1 00:00:01,280 --> 00:00:12,559 [Music] 2 00:00:15,599 --> 00:00:17,680 i'm daniel oscar 3 00:00:17,680 --> 00:00:19,199 born in germany 4 00:00:19,199 --> 00:00:20,800 and living in the netherlands already 5 00:00:20,800 --> 00:00:22,800 since 2006 6 00:00:22,800 --> 00:00:24,720 currently living in nineveh here working 7 00:00:24,720 --> 00:00:26,960 for the hardport university 8 00:00:26,960 --> 00:00:30,720 and yeah as already mentioned i want to 9 00:00:30,720 --> 00:00:33,040 tell you about emma and verifiable 10 00:00:33,040 --> 00:00:34,719 credentials and 11 00:00:34,719 --> 00:00:36,320 subtitles how to authenticate in a 12 00:00:36,320 --> 00:00:39,440 decentralized privacy friendly and more 13 00:00:39,440 --> 00:00:41,040 reliable manner 14 00:00:41,040 --> 00:00:42,000 across 15 00:00:42,000 --> 00:00:45,000 systems 16 00:00:46,800 --> 00:00:49,520 so first i want to talk about the 17 00:00:49,520 --> 00:00:51,760 one of the current issues with 18 00:00:51,760 --> 00:00:53,920 identity management 19 00:00:53,920 --> 00:00:56,719 that is it's centralized in 20 00:00:56,719 --> 00:00:58,320 traditionally 21 00:00:58,320 --> 00:01:00,320 so i give one example this is one model 22 00:01:00,320 --> 00:01:02,559 but there are also other models but 23 00:01:02,559 --> 00:01:05,280 for now let's keep it also simple 24 00:01:05,280 --> 00:01:06,720 and um 25 00:01:06,720 --> 00:01:08,240 yeah this is me 26 00:01:08,240 --> 00:01:10,640 i want to authenticate or request the 27 00:01:10,640 --> 00:01:14,159 service at my health insurer vgz 28 00:01:14,159 --> 00:01:15,759 which is the service provider in this 29 00:01:15,759 --> 00:01:16,720 case 30 00:01:16,720 --> 00:01:18,240 and 31 00:01:18,240 --> 00:01:20,320 so i was requesting a service and in 32 00:01:20,320 --> 00:01:22,400 order to be able to access the service i 33 00:01:22,400 --> 00:01:25,040 need to authenticate and how does this 34 00:01:25,040 --> 00:01:27,280 work in the netherlands 35 00:01:27,280 --> 00:01:29,520 usually 36 00:01:29,520 --> 00:01:32,079 the service provider asks 37 00:01:32,079 --> 00:01:35,360 dgd which is the identity provider one 38 00:01:35,360 --> 00:01:36,960 of the identity providers in the 39 00:01:36,960 --> 00:01:39,040 netherlands owned by the government 40 00:01:39,040 --> 00:01:42,240 to authenticate to certain services 41 00:01:42,240 --> 00:01:43,600 and 42 00:01:43,600 --> 00:01:46,560 so the service provider asks dgd is this 43 00:01:46,560 --> 00:01:48,799 really daniel 44 00:01:48,799 --> 00:01:50,079 and 45 00:01:50,079 --> 00:01:52,720 then i need to authenticate 46 00:01:52,720 --> 00:01:56,159 at dgt and dgd then gives okay to the 47 00:01:56,159 --> 00:01:58,719 service provider that i'm indeed 48 00:01:58,719 --> 00:02:01,119 daniel 49 00:02:03,280 --> 00:02:07,119 so in case of extreme events 50 00:02:07,600 --> 00:02:10,800 we clearly see that this central party 51 00:02:10,800 --> 00:02:13,040 the identity provider dgt is one of the 52 00:02:13,040 --> 00:02:15,200 bottlenecks 53 00:02:15,200 --> 00:02:17,040 because we have seen in the past that 54 00:02:17,040 --> 00:02:18,560 there were 55 00:02:18,560 --> 00:02:20,959 denial of service 56 00:02:20,959 --> 00:02:23,440 attacks also on dgt and it was not 57 00:02:23,440 --> 00:02:25,200 available for some time 58 00:02:25,200 --> 00:02:29,280 and also quality of service issues 59 00:02:31,680 --> 00:02:32,480 so 60 00:02:32,480 --> 00:02:34,720 their researchers and industry are 61 00:02:34,720 --> 00:02:37,280 working on solutions worldwide 62 00:02:37,280 --> 00:02:38,959 one of them is 63 00:02:38,959 --> 00:02:42,480 emra standing for i reveal my attributes 64 00:02:42,480 --> 00:02:45,120 developed at radboat university 65 00:02:45,120 --> 00:02:46,720 some years ago 66 00:02:46,720 --> 00:02:49,200 and it advertises itself on their 67 00:02:49,200 --> 00:02:52,000 website with having the digital passport 68 00:02:52,000 --> 00:02:54,640 on your phone 69 00:02:55,120 --> 00:02:57,040 currently it's maintained 70 00:02:57,040 --> 00:02:59,120 by scdn 71 00:02:59,120 --> 00:03:00,800 which is also responsible for 72 00:03:00,800 --> 00:03:05,360 maintaining the nl domain and um 73 00:03:05,360 --> 00:03:07,440 yeah one of the interesting things about 74 00:03:07,440 --> 00:03:09,519 emr is that it's completely open source 75 00:03:09,519 --> 00:03:11,920 so you can look up all the source code 76 00:03:11,920 --> 00:03:13,760 on github 77 00:03:13,760 --> 00:03:14,640 and 78 00:03:14,640 --> 00:03:16,560 it implements partly 79 00:03:16,560 --> 00:03:18,319 the ibm's 80 00:03:18,319 --> 00:03:20,720 itemx specification 81 00:03:20,720 --> 00:03:23,599 that itemx stands for identity mixer and 82 00:03:23,599 --> 00:03:26,080 it's a cryptographic protocol suite for 83 00:03:26,080 --> 00:03:27,840 privacy preserving 84 00:03:27,840 --> 00:03:30,640 authentication 85 00:03:30,640 --> 00:03:32,400 if you want to learn more 86 00:03:32,400 --> 00:03:33,760 about 87 00:03:33,760 --> 00:03:34,560 the 88 00:03:34,560 --> 00:03:37,040 implementation of edemics within yema 89 00:03:37,040 --> 00:03:39,360 then i invite you to go to the talk in 90 00:03:39,360 --> 00:03:41,680 the evening of maya and zitsel also 91 00:03:41,680 --> 00:03:42,879 sitting here 92 00:03:42,879 --> 00:03:46,000 which will tell you at 9pm today in the 93 00:03:46,000 --> 00:03:47,280 abacus 94 00:03:47,280 --> 00:03:49,280 about ems eta mix implementations the 95 00:03:49,280 --> 00:03:51,920 crypto behind selective unnegligible 96 00:03:51,920 --> 00:03:55,359 attribute disclosure 97 00:03:57,040 --> 00:04:00,560 so how does ima then work and also 98 00:04:00,560 --> 00:04:03,519 similar systems 99 00:04:03,519 --> 00:04:06,159 we have two independent processes 100 00:04:06,159 --> 00:04:08,480 first the issuance and second the 101 00:04:08,480 --> 00:04:11,119 disclosure 102 00:04:12,840 --> 00:04:16,000 first doing issuance 103 00:04:16,000 --> 00:04:17,440 for instance the government in the 104 00:04:17,440 --> 00:04:19,358 netherlands can issue me 105 00:04:19,358 --> 00:04:21,040 a personal data credential which 106 00:04:21,040 --> 00:04:22,880 consists of my name 107 00:04:22,880 --> 00:04:25,199 my birth date and for instance also my 108 00:04:25,199 --> 00:04:27,600 address 109 00:04:27,680 --> 00:04:30,080 so this credential will then after i 110 00:04:30,080 --> 00:04:32,160 authenticate to the government with dgd 111 00:04:32,160 --> 00:04:35,199 will be transferred to my phone 112 00:04:35,199 --> 00:04:36,479 and 113 00:04:36,479 --> 00:04:37,919 me 114 00:04:37,919 --> 00:04:40,479 as the owner of the credential is 115 00:04:40,479 --> 00:04:42,800 then yeah can 116 00:04:42,800 --> 00:04:44,639 can disclose this credit to whenever i 117 00:04:44,639 --> 00:04:46,880 want 118 00:04:47,199 --> 00:04:49,840 a credential consists 119 00:04:49,840 --> 00:04:51,270 of a certain 120 00:04:51,270 --> 00:04:52,560 [Music] 121 00:04:52,560 --> 00:04:55,280 properties so first 122 00:04:55,280 --> 00:04:57,280 it's bound to the phone 123 00:04:57,280 --> 00:04:59,759 via some cryptographic tricks 124 00:04:59,759 --> 00:05:00,639 and 125 00:05:00,639 --> 00:05:02,880 it contains metadata from which issuer 126 00:05:02,880 --> 00:05:04,720 it's issued for instance the dutch 127 00:05:04,720 --> 00:05:06,320 government 128 00:05:06,320 --> 00:05:08,160 also when it was issued and when the 129 00:05:08,160 --> 00:05:11,600 credential expires 130 00:05:11,600 --> 00:05:12,800 also 131 00:05:12,800 --> 00:05:15,680 logically it contains then attributes 132 00:05:15,680 --> 00:05:18,160 and most importantly also the issuer's 133 00:05:18,160 --> 00:05:21,280 signature because the issuer signs 134 00:05:21,280 --> 00:05:22,720 all attributes 135 00:05:22,720 --> 00:05:23,759 such that 136 00:05:23,759 --> 00:05:26,639 another party the verifier can 137 00:05:26,639 --> 00:05:29,520 verify that the 138 00:05:29,520 --> 00:05:31,600 credential and the containing attributes 139 00:05:31,600 --> 00:05:32,880 are indeed 140 00:05:32,880 --> 00:05:37,199 valid and issued by that issuer 141 00:05:37,280 --> 00:05:39,360 so if i now want to use those 142 00:05:39,360 --> 00:05:41,280 credentials 143 00:05:41,280 --> 00:05:42,720 um 144 00:05:42,720 --> 00:05:45,440 i can go to service provider and the 145 00:05:45,440 --> 00:05:46,880 service provider request then that i 146 00:05:46,880 --> 00:05:49,039 need to prove something for instance 147 00:05:49,039 --> 00:05:51,440 that i'm above 18 years old so where do 148 00:05:51,440 --> 00:05:53,039 i need to 149 00:05:53,039 --> 00:05:55,280 want to disclose such information for 150 00:05:55,280 --> 00:05:57,120 instance when 151 00:05:57,120 --> 00:06:01,120 i want to buy some liquor at the 152 00:06:01,280 --> 00:06:02,960 so the challenge is in this case a 153 00:06:02,960 --> 00:06:04,479 service provider 154 00:06:04,479 --> 00:06:05,360 and 155 00:06:05,360 --> 00:06:07,039 he wants to know that i'm indeed above 156 00:06:07,039 --> 00:06:09,759 18 years old 157 00:06:09,759 --> 00:06:13,840 so the trust model in this case is that 158 00:06:13,919 --> 00:06:16,160 trusts the government that the 159 00:06:16,160 --> 00:06:17,919 government issues 160 00:06:17,919 --> 00:06:18,960 valid 161 00:06:18,960 --> 00:06:23,599 credentials to the rightful citizen 162 00:06:23,919 --> 00:06:26,479 however during 163 00:06:26,479 --> 00:06:28,160 doing disclosure 164 00:06:28,160 --> 00:06:30,000 the helen hall does not need to talk 165 00:06:30,000 --> 00:06:32,560 with the government so this is privacy 166 00:06:32,560 --> 00:06:34,160 preserving in that sense that the 167 00:06:34,160 --> 00:06:35,360 government 168 00:06:35,360 --> 00:06:38,319 doesn't learn as identity provider when 169 00:06:38,319 --> 00:06:42,000 i use the credential in question 170 00:06:42,560 --> 00:06:45,000 so that's one of the advantages of this 171 00:06:45,000 --> 00:06:49,479 decentralized identity model 172 00:06:50,400 --> 00:06:53,039 so zooming a bit in 173 00:06:53,039 --> 00:06:56,800 how does a session in emr work 174 00:06:56,800 --> 00:06:58,080 first 175 00:06:58,080 --> 00:06:59,360 we go to 176 00:06:59,360 --> 00:07:03,039 a website and i chose now to have an 177 00:07:03,039 --> 00:07:04,880 example of verifier 178 00:07:04,880 --> 00:07:08,080 the verifier then starts a session at 179 00:07:08,080 --> 00:07:11,120 the ema server which this verifier can 180 00:07:11,120 --> 00:07:14,080 run himself 181 00:07:14,080 --> 00:07:16,479 after initiating the session 182 00:07:16,479 --> 00:07:18,240 at the emma server the email server 183 00:07:18,240 --> 00:07:20,639 returns some session information and 184 00:07:20,639 --> 00:07:22,800 based on the session information the 185 00:07:22,800 --> 00:07:26,720 verifier can create and show a qr code 186 00:07:26,720 --> 00:07:30,039 to the user 187 00:07:31,199 --> 00:07:34,639 then the user scan cqr code 188 00:07:34,639 --> 00:07:36,479 so the emr app 189 00:07:36,479 --> 00:07:38,960 gets information about the session 190 00:07:38,960 --> 00:07:40,400 and 191 00:07:40,400 --> 00:07:42,840 subsequently the email app also 192 00:07:42,840 --> 00:07:45,120 requests the information which 193 00:07:45,120 --> 00:07:48,720 attributes need to be disclosed 194 00:07:48,720 --> 00:07:52,160 and then the user can choose 195 00:07:52,160 --> 00:07:54,080 with an email it's possible to also make 196 00:07:54,080 --> 00:07:57,599 a construction that a user has a choice 197 00:07:57,599 --> 00:08:00,000 which attributes to this close 198 00:08:00,000 --> 00:08:01,199 and 199 00:08:01,199 --> 00:08:03,199 yeah then he can select in the app and 200 00:08:03,199 --> 00:08:04,879 disclose 201 00:08:04,879 --> 00:08:06,400 the attributes 202 00:08:06,400 --> 00:08:09,520 and then in the end the verifier can 203 00:08:09,520 --> 00:08:11,680 look up at the ems server if 204 00:08:11,680 --> 00:08:14,960 the disclosure was indeed successful and 205 00:08:14,960 --> 00:08:17,359 valid 206 00:08:18,240 --> 00:08:20,000 now one practical use case i want to 207 00:08:20,000 --> 00:08:21,520 refer to because i'm currently working 208 00:08:21,520 --> 00:08:22,720 on it 209 00:08:22,720 --> 00:08:24,960 is a postcard 210 00:08:24,960 --> 00:08:27,039 it's um 211 00:08:27,039 --> 00:08:28,160 we 212 00:08:28,160 --> 00:08:30,639 with in postcard we have the goal to 213 00:08:30,639 --> 00:08:33,519 make email encryption accessible 214 00:08:33,519 --> 00:08:37,599 for everybody is easy to use 215 00:08:37,919 --> 00:08:39,519 yeah we all know the issues the 216 00:08:39,519 --> 00:08:43,279 usability issues with open pgp right 217 00:08:43,279 --> 00:08:45,519 and 218 00:08:45,519 --> 00:08:48,720 how we do that is by utilizing identity 219 00:08:48,720 --> 00:08:50,640 based or attribute-based 220 00:08:50,640 --> 00:08:53,199 encryption 221 00:08:53,760 --> 00:08:55,519 in this concept we have a private key 222 00:08:55,519 --> 00:08:58,000 generator which is a trusted third party 223 00:08:58,000 --> 00:08:59,360 so 224 00:08:59,360 --> 00:09:01,600 that's also an issue we'll talk about it 225 00:09:01,600 --> 00:09:02,880 in a second 226 00:09:02,880 --> 00:09:04,000 and 227 00:09:04,000 --> 00:09:06,720 if alice wants to encrypt 228 00:09:06,720 --> 00:09:09,440 for her doctor bob for instance um 229 00:09:09,440 --> 00:09:11,440 she just needs the identity of bob for 230 00:09:11,440 --> 00:09:14,320 instance his email address and some 231 00:09:14,320 --> 00:09:17,680 attribute related to that he is a doctor 232 00:09:17,680 --> 00:09:20,080 and the public key of the public key 233 00:09:20,080 --> 00:09:21,600 generator 234 00:09:21,600 --> 00:09:25,440 and then alice can encrypt the mail 235 00:09:25,440 --> 00:09:27,760 then we ship the mail via our well-known 236 00:09:27,760 --> 00:09:30,880 smtp protocol to to bob 237 00:09:30,880 --> 00:09:33,279 but all the payload is encrypted during 238 00:09:33,279 --> 00:09:34,800 transport 239 00:09:34,800 --> 00:09:37,279 and bob can then decrypt 240 00:09:37,279 --> 00:09:38,160 by 241 00:09:38,160 --> 00:09:40,560 proving his identity via emr to the 242 00:09:40,560 --> 00:09:42,640 private key generator 243 00:09:42,640 --> 00:09:45,760 and if the private key generator then 244 00:09:45,760 --> 00:09:48,959 validates the disclosure it generates a 245 00:09:48,959 --> 00:09:50,399 user secret key 246 00:09:50,399 --> 00:09:53,040 that matches the identity with which 247 00:09:53,040 --> 00:09:54,320 ellis 248 00:09:54,320 --> 00:09:55,760 encrypted 249 00:09:55,760 --> 00:09:58,800 and then bob can decrypt 250 00:09:58,800 --> 00:10:01,959 the email 251 00:10:04,240 --> 00:10:07,279 so this decentralized and user-centric 252 00:10:07,279 --> 00:10:08,800 identity 253 00:10:08,800 --> 00:10:12,320 uh systems are also referred to 254 00:10:12,320 --> 00:10:15,040 nowadays more often as self-serving 255 00:10:15,040 --> 00:10:17,760 identity systems christopher ellen 256 00:10:17,760 --> 00:10:19,120 published 257 00:10:19,120 --> 00:10:22,720 an article in 2016 uh titled the path to 258 00:10:22,720 --> 00:10:24,880 self-serving identity 259 00:10:24,880 --> 00:10:27,040 where he also lists ten different 260 00:10:27,040 --> 00:10:28,480 principles 261 00:10:28,480 --> 00:10:32,240 such a system should adhere to 262 00:10:32,240 --> 00:10:34,320 unfortunately it's also often associated 263 00:10:34,320 --> 00:10:37,519 with distributed ledger technology 264 00:10:37,519 --> 00:10:38,800 because 265 00:10:38,800 --> 00:10:42,000 the bigger parties such as ibm 266 00:10:42,000 --> 00:10:46,160 really uses it for marketing purposes to 267 00:10:46,160 --> 00:10:47,519 sell their 268 00:10:47,519 --> 00:10:51,279 distributed ledger technology more 269 00:10:51,519 --> 00:10:53,120 more recently 270 00:10:53,120 --> 00:10:55,120 in germany there were some projects 271 00:10:55,120 --> 00:10:57,920 called id wallet and the digital school 272 00:10:57,920 --> 00:11:01,120 certificates based on distributed ledger 273 00:11:01,120 --> 00:11:02,640 technologies 274 00:11:02,640 --> 00:11:04,560 and the principles of self-serving 275 00:11:04,560 --> 00:11:06,240 identity but 276 00:11:06,240 --> 00:11:09,600 as we've seen those projects failed at 277 00:11:09,600 --> 00:11:10,800 the moment 278 00:11:10,800 --> 00:11:13,519 so they are not online anymore and yeah 279 00:11:13,519 --> 00:11:17,120 i think they will further work on it but 280 00:11:17,120 --> 00:11:18,959 also the 281 00:11:18,959 --> 00:11:20,800 bonus central physicists in the 282 00:11:20,800 --> 00:11:24,399 information technology the bsi 283 00:11:24,399 --> 00:11:26,720 discourages the use of distributed 284 00:11:26,720 --> 00:11:29,360 ledger technologies in 285 00:11:29,360 --> 00:11:32,160 such decentralized user-centric 286 00:11:32,160 --> 00:11:35,199 identity systems 287 00:11:37,200 --> 00:11:39,760 also interestingly 288 00:11:39,760 --> 00:11:41,600 recently 289 00:11:41,600 --> 00:11:43,920 the european union 290 00:11:43,920 --> 00:11:45,440 announced that there is a european 291 00:11:45,440 --> 00:11:48,079 digital identity initiative 292 00:11:48,079 --> 00:11:50,160 there is still a call for proposals the 293 00:11:50,160 --> 00:11:53,920 deadline is on the 17th of august 294 00:11:53,920 --> 00:11:55,360 22 295 00:11:55,360 --> 00:11:58,480 and they asked for 296 00:11:58,480 --> 00:12:00,639 yeah 297 00:12:00,639 --> 00:12:02,480 yeah the industry and researchers to 298 00:12:02,480 --> 00:12:04,639 submit solutions 299 00:12:04,639 --> 00:12:06,079 per country 300 00:12:06,079 --> 00:12:07,279 and 301 00:12:07,279 --> 00:12:10,000 with the goal to have per country maybe 302 00:12:10,000 --> 00:12:11,839 one one system 303 00:12:11,839 --> 00:12:14,320 deployed in the end and that those 304 00:12:14,320 --> 00:12:17,040 systems are then interoperable so so if 305 00:12:17,040 --> 00:12:19,120 i now travel with my credentials to 306 00:12:19,120 --> 00:12:21,440 germany that i can also use my 307 00:12:21,440 --> 00:12:23,839 dutch credentials in germany to 308 00:12:23,839 --> 00:12:26,000 authenticate and for example to prove 309 00:12:26,000 --> 00:12:29,519 that i'm above 18 years old 310 00:12:30,160 --> 00:12:31,120 also 311 00:12:31,120 --> 00:12:35,040 yema is also participating in this 312 00:12:37,600 --> 00:12:39,279 so there is also some discussion 313 00:12:39,279 --> 00:12:41,440 especially in germany um that there are 314 00:12:41,440 --> 00:12:43,839 also some drawbacks with self-serving 315 00:12:43,839 --> 00:12:45,360 identity or decentralized and 316 00:12:45,360 --> 00:12:48,560 user-centric identity systems in general 317 00:12:48,560 --> 00:12:51,519 um some of those arguments are nicely 318 00:12:51,519 --> 00:12:53,519 written down by lily redmond my german 319 00:12:53,519 --> 00:12:55,920 friends here will probably 320 00:12:55,920 --> 00:12:59,360 heard about her in the last two years 321 00:12:59,360 --> 00:13:01,279 also and 322 00:13:01,279 --> 00:13:03,279 she argues that with self-serving 323 00:13:03,279 --> 00:13:06,079 identity systems service providers have 324 00:13:06,079 --> 00:13:09,519 verified verified data stored 325 00:13:09,519 --> 00:13:11,279 and those are more valuable for 326 00:13:11,279 --> 00:13:13,760 criminals 327 00:13:13,760 --> 00:13:15,839 also once you have such 328 00:13:15,839 --> 00:13:18,959 an infrastructure deployed it's also 329 00:13:18,959 --> 00:13:21,440 easier to add identification obligations 330 00:13:21,440 --> 00:13:24,240 in the future 331 00:13:24,959 --> 00:13:26,959 also states often leave it to the market 332 00:13:26,959 --> 00:13:28,320 to develop 333 00:13:28,320 --> 00:13:29,760 solutions 334 00:13:29,760 --> 00:13:31,120 and then the question is okay what's 335 00:13:31,120 --> 00:13:33,200 what's the business model then 336 00:13:33,200 --> 00:13:34,480 for those 337 00:13:34,480 --> 00:13:36,240 organizations right how do i want to 338 00:13:36,240 --> 00:13:38,320 earn money with the identity do we want 339 00:13:38,320 --> 00:13:39,360 that 340 00:13:39,360 --> 00:13:41,920 as a society 341 00:13:41,920 --> 00:13:42,880 and 342 00:13:42,880 --> 00:13:45,040 yeah citizens are then becoming 343 00:13:45,040 --> 00:13:46,720 responsible for 344 00:13:46,720 --> 00:13:48,320 maintaining their credentials within 345 00:13:48,320 --> 00:13:49,839 their phone so 346 00:13:49,839 --> 00:13:51,680 what happens if someone commits fault 347 00:13:51,680 --> 00:13:53,279 with them who's 348 00:13:53,279 --> 00:13:56,000 liable for this 349 00:13:58,160 --> 00:14:00,320 one of the goals of the european digital 350 00:14:00,320 --> 00:14:01,680 identity 351 00:14:01,680 --> 00:14:04,320 was to make such platforms interoperable 352 00:14:04,320 --> 00:14:06,639 right what i said so you can go from 353 00:14:06,639 --> 00:14:08,240 travel from germany to the netherlands 354 00:14:08,240 --> 00:14:09,519 and then use the 355 00:14:09,519 --> 00:14:11,360 credential from one country in another 356 00:14:11,360 --> 00:14:13,760 country 357 00:14:13,760 --> 00:14:14,800 so 358 00:14:14,800 --> 00:14:17,360 one of the current issues is that 359 00:14:17,360 --> 00:14:20,399 there is no standard defined how 360 00:14:20,399 --> 00:14:23,040 different identity apps such as emi it's 361 00:14:23,040 --> 00:14:26,560 me slus or the american sovereign 362 00:14:26,560 --> 00:14:28,839 talk to each other right how to exchange 363 00:14:28,839 --> 00:14:31,680 credentials between systems such that i 364 00:14:31,680 --> 00:14:33,920 can for instance have my personal data 365 00:14:33,920 --> 00:14:36,000 credential from ems 366 00:14:36,000 --> 00:14:39,199 stored within my yema app and someone 367 00:14:39,199 --> 00:14:41,600 deploys an it's me server 368 00:14:41,600 --> 00:14:45,120 and then can verify my ema credentials 369 00:14:45,120 --> 00:14:49,040 within an it's me system 370 00:14:50,079 --> 00:14:51,360 this 371 00:14:51,360 --> 00:14:54,959 w3c the worldwide web consortium 372 00:14:54,959 --> 00:14:56,639 developed a 373 00:14:56,639 --> 00:14:59,120 standard called verifiable credentials 374 00:14:59,120 --> 00:15:01,120 data model 375 00:15:01,120 --> 00:15:03,600 and it became a recommendation 376 00:15:03,600 --> 00:15:05,920 version 1.0 in 377 00:15:05,920 --> 00:15:09,199 may 2020 i think 378 00:15:09,199 --> 00:15:11,120 and in the meantime they also updated 379 00:15:11,120 --> 00:15:14,639 some minor things so it became a 1.1 380 00:15:14,639 --> 00:15:16,160 version 381 00:15:16,160 --> 00:15:17,279 um 382 00:15:17,279 --> 00:15:19,839 so important to see here is that 383 00:15:19,839 --> 00:15:22,399 this proposal contains a data model 384 00:15:22,399 --> 00:15:23,760 which is an 385 00:15:23,760 --> 00:15:27,440 unambiguous specification defining walls 386 00:15:27,440 --> 00:15:29,600 the interaction between walls and 387 00:15:29,600 --> 00:15:31,360 related concepts 388 00:15:31,360 --> 00:15:33,920 and also providing a syntax usually in 389 00:15:33,920 --> 00:15:35,920 json so we will 390 00:15:35,920 --> 00:15:40,279 i will give a little example in a bit 391 00:15:40,639 --> 00:15:42,480 so if we now look at the walls and 392 00:15:42,480 --> 00:15:45,279 information flow of the verifiable 393 00:15:45,279 --> 00:15:47,199 credentials data model we see clearly 394 00:15:47,199 --> 00:15:49,519 some similarities with the yammer system 395 00:15:49,519 --> 00:15:52,079 right we have here an issuer that issues 396 00:15:52,079 --> 00:15:53,519 credentials 397 00:15:53,519 --> 00:15:56,079 we have a holder or a user that needs to 398 00:15:56,079 --> 00:15:57,920 store the credentials in a within a 399 00:15:57,920 --> 00:15:59,920 wallet app on the phone 400 00:15:59,920 --> 00:16:02,320 then we have a verifier on the right and 401 00:16:02,320 --> 00:16:05,120 that yeah requests credentials and 402 00:16:05,120 --> 00:16:06,959 verifies them 403 00:16:06,959 --> 00:16:08,720 and on the bottom we see we have a 404 00:16:08,720 --> 00:16:11,040 verified data registry that maintains 405 00:16:11,040 --> 00:16:13,120 identifiers and schemes so i didn't talk 406 00:16:13,120 --> 00:16:16,800 about this yet but i will do in a bit 407 00:16:16,800 --> 00:16:18,560 and 408 00:16:18,560 --> 00:16:21,199 within yammer yeah we have the similar 409 00:16:21,199 --> 00:16:23,839 concepts 410 00:16:24,480 --> 00:16:26,800 so an emr scheme is 411 00:16:26,800 --> 00:16:28,480 very important because it contains 412 00:16:28,480 --> 00:16:30,560 information about the issuer 413 00:16:30,560 --> 00:16:33,440 which credentials an issuer may issue 414 00:16:33,440 --> 00:16:35,759 and also the public keys 415 00:16:35,759 --> 00:16:37,519 of the issuers 416 00:16:37,519 --> 00:16:38,320 that 417 00:16:38,320 --> 00:16:40,959 a verifier needs to be able 418 00:16:40,959 --> 00:16:42,240 to 419 00:16:42,240 --> 00:16:45,040 verify that the credentials are indeed 420 00:16:45,040 --> 00:16:47,519 developed 421 00:16:49,360 --> 00:16:51,759 so the emr scheme is distributed via the 422 00:16:51,759 --> 00:16:55,120 ems key manager so it's hosted on github 423 00:16:55,120 --> 00:16:56,000 and 424 00:16:56,000 --> 00:16:57,040 every 425 00:16:57,040 --> 00:16:59,120 instance of an ems 426 00:16:59,120 --> 00:17:02,560 service or the yemi app regularly 427 00:17:02,560 --> 00:17:05,599 pulls the most recent version of the 428 00:17:05,599 --> 00:17:08,160 official emr scheme 429 00:17:08,160 --> 00:17:12,240 so it stays up to date 430 00:17:12,720 --> 00:17:15,119 however in the 431 00:17:15,119 --> 00:17:16,799 verified credential 432 00:17:16,799 --> 00:17:19,119 data model 433 00:17:19,119 --> 00:17:20,799 the the yes 434 00:17:20,799 --> 00:17:23,199 it works a bit differently so for 435 00:17:23,199 --> 00:17:25,520 instance as you can see here the the 436 00:17:25,520 --> 00:17:26,799 green row 437 00:17:26,799 --> 00:17:28,480 within 438 00:17:28,480 --> 00:17:30,240 within this accept 439 00:17:30,240 --> 00:17:33,280 example we see a url 440 00:17:33,280 --> 00:17:34,559 that links 441 00:17:34,559 --> 00:17:37,600 to yeah if d referenced contains some 442 00:17:37,600 --> 00:17:39,919 information about the issuer 443 00:17:39,919 --> 00:17:41,600 and i think most importantly contains 444 00:17:41,600 --> 00:17:43,760 the public key of the issuer so 445 00:17:43,760 --> 00:17:45,760 anyone receiving this credential can 446 00:17:45,760 --> 00:17:48,400 verify it 447 00:17:51,360 --> 00:17:54,320 so what i did within 448 00:17:54,320 --> 00:17:57,440 within my work is developing a metadata 449 00:17:57,440 --> 00:17:58,559 server 450 00:17:58,559 --> 00:18:00,559 within the emr system 451 00:18:00,559 --> 00:18:02,240 such that 452 00:18:02,240 --> 00:18:06,320 external parties can request information 453 00:18:06,320 --> 00:18:07,760 about the issuer and about the 454 00:18:07,760 --> 00:18:09,600 credentials used 455 00:18:09,600 --> 00:18:12,320 by offering two distinct endpoints the 456 00:18:12,320 --> 00:18:15,840 issuer and the schema endpoint 457 00:18:16,720 --> 00:18:19,919 yeah so we can conform to the verifiable 458 00:18:19,919 --> 00:18:23,039 credential data model 459 00:18:25,600 --> 00:18:27,760 so the prototype are built 460 00:18:27,760 --> 00:18:30,480 to summarize is providing this metadata 461 00:18:30,480 --> 00:18:31,919 server 462 00:18:31,919 --> 00:18:35,280 a wrapper with an emr go yamago is a 463 00:18:35,280 --> 00:18:38,720 central component with which you can 464 00:18:38,720 --> 00:18:40,799 run an emr server but also parts are 465 00:18:40,799 --> 00:18:41,840 used 466 00:18:41,840 --> 00:18:43,280 within 467 00:18:43,280 --> 00:18:45,600 the app 468 00:18:45,600 --> 00:18:47,919 to compute verifiable credential 469 00:18:47,919 --> 00:18:50,400 compliant messages 470 00:18:50,400 --> 00:18:52,720 also i show that we can exchange 471 00:18:52,720 --> 00:18:54,799 verifiable credential compliant messages 472 00:18:54,799 --> 00:18:57,280 between different emma components 473 00:18:57,280 --> 00:19:00,880 so doing my study i was not able due to 474 00:19:00,880 --> 00:19:03,600 time constraints to find other parties 475 00:19:03,600 --> 00:19:06,240 for instance it's me or soviet that want 476 00:19:06,240 --> 00:19:08,559 to work together with me to 477 00:19:08,559 --> 00:19:11,200 to show that we can indeed exchange 478 00:19:11,200 --> 00:19:12,720 information 479 00:19:12,720 --> 00:19:16,000 between different systems 480 00:19:18,080 --> 00:19:20,960 so the source code is also available on 481 00:19:20,960 --> 00:19:23,440 my github i forked the emrgo and the 482 00:19:23,440 --> 00:19:26,960 emma mobile repositories 483 00:19:26,960 --> 00:19:29,200 and 484 00:19:30,320 --> 00:19:32,160 to to wrap it up 485 00:19:32,160 --> 00:19:36,280 i think all the time 486 00:19:38,080 --> 00:19:38,799 so 487 00:19:38,799 --> 00:19:40,880 what i just said the prototype showers 488 00:19:40,880 --> 00:19:44,240 how to compute vc compliant messages 489 00:19:44,240 --> 00:19:46,320 within yema 490 00:19:46,320 --> 00:19:48,799 by conforming to the verified credential 491 00:19:48,799 --> 00:19:51,760 data model ema's interval 492 00:19:51,760 --> 00:19:54,640 interoperability increases however one 493 00:19:54,640 --> 00:19:56,000 of the most 494 00:19:56,000 --> 00:19:58,320 important things to discuss though is 495 00:19:58,320 --> 00:19:59,760 that 496 00:19:59,760 --> 00:20:03,039 the apis and the cryptos 497 00:20:03,039 --> 00:20:05,280 a system implements can defer in each 498 00:20:05,280 --> 00:20:07,760 system and that's also the biggest 499 00:20:07,760 --> 00:20:09,440 challenge 500 00:20:09,440 --> 00:20:11,520 and that's yeah for instance emr 501 00:20:11,520 --> 00:20:13,280 utilizes 502 00:20:13,280 --> 00:20:17,679 the ib ibm's identity mix specification 503 00:20:17,679 --> 00:20:20,080 to to implement some protocols but other 504 00:20:20,080 --> 00:20:22,960 system can implement other crypto 505 00:20:22,960 --> 00:20:23,840 so 506 00:20:23,840 --> 00:20:25,360 how do you make sure each system 507 00:20:25,360 --> 00:20:26,720 understand 508 00:20:26,720 --> 00:20:29,039 crypto of all the other systems right i 509 00:20:29,039 --> 00:20:31,120 think that's one of the most 510 00:20:31,120 --> 00:20:33,280 complicated things 511 00:20:33,280 --> 00:20:36,720 in this whole yeah very very credential 512 00:20:36,720 --> 00:20:39,280 um yeah standard 513 00:20:39,280 --> 00:20:40,880 but i think we have a similar discussion 514 00:20:40,880 --> 00:20:42,400 currently about 515 00:20:42,400 --> 00:20:45,120 making messenger apps interoperable i 516 00:20:45,120 --> 00:20:46,880 think there we have kind of the similar 517 00:20:46,880 --> 00:20:49,840 challenges 518 00:20:50,559 --> 00:20:53,678 so on a more higher level 519 00:20:53,919 --> 00:20:56,480 we can state that with decentral 520 00:20:56,480 --> 00:20:58,559 identity management platforms we can 521 00:20:58,559 --> 00:21:01,280 improve the reliability 522 00:21:01,280 --> 00:21:03,280 doing extreme events 523 00:21:03,280 --> 00:21:04,799 because we are not relying on the 524 00:21:04,799 --> 00:21:08,799 central identity provider 525 00:21:09,280 --> 00:21:11,120 there are also several 526 00:21:11,120 --> 00:21:13,120 decentralized and user-centric products 527 00:21:13,120 --> 00:21:14,960 available on the market as we've seen 528 00:21:14,960 --> 00:21:17,280 emr for instance in schloss in the 529 00:21:17,280 --> 00:21:19,679 netherlands and it's me 530 00:21:19,679 --> 00:21:22,159 in belgium which is really used heavily 531 00:21:22,159 --> 00:21:25,919 there by citizens 532 00:21:27,200 --> 00:21:29,360 yeah the bsi 533 00:21:29,360 --> 00:21:31,600 states that it doesn't recommend the use 534 00:21:31,600 --> 00:21:34,799 of distributed ledger technology within 535 00:21:34,799 --> 00:21:36,720 such systems 536 00:21:36,720 --> 00:21:38,159 um 537 00:21:38,159 --> 00:21:40,640 in in we have seen that 538 00:21:40,640 --> 00:21:43,280 systems use it for like storing also a 539 00:21:43,280 --> 00:21:44,960 scheme right so in a decentralized 540 00:21:44,960 --> 00:21:47,200 manner they try to distribute 541 00:21:47,200 --> 00:21:50,080 the scheme such that everybody can 542 00:21:50,080 --> 00:21:52,720 receive the right information about 543 00:21:52,720 --> 00:21:56,640 issuers for instance the public keys 544 00:21:56,720 --> 00:21:58,880 and yeah in the end we have the european 545 00:21:58,880 --> 00:22:00,240 digital 546 00:22:00,240 --> 00:22:02,799 identity initiative 547 00:22:02,799 --> 00:22:05,039 it gives opportunities to empower 548 00:22:05,039 --> 00:22:07,120 citizens to be in control and sole 549 00:22:07,120 --> 00:22:10,159 control of their identity 550 00:22:10,159 --> 00:22:12,559 but as i have shown there are also some 551 00:22:12,559 --> 00:22:14,880 drawbacks that we still need to address 552 00:22:14,880 --> 00:22:16,880 so i also 553 00:22:16,880 --> 00:22:19,440 it's a call to action for everybody here 554 00:22:19,440 --> 00:22:21,039 who wants that this goes in the right 555 00:22:21,039 --> 00:22:22,240 direction 556 00:22:22,240 --> 00:22:24,159 because within the european union it was 557 00:22:24,159 --> 00:22:26,720 also one point was that we have some 558 00:22:26,720 --> 00:22:28,799 unique identifier for every citizen 559 00:22:28,799 --> 00:22:32,559 within europe so that we can have yeah 560 00:22:32,559 --> 00:22:33,440 uh 561 00:22:33,440 --> 00:22:36,880 can identify everyone and i think we 562 00:22:36,880 --> 00:22:39,360 we don't want that 563 00:22:39,360 --> 00:22:41,360 as a community here at least 564 00:22:41,360 --> 00:22:42,640 and 565 00:22:42,640 --> 00:22:44,799 yeah that's the end of my 566 00:22:44,799 --> 00:22:47,520 talk and so we still have some time for 567 00:22:47,520 --> 00:22:50,918 a q a 568 00:22:55,200 --> 00:22:57,600 so thank you very much and if there are 569 00:22:57,600 --> 00:22:59,280 any questions please line up at the 570 00:22:59,280 --> 00:23:02,879 microphones in the middle of the room 571 00:23:03,360 --> 00:23:05,919 we do have some time if anyone wants to 572 00:23:05,919 --> 00:23:09,159 know anything 573 00:23:13,360 --> 00:23:14,799 okay 574 00:23:14,799 --> 00:23:17,679 first front microphone please hi you 575 00:23:17,679 --> 00:23:19,600 mentioned and it's on the slide 576 00:23:19,600 --> 00:23:21,520 the distributed ledger is not 577 00:23:21,520 --> 00:23:23,440 recommended by the bsi 578 00:23:23,440 --> 00:23:25,360 could you tell a little bit more about 579 00:23:25,360 --> 00:23:28,000 that about the whys and 580 00:23:28,000 --> 00:23:30,640 the whys yeah because they argue that 581 00:23:30,640 --> 00:23:31,679 the 582 00:23:31,679 --> 00:23:34,480 technology is not major enough and 583 00:23:34,480 --> 00:23:37,840 it gives more risk than it benefits 584 00:23:37,840 --> 00:23:40,640 an actual system so i don't have all the 585 00:23:40,640 --> 00:23:43,039 details now in mind but i referenced it 586 00:23:43,039 --> 00:23:44,799 so 587 00:23:44,799 --> 00:23:46,640 yeah i ask you then to to look up if you 588 00:23:46,640 --> 00:23:48,240 really want to know all the details what 589 00:23:48,240 --> 00:23:51,440 what they write in their report so 590 00:23:51,440 --> 00:23:52,480 yeah 591 00:23:52,480 --> 00:23:55,760 that's okay next question 592 00:23:55,760 --> 00:23:58,960 hello and thank you for your talk 593 00:23:58,960 --> 00:24:01,840 let's assume that everyone 594 00:24:01,840 --> 00:24:03,360 every wallet 595 00:24:03,360 --> 00:24:06,080 now has those verifiable potentials we 596 00:24:06,080 --> 00:24:08,480 don't have interoperability yet 597 00:24:08,480 --> 00:24:10,159 what would you recommend how should the 598 00:24:10,159 --> 00:24:13,200 wallets then work together 599 00:24:13,200 --> 00:24:15,679 if we don't have interoperability you 600 00:24:15,679 --> 00:24:16,480 mean 601 00:24:16,480 --> 00:24:19,279 let's assume we all implemented this and 602 00:24:19,279 --> 00:24:21,120 it's just a standard and you know there 603 00:24:21,120 --> 00:24:22,559 are still limits you don't have the 604 00:24:22,559 --> 00:24:25,360 interoperability just by implementing 605 00:24:25,360 --> 00:24:28,799 the standard so what if we now have all 606 00:24:28,799 --> 00:24:30,880 those verifiable credentials how should 607 00:24:30,880 --> 00:24:32,640 we continue 608 00:24:32,640 --> 00:24:35,279 to actually get interoperability yeah 609 00:24:35,279 --> 00:24:37,440 exactly so to increase interoperability 610 00:24:37,440 --> 00:24:39,679 even further so i think 611 00:24:39,679 --> 00:24:42,000 what we need is some agreement within 612 00:24:42,000 --> 00:24:44,559 the community also to 613 00:24:44,559 --> 00:24:46,640 think about which kind of crypto we want 614 00:24:46,640 --> 00:24:48,720 to support what's what is really the 615 00:24:48,720 --> 00:24:51,440 good quip um for instance right what 616 00:24:51,440 --> 00:24:53,279 yama currently implements 617 00:24:53,279 --> 00:24:56,640 uh parts of the identity mixer of ibm 618 00:24:56,640 --> 00:24:58,720 that we kind of standardize this and 619 00:24:58,720 --> 00:25:00,720 make it kind of a library so other 620 00:25:00,720 --> 00:25:02,799 systems can just load this library and 621 00:25:02,799 --> 00:25:04,880 then have the crypto 622 00:25:04,880 --> 00:25:06,799 included in the system already so i 623 00:25:06,799 --> 00:25:07,840 think 624 00:25:07,840 --> 00:25:09,760 it needs to go into that direction that 625 00:25:09,760 --> 00:25:12,480 we have some agreement on the good 626 00:25:12,480 --> 00:25:14,720 crypto and then maybe 627 00:25:14,720 --> 00:25:17,360 have different libraries that implement 628 00:25:17,360 --> 00:25:20,159 this different cryptographic systems 629 00:25:20,159 --> 00:25:21,760 so other 630 00:25:21,760 --> 00:25:24,159 i didn't yeah other 631 00:25:24,159 --> 00:25:26,720 decentralized systems can easily 632 00:25:26,720 --> 00:25:30,640 implement it or use it let's say right 633 00:25:30,640 --> 00:25:32,720 okay next one 634 00:25:32,720 --> 00:25:34,400 hello 635 00:25:34,400 --> 00:25:35,200 i 636 00:25:35,200 --> 00:25:37,520 would like to 637 00:25:37,520 --> 00:25:40,400 know i have to remin remind you that 638 00:25:40,400 --> 00:25:43,039 we had a talk about bring your own 639 00:25:43,039 --> 00:25:44,320 identity 640 00:25:44,320 --> 00:25:46,799 on the on friday 641 00:25:46,799 --> 00:25:49,520 which allowed 642 00:25:49,520 --> 00:25:52,159 authentication on any server by using 643 00:25:52,159 --> 00:25:55,120 one identity provider and maybe a week 644 00:25:55,120 --> 00:25:56,960 after this talk we can have a little 645 00:25:56,960 --> 00:25:58,240 chat 646 00:25:58,240 --> 00:26:01,279 how your irma project can 647 00:26:01,279 --> 00:26:03,919 coincide with my hair is our bring your 648 00:26:03,919 --> 00:26:05,760 own identity project 649 00:26:05,760 --> 00:26:09,039 and the designer of uh offer bring your 650 00:26:09,039 --> 00:26:11,440 own identity will 651 00:26:11,440 --> 00:26:14,720 be here in in a while and maybe that's 652 00:26:14,720 --> 00:26:17,360 interesting because what we did 653 00:26:17,360 --> 00:26:19,279 we created a system 654 00:26:19,279 --> 00:26:20,559 that 655 00:26:20,559 --> 00:26:22,799 to prevent to have to authentic to have 656 00:26:22,799 --> 00:26:24,799 credentials on all those servers such as 657 00:26:24,799 --> 00:26:25,679 google 658 00:26:25,679 --> 00:26:27,520 facebook and so on 659 00:26:27,520 --> 00:26:28,559 to be 660 00:26:28,559 --> 00:26:31,200 removed and be delegated to your own 661 00:26:31,200 --> 00:26:33,840 identity provider and because this talk 662 00:26:33,840 --> 00:26:36,720 is also very much about identity maybe 663 00:26:36,720 --> 00:26:39,840 they're interesting 664 00:26:40,400 --> 00:26:42,480 coincidences so to speak 665 00:26:42,480 --> 00:26:44,880 but it's not really a question but yeah 666 00:26:44,880 --> 00:26:47,760 maybe i want to point out maybe 667 00:26:47,760 --> 00:26:49,919 something can be combined with your with 668 00:26:49,919 --> 00:26:52,400 irma and bringing own identity 669 00:26:52,400 --> 00:26:54,000 but if i understand correctly you say 670 00:26:54,000 --> 00:26:56,159 that you then have different your 671 00:26:56,159 --> 00:26:58,960 identity stored at one identity provider 672 00:26:58,960 --> 00:27:01,039 but then it's also centralized in a way 673 00:27:01,039 --> 00:27:03,279 right so that's also risk 674 00:27:03,279 --> 00:27:05,360 indeed whatever thinking of it it's also 675 00:27:05,360 --> 00:27:07,120 a problem because when the identity 676 00:27:07,120 --> 00:27:09,520 provider goes down you can't identify 677 00:27:09,520 --> 00:27:11,440 anymore but that's what you solved 678 00:27:11,440 --> 00:27:14,080 center maybe that can be combined 679 00:27:14,080 --> 00:27:17,200 yeah okay maybe we can talk later also 680 00:27:17,200 --> 00:27:18,399 yeah 681 00:27:18,399 --> 00:27:19,600 yeah 682 00:27:19,600 --> 00:27:23,279 so so uh apologies if i miss uh i missed 683 00:27:23,279 --> 00:27:25,200 most of your talk but um 684 00:27:25,200 --> 00:27:27,120 the uh so i was paying attention to 685 00:27:27,120 --> 00:27:29,360 these verifiable claims work attached to 686 00:27:29,360 --> 00:27:32,240 the w3c from pretty early because i had 687 00:27:32,240 --> 00:27:33,520 somebody dragged me into being involved 688 00:27:33,520 --> 00:27:36,799 in the um in the e payments thing 689 00:27:36,799 --> 00:27:37,840 um 690 00:27:37,840 --> 00:27:39,440 the 691 00:27:39,440 --> 00:27:40,240 the 692 00:27:40,240 --> 00:27:41,520 okay there was a lot of incompetence 693 00:27:41,520 --> 00:27:44,000 there from the beginning but um 694 00:27:44,000 --> 00:27:45,919 but one of the things that kind of stuck 695 00:27:45,919 --> 00:27:49,600 out to me and apologies again if you've 696 00:27:49,600 --> 00:27:52,000 already touched on this but 697 00:27:52,000 --> 00:27:55,520 you really don't want uh any identity 698 00:27:55,520 --> 00:27:58,000 system that is sort of general purpose 699 00:27:58,000 --> 00:28:00,399 and relocatable against different things 700 00:28:00,399 --> 00:28:03,600 and that reveals attributes of people 701 00:28:03,600 --> 00:28:05,279 uh so 702 00:28:05,279 --> 00:28:06,720 one of if you go through like the 703 00:28:06,720 --> 00:28:09,360 verifiable claims like the the their 704 00:28:09,360 --> 00:28:10,480 documents 705 00:28:10,480 --> 00:28:12,080 if you go through like their either use 706 00:28:12,080 --> 00:28:14,840 cases documents it talks about 707 00:28:14,840 --> 00:28:17,039 um it talks about using like for example 708 00:28:17,039 --> 00:28:18,480 to prove you have a job to get a bank 709 00:28:18,480 --> 00:28:19,600 account 710 00:28:19,600 --> 00:28:21,840 which okay that's fine but how often do 711 00:28:21,840 --> 00:28:23,360 you open a bank account it's perfectly 712 00:28:23,360 --> 00:28:25,679 fine to ask your employer for a letter 713 00:28:25,679 --> 00:28:27,039 uh whereas 714 00:28:27,039 --> 00:28:28,720 what's much more likely to ha well 715 00:28:28,720 --> 00:28:31,200 that's where that feature would get used 716 00:28:31,200 --> 00:28:33,120 much more likely much more often would 717 00:28:33,120 --> 00:28:35,679 be when you're going to apply for a job 718 00:28:35,679 --> 00:28:37,600 because an hr person 719 00:28:37,600 --> 00:28:40,080 generally prefers people to already have 720 00:28:40,080 --> 00:28:41,039 jobs 721 00:28:41,039 --> 00:28:43,039 and so they'll just filter everybody 722 00:28:43,039 --> 00:28:45,120 because that's how bureaucracy sometimes 723 00:28:45,120 --> 00:28:47,360 work and if you if you go through all of 724 00:28:47,360 --> 00:28:50,320 their use cases like you can pretty much 725 00:28:50,320 --> 00:28:51,679 just flip it on its head and say how can 726 00:28:51,679 --> 00:28:53,600 this beam is used and pretty much all of 727 00:28:53,600 --> 00:28:56,840 the attribute use cases can be misused 728 00:28:56,840 --> 00:28:58,480 so 729 00:28:58,480 --> 00:29:00,480 my general feeling 730 00:29:00,480 --> 00:29:01,600 is so 731 00:29:01,600 --> 00:29:03,840 the main so the question for apologies 732 00:29:03,840 --> 00:29:05,200 for this not being a question but the 733 00:29:05,200 --> 00:29:06,640 question part of this is have you looked 734 00:29:06,640 --> 00:29:08,320 at brian ford's proof of personhood 735 00:29:08,320 --> 00:29:10,399 parties because 736 00:29:10,399 --> 00:29:13,279 the in brian ford's model there are no 737 00:29:13,279 --> 00:29:16,799 attributes that's just you have um it's 738 00:29:16,799 --> 00:29:18,000 a function 739 00:29:18,000 --> 00:29:21,279 that maps uh a context to unique 740 00:29:21,279 --> 00:29:22,640 identity 741 00:29:22,640 --> 00:29:24,799 and so then there's no there's no 742 00:29:24,799 --> 00:29:26,880 there's no need for uh 743 00:29:26,880 --> 00:29:28,559 or then we have no attributes we just 744 00:29:28,559 --> 00:29:31,200 have um in a given context i have a 745 00:29:31,200 --> 00:29:32,559 unique 746 00:29:32,559 --> 00:29:34,320 identity and then i have another one and 747 00:29:34,320 --> 00:29:37,760 another identity and there's no 748 00:29:37,760 --> 00:29:40,240 uh so yeah you mean you get the identity 749 00:29:40,240 --> 00:29:42,720 from the government for instance right 750 00:29:42,720 --> 00:29:43,520 which 751 00:29:43,520 --> 00:29:47,279 which has some unique identifier 752 00:29:47,279 --> 00:29:50,880 um in his model uh so he's has this 753 00:29:50,880 --> 00:29:52,640 anarchisty thing essentially they want 754 00:29:52,640 --> 00:29:54,880 this proof of personhood parties where 755 00:29:54,880 --> 00:29:55,760 people 756 00:29:55,760 --> 00:29:56,720 produce 757 00:29:56,720 --> 00:29:58,399 but de facto the proof of personhood 758 00:29:58,399 --> 00:30:00,399 parties are a side government so yes 759 00:30:00,399 --> 00:30:02,000 it's coming from a government 760 00:30:02,000 --> 00:30:04,240 but it's not the government it's this 761 00:30:04,240 --> 00:30:06,640 like anarchist construct but you could 762 00:30:06,640 --> 00:30:10,320 do it issued by a government too 763 00:30:11,630 --> 00:30:13,279 [Music] 764 00:30:13,279 --> 00:30:14,399 so yeah 765 00:30:14,399 --> 00:30:15,919 i don't really understand it correctly 766 00:30:15,919 --> 00:30:17,360 yet yeah 767 00:30:17,360 --> 00:30:18,799 like 768 00:30:18,799 --> 00:30:22,320 yeah maybe you'll talk after yeah 769 00:30:22,320 --> 00:30:25,840 and time is up sorry but he will be 770 00:30:25,840 --> 00:30:28,159 available afterwards i'm sure 771 00:30:28,159 --> 00:30:29,360 and 772 00:30:29,360 --> 00:30:31,039 thank you very much for the talk i think 773 00:30:31,039 --> 00:30:32,720 you were the first person who tripled 774 00:30:32,720 --> 00:30:35,120 the audience during talking so please 775 00:30:35,120 --> 00:30:36,960 give him a round of applause for just at 776 00:30:36,960 --> 00:30:38,399 least triple 777 00:30:38,399 --> 00:30:41,639 two before