Explaining SSI to C-suite executives, and anyone else for that matter

1. Explaining SSI to C-suite execs, and anyone else for that matter John Phillips Partner | Innovation | Self-Sovereign Identity Email: john.phillips@460degrees.com LinkedIn: https://www.linkedin.com/in/johnphillips11kps Twitter: @11dot2john SSIMeetup.org

2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives

3. We’ve been trying to ﬁnd better ways to explain SSI to people and organisations for over 3 years “We” is me, and for the last year and more, my fellow teammates at 460degrees. “We” is also the global SSI community. My guess is that “we” includes you too. SSIMeetup.org

4. Recently, we think we’ve found a way that works This deck tells the journey we’ve taken so far, what we’ve learnt (and are learning) along the way, where we are now, and where we want to get to next…. SSIMeetup.org

5. Like most, we started by learning the technology and explaining how it works We learnt about DIDs, DIDdocs, Veriﬁable Credentials, Hyperledger (Indy, Aries and Ursa), Byzantine Consensus Algorithms, Zero Knowledge Proofs, Sovrin, W3C, DIF, IETF, Edge devices, Agents, Wallets, uPort, etc. etc. We connected with everyone we could. And we would explain what we learnt. [And we need to keep learning and sharing today] SSIMeetup.org

6. During 2018 we ﬁnessed our approach, borrowing from those around us We created presentations that followed familiar paths: the internet was made without an identity layer, that cartoon image of a dog at a keyboard, digital identity is a problem for people and organisations, toxic data, history and principles, building blocks, standards and open-source software, and operational examples. We have over 60 presentations and our master deck has over 200 slides [not including these ones] - we never use it in full! SSIMeetup.org

7. In 2019, we started our investment in SSI technology We wanted to prove that the technology was real, that we could put it in the hands of people in the audience and show them it working. So we invested (and still invest) in the technology, building client focused demos, putting wallets in people’s hands, and exploring the technical angles that we’re interested in…. SSIMeetup.org

8. The thing was, tech-led wasn’t working very well … for us at least... SSIMeetup.org

9. We were “solving for the wrong problem” It wasn’t the best way to explain SSI for our audiences. It was as if we were trying to explain the internet by describing each RFC of the TCP/IP suite, to a bunch of AOL engineers… [When did you last try to explain how the internet works? How did that work out for you?] SSIMeetup.org

10. Intermission: SSIMeetup is a brilliant, and growing, source of material I’m presenting to an SSIMeetup audience, ﬂattered by Alex’s request to present, and grateful for his help in making this work. If you want to learn about SSI and its practitioners, SSIMeetup is a great place to begin your journey, and to revisit. BUT while SSIMeetup is already a great resource, I think there is a gap in the material to date... SSIMeetup.org

11. Observation: Lots of technical explanation of how SSI works. Few simple explanations of the SSI experience My premise is that we all want SSI to succeed. To do that SSI needs to work technically AND we need to be able explain it. We need to win people, organisations and businesses over. To do that, we need to get better at explaining SSI, we need to share ideas on what’s working and what’s not. SSIMeetup.org

12. Why doesn’t starting with the tech work? Think about your audience If they are a technologist with experience in Digital Identity, they are most likely experienced in traditional IdAM If they’re a blockchain fan, then they’re looking for crypto and smart contracts everywhere If they’re a business executive, then they’re wondering whether this is worth listening to, is it a threat or opportunity for them in their role and for their business... SSIMeetup.org

13. Observation: If you start with the technology, attention drifts and the conversation loses focus Technologists with many years of mostly the same experience see everything through their own lens. Blockchain people keep talking about “crypto wallets” and keep thinking that we’re writing PII to the blockchain and/or monetising personal data. Business people get bored. You have 6 seconds to get their attention. SSIMeetup.org

14. [Oh the irony of writing that statement in a deck to be presented in a webinar. While I didn’t have a choice on this occasion, it still feels like I’m shooting in the dark] Unless the format demands that you have to, don’t start with a deck. If you do have to start with a deck, make sure you have room to tailor the story for the audience. Observation: If you start with a slide deck, you’re imposing a ﬁxed story, with ﬁxed content, on people you don’t know yet SSIMeetup.org

15. I really enjoy Philip Sheldrake’s contributions (webinar 24). He and others make important points and ask challenging questions. I also know that I (and others) can be easily distracted by considerations of the words “self”, “sovereign”, and “identity”. So for now I’m focused on how we might use SSI, for the good of all... Observation: If you start by trying to explain “self”, “sovereign”, and “identity”, you’ll likely never ﬁnish SSIMeetup.org

16. We wanted to humanise the conversation, to simplify and demystify SSI We wanted to avoid being derailed by questions before our audience had even understood the basic premise. We wanted to make sure that we had a common framework, and shared mental model, before encouraging questions. We wanted to distinguish clean and simple SSI from “SSI-washing” SSIMeetup.org

17. So in 2019 we did two things in parallel 1. External Research. We explored our contacts with Universities, looking to see how their students and academics might help us. 2. Internal Workshops. We did a retrospective on our own approach and thinking. SSIMeetup.org

18. With Universities, we explored projects with students and research with academics We completed capstone projects with two Universities, one with a group of Cybersecurity students, and one with a group of Design Students. We learnt lots from both. We also started a co-investment research program with the Smart Cities Research Institute team of Swinburne University to consider Digital Wallets in Smart Cities. SSIMeetup.org

19. These two areas are worth their own, separate, explanation From the University capstone projects, we gained some great insights about what works, and what doesn’t work, when explaining SSI. [I’ll happily share the excellent Swinburne University design students’ work separately.] With the Smart Cities team we have just ﬁnished our ﬁrst workshops with members of the general public and we’re learning LOTS more. SSIMeetup.org

20. Today I want to focus on the story that got the attention of Alex (and a few others) We were looking for a way to explain SSI to the UX design students at Swinburne and played with some concepts we had used in other sectors... SSIMeetup.org

21. We used a mash-up of Human Centred Design, Innovation and Google Ventures “Sprint” And we looked in our stationary and craft drawer for inspiration... SSIMeetup.org

22. And we wrote a simple story SSIMeetup.org

23. Australia is home to (arguably) the oldest civilisations in the world. These are peoples whose culture was maintained for over 40,000 years by storytelling. Stories are powerful Why Stories? Because people, all people, all of us [you included], remember things best when told as a story SSIMeetup.org

24. Critically, and very deliberately, we give our story a human angle We give the characters in our story a name and a back story. “Meet Jackie, she’s a successful young adult living in an apartment. Jackie has just got a new job and wants to move nearer to work.” SSIMeetup.org

25. Think of this as mixing the [anodyne] use-case model with personas and Human Centred Design [In My Opinion] The way we normally present Use-Cases is an almost completely useless way to explain something to an audience. SSIMeetup.org

26. Human Centred Design gives us a framework to test and explore “wicked” problems [In My Opinion] Digital Identity is a “wicked problem”. It is technically complicated, and socially / politically complex. SSIMeetup.org

27. This is an example of storytelling in a business context... Business Stories are short and have a structure along the lines of: • This used to be the case • Then this happened • So we’re doing this • So that we can achieve this Our story structure is a little different, but shares much of the DNA. SSIMeetup.org

28. You might recognise the similarity with “Situation; Complication; Resolution” Often attributed to McKinsey and related to the Minto Pyramid, you can ﬁnd lots of material about this pattern on line. You’ll see that we use Situation; Resolution; Complication We put the complication last? Why? Well let’s see... SSIMeetup.org

29. Important Point: Ask permission to tell the story ﬁrst… “We’d like to explain SSI in a way that will help us all get on the same page and provide a framework for our conversation. It will take about 7 minutes. After that we can demonstrate the technology and discuss business models and any technical questions you may have. Is that OK?” SSIMeetup.org

30. We introduce the story as having three parts Part 1 - The current, physical, world Why? To establish a shared experience Part 2 - The SSI world Why? To demonstrate how similar SSI is to the shared experience of the physical world Part 3 - The current digital world Why? To show the broken nature of centralised and federated systems - to give a “call for action” SSIMeetup.org

31. So THIS is our SSI demo kit... SSIMeetup.org

32. Let’s see it in action... SSIMeetup.org

33. Part 1: The world we live in now What’s it like to rent a new apartment, now? SSIMeetup.org

34. Meet Jackie, she’s a successful young adult living in an apartment. Jackie has just got a new job and wants to move nearer to work. SSIMeetup.org

35. Jackie has a driving licence and pays one of the utility bills for the apartment. She keeps her driving licence in her wallet and the bills in a drawer of a desk at her apartment SSIMeetup.org

36. These are physical “credentials”, they state • who issued them • who they were sent to, • and other information relevant to their purpose SSIMeetup.org

37. Jackie has found an apartment she likes managed by “Highly Rated Rentals” SSIMeetup.org

38. Highly Rated Rentals tell Jackie that they’d love to rent the apartment to her, and that she’ll need to provide some identity information, and her bank account details. SSIMeetup.org

39. Jackie has just opened a new account at a bank, so she asks them for an account statement SSIMeetup.org

40. Jackie takes the three documents with her to the rental agency... SSIMeetup.org

41. And they take copies of everything. [… Jackie hopes they keep the copies very securely….] SSIMeetup.org

42. Sometime (days) later, the rental agency call Jackie and tell her that everything went through OK, and can she come back to the oﬃce to sign the agreement, pay the bond, and pick up the keys? SSIMeetup.org

43. Jackie goes back to Highly Rated Rentals and completes the transaction So now Jackie has keys to her new apartment and a new document to store SSIMeetup.org

44. And that’s the world that most of us live in right now. We use physical documents to prove things, and we receive physical documents in return. SSIMeetup.org

45. Part 2: The SSI world It’ll be quite like the current experience, but a bit better... SSIMeetup.org

46. First we give Jackie a digital wallet. This is usually an app on Jackie’s phone but it can be any SSI capable secure storage device. SSIMeetup.org

47. Now the physical documents are Veriﬁable Credentials. The digital credential and its contents are cryptographically signed by the issuer and addressed to Jackie SSIMeetup.org

48. Jackie can share the credentials with whoever she chooses, in whole or in part, or even by proving that she has the credential (and that’s all they need to know). SSIMeetup.org

49. Highly Rated Rentals tell Jackie they’d love to rent the ﬂat to her, and they can do all the checks in seconds, but they still need the same information. SSI doesn’t change the law, nor does it need to. SSIMeetup.org

50. Highly Rated Rentals send a “Proof Request” to Jackie’s wallet. Her wallet tells her what they want to know, and which of her veriﬁable credentials can answer those questions. SSIMeetup.org

51. Jackie still needs to conﬁrm her bank account details, so she connects with her new bank and gets them to send her a veriﬁable credential of her account. SSIMeetup.org

52. Now she can use her Veriﬁable Credentials to respond to Highly Rated Rentals with a Proof Response SSIMeetup.org

53. The proof response is cryptographically signed by Jackie, sent to Highly Rated Rentals, and contains the three things they asked about. SSIMeetup.org

54. For each credential, Highly Rated Rentals can do four checks: • Who issued the credential (do they know and trust them?) • Was it issued to Jackie (is this hers?) • Has it been changed in any way? (has she changed the details?) • Has it been revoked? (important for some things) SSIMeetup.org

55. They do this by checking the signatures of each issuing authority and any revocation lists. Importantly, they can do this without contacting the issuing authority as this would be a breach of privacy. This is our “ledger” - labelled lollipop sticks SSIMeetup.org

56. The public signatures of issuing authorities, and other information that they choose to share, are stored in a trusted place. There are already 32 different places (methods) to write the information. SSIMeetup.org

57. The veriﬁable credential includes a pointer to public information about the issuer, including the public keys they use for signatures. Issuers can choose where to store their information, so long as that location is trustworthy and a verifying party can ﬁnd it and open it. SSIMeetup.org

58. Jackie’s credentials pass the tests, and Highly Rated Rentals offer Jackie a Rental Agreement. This arrives at Jackie’s wallet as a new credential offered by Highly Rated Rentals. SSIMeetup.org

59. Jackie accepts the offer, and the new credential is stored in her wallet along with her other exchanges with Highly Rated Rentals. Highly Rated Rentals get a conﬁrmation that Jackie has accepted the offer. SSIMeetup.org

60. Jackie pays the bond and picks up her keys. As you can see, SSI is pretty much like the current world Just more secure, more private, more eﬃcient…. ... BETTER SSIMeetup.org

61. Part 3: The broken promise of current digital identity models That’s all very cool, but that’s not the digital world we currently live in... SSIMeetup.org

62. This “Sparkly Ball” was what we found in the craft drawer and decided to use as a prop for current digital identity systems. It stuck, and we’re fond of it, even if its sparkles are beginning to fall out! Introducing the sparkly ball SSIMeetup.org

63. When we describe the sparkly ball in Australia, we use examples such as the “login with” systems of Facebook and Google, and the “identity systems” of AppleID, AusPost Digital ID, MyGovID, etc. SSIMeetup.org

64. We explain that the Sparkly Ball is our euphemism for current centralised identity and federated identity systems SSIMeetup.org

65. Each of these systems allocates you with an “identity” that you can use to authenticate yourself to other organisations in the network. Back to Jackie... SSIMeetup.org

66. In return for telling the sparkly ball a bunch of stuff about herself, Jackie gets allocated an identiﬁer... SSIMeetup.org

67. When Jackie uses this identiﬁer with her bank, the bank asks the Sparkly Ball to authenticate it… And the Sparkly Ball learns that Jackie is talking to the bank... SSIMeetup.org

68. When Jackie uses this identiﬁer with Highly Rated Rentals, they ask the Sparkly Ball to authenticate it… And the Sparkly Ball learns that Jackie is talking to the Highly Rated Rentals... SSIMeetup.org

69. Everytime Jackie uses the identiﬁer, the Sparkly Ball knows. Some Sparkly balls go to considerable efforts to try not to notice and to forget what they learn. Apple for example promises to forget after 30 days [page 6, here]. SSIMeetup.org

70. Some try to “blind” themselves, covering their digital eyes and ears. But others don’t, and use the data they gain about you for their own reasons. Good or bad intentions, the architecture means that they are always in the loop SSIMeetup.org

71. So we don’t like Sparkly Balls SSIMeetup.org

72. The END SSIMeetup.org [of the Jackie demo]

73. Typical next steps in our conversations... At this point we usually offer to run one of our software demos. Then we start to explore their technical and business questions… “What’s on the ledger? [again] “How do we make money/reduce risk/improve our customer experience?” etc. SSIMeetup.org

74. So there you have it, our simple way to demo SSI... The original LinkedIn Post and video that attracted Alex’s attention is on LinkedIn here We’ve since made a (slightly) improved recording of this approach here And we’ve built cartoon versions and even role played this with real people at meetups… And we’re writing other stories for Jackie... SSIMeetup.org

75. We continue to look for new ways to support the adoption of SSI • Continue to sponsor research and student projects with Universities • Co-Chairs (APAC) for the Sovrin Guardianship Working Group • Actively explaining SSI to government and industry bodies • Promoting the commercial trial and adoption of SSI. [we’re not a charity!] SSIMeetup.org

76. We’re still learning. We would be very interested to hear what’s working, or not, when you explain SSI. We’d be happy to connect! The last slide in this deck has the team’s full contact details... SSIMeetup.org

77. Finally, I was asked to add a list of any books that have helped me understand identity better. I’m an avid reader. ALL stories explore identity in one way or another. This is a big and growing list... Here are some of the non-ﬁction and ﬁction books that have shaped my thinking Philosophy • Kwame Anthony Appiah - The Ethics of Identity [or listen to his excellent BBC Radio 4 Reith Lecture podcasts on identity] • AC Grayling - lots, but a nice introduction is “Thinking of Answers: Questions in the Philosophy of Everyday Life” • I’ve also struggled through others such as Kirkegaard, Wittgenstein, Kant and Russell • And I had the usual youthful fascination with existentialism [Sartre, Camus, Goethe, de Beauvoir, Kundera etc.] Non-Fiction • Rachel Botsman - Who Can you Trust • Soshana Zuboff - The Age of Surveillance Capitalism • Yuval Noah Hurari - Sapiens, Homo Deus, Lessons for the 21st Century • Hans Rosling - Factfulness • Richard H. Thaler - Misbehaving: How Economics Became Behavioural • Daniel Kahneman - Thinking, Fast and Slow • Dan Ariely: Predictably Irrational • Randall Munroe - Thing Explainer • Nassim Nicholas Taleb - Antifragile Fiction: • Ben Elton - Identity Crisis • Philip K Dick - Flow My Tears, The Policeman Said [and other titles] • Daniel Suarez - Daemon • Richard Morgan - Altered Carbon • Pretty well everything by William Gibson SSIMeetup.org

78. The SSI team at 460degrees are John Phillips, Jo Spencer and Jack Dwyer. We are passionate students, evangelists, and enablers of Self-Sovereign Identity. We believe that Self-Sovereign Identity is a better model for digital privacy, security and trust for people, organisations, and things on a global scale. We see SSI as a disruptive but positive force, a change for good. We want to be a catalyst for that change, helping people and organisations navigate their way to a better digital future. Thanks for the chance to share John Phillips Partner | Innovation | Self-Sovereign Identity Email: john.phillips@460degrees.com LinkedIn: https://www.linkedin.com/in/johnphillips11kps Twitter: @11dot2john Jo Spencer Champion | Payments | Self-Sovereign Identity Email: jo.spencer@460degrees.com LinkedIn: https://www.linkedin.com/in/jospencer-1pg Twitter: @spencerjed Jack Dwyer Development Lead | Self-Sovereign Identity Email: jack.dwyer@460degrees.com SSIMeetup.org

Explaining SSI to C-suite executives, and anyone else for that matter

Du liest eine Vorschau.

Hier ansehen

Explaining SSI to C-suite executives, and anyone else for that matter

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Explaining SSI to C-suite executives, and anyone else for that matter (20)

Weitere von SSIMeetup (13)

Aktuellste (20)