and 12 p.m. eastern time.
Harrison_Tang: All right let's get to the announcements and reminders any announcement and reminders that people want to share.
<manu_sporny> Selective Disclosure for Data Integrity:
Manu Sporny: Yeah I just a quick note about an email that went out to the credentials community group earlier today it's about the selective disclosure for w3c data Integrity so a month or so ago we talked about selective disclosure for data Integrity so there was a post that went out around this new selective disclosure may occur.
Manu Sporny: ISM for data integrity.
Manu Sporny: Three along with a slide deck so that first link has a slide deck to what we're talking about fundamentally what this technology allows someone to do is they allow the individual using a data Integrity cryptography sweet to only show some parts of a document that they have so like if you have for example a driver's license it would allow you to only show your ZIP code.
Manu Sporny: Code or only.
Manu Sporny: Share your last name or something like that so the there are two current there's there's a mechanism called BBS which is a selective disclosure mechanism that does unlikable signatures that the be cwg has in scope but one of the concerns there is that it is not a nist compliant selective disclosure scheme meaning that you know Federal governments.
Manu Sporny: It's state governments National.
Manu Sporny: Large organizations like to see nist support So this thing The Selective disclosure mechanism called ecdsa SD has been put forward as a full solution with you know a slide deck talking about it there's some upcoming pull requests to the verify credentials working group specifications that might included but before we do that we want to make sure that.
Manu Sporny: Addict support people anything yet people.
<manu_sporny> Request for support for Selective Disclosure: https://lists.w3.org/Archives/Public/public-credentials/2023Jun/0164.html
Manu Sporny: Looking at implementing it and things of that nature So to that end a request went out to the ccg to gather signatures from people that are interested in seeing a nist approved selective disclosure mechanism for verifiable credentials so that email can be found here request for support for closure.
Manu Sporny: Point I'll make on this is this is not a replacement for BBS it is not a replacement for some of the supply chain you know Merkel proof mechanisms that were talking about this is just one of potentially many selective disclosure mechanisms the benefit of this one is that it uses cryptography that is approved by NASA to the standards and the US and therefore.
Manu Sporny: And Canadian.
Manu Sporny: If you're interested in supporting this please take a look at that email sign the letter of support and if you have further questions I'm happy to answer those on the mailing list that's it.
Harrison_Tang: Thank you Mom you thank you.
Harrison_Tang: Any other announcements and reminders.
Harrison_Tang: Any other updates on the ccg work items.
Manu Sporny: Is Oliver here he might have dropped.
Manu Sporny: I don't see him so Oliver term who put out a new work item in the ccg or just a request for support for new work item called confidence method and so what confidence method does is it's an extension to a verifiable credential into the verifiable credentials data model that allows an issuer to say you know these claims.
Manu Sporny: That I'm making about.
Manu Sporny: X if you want to increase your confidence that that subject is the one standing in front of you here are some ways to do that and so one of the traditional ways going to quote traditional ways we've done it in this group is we've said oh they can do did authentication but as the VC ecosystem it's grown in the use cases have become broader there are other mechanisms that people are interested in using like do they have a physical identity document with them that you could check.
Manu Sporny: There's some other cryptographic mechanism that they could use that's not a did and or things like is this document about a child and it's their Guardian that's with them and it's the guardian that you want to increase confidence in that standing there in front of you so it has a bunch of positive uses when it comes to Guardianship and just building confidence that an individual standing in front of you is who the verifiable credential you.
Manu Sporny: No describes it was issued to so take a look at that if folks are interested that.
Manu Sporny: Went out to the mailing list earlier today I'll get a link to it in drop it in the chat here in a bit that's it.
Harrison_Tang: All right thank you menu.
Harrison_Tang: Any other announcements or updates to work items.
Harrison_Tang: All right so.
Harrison_Tang: I too am an agenda So today we're very very happy to actually invite built when lie to kind of talk about his new book as well as the SSI and decentralized Authority in general Phil was the founder and the organizer of the internet identity Workshop which is one of the biggest identity related conferences the founder and the chair of sovereign and Adjunct professor at Brigham Young University so his new book learning digital identity is a guide to the design team.
Harrison_Tang: appointment and the management digital identity architecture.
Harrison_Tang: The prime managers architect and developer so welcome Phil.
Phil Long: Thanks Harrison it's great to be here with you guys.
Harrison_Tang: Great great so so I think today we all do a little bit of a different format generally we have to do a prize big presentation and then also the general Q&A but today we just have going to have a light conversation I'll be asking feel some questions and I think Buddy have any questions regard to any anything in regards to set the centralized identity ourselves over identity feel free to just add a coupon.
Harrison_Tang: Up to the queue and then I'll be moderating the questions right so Phil since we're talking about a kind of a decentralized Authority salsa bribe Andy do you mind actually help us Define what digital identity is and also what is self Sovereign identity as well as what is this decentralized identity what are the definitions because I hear these terms thrown around and a lot of times they are used interchangeably so do you mind.
Harrison_Tang: actually clarify these definitions for us.
Phil Long: Well one of the things I've learned in 36 sessions of Internet identity Workshop is that the best way to send an identity discussion off the rails is to start defining identity as everybody seems to have a different definition but of course if you're going to write a book about identity you have to basically have to start with some kind of definition.
Phil Long: Nishan and actually my favorite definition.
Phil Long: Identity is one I learned from Joe Andrew years ago and in Joe Joe to find digital identity as the way we recognize remember respond to people places things organizations basically any other thing in the in the world in a digital world if we're talking about digital identity and the reason I like that definition is because.
Phil Long: Cuz it's very functional.
Phil Long: It informs a lot of the ways that we want to a lot of the things we want when we build an identity system we want to be able to recognize who's on the other end and that basically that's authentication when he bailed remember them right which means we've got some sort of identity store and then we need to be able to respond to them or interact with them is maybe better but it doesn't have the alliteration of the 3 R's and that means that it's got to have some kind of utility it's got allow us to do things.
Harrison_Tang: So what are the kind of use cases earlier you mentioned identity should be a the able to account allows us to do things what are those things.
Phil Long: I mean it's what I want to say is everything right because you know digital identity is at the foundation of almost everything we want to do online and the reason for that is because the digital world is very different from the physical world if you think about that definition recognize remember and respond and then think about the physical world we naturally do all of those things recognized.
Phil Long: Objects and people and places.
Phil Long: We remember them we have a physical means of interacting we don't have to think about that it's all just built into what we are as physical beings in the digital world we don't have any of that right we have a proximity problem we're not close to the other thing that we're interacting with the other person and so we have to build digital identity systems in order to allow us to do almost anything online so when I talk about relationship.
Phil Long: You know to the everything but really when you boil it down it's about those things how do we recognize and remember people right and how do we how do we authenticate them and how do we store what we know about them so that we can remember them the next time and then how do we interact with them and generally that was going to come down to things like authorization messaging the basic kinds of things we do digitally that our base and base those on a digital identity so that we're doing them on the.
Phil Long: Son of a.
Phil Long: That relationship idea is really one of the core ideas in the book I like to say that we build identity systems not to manage identities but rather to manage relationships and so if you think about every digital identity that you have created somewhere it's about some particular kind of relationship and that relationship and it's.
Phil Long: Out of that relationship with the other party wants out of the relationship really defines the kind of utility that you might get so when I create an account at Amazon of course I'm looking to shop and so the kinds of things I can do with that relationship that utility of that relationship or defined based on the fact that I want to shop there on the other hand when I you know exchange email addresses with you Harrison and we send email back and forth there's a identity their the email.
Phil Long: Dress and wear.
Phil Long: Gene to accomplish something but that is much more open right gives you that kind of relationship is much richer than the transaction relationships we often have with with website so I like to categorize relationships has transaction or interactional and the interaction relationships are actually the ones that have been largely shortchanged by traditional identity systems.
Harrison_Tang: Got it thank you so do you might actually kind of summarize a little bit about what your new book learning tissue identities about actually bought the book and then read the first two chapters I haven't finished the whole thing but even by actually kind of share sure and summarize your books are like the top three or five concepts for us.
Phil Long: Yeah well I mean the the one I just talked about relationships is probably one of the Core Concepts I use the idea of relationships as the reason we build identity systems to talk through a lot of the things a lot of the traditional things we think about identity systems like authentication and authorization another core idea in the book is that identity systems really.
Phil Long: The thing we care more.
Phil Long: Obviously if you're an engineer at a specific company building an identity system to manage a specific kind of relationship you care a lot about that identity system that has identity professionals I think we are more often thinking in terms of identity meta systems right Kim Cameron and introduced this idea of identity meta systems back in 2004 I think and and the idea there is what are the overall Technologies and interaction patterns.
Phil Long: That occur within a specific set of.
Phil Long: An identity system so you know in the early days most identity systems were centralized and were largely just administrative and we didn't really think about them in terms of medicine systems as Web 2.0 caught on in the early 2000s most identity systems and their predominant meta system of that era was what we would categorize as an administrative identity system yeah I mentioned Amazon.
Phil Long: Earlier Amazons.
Phil Long: Storm is Administrative it's built to administer a particular kind of relationship by a particular company for their purposes right I don't mean that in some pejorative way or some you know evil way it's just that's why we build identity systems I did the same thing when I had an e-commerce company as we got you know that can 2005 ish people started thinking about well how are we going to manage or interact with all of.
Phil Long: All of these.
Phil Long: Who are coming to our websites because before that identity was largely like I said administrative and centralized and that's when we started to see things like open ID pop up and then later all wath and open ID connect and you know what I call the Social login medicine system and in that you know we kind of had these Visions back in 2005 2006 that everybody would use their domain name as their.
Phil Long: A fire it turned out you know you know what people.
Phil Long: Problem and you know issues of trust that wasn't realistic and so it turned out that there's only a handful of large what we call identity providers or idps who are who are building identity systems that other companies use right I'm not talking about like yeah they sell them the softer I'm talking about like you know login with Facebook or Google's log in systems that other other.
Phil Long: Thersites use based on OS and now open ID.
Phil Long: So I call that meta system to social login medicine system and then recently you know since 2016 or so a new medicine system has been in development that we generally refer to as the self Sovereign Identity or SSI meta system which is has a different set of principles of different set of Technologies and a different set of goals and so that's you know one another one of the core ideas and then I.
Phil Long: I think you know to round that out is.
Phil Long: Kim Cameron's laws of identity early in the book in chapter 4 and then I use those you know throughout the book on occasion to talk about why certain things are certain architectures serve certain needs or don't meet certain needs and kind of finish up the book talking about how the social login medicine system which is what I would say is the current predominant identity medicine system and the SSI medicine.
Phil Long: Which is.
Phil Long: We call the emerging medicine system how they compare when stacked up against the Kim Cameron's laws.
Harrison_Tang: So since we have a lot of kind of kind of the new members and new audiences joining today so do you mind actually clarify what are those laws of identity.
Phil Long: Yeah so back in 2004 Kim Cameron wrote a paper called the laws of identity and if you Google that you'll find lots of references to it and his and his original paper what he describes both the idea of an identity medicine system and these laws and there are seven laws the first one is user control and consent so you can.
Phil Long: Judge identity.
Phil Long: Stumps or see how see how they stack up against each other by thinking about how do they manage user control and consent do they allow for it what to what degree do they allow for it the second one is minimal disclosure for a constrained use so you're only giving as much information as you actually need and the use is constrained in some way based on the relationship justifiable parties who has access to the data are they justifiable.
Phil Long: Oil can you tell why they're part of the.
Phil Long: Access to the data directed identity which is a which is an interesting one so the Kim called it directed identity now I think we would call it peer to peer Identity or the ability to have non-universal identifiers pluralism of operators and Technologies by which Kim meant is there a underlying protocol to The Meta system which then.
Phil Long: Allows multiple players.
Phil Long: Systems which match the protocol and and interact in the identity system human integration to what extent is the human involved in the identity system and then finally consistent experience across context which I think is one of the interesting ones because you know there are certain things about identity systems which are consistent some of those we don't like so much like passwords but in fact you know if you go log.
Phil Long: Into website and login to website B even though.
Phil Long: Also using usernames and passwords the user experience can be wildly different where did they put the box where do I have to put in my email address so I have to pick a username and me so that's the final law.
Harrison_Tang: Got it and how how does like early talk about different kinds of identity architectures like how how is the new kind of SSI or stuff like that ccg has been kind of working on verifiable credentials those kind of technology different from today's social login kind of kind of the Federated model.
Phil Long: Yeah so so it's interesting.
Phil Long: You know the I think most people in the car would be familiar with you know the social login medicine we have the identity provider is using open-eyed nap dummy could be using something else let's just use that for now as you said Federated and the identity provider is essentially managing the user manages their identity through the identity provider and then chooses to use it at a different.
Phil Long: And you know I kind of thought when I first decided I was going to think about this in terms of Kim's laws that I'd find you know several places where all there were you know real big problems it turns out social login medicine system actually Stacks up pretty well in in Kim's laws the biggest problems turn out to be ended.
Phil Long: Directed identity.
Phil Long: Right social login largely uses what Kim called an omnidirectional but we would probably call a public identifier almost exclusively and so it doesn't have that directed identifiers that peer-to-peer identify it as a result has some have some problems with privacy you know as we've seen you know and then then you get into you know what degree do they have mean is the user experience.
Phil Long: It's consistent yeah I mean to a large degree it is although.
Phil Long: Obviously there's lots of choice for people how they how they Implement things and so you can get some difference there user can crawl control and consent in fact the whole idea of open ID back in the early days was user-centric right it begin the fact that the user logs into their identity provider and authorizes the use of that identity at a relying party is all about user control and consent so so you really get into.
Phil Long: What degree does does the user have.
Phil Long: But like I said I think the directed Identity or peer identity is the place where the social login medicine system probably doesn't do as well as we would as we hope it does you know the the SSI meta system as I looked at it Stacks up very well with Kim's laws in fact you know I think you know Kim didn't particularly like didn't particularly like the word self Sovereign but I.
Phil Long: Think that.
Phil Long: Principles that self Sovereign identity systems embodied were largely in keeping with with the SSI meta system and in fact you know his original info cards implementation or or design architectures better word than implementation feels very similar in many ways to how SSI works now the technology was different because the technology has moved.
Phil Long: Don since.
Phil Long: 2000'S but but info cards were you know very different from open ID for example and at internet identity Workshop in the early days those two systems came and and you know they were both present and being worked on by different people so I think SSI matches up fairly well now like I said earlier you can always judge these things on degree so will somebody come up.
Phil Long: With new ideas that you know.
Phil Long: We call it something else besides SSI I don't know but well and come up with new ideas that you know meet those laws even better perhaps but right now I think that the SSI meta system is the architecture that embodies Kim's laws the best and gives us the benefit of what Kim was looking for when he wrote down those laws.
Harrison_Tang: Does it end so why doesn't Kim like the word SSI self Sovereign like other other alternatives.
Phil Long: Well I mean you know it's unfortunately Kim is no longer with it right he passed 18-24 months ago and so you know I don't like to put words in his in his in his mouth I had several discussions with him about it I think.
Phil Long: I think that you know the the idea of self sovereignty especially when I was talking with him about it which was you know the 2019 2020 timeframe there was a lot of pushback on self Sovereign because people didn't necessarily understand what Sovereign meant in this context you know a lot of governments for example hated it because they said well we're Sovereign but you know I think my view self sovereignty defines a boundary and.
Phil Long: And it says what things am I totally autonomous.
Phil Long: Things am I not autonomous in and you know it's not that I have control over everything it's that I have control over some things and sovereignty defines what those things are and this is consistent with how we use sovereignty when we talk about Nations as well the fact that you know Iceland is Sovereign doesn't mean that it can boss other countries around it just means that it has autonomy over its territory and I think that's when we talk about self sovereignty in.
Phil Long: That says right.
Phil Long: What we are as we are individuals who need autonomy and sell and ability to self-direct how we interact in the online world I don't think that Kim would have disagreed with that idea I mean I think it was really just the name and you know plenty of people have had issues with the name I wholeheartedly embrace the terms of sovereign because I don't think any other word does the the what we're trying to achieve Justice.
Phil Long: Decentralized identity is an implementation strategy.
Phil Long: An end goal you know so I don't like that term but plenty of people use it I like self Sovereign because I think it describes what we're trying to achieve and while I'm on that topic you know I I think that that is perhaps the most important thing about self Sovereign identity what we're all working towards is that.
Phil Long: Well let me let me back up just a bit so so I start to book talking about two philosophical approaches to Identity which as I mentioned earlier is always dangerous right so there's one approach to Identity which is what philosophers call the bundle of sticks method which is your identity is nothing more than all of the attributes that you happen to have or have been assigned to you and and that's the bundle of six right so as you gather up all of those.
Phil Long: Attributes and bundle them together that's your identity.
Phil Long: There's a different approach right to to that to the bundle of sticks and you know that that approach talks about identity as springing from something right so so this is the discarded his idea of I think therefore I am so just guard us was a proponent.
Phil Long: Of what's called.
Phil Long: Meaning that all of those attributes are based on something some substance and your identity really is that substance so now think about the to Medicine systems that I just described the cell the social login medicine system is really a bundle of sticks meta system it says hey your identity is really just a bunch of attributes and you're going to get some attributes from this identity provider on this some attributes from this other identity provider.
Phil Long: And as long as you can you know manage your attributes and get them to the right places.
Phil Long: Solve problem self Sovereign identity is a substance model right self Sovereign identity says no all of that Springs from someone or something and the identity really is about the thing and the attributes are just projections of properties or things that have been assigned information has been assigned to that thing and that's why I think self Sovereign entity is.
Phil Long: So important because it gives people.
Phil Long: Stand in a digital world without self Sovereign identity right and from a technology standpoint something like a wallet agent mechanism people really have no place to stand in a digital world we are merely creatures of whatever identity systems companies happen to build for us and then allow us to create relationships with them on and in that world I mean you know I'm not necessarily knocking it in the sense.
Phil Long: It's been great right I like my.
Phil Long: Wife I like shopping on Amazon and searching on Google and talking to Chachi PT and you know all of those things are great but I don't have a place to stand in a digital world I am not fully human in a digital world and I feel like if we don't build a place for people to stand in the digital world we're going to as more and more of Our Lives go online we're going to find ourselves increasingly at the mercy not necessarily of.
Phil Long: Evil people or companies.
Phil Long: Just places that companies and organizations who are building identity systems for their own purposes not us right not not the things that we need to do so that's I think you know maybe I went too deep for you but that's that's kind of why I believe that the self self and identity thing is so important.
<manu_sporny> +1000 Phil!!! Absolutely!
Phil Long: I think that.
Harrison_Tang: Got it so what are the kind of the core technology that can help us like achieve salsa red identity I is it the the wallet that kind of or is it the trust triangle helping the kind of the holder the data subjects like intermediate identity transactions is a verifiable credentials decentralised identifiers or all of the above life are the core Technologies.
Phil Long: The wallet is barely getting you know is barely coming into its own at this point and when I say wallet I really mean wallet and agent and you know what so I'm just going to say wallet but realize that I include the agent in that term you know because I think that if you think about the World Wide Web right it's a client-server architecture so there were servers that were clients we all got clients browsers and the browser's gave people.
Phil Long: The ability to.
Phil Long: Online really I mean obviously you can do other things online without a browser but for most people that became the way that they were online that became the way that they participated in a digital world but because it's always a client right it's never a place of of where things come to be and where we can control things ourselves and almost everybody on this call I'm sure you know run servers and has servers so to most of us it was never that big of.
Phil Long: An issue right I've got a.
Phil Long: And I do all kinds of stuff on it but too many people they don't have any of that capability they have no ability to create relationships of their own accord and with their own for their own utility and that's why I think the wallet is probably the core and largely at this point underrated technology that is going to be the key to this whole self Sovereign identity thing that it's what's going to give people it's the it's a technology that's going to allow people.
Phil Long: Able to have a place to.
Phil Long: And in the digital.
Phil Long: World because the digital world is digital right we need technology to be on it and it's not enough to just have our phones because our phones are basically at this point just clients we really need a wallet where we can establish our own relationships and then build utility on top of those you know one of the things that I you know I'm a I'm a proponent of did calm and I know not everybody on this call will be but one of the reasons I am is because it's protocol logical me.
Phil Long: Being that you can Define other.
Phil Long: So on top of did Cam which means that once I have an agent that agent can be expanded in many interesting ways it can well I meant in probably gonna have multiple agents I mean some of the things I want to have happen can be automated it can speak other protocols right it can use it to play Tic-Tac-Toe you know for if any of you are familiar with Daniel hardman's tic-tac-toe protocol on did Cam I can use it for almost anything inside of a mutually authenticated.
Phil Long: Cryptographically secure Communications Channel I.
Phil Long: You know that perhaps more than yeah I don't want to slight verifiable credentials I mean I tell people when I tell you all of the things the verifiable credentials can do you're going to just be amazed and then I'm going to tell you about did Cam and you're going to be completely blown away because it's even bigger than verifiable credentials so like I said I know not everybody on this channel will be did components but I think that's you know my that's why I would choose the wallet as the corpse.
Phil Long: Have technology because it's something that could be expanded.
Phil Long: People to you know Live digital lives live fully digital lives and and do it in ways that feel natural rather than feel like I'm always inside someone else's system living within their bureaucratic structure you know within their rules it gives me the chance to be independent and autonomous.
Harrison_Tang: Now here's a hard question do you actually think that the wall is have the war of the Wallace have been warmed by the platform's more particularly kind of Google and apple and if so like how do we actually oh no no okay so can you clarify that a little bit yeah.
Phil Long: Back in the last decade right in the 2018 2019 time period people that ask me you know what what our Google and apple doing about self Sovereign identity and I would jokingly say I hope they haven't even heard of it yet because I didn't want them to wake up to this and kind of you know step on what was happening do I think the wall towards her.
Phil Long: Ben 10.
Phil Long: You know like you said that's a hard question I mean I really hope not I really hope that that we can not have wallets that are determined right there where they're where they're where their capabilities and their.
Phil Long: Their use cases are determined by whatever a couple of large companies and I'm not you know necessarily talking about Apple or Google as being evil or trying to do bad things I mean they're trying to do good things but of course they have their own motivation which is their prophet and you know I don't necessarily think they're going to give me everything that I might want they're going to decide things that I would rather not have I'd rather or more like email right with where I have a choice of email.
Phil Long: Clients and yeah.
Phil Long: I get it I would really rather have you know an opener ecosystem than just two large wallet vendors so I can't tell you that I think they've been one I don't think they're decided yet but I do think that there's danger there.
Harrison_Tang: So do you see what the kind of challenges and also opportunities in the in the space.
Phil Long: Yeah so I would probably say that the up big opportunity as I just was talking about is in the wallet space right now that's hard because you know nobody's going to get rich on wallets in fact kind of like browsers they're probably going to end up being free and so yeah that's a that just reminded me of something I read this morning that the reason disinformation.
Phil Long: Nation online is.
Phil Long: Disinformation is a business and combating disinformation as a hobby and we face that same problem right so so there's a to the extent that wallets are hobbies for companies because they're not profit centers I think we're in danger there and so that's probably a big challenge is that how do we create wallets which are useful and not you know just you know that like you said one by the by the two big vendors.
Phil Long: Ders that's a big challenge.
Phil Long: Necessarily know that we have a good answer for it I think the opportunities are in the verifiable credential space you know in terms of what companies can do you know if your period a company and you're trying to say okay how do I build a company or how do I do something in my company that's related to digital identity I think verifiable credentials are clearly the big opportunity you know to the to the extent that they.
Phil Long: They are.
Phil Long: Containers for data that we can have cryptographic confidence in their operation that's something we haven't had before right that's this is a brand new thing online and I say brand-new and everybody online in this meeting probably going it's not brand-new I've been working on it for seven years but of course in the grand scheme of things that still kind of brand new you know open ID you know it wasn't till when I don't know an open ID connect actually happened.
Phil Long: Remember the exact year but it was probably at least 10 years after opening.
Phil Long: Actually you know was thought about and so you know I think verifiable credentials are still new most people don't know about them they don't really understand how they work when I say people I mean technologists I'm not talking about you know random people on the street because they mostly won't care right I mean they should just say oh that's his wallet it's got this thing in it that feels like a driver's license or like a concert ticket good I just give it to you know exchange it with this with this other.
Phil Long: Normal but to a technologist most don't don't know very much about them they don't necessarily understand the details even if they do so so I think that's probably the big opportunity I see.
Harrison_Tang: Do you mind going a little bit deeper like why do you think they are money to be made in verifiable credentials like what are the kind of different market trends and opportunities that you saw.
Phil Long: So I did a back of the envelope calculation just estimate kind of thing several years ago about the different types of digital of verifiable credentials that are possible I'm going to talk about the total number of credentials I'm talking about just types right so credential definition so people on this call will understand what I mean when I said credential definition and is estimated that there are around 20.
Phil Long: Million credential definitions that.
Phil Long: Possible and that's a lot of credential definitions now hopefully there's not that many schema right we can we can all agree on that but I mean you can think about every small business well not every but you know I think I asked mated like one out of three small businesses would need some kind of credential specific to their business medium sized businesses large sized businesses just the different kinds of credentials.
Phil Long: If you if you really.
Phil Long: You know big on credentials and you start thinking about exchanging value for credentials right I'm not necessarily talking about you know crypto do but just some way of exchanging value for for credentials now all kinds of different use cases open up with you know holder pays issuer issuer pays verifier verifier pays holder I mean there are all kinds of interesting use cases there in fact you can see all of e-commerce as.
Phil Long: Payment for a.
Phil Long: In other words the receipt is the credential and I essentially am paying you to get this receipt and paying for the goods obviously but but exchange of a receipt credential for money essentially is the transaction and and in that case verifiable credential become actually the whole the whole payment system for almost everything we do online so I mean my vision for verifiable credentials is large and expansive I mean I think that can be used for.
Phil Long: Almost everything that we do when we're.
Phil Long: Ring data online you know we're probably not going to use them to transfer movies around but you know short of those kind of large Globs of data almost everything we exchange online could be inside of a verifiable credential and there's going to be so many Niche to use cases in companies that can go into those niches and serve those niches yeah I mean I know there are companies doing supply chain there are companies doing you know concert tickets.
Phil Long: And all of these.
Phil Long: The companies are doing but they're barely scratching the surface you know I'm old enough to have been around in the 90s and built an e-commerce company called I'm all which was fairly successful this still feels like the 1990s to me you know hopefully we're not going to have the big crash of 2000 in our future but it still feels like the 90s right people just thinking of use cases but so much yet to be discovered and done.
Harrison_Tang: Yeah I couldn't agree more like I actually do believe that payments is actually one facet of our identity systems and that's why I'm here actually but are there any one last question from me before we tie open up to the audience but is there is there any like new developments in the space that you're most most except excited about.
Phil Long: Clicker question I don't know that I can think of a brand new development that that's got me excited to be I think what I'm most excited about is the use cases that I see developing and just quietly you know I'll talk to somebody at IW or online and I'll say oh we're doing this with verifiable credentials or and I'll think oh that's cool I didn't know anybody was doing that and so I think that's probably what has me the most excited it's just.
Phil Long: You know the various use.
Phil Long: People are trying out.
Harrison_Tang: Cool thank you so just want to open up the audience you have any questions just type in q+ and I will moderate the conversation but before we get to those questions we actually promised people that will give out actually thanks to Phil will give out of five people of Books five free ebooks feels books to the audience and we actually ran the just random randomly generator random generator and then.
Harrison_Tang: we got chandi chandi Kumar.
<chandi_cumaranatunge> Wow!
Harrison_Tang: Just sorry I don't want to put your name Alan carp Rob lot of fear that makarand young Gelman so if you guys don't mind just emailed me at Harrison as Spokeo.com will send you the free ebook after this call after you email me but thank you thanks for for actually attending this this meeting all right any questions.
<manu_sporny> I love the ebook giveaway!
<vanessa> harrison@spokeo.com
Phil_L_(P1): Yes I feel when Lee question is I know that Apple has been pretty resistant about opening up their their credential wallet and has settled on the mdl API for inclusion of credentials for their pilots with the driver's license or in a couple of states around the us but has been unwilling to consider other support for other apis that are more friendly.
Phil_L_(P1): e to the verifiable credential world so I was a little.
Phil_L_(P1): Just about the comment that from what I can see those particular vendors and I know apples pushing a Google pretty hard to follow their suit which is only used that one API into their wallet and not others I'm just curious in your comment about whether that is something you see as a futile last few steps to try to avoid that openness or is that really.
Phil_L_(P1): Ali a serious concern.
Phil_L_(P1): Yes thank you.
Phil Long: Another identity Pioneer who we lost recently was a guy named Craig Burton who was one of the founders of Nobel and you know most of you are probably way too young to remember the network Wars but essentially Novell one the wet Network Wars and the way they did that was with a philosophy or strategy the Craig Burton came up with called Embrace and extend another way to think about it is and not or.
Phil Long: And so.
Phil Long: At the fact that a state you know say Maryland or Utah puts their drivers license in the Apple wallet doesn't necessarily mean that they won't also be willing to issue verifiable credentials representing their drivers licenses and I think that's our that's our in right that's what we need to do now I'm talking specifically about driver's licenses and that's not necessarily the big.
Phil Long: Thing although it is something that people.
<phil_l_(p1)> So address this at the issuer end not the wallet
Phil Long: Attention to yeah I think that the point there is that just because somebody's putting their credential in the Apple wallet or the Google Wallet doesn't mean they might not also be willing to issue credentials to other wallets if we make it easy for them to do so and that there's a reason to do so and so that's part of the way that we compete is you know Apple and Google obviously have their Network effects with Android and iOS we also.
Phil Long: So can leverage Network effects which.
Phil Long: And when people get a driver's license or get a movie ticket or get whatever they might have a choice and they might say well you know I've got all my other credentials here and I really would like to use my you know bank ID and my driver's license together you know so if we can you know help get that mindset across I think we actually can compete.
Harrison_Tang: Money your next on the queue.
Manu Sporny: Yeah it thank you filled this is has been wonderful as always always really enjoy hearing your thoughts on the identity industry I guess the the it follows on to fill long's a previous question I mean one of the things that I'm really concerned about is Big Tech lock in right I mean in you covered part of this it's and I think it's a really good suggestion you know maybe we go at this in.
Manu Sporny: In talk to the issuers and don't become so concerned.
Manu Sporny: Learned about you know Apple wallet lock in what other tactics do you feel would be useful for us as kind of an industry to employ to avoid the Annette you know the inevitable attempt to kind of lock this technology to Big Tech.
Phil Long: Yes yeah I mean I can't say that I necessarily have the winning strategy if I did I probably wouldn't tell it to you I'd probably start a company and do it you know with that in mind I mean I think that one of the things that we can Leverage is the flexibility that wallets based on standards provide to us and you know just.
Phil Long: And build it.
Phil Long: Additional capabilities rather than just right now wallets are pretty simple right and that's okay I get where we're at but when I think about where wallets are now and where wallets could be right with Automation and being able to save me time when I use my you know driver's license or whatever right I mean if we can think about that in terms of user experience right what's what's that great user experience and how do we build in flexibility so that.
Phil Long: You know different.
<mprorock> i have to jump - thanks Phil!
Phil Long: Is and people can build different Technologies which are inner about interoperable and have a consistent user experience that then I think we make an SSI wallet much more valuable now whether that's you know like I said I don't necessarily think people are going to go either or you know I think you know most people on this call of Delta gave them a choice between putting their you know boarding pass in the Apple wallet and an SSI well we prognosis I wallet because we're all.
Phil Long: All you know kind of biased but I think most people will just.
Phil Long: In their apple while it because that's what they're used to but if we give them other capabilities and other choices they'll be trying things they'll say oh this is convenient and that's that's I think the strategy like I said embracing extent let's just let's just say okay yeah the driver's license is over there the movie tickets are a good let's just do more of what we can do.
Manu Sporny: +1 To embrace and extend -- great suggestion, Phil!
Harrison_Tang: Thanks Phil any last questions.
<kaliya_identitywoman> That is a great parting message "do more of what we can do"
Harrison_Tang: Fulfilled one last question to so that you can help us bring this home who are the kind of the top three predictions that you have for the future of digital identity.
Phil Long: Well my first prediction is that iiw will last another seven years so that we can get to iw50 its kind of tongue-in-cheek but yeah that's that's that's my primary goal right is to get to iw50 because you know I use Roman numerals for their really want to say iwl but anyway that's like I said that's kind of tongue-in-cheek I think we're going to.
Phil Long: To see an explosion in.
<manu_sporny> IIW will definitely be around for another 7 years
Phil Long: Types of verifiable credentials and start to see the kinds of use cases that make them really interesting and useful and I think we'll start to see you know some verifiable credential infrastructure which makes it feel less I don't want to I don't want to say the wrong thing makes it feel less risky for some companies I think there's a hesitancy.
Phil Long: One problem of course like I said is that you know P some people just don't understand it but there's also a hesitancy just because you know when you're not familiar with something and you don't see you know the kinds of infrastructure you might be expecting I think people kind of hold up I think that's what's changing right as we're starting to see lots of great companies come up offering you know great offerings for company for other companies to build verifiable credential products on for specific use cases so I think.
Phil Long: Verifiable credentials.
Phil Long: In the rising I think I think we're going to see a lot more of that the stack of thing goes back to the wallets I think we're going to see a lot of innovation around wallet space and you know a lot of this is probably going to be open source or you know people doing it as Hobbies but you know we've seen in software world that Hobbies can turn out great products right and often those Inspire companies to build build.
Phil Long: Their own which are which are equally as great so I think to the extent.
Phil Long: That we catch.
Phil Long: Vision of the wallet is a core piece of technology for forgiving people autonomy in their online relationships and you know I think that going beyond that or maybe you know pulling back from it because I mean that's pretty aspirational it's more than just giving people autonomy because people you know obviously people like that when you say it but that's not the reason people buy stuff you know people buy stuff for the for the.
Phil Long: The features I've always said privacy.
Phil Long: Right you have to give them all the things they want plus privacy same things true with the cape it with autonomy if you give them everything they want plus autonomy right so that they get new use cases better use cases better things that they can do that's that's I think what's really going to drive this so I don't know if that was three it might have only been two but that's kind of what I'm thinking.
Phil Long: Great to be with all of you.
Harrison_Tang: No perfect I think the same like oldies decentralization things in what three I think is it's a great bullet point but it shouldn't be your main value proposition so I actually agree with your analogy there alright so thank you Phil thanks for hopping on and actually answer these questions thanks a lot and.
<manu_sporny> THank you Phil!
Harrison_Tang: We're at time but before we kind of and just wanted to quickly give a quick overview of the upcoming meetings so next Tuesday it's July 4th that the Tuesday after that we will have Hank one of the authors of Seaboard concise binary options object representation hopping on to kind of talk about everything she bore and then after that we have decentralized hi Daddy Foundation kind of coming here and then give you an overview about what they are working.
Harrison_Tang: working on and after that verifiable credentials cord.
Harrison_Tang: So the UK are interesting interested in learning all about these just feel free to hop on our call at the same time 9:00 a.m. Pacific 12 people 12 p.m. eastern time every Tuesday alright thanks a lot.
Harrison_Tang: thanks Phil.
<phil_windley> Thanks everyone!