#248 - Decentralized Identity with the Identity Woman Kaliya Young - podcast episode cover

#248 - Decentralized Identity with the Identity Woman Kaliya Young

Nov 27, 20231 hr 2 minEp. 248
--:--
--:--
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In episode #248 of the Identity at the Center Podcast, hosts Jim McDonald and Jeff Steadman welcome special guest Kaliya Young, also known as the Identity Woman. They dive into the fascinating world of decentralized identity and explore its challenges and potential. Kaliya shares her journey into the field of identity, her involvement in founding the Internet Identity Workshop, and her work with the Identosphere newsletter. The conversation covers topics such as the hurdles faced by governments in implementing decentralized identity, the definition of decentralized identity, and the competition between decentralized identity standards. Kaliya also discusses her recent blog post on digital wallets and provides insights on the global nature of identity standards and the politics involved in their development. The conversation wraps up on a lighter note, with Kaliya sharing her best and worst water polo moments as a member of the Canadian national team.

Connect with Kaliya: https://www.linkedin.com/in/kaliya/

Blog “Exploring Approaches to Digital Wallets”: https://medium.com/@identitywoman-in-business/exploring-approaches-to-digital-wallets-c1824c90480a

Learn more about Identity Woman: https://identitywoman.net/

Book “The Domains of Identity: A Framework for Understanding Identity Systems in Contemporary Society (Anthem Ethics of Personal Data Collection)”: https://www.amazon.com/Domains-Identity-Understanding-Contemporary-Collection/dp/1785274910/ref=sr_1_2?crid=190EJVT5Q9G6J&keywords=kaliya+young&qid=1700589700&sprefix=kaliya+young%2Caps%2C114&sr=8-2

Book “A Comprehensive Guide to Self Sovereign Identity”: https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/ref=sr_1_3?crid=190EJVT5Q9G6J&keywords=kaliya+young&qid=1700589700&sprefix=kaliya+young%2Caps%2C114&sr=8-3

Identosphere newsletter: https://newsletter.identosphere.net/

Internet Identity Workshop (IIW): https://internetidentityworkshop.com/

Register for the free NYC and Chicago Identiverse regional events here: https://bit.ly/IDVR23-IDAC

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

Transcript

This is identity at the center. If it has anything to do with IAM, this is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity at the Center podcast. I'm Jeff and that's Jim. Hey, Jim. Hey, Jeff. How are you? Not so bad yourself doing great. So I put a post on the ID Pro Slack channel the other day and asked, you know, who are people that folks would like to hear

come on to the show as guests. And I got a response from Trigva Holland Hobland and he mentioned somebody from Microsoft and I asked him if he saw the episode with or heard the episode with Pam Dingle and he hadn't. I went out and listened to it and said oh that's fantastic. Hit a follow up question. So I'm gonna bounce this off you. Do we have transcripts of the episodes that people can go and and search? We do not.

Not yet. I'm trying to figure out how to get it done, but one, it's expensive to do 2 It takes a long time to figure out. There's automated services, but you're kind of left to. You still have to like read them to see if they make sense and. I don't know. I think ultimately, yeah, I'll try to figure something out. But today we do not trying to think actually the Spotify app does. So if you're a Spotify listener, you can go into the Spotify app and I believe there are

transcripts there. It does it automatically. I don't have any control over it. So I, you know, I will say that is all on Spotify, whatever. Our words get translated into what shows up in there, but. Not today, but it's something I'm trying to figure out how to do. That doesn't just take an inordinate amount of time. Yeah, I mean, you hit the the nail on the head there with it's expensive.

One thing we didn't, I didn't realize, and I'm assuming you didn't realize when we started doing this thing four years ago is how expensive it is from a podcast. So one of the things you you went out and got us was software so that we could take all the episodes and put them up to YouTube. You know, it's not like a full video, but there is some visual, you know, sound bar thing kind

of thing happening. Waveform I guess is what it's called and we've already got 150 subscribers to the YouTube channel. But I would just ask everybody to to go out there and you know hit subscribe that's going to help grow the channel. It's it's funny when I go into Apple podcast and I type identity, it's like our podcast comes up right away but you almost have to type out identity at the Center for it to show up in YouTube so. Well, identity's such a fake term, right?

It's we know what it means in our context, but it means different things in different contexts. So yeah, I also just wanted to mention the the website which you created. I I know you put a lot of time into creating it. I'm assuming that it kind of takes care of itself for the most part now, but I did want to point out one of the features that I wind up using all the time myself is the search feature. So you can go into idacpodcast.com, click on Listen

and search. You know, either by name or by topic, you know, type in RBAC or something like that and see all the episodes where we had a significant amount of content or discussion on a specific. Topic Yeah, it took a while for that to get in place, but yeah, all of our episodes are. There automatically. And yeah, the search box is very simple, it just searches for keywords right?

So you type in RBAC like you said, and if it's in the show title or in the show notes, it should pull back entries related to that, which I'm sure we have a few at this point, Yeah. So the last thing I'll I'll point out. So for folks who are part of ID Pro who have access to select channels, awesome. It's probably the the biggest benefit of being a member of ID Pro, but the thread is still

open. So folks want to, you know, nominate somebody you know that, especially if you know the person and will handle doing an introduction, that would be great. But I wanted to shout out to Sarsourcetti and Ian Glazer because they gave several recommendations, so we got a a good little bit of a list to to chew through in 2024. Yeah. And you're responsible for all the show bookings and guests and things like that. So that's right. That's, that's that's the weight that I carry.

Yeah, you know, Speaking of the Spotify app, something I started doing recently is they have a feature where you can add in like Q&A and like poles. So I've started to do that on some more recent episodes. And if you remember, a couple episodes ago, this episode, 245, we were talking about which universe we would like to live in, whether it was Game of Thrones, The Matrix, or The Walking Dead. And based on a very limited sample size so far.

The winner right now is Game of Thrones, which surprises me that people would want to live in the Game of Thrones universe. Seems very cutthroat and brutal. Matrix is in second by like 1 vote. And then nobody has voted for The Walking Dead, which I believe was your choice when we started talking about that. Yeah. And and I mean none of those options are great. The reason I mean just just to go back why I picked The Walking Dead is that I take prescription medicine and without it I don't

think I would survive. So I had the idea that you know if I was in the Game of Thrones, like I wouldn't last very many weeks, but if I was in Walking Dead I could probably go and raid a pharmacy and get the medication that I need. So it was like a logic based answer. I know that kind of takes the fun out of it.

To some degree. But it just, you know it's it's a it's a question that shows our personalities, right we're I set the Matrix because I like air conditioning and being comfortable and Wi-Fi. I can do that in The Matrix. Do I know I'm a battery? I don't know. Maybe I'll find out at some point, decide to pursue that rabbit hole. Either way, I don't have to worry about having my head chopped off or being bitten by a zombie or anything like that. Isn't that blue pill?

Yeah, the red pill is the one that I'll take you out. The blue pill keeps you in 'cause you've never seen the Matrix, right? I didn't even know that was. I thought it was like if you were taking the blue pill, that meant you didn't know what was going on then. Basically takes the red pill that. OK, it's like you. It's like you. This conversation never took place and you just kind of wake up and it's like you're back to being a battery. Gotcha. Let's see.

So Thanksgiving this week. I've got family in house pretty much all week. They're doing their best not to make noise, which it's fine. Whatever. Like, you know, we should be OK. My dogs will start barking, maybe at some point. My brother-in-law is apparently a trigger for my youngest dog and just howls his face off whenever he sees them. Which is really, It was cute at 1st and now it's gotten really annoying because it's like every time like, Nope, Same person. He just went upstairs.

He came back downstairs. Same person. Yeah, but I so you're having a an exciting week, but less exciting than all the people who work for Open AI. Yeah, no kidding. Open AI has got some got some things going on over there. I'm not qualified to speak on it, but hopefully they get things sorted out because I'm a big fan of AI and hopefully things work out. Let's see. So this show's gonna go live on? It was at the 27th, I think it is a which is a Monday like

usual. And then I'm gonna be in New York City for the Identiverse regional event that's taking place on Friday December 1st. So I'll have a link in our show notes for people to check out if they can make it. Probably best for like local people not to be there but it's free and the only and the way you can show your support is using our registration link to to show up. So if you're there I'll have stickers. I'll be given fist bumps with gratitude instead of checking

out what that's all about. So. I think it's all the promotion I've got before we get into our main topic, which is decentralized identity. Do you have anything else, Jim, or should we get going? Well, let's get going. All right, so to help us with decentralized identity and figure out what the heck we're talking about, we've got the identity woman herself. She's Kalia Young. Welcome to the show, Kalia. Great to be here. Thank you so much for taking the

time. And we've got tradition on the show. Whenever we have someone on for the first time, as we like to find out sort of their identity, origin story, you know, where did they come from? Who made them what they are? Did identity choose them? Did it choose? You know, did you choose it? Those sorts of things. Tell us a little about how you got into the world of identity. Sure. I had a pretty unconventional path in the year 2000.

I went to a conference called Planet Work, which you can think of like planet and network mushed together. And that that conference they had like the chief scientist of Sun talking about what you know, what we would now call Uber, like you're going to have cell phones, they're going to pick you up. And we're like, no way.

Like it was so cool and and after that conference that community of people who were there met for about 18 months and wrote a paper published ultimately in. 2003 called the Augmented social network White paper Building Identity and Trust into the next generation Internet and I started hanging out with the folks who wrote that paper in the fall of 2002 and totally understood what they were talking about and they were saying like look, we need user centric digital identity to

support. People connecting to each other, not being intermediated by governments or businesses, which will happen if we don't build open standards. And I was like, you're so right, I'm, I'm there. And I started working with the guys who were trying to make that vision a reality. I became one of the first.

Employees of what at the time was called Identity Commons, which was their project to do this, and I started networking with other people who might share this vision and ultimately ran into a bunch of user centric digital identity oriented people at the big Identity conference at the time, Digital Identity World, in the fall of 2004. The Identity Gangly mailing list started out of that. And then. I've I've been working in the field ever since.

So you've got a pretty long story to history. You've also published a couple books. What are those about and how did you get into the book writing game? Sure. So the first book that I wrote was actually coming out of was that. Yeah, that was. I I wrote it first, but I think it was published after how's that was the domains of identity, which I wrote as my master's thesis in the Master of Science and Identity Management and Security program at UT Austin.

And it really was born out of a frustration in the field of identity management to put everything into one big BLOB. And you we cannot solve this problem as one big BLOB. Should the border agent take your biometrics when you're crossing the border is an identity management problem. So is enrolling your kids at soccer and proving their age. But they're very different identity management problems, and we might want a a a landscape of choices to to

categorize problems. So it has 16 different domains. All of them existed 100 years ago, so it's not particular to digital identity, but it's very useful for thinking about digital identity problems and challenges. That was formally published in in 2020, and I also published the very first book about self Sovereign Identity, called A Comprehensive Guide to Self, Sovereign Identity.

It's up on Amazon. And unfortunately it's a bit out of date that the sort of second-half of the book, it's like the current state of the industry just ignore that part, read the the the beginning part and and it's a great kind of orientation to how the work of decentralized identity and and self sovereign identity got started and and ways to think about it clearly. I can't imagine trying to write a technology that is so I don't know.

Futuristic. I don't know, for lack of a better word, like Self Sovereign. When we're. I think we're still trying to figure that out. I'll have links in our show notes at both books so people can check it out. I think. Fun fact, if you are a Kindle Unlimited submitter subscriber, the comprehensive guide to Self Sovereign Identity is actually free with your Kindle Unlimited membership. So. I don't. I hopefully that helps you.

Yeah, I'm. I'm. I don't know, but people can check that out, at least for free. If they're a Kindle person. It helps Amazon. It helps Jeff Bezos. It helps. I mean they're they're a struggling company, you know, hopefully they'll be able to make it to the next year, but I'll put links in our show notes for that. You also Co founded the Internet Identity Workshop or Iowi have not been there. I don't think Jim's been there either. It's something that we've kind of heard about.

I think I've talked about this on a show before. I feel like I would be a little bit intimidated going to there because I feel like these giant identity brains are there and they're gonna be talking way over my head. And I think the only way that I would learn something would be like through some sort of osmosis or something like that. Who is this conference for? Can you kind of take us behind the the curtain of it? Sure. I mean we got started in 2005 really.

It was an opportunity for the mailing list that formed out of that identity gang era to talk to itself. And the the first Iowa was actually one day of presentations from all the different sort of. Leading user centric potential protocols at the time and then I said like hey let's stay for another day and talk to

ourselves. Doing it using a method called open space technology where you facilitate and support the the participants Co creating the agenda live the day of the event and we use that format now for all three days of the event. We'd literally sit in a big circle the 1st morning and each morning afterwards and people stand up and on a piece of cardstock articulate the name of the session that they would like to convene. And it can.

Sessions take many formats. SO1 format is asking a question and inviting people to come and help you answer it. Another one is, you know, people presenting for 10 or 15 minutes about some aspect of ongoing technical work or problem solving that they're doing and and sharing it with the community. Another is just talking about critical issues that could use more discernment. And there's a broad range of what those topics entail. So they go all the way from, like, deeply philosophical.

Sort of like what is identity and the meaning of the universe to like super down in the weeds, technical nitty gritty. And that broad range is part of the magic of our space is that it's not, it's not like all of those things are welcome and I think it helps us maintain our grounding into the complexity that identity has while at the same time. Creating an opportunity for really practical problem solvers

to move their work forward. I've never been to an unconference before, but it sounds Is that what an unconference is? So I I actually also have a hat as an unconference designer and facilitator and work with many different communities. And I think of unconference formats as anything that is more organized than. A cocktail party and less organized than talking heads on

a panel. So there's a whole range of potential formats and one of them is the format that we use primarily at Iowa, which is open space technology. We have a little interlude on Wednesday where we had demo hour where we have 20 different people spread out throughout the venue space where our lunch tables are. And they demo for 5 minutes and then they kind of circulate and you can see like 10 demos in an hour after lunch on Wednesday.

And are those things that I guess people have built, are they like vendors, like what does that look like? Yeah, it's it's it's things people have built, protocols people are have working prototypes of. You know, now we're seeing more and more like actual products in market. So last IW, we had the folks who built the mobile driver's license application for the State of California sharing what they had built.

Yeah. So it's really an opportunity for the technologist to have another medium in which to share their successes and work. Sounds like a lot of fun. I think Jim and I have to try to figure out how to get there at some point. I don't know how you find the time to do all this. Because you're writing books, You know you're helping with this conference, you're doing identity stuff in the real world. And then you also put out a newsletter, A Dentosphere.

Great name, by the way. How did that come about and what's that about? Sure. So I I collaborate with my colleague Infominer on that, and we really survey what's going on in the decentralized Self, Sovere and identity space every week. We actually have some public our our our feed RSS feed aggregator

is public. Like if you want to filter through what I filter through every week, you're welcome to do it. It's sitting there on the public Internet, but it really felt like a good thing to do with the time and we got a really great rhythm. Every Friday I spend about 3 hours going through all of the.

News and filtering it out and deciding what is worthwhile for many other people to read and by Monday or Tuesday info miners got it all formatted and ready to go in in sub stack and I I think of it as you know if you're ACEO. Or anybody working heads down on shipping a product, It's really hard to pull your head up and like pay attention to what's happening in the rest of the industry.

And I I feel like the newsletter is if you're gonna lift your head up, you could pay attention to the newsletter and get a sense of it, and then go back to doing your work right? That it's keeping a pulse of the latest relevant information? Both in terms of new companies and products, but also standards work and government announcements and and sort of

movement in the space. I think I appreciate that because I think there's just so much content out there that sometimes kind of figure out, OK, well, what's clickbait? What's not right is there? Like, what should I be concerned about and kind of working through things? I think it's, I mean that's one of the beautiful things about our industry. It's so open. This is both a feature and a bug.

The bug being, it's so open you can't figure out what to pay attention to. And in fact, that's one of the core sort of value propositions that my colleague Lucy and I have in our work is helping people figure out where they should pay attention to based on all the all the buzz that's happening 'cause it's certainly getting a lot of attention these days. So when I ask you about the Identity Woman sort of moniker, how did that come about? Because I thought I read something that kind of

interesting way back when. And I want to make sure that the rumors are, are there, like, you know, you're the only woman in the room or something like that. And I'm like, oh, I've just become this. Is that true? Yeah, I mean, back in the day, you know, I shared a little bit about working with Identity Commons and those guys were really fun to be around and work with.

And I. And Doc Searles was kind of going around to different community members on the mailing list and really strongly encouraging us all to start blogging because he understood this emerging medium was important for supporting us, sharing our work beyond just ourselves in a mailing list. And it also gave people a way to express themselves in their own space and then post the link into the mailing list. So they were, sort of. Putting less pressure on being seen and heard in the mailing

list, if that makes sense. And you to start blogging you need a cute pithy name for your blog. And I was like, I guess, I I guess I'm the identity woman looking around. I think I sort of had seen like Pam Dingell and Mary Reddy maybe across the room at Digital Identity World, but there was certainly nobody I was working with in in the small community on an ongoing basis. And so, yeah, that that was the name.

And then if you look really carefully in Kim Cameron's loss of identity, he thanks everybody in the opening paragraph. Or you know. Sort of, yeah. Like the preface or something like. That, yeah. And. And he in that he says identity woman Kalia. And I read that and I was like, Kim, what are you doing? Like, that's how I named, 'cause everybody else has their first name, last name, right? And he's like, no, no, no,

you're the identity woman. And I was like, well, I guess if Kim Cameron's going to say that and refer to me that way, I'll just go with it. And it's kind of stuck ever since. I mean, it's hard to top being bequeathed that by Kim Cameron. Definitely one of the giants in the industry. So I I I would run with it, that's for sure. You also have this identity woman in business. What is that about?

Two years ago, well, actually during the pandemic, my colleague Lucy and I started working together on the COVID Credentials initiative and we LED that work for two years and. So eventually we're nested inside Linux Foundation Public Health and had a had a fantastic working relationship. And as the pandemic was sort of winding down and I was getting knocks on the door to support enterprises figuring out the decentralized identity space, I said, hey Lucy, do you want to

join me and help help get these? You know, reports and other research materials together to serve, you know, the clients that were showing up and she said yes. So it's our consulting work together really supporting clarity and discernment in the industry and one of our favorite things, favorite types of client work is working with different

companies. And organizations who would like to support more discernment about key issues, whether it's wallets, different protocols that are emerging and those reports are publicly available but sponsored by different companies. And and I think they're our goal with our work is to really serve the development of the technology and serve the community and the, you know, development of good. High performance, open

standards. So Kalia, we've got listeners that kind of span the the whole spectrum in terms of their experience in the space. We call them the I am practitioners of the world are identity practitioners of the world. So we like to kind of start off with baseline understanding not to kind of blow anybody away. And I was going to ask you, could we just start with, you know, defining? Decentralized identity or as a self sovereign identity, are they the same thing or

different? And you know, how would how do you explain what you do to people who have not even that baseline of being in the identity industry? Sure. So I often start by talking about people's lived experiences today that they have in the digital world, and one of them is. Showing up on a website and being invited to like log in with Google or log in with LinkedIn.

I I explained to them that that underlying that is a protocol that we invented in the first, you know 10 years of the life of IAW called Open ID. And that that shape of that protocol involves Google or Facebook or whoever that identity provider is seeing everywhere you go. And they kind of intuitively get that because they're used to

that user experience. And then I say we're working on a next generation of protocols that changes that, that supports individuals sharing authoritative attributed attributes about themselves with other parties but without that identity provider in the middle because we've got a new three party model of. Issuers who issue credentials to a holder that holds them in a digital wallet and that holder or individual can choose where and when to share it with what

we call a verifier in this model. And that the really different thing about this from the previous paradigm is that the issuer and the verifier never actually connect or speak to each other.

So it it it ends that. Sort of disintermediation that happens with the identity and identity provider role and also you know in terms of like addressing key challenges that have come up with the the previous model, it's it's surveillance capitalism enabling right like that identity provider is like seeing everywhere you go and and another thing is we do not want in western liberal democracies that identity provider to be our government.

But at the same time, there's more and more need to prove real attributes about yourself from authoritative sources like governments. Whether it's like to open up a bank account, to buy a plane ticket to, you know, prove prove that you're the right age to watch adult content or buy an alcoholic drink like these are all reasons that. Attributes from authoritative sources matter, and that those authoritative sources may not be good entities to see all of your

transactions. And so this, this new sort of paradigm is it's made possible by this decentralized identity technology or three party model. I love the three party model because it makes me think of an example of OK, so I get a credential issued by the government. So they're the issuer and then the relying party might be the liquor store. I don't want the government to know. Oh, Jim goes to the liquor store

a lot because too much. Well, you know, if it gets out of control, I don't want the government to know that. No. Yeah. Although is that? Am I on the right track with that? You are on the right track. Definitely right. It's none of their business where you use the credential, just like. You know, it also mimics our paper based system today

architecturally, right? Like the paper in your wallet that you use to do that proofing today does not ping the government every time you pull it out of your wallet and show it to somebody, right. So I actually have a paper called Seeing Self Sovereign Identity in historical context. That basically makes this case and says look, we have this history of paper based documentation in the West that's about 500 years old and we have computer technology that's about

7 years old. And until SSI the two architectures didn't actually look, didn't echo each other that the, you know, the phone home model of the computer was not in alignment with the paper based architectures that we've had working in our. In our societies, for hundreds of years, I'm going. To ask you a question I think makes sense. So where does the term self sovereign come from? Because it's not like you're issuing your own identity. Right.

And I think this is, you know, we can, you can find lots of philosophical debates about the meaning of this term and and what its implications are. And and some people will say like, yeah, that what you just said, like you aren't issuing your own credentials in fact. You know there is value to self assertion of information and this technology. You can issue your own credentials to yourself about things you care about and other people might find relevant.

Like your favorite color is blue and your shoe size is 10. Or you know, stuff that is fine, but things that really matter. It matters what other people say, but there isn't 11. Authoritative source of all truths in the world and that's part of what the SSI and you know, the decentralized part is about is really how do you have, how is the individual the locus of control for this system and able to manage who can see what and when and how do you also give the individual.

Almost their own technological base from which to do those interactions and that led in this case is the wallet, whether it's on your phone or in the cloud, is that until now you didn't have your own kind of domain of self-control about how you were managing that if you were always at the affect of an identity provider and they were really in charge.

Another thing about our podcast is that we reach an audience outside of. North America, so 40% of our listeners are outside the United States, not even just like, oh that you know, most of us are in Canada, most people all over the world. So I think we can end up taking a very, you know, North America, focus on the podcast and think

about some of these things. But from my understanding there are some other countries, Estonia for example, that has gotten a lot further along than the USA for example. And so I'm wondering why couldn't USA kind of follow that Estonia model? Sure. I mean, this is a fantastic question and one I wish people would ask more often. I think countries like Estonia and Singapore have done remarkable work, but they also have certain features that mean what they did in those contexts

is not scalable outside of them. So they're both incredibly small. Geographies and numbers of people. Estonia is about 1.5 million, Singapore's 4 million and they're very high trust societies with strong Government Accountability. And there is sort of 1 jurisdiction. There isn't multiple levels of government with, you know, a federal government, state government. In the United States, you've got county level government and city level government. So that's four levels of

government. In the United States, you have over 5000 jurisdictions that issue birth certificates at the county level, right. So that's already like super decentralized, right. So we need to think about how the complexities of federal systems. Cannot be held or managed in the same way that you manage, almost like city States and their capacity to issue their citizens. A simple identity that can be used many places within that jurisdiction.

And Estonia, in fact, actually has a system where, with citizen transparency and accountability, all of the major databases are actually linked to each other. And people are have the data moved from one database to another when they need it to interact with a new part of government. And that would just be completely unfeasible at the scale of a country like the United States. Could you manage every every government database at every level of government being somehow linked to each other?

It would be a security, privacy, accountability nightmare. And that the way to scale. Information sharing amongst entities that people are interacting with is really with themselves as the pivot point where they can take a record or information from one service or system they're interacting with, hold it, have a cryptographically signed by that entity so it's it's trusted from the originating service provider and then they can share it with who, who they choose to and

when. When you think about government, one of the challenges that they face is that it has to be accessible by everybody. And I just think about the person who uses the exam, my poor dad, trying to figure out how to use this stuff. So I think there probably has to be some kind of, you know, I would imagine that's one of the challenges is people who either don't have access to the technology or have no interest in, you know, changing at this point in their life. What are some of these

challenges? Yeah, I think those are challenges, but I think. They're also addressable, right? There's a lot of conversations about guardianship models so that you, Jim, can be a steward of your father's identity in interacting with certain systems. Or you know, parents are going to be the stewards of their children's identities, right until they're of the age they can manage it themselves. And I think you're also going to

see. Like service providers show up, like I don't manage my money, I hire a bank to do it right. Like there is they are experts at that particular thing and we just haven't progressed far enough to see that happen yet. But I think we will, because it's really critical to have service providers that have a fiduciary duty to the people. Whose identity information they're stewarding and we don't

right now. Everything you share with the service provider is sort of owned by them and they can do what they want with it. Now that's that's a really great idea around the the stewardship model or the guardianship model, I'm sorry. It seems like that potentially could solve the issue. Of course, that probably makes the data model much more complex. I can just imagine, you know, bring this.

Back to the good old USA and kind of where we have states, where my mind goes is around the mobile driver's license initiative. Is is that a good example of self sovereign identity? Is that am I thinking about this right or is that something totally different? Yeah, so that's one of the standards. The ISO MDL 18O13-5 standard is is an example of the the kind of

architecture. One of the challenges with that that standard is that it has an optional phone home option which many people aren't necessarily tracking, but some states are using that so. When you get pulled over by the side of the road, you share a token with, you know whoever's stopping you and they take that token and they go get your information from the state database.

And I've from the beginning said, look, we shouldn't be even creating a protocol that has a phone home architecture because we have confidence and faith in our governments here in the Liberal West, but. This is going to be used by governments all over the world. The good thing is, is that there's more sort of scrutiny and awareness of the protocols and hopefully that will help better choices being made.

The ACLU actually published a really great report sharing some of their concerns about these optional features in that architecture. But the Verifiable Credentials Standard, which was, you know came out of the community around IIW and the Credentials Community Group, with the W3C and the Decentralized and the Foundation.

There's a lot of different forums where the core standards are being worked on. Doesn't have that architecture at all, partly because we've always been very concerned about how people are empowered and. Have have the control that makes sense. I think that's the keyword control, right. How do you manage your own data? And I think some of this is, where are you going to manage this data? How you gonna store it?

You wrote a blog article recently on Medium and we'll have a link in our show note about this as well called Exploring Approaches to Digital Wallets. I'll put a link in our show notes, but for people who haven't read it, I guess what's the take away from that? Because I feel like we're in a risk area of fragmentation when it comes to wallets. Are we gonna have one wallet?

Through them all? Or is it gonna be like a key chain where I look like the key master for the matrix and I have like 80 million keys on it and that's each of those Might be a wallet. I'm concerned. Right. Yeah. I mean it's a place of much market activity and we wrote this report we we spoke to six different experts around the world. And we we, we came up with some key characteristics about wallets. One is that they're sort of, they need to be almost like

invisible. Like you shouldn't be thinking a lot about the wallet. It should be a tool to help you accomplish your goals. That we need to be mindful of inclusivity and how these work for a broad range of people. Portability. How can you move from one wallet to another and not get locked in interoperability? Like, can your wallet work in a variety of contexts? Since we still have, and I think we'll have many, many, Not many.

Not like, not like. 30 or 40, but we're going to have a small number under 10, hopefully different formats that are coming out of different industries for different reasons and we need to get it all to work together so consumers aren't going and end user experience.

And I think collaboration is really the key to solving these wallet challenges right now because it's a core piece of infrastructure that everybody needs and needs to work really well and isn't isn't where you're going to make your money. And whatever your business is, it's going to involve hopefully interactions that leverage the information in a wallet or if you're in the service provider or software business, like helping businesses connect and use the tools.

Much like in the early web, people made money because they were helping people make websites with HTML, not because they owned HTML, right Like and I think in terms of critical issues and we didn't really get into this into the report, but it's definitely circulating in the communities right now is really key control inflection points. So there is a term that's really about one of these inflections

points called wallet invocation. So if we have a plurality of wallets in the world, if I as a consumer have the right to choose which software provider I trust to build and and you know build and and and be the software that my wallet runs, how do when I interact with other tools and services, do I get them to pick the right wallet on my phone if I have more than one of it to deposit a credential in?

And when I want to share a credential, how do I connect the right wallet with the credential I want in it to that service? And that protocol is one that we have to push really hard right now to make sure it comes into being because otherwise we could end up in a world where the platform providers are like, oh don't worry, let us take care of it.

And. And then the only option if you're on an iPhone will be your Apple Wallet and potentially and Google, although Google's been much more clear that they're more aligned with having a plurality of wallets. But you could still end up in a world where the platform providers are the deciders of the wallets. And and I don't think we want that, just like we didn't want the operating systems to be the decider of which browser we

would use. Aydo is going through a little bit with this right now with passkeys and sort of you know, being associated with a platform and I think now we get into this areas. OK, well how do I make my passkeys portable to move from one platform to another, which I think it's the logical next step if we're gonna get there. I just, I'm, I'm just concerned about here we are again with you know 80 million wallets and some.

Garbage looking Oauth prompt. It's like, oh, which of your 80 million wallets would you like to select to connect to this service? Like that's just not going to work. That's not user friendly at all. Well, that's what IIW is for. I mean we had extensive conversations over the, you know, I went I, I I saw them happen. I wasn't actively participating in them, but key people from across the industry trying to figure out how to solve this challenge in a way that works.

And I think we need to put significant, just like Fido put significant user experience, attention, resources and efforts into getting their UX right, the decentralized identity digital wallet folks need to do something similar in the next year. Well, there's certainly a lot of smart people working on it, much smarter than I am, so I will hope and support those efforts. I gotta ask, is there competition between like decentralized identity

standards? Like how does this work behind the scenes where maybe people have different ideas? Or is there like, OK, we'll take the best of this standard and then bring it over to this other standard and form like the Uber standard? Is that standard supposed to be global or is it meant to be, Well, this is the US standard versus the Canadian standard versus the Indian standard. How do you see that? This is a great question.

In fact the last report Lucy and I wrote was focused on standards based digital credentials and the different formats that are are currently in market. I think one of the challenges is the real world in the sense that we have incredibly high ambitions and ideals for what the protocols could do. Selective disclosures, EKP like amazingness, right. But then it's like, Oh well the algorithms to do those things

are are new. They haven't necessarily been vetted and oh, we have hardware that has certain algorithms connected to key management there and those aren't really compatible with the fun new interesting selective disclosure, right. So there's been a real kind of, I don't want to call it a wall, but sort of like, oh, reality intervention saying like if you want to support credentials being anchored to a particular phone, which governments.

We can have debates about this. I'm sure you can have people on and talking about these trade-offs, but for for now, the government folks who are talking about issuing anchor core credentials in Europe is sort of a national ID card. In the United States, it's something like a driver's license to a phone. They want to know that you can't extract that credential and move it to another phone.

Well, in order to do that key binding onto the device, the cryptography is whatever is in the phone which is not capable of doing the type of signatures that the selective disclosure, the algorithms do, right. So there's been a lot of discernment and gnashing about how do we ship product in the coming year and how do we support it doing as good a job as it can and and hopefully in the coming years get to those more advanced you know, features of selective disclosure and

privacy. You know, ZKPS even, but still have it anchored to the phone in a way that governments are have confidence is not being moved. I don't think that we as a community really thought about all those things early on when we were innovating in the verifiable credentials

community. But we've certainly been you know, challenged and pushed by folks coming from another direction, which is the ISOMDL protocol work coming out of that much older, more conservative SDO that is driven by long standing, you know, folks who've been working on developing credentials that are issued by governments for hundreds of years and governments themselves. So there's I think a healthy kind of interaction between different protocol development communities and their needs in

the marketplace. And hopefully in the next, you know two years, the best of these different worlds will align more and there will be I, I I don't think competition's gonna be go away back to like, you're gonna have a wallet. It's gonna speak more than one protocol, but there'll be a kind of steady state of good options. I feel like most things, there's probably some sender compromise that needs to come through because I guess I think about this as a bystander.

What good is a protocol or a standard if it's not usable in the real world? And the fact is that there are things that we have to get done in the real world. That will, you know, cause consternation amongst different parties and it's just about trying to find the right balance. Is that, is that a healthy way for me to look at it or is there another way that I should be thinking about this? Yeah, I mean that's one how that's that's one way to look at it.

I also think like key actors have a significant influence on what will happen and we're seeing this right now with the EU digital identity initiatives and their architecture reference framework for wallets where they're deciding like which versions and which profiles of those versions of the protocols will be required in digital wallets that are part of this sort of EU wide effort. All right.

Well, I want to be respectful of your time, who's been very generous and speaking with us. Today I'm going to shift completely away from identity, a different identity for Kalia Young, that of an athlete. The Canadian National team water polo. I can't imagine playing water polo. I I think I would just sink right to the bottom of the of the pool. Talk to me about, you know your your experiences being part of the national team. Do you have like really cool

water polo moments? Is there like, oh, that was like, you know, awesome. Or maybe there's like, maybe a not awesome story you've got. Yeah. I mean, I started playing when I was 10 years old. I was always drawn to the water. My name in a Hindu mythology is a sea serpent. My Canadian parents had no idea this was the case. I learned just after the Internet came about. And you're like, take your name and you're like, that's interesting.

So I was always like, you know, sign me up for swim lessons when I was four years old. Joined those, one of the swim teams at six, joined the more competitive swim team later on. And water polo was free in the summer if you were under like 12. So mom's like go to water polo and then we could play water polo in the fall and still keep our summer swimming status. And I just really thrived and loved it. And I happened to be quite tall, if you've met me. So I had some like size

advantage. And we actually played mixed water polo growing up because you had to have two girls in the water at the time, all the time being the large girl that helped to and not playing dive. And it's hard to describe how much it meant to me in terms of a place to go where I was supported, coached good. Like, I remember being in elementary school and just being like, school sucks, but I've got water on the weekend. So, like, let's do that.

And it was really me. Like, some people have, like, you know, athletic parents. I was the athletic kid. Like, let me play more, please, Mom and Dad. And they're like, OK, so another fact where I grew up, you know, sometimes kids are in sports and they're like competing for their spot on the travel team when they're 10 years old. We were like begging girls to come and play. So we had enough people just to make a team, right?

We're like, OK, we've got eight kids, we can go to the tournament and like, the Max on a team is 14, right? Like, So then I tried out for the the junior national team and that was totally trippy because I'd never had to try out for a team of my whole life, right. And what? Was the try out like like what did they like? Is it play a match? Is it like, yeah.

I mean, it's sort of like a weekend of really intensive both like, you know, times like swim tests and like drills and like kind of practice where they're like watching everything you do. And it was very hard for me in terms of mentally, 'cause I just never done that before. And I turned to Western sports psychology that wasn't particularly helpful. And then I turned to some Eastern sports psychology and

that was very helpful. It was much more in alignment with sort of my demeanor in the kind of sports psychology where you're like, thank you to my opponent for helping me run faster on the marathon. Like I'm like there's a different kind of, you know, not like beat them like or whatever, you know, Western sports psychology. It's like, well, yeah, and I managed to make that junior national team I I that led me to play water pool at UC Berkeley.

I was recruited after I sent letters to different teams saying I'm here in Canada playing for the junior national team. I'm interested. I was recruited by UC Berkeley's new coach in May of I Won't Say the Year. Can we bleep it out, Jeff? Can we bleep it out like I was recruited to Cal the first year they had a women's varsity team and I still hold the record for a leading scorer as most number of goals scored as a freshman.

Wow. And I ended my national team career winning a gold medal at Pan American Games. That is super cool when you watch, I guess water polo Now is it like me in the restaurant business where I used to be a server and I can, I know what's going on behind the scenes? Like, do you watch technique? Do you watch strategies? Like, I have no idea. I'm just like, I don't know how these people do it. Like what should I be looking

for? Is like a I actually went back and started playing with the local, mostly men's masters pickup game. I stopped last January partly because practice was too late at night and I had to keep waking up at 6:30 in the morning for work calls. I was like work swamp, but I think too. The other thing that's been frustrating for me is they keep

changing the rules. So the the, the rules and the game that I played growing up has shifted and I kind of like, could you just leave the room because they keep wanting to make the game more exciting for European television audiences like. What's an example like what rule? Has changed that is like that you can now if you get fouled outside 5 meters you can take a

shot. They've been, they've changed how they call fowls in the center forward position to be much more aggressive on leading to kick outs. It's sort of like, yeah, but I love watching water polo. And in fact, I'm super excited about what we're seeing with some of the new, you know, like this year I've tuned into international matches that are being broadcast online. You know, there's lots of people who play esoteric sports who would love to watch their sport if only they could.

And now they can, right, 'cause I, you know, I didn't play baseball, football, basketball, are those. There's four of them. Hockey. Hockey. Yeah, no. None of them hockey. I grew up in Vancouver. There's no ice here. Jim, could you play water polo? I mean, you're tall. I've played like modified water polo where it's like standing level water and I love it. I mean, I think the form of the game is great, but being in deep water and treading water for a long period of time is very,

very difficult. If you've never done it, like don't take it for granted. So Khalid, I have a ton of respect that you can like you just do that part. I'm impressed by but I played. Baseball growing up and a lot of what Kalia said, like, resonated with me there, you know? Well, one thought I had was just kind of watching the game on TV Now, like, I'm so impressed by some of the athletes. And I realized, like, no matter what I did in my life, I would

never be like that person. You know, I played third base. I watch. I remember having this thought like 10-15 years ago about Chris Bryant, who was the 3rd baseman for the Cubs. And he made some play. And I was like, yeah, I I never could have done that no matter what I did in my life. But also there's the sport that they're constantly changing the rules now they do a pitch clock and some various things like that.

And it's my feeling is it's like they're very focused on drawing in. People who don't like baseball just start liking baseball. And in my experience, good luck with that one of people who don't like baseball. We'll never like baseball. Case in point. I just don't get it. I mean, I get it. I understand. I just, it has. I have zero interest in baseball. I don't know what it is. It's not. I mean, I'm AI guess I'm a Cubs fan. It was nice to see them finally win something.

But, you know, this goes back to the first time Jim and I met. The first thing he said to me is, hey, do you like baseball? And I said no. And he walked away from me like I, you know, I just, it's just not my thing. I'm an NFL person. I like football. I mean, I grew up playing basketball, soccer, you know, football. I did Taekwondo and stuff like that. I even did gymnastics, did

swimming and stuff like that. Was just kind of more of a general purpose athlete than like a specialist in anything. But there are certain things that I gravitate to. Baseball is is not one of them. All right, we've been talking for over an hour here. Kalia, you've been so generous with your time. We're gonna have AI think this might be a record for the number of links that we'll have in our

show notes. We'll have a spot where you can connect with Kalia on LinkedIn. You can ask her questions. We'll have a link to the blog that you wrote exploring approaches to digital wallets, of course, the link to identitywoman.net, so be able to check that out, what you're working on, the links to your books, the Identisphere newsletter, the Internet Identity Workshop or IW.

Jim and I will have a link for the Identiverse conference, things that are coming up. There's the one in New York City on December 1st, and then on the following week there's one in Chicago, albeit the New York City one. Not going to be at the Chicago one, so hopefully people come and check that out. Of course, you know, you can always connect with Jim and I on LinkedIn. That's where we get a lot of good conversations and stuff

going like that. But yeah, well I have one more thing that seems like it would be great to share with your listeners is that we've we've actually this year expanded our IIW universe to include regional events. So we have a regional event in Europe called the Digital Identity on Conference Europe that's happening in June and we're exploring a regional event in South Africa in March.

And we're exploring a, we did this last year in in the spring, but it'll probably be in the fall, in 2024 in AIPAC in Thailand. And those use the exact same format that we have at IW. So it's an opportunity for the your global listeners to potentially connect and not just have to get to North America to participate? Yeah, that's so cool. I mean, the world doesn't. I mean, it seems like sometimes the world revolves around stuff going to the US, but not necessarily.

Shouldn't I see some things on the website internetidentityworkshop.com ethics referencing the April, the spring and the fall. Those are the ones you're talking about. Where where do people go to get more information at? Is that just on the website? Yeah. And then next week, probably by the time most folks listen, we're working on getting a regional events page up that will have more information. Very cool. That's good information. So hopefully people can check that out.

And yeah, I think that's a good spot where we can leave it for this week. Jim and I, we're on the web, idscpodcast.com on Twitter at IDSC podcasts, at Mastodon or no, we're on Mastodon at IDC podcast at Infosex dot Exchange. I still hate the way that that name works, but it is what it is. Thanks everyone for listening and we'll go and talk the other one in the next one. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and

review and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com and find us on Twitter at IDAC Podcast. See you next time on identity at the center.

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android