GUY TALENT: Hello good morning, and welcome to the webinar where we will discuss the accountable digital identity association with a few of its founders. My name is Guy Talent and I am a long-standing participant in the identity industry. I’m very pleased to be here to facilitate this discussion today we have Ramesh Kenesapali founder of fido co-founder of idea and ceo of Digital Trust Networks Abby Barbier, Senior Security Advisor and co-founder of ADIA, and finally Ken Ebert CTO of Indicio.tech all three have been instrumental in the formation of the Accountable Digital Identity Association. In today’s webinar we’ll cover three topics: what is ADIA, what makes it different, and how do you get engaged so let’s jump in!
Let’s start with what is the Accountable Digital Identity Association. Ramesh can you kick us off here and give us part of what’s the vision, what’s the mission of ADIA, why was it formed, and why now:
RAMESH KENESAPALI: Great question, thanks Guy, nice to be here. Like the name says, ADIA stands for Accountable Digital Identity Association. Before we started looking into the space, we had taken a look at various efforts that are going on this legendary space and we also looked at the identity fraud that’s happening in the market, which is extremely rampant right now due to covet remote working, people working from home in a tele fashion. And there is also a lot of disinformation in the industry that’s going on in the market that is causing a lot of chaos in the market. When we looked at the existing efforts, what we felt is every effort that’s out there and every initiative that’s out there in the digital world, there is a lot of stress and then a lot of the focus has been been given and extended for a number of years for historical purposes and histological reasons towards security and privacy and there hasn’t been much stress towards accountability in the market. What we felt was we are at a point right now after 30 years of expansive growth of the internet where pretty much everything that we do on the internet, the lines between physical world and digital world pretty much is gone now.
Our digital world is our real world. We can no longer treat the digital world differently than the real world, we just have to see how to bring the digital world as close to the real world as possible. So with that thinking, we started looking at various digital identity efforts that are going on in the market. What we felt is what’s missing is actually bringing these two things together. Then what we saw missing, what there is in the real world, is accountability. So in the real world, we all have identities that are given to us by our parents and created by our parents and issued to us, and we carry that identity throughout our life. Everything that we do is built on top of that anything and everything that happens on that identity behalf there is a real human behind that and there is an accountability if somebody is something so there is a fraud attached to Ramesh Kenesapali with my social security number and with my physical address with my office email then there is me who is accountable.
That’s what is missing in the digital world, in the digital world we have come too far making the digital world completely account oriented, that is an user id and password so anybody who has my user id password can be me. And that’s where all hell breaks loose and the existing efforts we are pushing the envelope are making sure that particular account is properly secured properly so privacy is maintained. What is missing is that if that particular identity created a problem, how to make that account holdable and accountable is what has been missing in the market forever for a long time. And now we are at a point where it is time to go back and fix that one. That is the main reason for actually looking into the space, and that’s where we are focusing and trying to bring, how do we bring accountability into the digital world and bring a digital world as close to the real world and that doesn’t mean we don’t want to worry about security and privacy. The idea of the vision is security and privacy are fundamental rights of the user but they need to balance with trust and accountability if you want to have a functioning business or society.
That’s the origin of what we’re trying to do here and we have taken to the maximum extent possible whatever the industry technology standards that are out there, like verifiable credentials from W3C DID formats from the DIF Foundation we have taken what has been done. We are actually coming up with a new framework with the right kind of trust sourcing and governance framework and cross-network value Settlements. We feel that because no one network is going to be able to serve the entire world, it’s almost like a telephone network kind of thing. We need to bring these things together. That’s the origin of the Accountable Digital Identity Association.
KEN EBERT: So it’s interesting that uh the balance between uh accountability and security and privacy is kind of a delicate thing to do and if the pendulum swings too far one way uh one set of users are going to be unhappy if it swings too far the other way another set of users are going to be disappointed. So striking that balance that the idea is attempting is a very uh worthwhile goal to try to bring those two things back into harmony.
GUY:: It also sounds like you’re really taking the efforts that have evolved and existed or that have been developing in the market and you’re bringing them into a working business system and effectively connecting some dots that really aren’t there that enable true business transactions to take place. And as you said Ramesh, it’s that accountability in order to affect true commerce you need the accountability user ids and passwords can only take you so far and certain limits to transactions uh in that process very good.
So let’s move forward to the next section. You touched on it a little bit there Ramesh in terms of, what’s different about ADIA. Abby can you give us your perspective on what makes ADIA different from some of the other industry groups it sounds like we’re leveraging. a lot of the great work that’s already taken place but we’re doing it in a different context or making it a usable making it usable end-to-end so to speak what are some of the value adds or what’s the value you see that members will get from it and what sort of use cases do you see on the horizon
ABBIE BARBIR: Yeah so, I thank you for the question as Ramesh mentioned, we are bringing into the market what they need, what the market does need, so the idea here is not to invent a new protocol stack or you know in use more standardization or more technology than what’s needed. What we have in the marketplace today in particular with the new evolving technology stacks like the W3C, the id work and also the verifiable credential and the trust over ip stack that’s being developed by various decentralized identity initiatives, provide the core foundation to solve the problem at hand. The idea here is we need to bring this to the customer to the consumer without the ability of inducing friction. The end user of what we offer should be doing this as plug and play. They don’t need to be tacky to become a part of the system and to they don’t need to be the keys to be to be getting the benefits same with the adoption the history have shown when adoption is complicated it does not go well a lot of the developers don’t they are not security experts but they know how to make an api call they know how to do plug and play okay they don’t want to have sdk over ltk over sdk or one rocker over another wrapper to go and provide the system. So you don’t want the customization and the change of a relying party or adopter way of doing business before they adopt the new technology what they want is the ability at ease to provide this service where they benefit and their customer benefit and this is why what we bring in we have taken what’s available in the marketplace and customize it as with simplification of the required architecture that lead into a good adoption options for the consumers and for the uh relying parties and also for the identity issuers so you know this is what we have tried to do.
KEN: I think there’s some interesting things that that ADIA has done that are unique um they’ve brought the their expertise of Fido and the strong assurance that that gives of who you’re interacting with in terms of uh relating that to a to a person and not just to a piece of technology. So I think that’s one really interesting thing that they brought into the mix in addition to as abby said building on top of other standards where the standards are insufficient the dia has gone the extra mile and started to define and propose extensions to those standards to help make them more useful and privacy preserving and accountability preserving as well with the things like the introduction of protocols around directories or the protocols around identity escrow so there’s some some key interesting pieces that differentiate idea from other organizations in the world.
RAMESH: One other thing that we have taken extremely serious seriously in designing and coming up with this media specification and ADIA architecture, you really don’t have to redesign applications or change infrastructure or change user’s behavior uh it actually fits right on top of your existing infrastructure and identity stores where you can bootstrap your existing identity store and existing infrastructure to come to the new world of a digital identity where you do not need to redesign anything plus you also will be able to participate by choice to be part of a global network and also include like abby was mentioning include the people who are not technologically savvy you don’t need to have a smartphone to participate in our ecosystem and that actually brings close to 25 percent of population globally that currently ha don’t have a presentable digital human identity that that’s other thing that we have seriously considered when we are trying to go fix the problem let’s not go out and give yet another way for a person who is already using a smartphone to interact with digital world because you already have six different ways to how to come on digital world uh here is the seventh way i’m going to seventh where i’m going to replace the at least so a new system is actually going to bring a farmer who does not have a cell phone who does not know technology a world mother who has to go to a government to pick up their social security benefits does not have a smartphone and a person uh you know who is not capable of dealing with the technologies related to that we can simply provide them a way to participate in this ecosystem simply by you know uh with a smart card which is fingerprint protected and extremely easy to use that exclusive
KEN: that inclusivity uh that covers the spectrum from the technically savvy all the way to the technically disadvantaged it opens up the doors for more people to participate and I think that’s a really noble noble differentiator of the ecosystem
GUY: Yeah absolutely can you can uh you guys speak to some of the use cases that you’re seeing on the horizon here. Where where idea the specification or the the ecosystem really helps enable new ways uh to do business
ABBIE: Yeah from experience you know like we know for fido implementations that we did do the wrong credential the fido as an authenticator is very strong the weakest component of the overall ecosystem is the fitting. If you don’t do your homework properly and you issue a strong credential to someone to the wrong person, guess what we have given very good strong credential to an intruder so the vetting become a key enabler to really really really kill the password in the marketplace, we cannot depend on the password as an anchor to restore access. This is our weakest point with the current infrastructure. So we’re trying to kill the password but it’s going to be hidden and little by little as opposed to you know we really need to just get it out of the whole ecosystem. So what the idea association does it give you that ability you could be having high friction to restore your identity once your device is gone through one relationship and then capitalize on that reconnectivity to establish your identity relationship with the whole ecosystem. So you know you’re not doing it if you have if you lose your phone and this is five enabled for example you need to restore or you re-enroll with 20 providers if you have 20 apps on that phone okay so you need to all remember the passwords as an anchor of trust to restore that connectivity, but with the way idea work you only restore it with one provider and then the digital address will enable you to re-establish all the relationships using Fido by the way as is your strengths and your access back to your to your relationship.
So you know we are moving now and I think it’s a critical stage what idea does is it separate identity at the station from the authorization layer and this is where the market is going it’s two separate things this is me I want to do business once I establish my identity and it is with accountability it is me, Ican get all of my relationships back established and whoever providing service for me will do that based on what i’m authorized to do in the context of that relationship it’s a different paradigm and as opposed to older days where this used to be in silos that identity restoration and the binding is specific to a given environment or ecosystem and then to go jump across you have to go federation okay irrespective. It is saml or open ID Connect doesn’t really matter. You know the digital address concept that’s being done by idea liberate all of that because you’re holding your identity at the stations in your wallet with the trusted issuers and the trusted uh testers you could get the trust to end.
GUY: So it sounds like it it enables sorry ramesh one second so Abby if I’m getting it right, it sounds like we’re locking in on the who the person ensuring a high degree of confidence that this is abby coming to the virtual door, but also you know embracing the w3c standards around distributed credentials and and others really enabling you to gain control of some of the other attributes that a particular service provider may need in addition to knowing who you are that gives roles and accountability to the transaction. If i’m if i’m executing a mortgage online I may need more than just my own identity to facilitate that mortgage product that I have a representation from my bank that I have the proper level of credit or the the credit agencies for for that piece that I have a proper bank account these are all attributes that can be assembled together dynamically and presented to um you know service providers to facilitate a real estate transaction for for instance or healthcare or you know any dynamic set of of traits that are required.
ABBIE: That’s correct, and you will do everything you know with the option to stay anonymous if you want, you could have your agent do this on your behalf. So the difference is this agent can can if you have to prove that the agent belonged to somebody you could do that but during your interactions this agent is anonymous this agent can represent you this agent that can talk on your behalf is not correlated you cannot correlate it across multiple uh relying parties unless if the user opt to do that so you know and this is the key okay you’re getting the accountability but you’re preserving the being anonymous and you’re preserving the you know your the privacy and the user is in charge of of their relationships including what the data will go. The whole system works without being a data aggregator; it’s a relationship of enablement and management. And this is the key the differentiator a relying party that want to sell you you know something and get some information about you like what’s your buying habits and stuff like that they will get that from you you you will you will participate in that profile as opposed to this profile is collected behind your back and sold to the lying party without you saying this is me or one of my personas we enable this opportunities here okay anyway that makes sense.
RAMESH: Yep, so just to expand on what Abbie has mentioned, and uh how Guy paraphrased, going back to my initial comments, the core theme of the idea is: how do you bring the physical world as close to the real world as possible? What ADIA does is, when you walk into Wells Fargo bank and you want to open an account and you present your employment certificate into two uh you know picture identified documents, how does the bank employee know that those are genuine? Is it enough they just uh file those things in their cabinet and open an account or ask you to come back two days later while they call those particular parties and then check if they are really correct? Now, how do you increase the efficiency at the same time make sure you secure the validity of what is being presented so a bank employee can simply ask “what’s your digital address?”. Once you give the digital address the employment verification can directly come from your company there are two photo identities that have created, they can could be one in dmv one could be passport the assertion directly can come from that, so now you are eliminating fraud not just in the digital world in real world too and when somebody comes and tells they went to a particular university how do you know if they really went there or not– you have seen how many uh wrong claims that have been made with respect to the educational qualifications recently you probably have seen the amount of uh stimulus checks that have been passed on to the people who are no more and use cases when the same thing with the healthcare. The healthcare space and the educational space and a financial space, and government segments, identity is everywhere.
Identity is a key piece of everything that you do in day-to-day life. If that identity either it is stolen or you yourself are faking someone else’s identity or somebody stole your personal data these create a lot of problems, and if there is an accountable identity that goes back to you know a verifiable person, do you think there will be lot of misinformation disinformation that that is created in the market? I don’t think so. The chaos that’s happening right now, if you really want to, is that you need to come to the point where you know that you will be held accountable by preserving your privacy only on need basis. And people tend to want to be within the guidelines of the laws and this will actually create an environment where the things will be actually better for all of us that are involved. And like I said, whether it is the physical world or digital world, that’s the main theme of the use cases.
And actually on our website we have described uh specifically different uh case study possibilities of how this can be used for healthcare space, educational space, financial markets government markets and big-time enterprises like the example that Abbie is mentioning, you know for a consumer-oriented company, how do you protect the users from account recovery or account takeover?
And the people who know me closely know where I met my wife for the first time, they know which car that I bought the first time, you know, it’s not difficult for somebody to take over my account point number one point number two. I don’t want to answer each time when I want to start a new device, which was my dog’s name in 1972, I just don’t want to remember those things. You know I want an easier process. And I’m positive there are at least 10 people who know where i met my wife, which city I married her. There are 10 people who know that it doesn’t take much for them to go take my account in knowledge based resetting and account takeover. I don’t believe those things you know it’s working for now because everything that we have done till now is evolution. It’s time for us to take a step back. Let’s not fix more patches onto the symptoms let’s go back and fix the root cause that I call disease that’s the approach that we have taken when we are thinking about uh the accountable digital identity architecture
KEN: A couple of couple of other things to throw in into the conversation um ADIA does interesting things for all the parties that are involved it uh reduces the re re-kyc process that occurs because once a strong kyc process has been done and there’s an identity based on that that information is able to be reused and lowering costs and improving accountability for the issuers the holder benefits because they’re in control of who the information is shared with so they maintain a stronger a position to dictate to whom and when and what information is shared the service providers benefit because of this the strong accountability and the strong credentials that are the kind of the basis of the system they can rely on those with greater assurance and uh lower fraud costs or other um negative impacts from current systems so that all the parties in the in the system benefit and that’s a a useful and differentiating aspect about what makes idea different and what kind of value is added to each of their members.
GUY: Perfect, thank you um so you know in a in essence as the digital and as the real and the digital worlds converge you know we’re making it easier to cross the chasm you know we’re able to uh provide users with a better experience we’re protecting the end user from a privacy perspective or giving giving them control but we’re building trust and accountability into those that are consuming the the identities to engage in real economic transactions awesome.
In the interest of time let’s move to the next piece. How do you get engaged? How does a company or an individual or an issuer or a service provider get engaged? Who within those companies should get engaged?
RAMESH: So first let me talk about how to get engaged with ADIA, so idea association is a membership based organization we have annual membership people can participate at the board level and responsive level at also at an associate level and people who are interested in joining ADIA association and want to contribute to the cause you can contact the contacted you know the website there are contact information at ADIassociation.org.
And right now we are still in the final stages of completing the Version 1 Specification and that is going to go through review in next you know less than in single digit weeks the next probably next three to four weeks the uh specification is going to go through the review and we want the people uh issuers and service providers as well as the people who want to develop and become service providers in the idea interchange framework uh would welcome them to come and join the alliance and start contributing to the specification advance of specification influence the specification um and and and uh like I was mentioning there is not going to be one company one country one region one entity which is going to be the only uh you know a company which is going to serve every population every region uh globally you know uh there is just not going to be one cellular company for entire globe um so we would like uh people to come and join and we are putting the version one specification it is perfect time to come and join and then influence and contribute to respect contribute your use cases and they’ll you know uh help us solidify um you know what we’re trying to do here i’ll let Abbie.
ABBIE: Yeah so like what ramesh said the specifications are gonna be version one almost there in two to three weeks, maybe four weeks we will open it up but we will at least appreciate input from the community you know and feedback and within the idea association we have various level of engagements and as a member you can either contribute or just join to become a reliant party or an issuer. So there are multiple ways of getting engaged if you go to the website you know it’s very like well marked and you can pick and choose your level of engagements but at the least and minimum you know once the specifications become out we would love those people that to read it you know and tell us what they think because we are here to improve them and work within the community can
KEN: Yeah I agree with uh abby that uh the different types of parties issuers or holders can directly uh see how to participate the verifiers and service providers can have a fairly straightforward path for being involved there are some new roles that are uh in the idea infrastructure that could be of interest to parties as well such as a directory provider or somebody who wants to provide escrow identity escrow services these are uh different roles then and maybe a new opportunity for an existing business to get involved as well so there are in addition to the roles that abby outlined of issuer and service providers there are new roles that are also being created by the specification and new ways to participate.
GUY: Very good very good and ramesh can you just uh reiterate the you know the the way to uh become active or become involved uh through the adi website is there a specific membership uh process that folks need to go through there?
RAMESH: So for becoming idea members uh they simply have to come and take the membership either at uh the board level like I was mentioning or at the sponsor level or associate level however if you want to become one of the interchange service providers then there is a process for actually you know developing the uh the service as per the specification of the idea and if you are an issuer you need to come through an interchange has to on board if you’re a service provider to onboard you there are two aspects of it one is actually participating in idea association to at one perspective and contribute to the goodness of the global nature second set is the operational aspect of it if you want to be one of the players either want to be an insurer want to be a service provider want to be an interchange want to as a director service provider and that is going to be a different process than becoming a member and advancing the specification so to become an operational aspect of it obviously you need to implement the specification stand up a service follow the government principles so that is how you become operational as a business but to contribute to respect at one perspective contribute to the broader goodness of society just come and join the membership and then bring your expertise to me and and we do not have not invented here kind of a mentality here and we don’t think we have answers for everything so we want to take what is good and we want to welcome everybody and we want people to tell us if we are wrong and we want to make sure we are not doing this for a personal glory or personal gain this is something that we strongly feel this is what is missing in the market and this is what is needed and it is time for us to change the nature of the infrastructure internet infrastructure from an account oriented infrastructure to an identity oriented infrastructure where there is somebody behind that identity who will be held accountable if needed that’s the bottom line.
GUY: Well that that I think sums up you know the essence of you know really the purpose for this webinar and you know ramesh ken and abby thank you all for uh taking the time and and uh taking us through your perspectives on why idea why now and the tremendous business value that can come from the association um and how to participate uh thank you again and we look forward to uh future engagements.
Recent Comments