Before the Beginning (did:v1, Part 2)

August 11, 2021 00:55:24
Before the Beginning (did:v1, Part 2)
The Rubric
Before the Beginning (did:v1, Part 2)

Aug 11 2021 | 00:55:24

/

Show Notes

[Part 2 of 2] Veres One is the progenitor DID Method. Before BTCR, before DIDs were even called Decentralized Identifiers, Manu Sporny and the team at Digital Bazaar created a ledger-based identifier architecture using their own fit-for-purpose non-cryptocurrency blockchain called Veres One. We talk with Manu about Veres One, the state of the DID ecosystem,...
View Full Transcript

Episode Transcript

Speaker 0 00:00:00 <inaudible> welcome to the rubric. I'm your host, Joe Andrew I'm Erica Connell. Speaker 1 00:00:14 In this episode, we resume our conversation centered on did verus one with Manu Sporney one of its creators. The first part of the conversation can be found in the previous episode, but one Speaker 2 00:00:26 Of the fundamental philosophies here, um, at least the one that we're operating with, the one that we always operate under is what if we're wrong? Right on the rubric, we meet the people, making decentralized identity a reality. We discuss the technologies and motivation behind the movement, including decentralized identifiers, which encompass DIDs did documents and did methods. So you can make better decisions about which did method is appropriate for your use. Decentralized identifiers enable robust identity based services without dependence on a trusted third party. Instead of being forced to use centralized identity verification services like Facebook, Google, or the department of motor vehicles does, can be created by anyone anywhere and used for any purpose. Did methods are the magic ingredient that give DIDs their flexibility before creating any specific? Did you first choose it did method, which determined how you performed the create read, update, and deactivate operations on a did of that method once created each date includes the name of its method in the identifier itself, so that when you use the, did others know how to retrieve the associated document that contains the cryptographic material for secure interactions, different did methods use different underlying mechanisms with different performance, security and privacy? Speaker 2 00:01:41 Trade-offs this show, the rubric reviews different did methods using a common set of criteria, comparing apples to apples. So you can make better decisions about which did method is appropriate for your needs. Speaker 1 00:01:54 Verus one is the progenitor did method before BTCR, before DIDs were even called decentralized identifiers, Manu Sporney and the team at digital Bazaar created a ledger based identifier architecture using their own fit for purpose non cryptocurrency blockchain called verus one today's guest. Manu Sporney is a co-founder and the CEO of digital Bazaar, a six time entrepreneur and founding co-chairman of the web payments group credentials and Jason LD community groups at the worldwide web consortium. He has been a leader in the development of DIDs. He is an editor of the verifiable credentials specification, the upcoming decentralized identifier specification, as well as half a dozen auxiliary specifications, such as Jason LD, authorization capabilities and the credential handler API also known as chappy. Speaker 2 00:02:49 Talk about some of the challenges and conflicts that you face bringing verus one to a reality. Um, and the first thing I want to ask about is, is it live, uh, uh, the Testnet has been live for three years. The production network is not live. And we used to, uh, we used to, you know, we used to give like ETA on when the production network was going to be ready. And the more we worked on the ledger, the more we understood that, like, we really need to do our due diligence on this and not rush it out and do it right, right. There, there are a number of other dead ledgers that did rush to market and rushed to claiming that they were production. And we, we were a part of some of those other initiatives that rush to say that they were in production knowing full well that like the system was not ready. Like it was not ready to go. So with verus one, we were trying to be very thoughtful and methodical and just make sure that we've got everything tied up before we say the, the networks in production learning from your history in the gaming industry. Yeah. Speaker 2 00:04:02 Yeah. Well, I mean, gaming industry is just like, you just slap a bunch of crap together and just throw it out there. Right. If it looks good, it's great. It doesn't matter if it's a hot mess behind the scenes. Well, it's hard to say. I mean, yeah, I don't know if you know the story of half-life, but they have life too. They famously they could have shipped and they said, no, you know, these first levels are so great. Let's spend another year making the whole thing that great. And so fortunately they had a publisher who was willing to make that investment. Yeah. And that was game of the year, right? Yeah. Yeah. Well, I mean, that's the thing you need, you need, you know, people that understand what you're trying to do to, to delay things like that. And I think that's the other thing with, you know, for a certain degree, going back to the whole cryptocurrency, you know, versus VC versus bootstrap, you know, angle, you know, the challenge, the challenge for us has always been cash. Speaker 2 00:04:55 It hasn't been talent. I think we've got an amazingly talented team. Um, Dave long Lee who, you know, has, uh, headed up, uh, verus one development is, um, one of the most, uh, intelligent, capable, wonderful people that, that I know in, in he, uh, has, has, has done such a phenomenal job, you know, architecting verus one in learning from our past mistakes and, and, you know, making it better. So, so, you know, these things, if you're going to do them right, they take time and you can't put a timeframe on it. Um, in one of the things that VCs do is they absolutely put a timeframe. You need to be profitable by X, if not, you know, you're done or we'll package you up or sell you off. And it's really hard to convince them to move that, that timeline cryptocurrencies on the other hand are really neat in that. Speaker 2 00:05:45 Um, you've got you, you can get a lot of money and that can keep you going for a really long time, but that's bad too, right. Because if you have 40 years to solve the problem, you're not really rushing to solve the problem. Right. And I've seen this happen with some of our friends in the industry that have cryptocurrency, they've launched them, they've got billions of dollars in like, you know, every nine then I check in on them and they're on the beach, like just lounge, right. Because there's no rush. Right. I mean, they, and they've, and they've hired, you know, half a bazillion developers, surely those developers are going to solve the problem when it's like, no, man, you were the heart and soul of that operation. You're on the beach. Your developers are off doing something else. Right. It's probably not what you would, you would choose to do constraints and deadlines really have a way of sharpening your focus. Speaker 2 00:06:37 Yep, exactly. So, you know, verus one does have a constraint. I mean, we are, we are using it, uh, you know, for real production deployments. Um, so there's this, you know, national association, convenience stores, this, this age verification project across the United States, that's, uh, going to go live with verus one. Um, and you know, the us federal government, um, is looking at, uh, potentially using it for, uh, green cards, uh, citizenship documents, things of that nature. So, you know, we think that like, that's a, that's a good balance, right? Cause it's not like so immediate, like the government is going to be, um, the government is, is good with taking their time to make sure that it's right. Um, in the, the national association of convenience stores, you know, they've been around since the sixties, they know about playing the long game in doing things right as well. Speaker 2 00:07:29 Um, so it's really important to get involved, you know, deadlines are, you're absolutely right, Joe, like deadlines are very important in, you know, you want to make them just the right type in the near term deadlines. Um, but you also want to work with people that are going to do what you know, uh, valve did with, you know, half-life two is give it time to breathe if it needs. Um, so yeah, so, so going back to your original question, it's the Testnet has been up and running for three years and we learned from that the production network, uh, we're not going to say it's live until we are sure. It's ready to go live, but it's not going to be five to 10 years in the future. It's going to be near term right next year or two. Yeah. We definitely want to get to talking about some of these projects you have ongoing, but before pushing too much further past some of the tech, there is an interesting fact about the various one network. Speaker 2 00:08:24 And that is that it doesn't use either proof of work or proof of stake has its consensus algorithm for those out there. Bitcoin was famously the first blockchain and also kind of introduced this notion. I believe of a proof of work. Maybe it was out there before, but Bitcoin really actualized it. And recently with other networks such as polka dot and Cartano proof of stake has become kind of the new buzzword in the space. Could you explain since Ferris one uses neither of these, uh, consensus methods, uh, what does verus one, uh, use to come to consensus in its chain and how is it different from these two? Yeah. So, um, so this kind of goes back to verus one being a fit for purpose blockchain. So it is, it is designed to do one thing in one thing. Well, and that is register in maintain ditz. Speaker 2 00:09:21 That's the whole purpose of the ledger, right? And so we're, we're optimizing for some, a couple of things. So we want it to be, you know, globally scalable, which means that, uh, we want, you know, the raw throughput of the blockchain, the number of operations that can do two a second to be, uh, fast, right. We want really fast consensus times. Uh, we want there to, we want to make sure that, you know, there can be billions of DIDs, uh, on the ledger. Um, we wanna make sure that the entry path into the ledger doesn't cost anything. Um, so the first DIDs free, but if you want to register, then it costs money. And so all of those things fed into, uh, the consensus algorithm and the design, right? So, so looking at it from 30,000 feet, uh, what do we want? Um, we want to fast ledger, high throughput, you know, uh, low latency, uh, that can store enough DIDs for every single person in the planets many times over, right. Speaker 2 00:10:22 Um, we want something with the types of characteristics where it will get cheaper and cheaper and cheaper. There has to be a really strong, downward pressure on the cost of registering in storing a dead. And we don't want like cryptocurrency fluctuations to happen. Right. We don't want operations to cost a dollar one day and then a $300 the next day and then 20 cents the day after and so on and so forth. Um, so, uh, you know, just, just speaking to some stats and the reason I'm talking about stats is I think people might understand those a bit easier. And then we can go and talk to talk to like the consensus algorithm. Um, we wanted to ensure a couple of things, uh, you know, a couple of other things with the ledger. Um, so I'll get to those in a second, but let me, let me talk about the stats first. Speaker 2 00:11:13 So we wanted to be able to support between 100 to 500 raw operations, the second on the ledger. So what that means is, you know, at 500 did creations a second on the ledger, you can create 15 billion DIDs in a year. So it takes you six months to onboard the entire population of the planet, just in raw operations. We wanted the system to come to consensus in, you know, between three to 30 seconds to put that in perspective, it's 3,600 seconds for Bitcoin, uh, you know, um, uh, uh, a little less for Ethereum, but we wanted, you know, when you write to the ledger, like, that's it, you've got your thing on the, within three, you know, three seconds, 30 seconds, you absolutely know that you did on the ledger and it's going to be there, you know, for as long as the Ledger's around. Speaker 2 00:12:02 So, you know, speed and latency were really important in that went into the inputs for the consensus algorithm. The other thing that was important to us was, um, we wanted to achieve the same things, that proof of work achieves, but we didn't want to pay the, uh, energy costs of doing that. Right. And so, yeah, it, yeah, I mean the whole, like, you know, um, uh, Elon Musk meeting with, you know, the renewable energy sector and the mining operations and, you know, chilling, uh, cracking down on mining operations, you know, in the mainland because of the digital Yuan, like they're all, all these things that are, that are happening. And the concern that we had was just the amount of energy required to like keep Bitcoin running. But at the same time we wanted a permissionless ledger, right. We wanted there to be a way for people to, uh, engage with verus one, without touching Fiat currency. Speaker 2 00:13:03 Right. We know that, uh, you know, I don't know how many people out there care about that particular feature, but I know that there's a very vocal minority that does. And, uh, it may be that that is, it is a good thing to have anti-censorship mechanisms built in to the ledger, right? So the way you get something on the verus one ledger is you pay Fiat for it. That's the bit, that's the basic way that you can get something on the ledger you pay Fiat. It's like, you know, uh, 85 cents to a dollar, uh, and that gives you this, uh, what's called an authorization to write your dead to the ledger. That's that's one way you could do it. Another way that you can do it is you can convince someone, the network to do a right for you. So they're, they're, you know, they're all these peers on the network. Speaker 2 00:13:51 So there are all these nodes that are operating on the network and they're gossiping with one another and sending data around and helping the, the whole network come to consensus and create blocks. Well, if you help, uh, we, if you help in doing that, you get, um, you get a, uh, effectively a token. Now you could argue that, Hey, this is a cryptocurrency, like you're tracking some kind of value on the ledger, but the only thing this cryptocurrency lets you do is it lets you do a write to the ledger, um, uh, at a future point in time, right? And so if you can find one of those people or if one of those people are kind of giving, you know, free rights to the ledger away and you can convince them to write something, the ledger, you can get something on the ledger. Similarly, if you gossip enough, if you set up a note and that note is gossiping, you will get, uh, the capability, uh, to write something to the ledger. Speaker 2 00:14:45 So you can either pay Fiat currency to get something onto the ledger, or you can use, uh, one of these mechanisms that lets you write for free effectively, uh, to the, to the ledger. And that goes into the consensus algorithm, uh, as well. So, so those are kind of like, that's kind of the setup that I, to, to why we pick the consensus algorithm that we did and why we had to kind of go back to the drawing board and, uh, build a fit for purpose consensus algorithm, uh, for verus one. So let me stop there. I know that that was like a lot of information, but so just to summarize that last little bit then, so there's two ways that you can write to the, uh, verse one ledger. You either pay money essentially, or you can run a node and as a reward for helping the network gossip and come to consensus and all of this you're rewarded with, uh, some tokens that are essentially just very specific use tokens that allow you to write to post operations to the network. Speaker 2 00:15:46 Yep. Okay. So how does, how does digital Bazaar make money? Uh, you mentioned that there's roughly 85 cents in value being created when someone buys a did on the ledger, earned it, um, through in kind participation. Um, where does it go? Yeah, so that, that money goes to the verus one foundation. So the various fund foundation is a Canadian nonprofit. Um, their job is to, uh, basically run the network. Um, and one of the people, you know, one of the groups that they hire. So, so there's a, you know, there's all this governance around, uh, verus one, um, that, uh, basically says that look, you know, verus one for it to operate. There's a board of governors, um, that, uh, you know, kind of weigh in on financial and political, uh, you know, things, um, there's a community group that anyone can join so they can put in proposals for how the various one network changes or what the fee structure changes too. Speaker 2 00:16:44 So there's community input. Um, and then there's a technical maintainer, uh, for, uh, verus one in right now that technical maintainer is digital Bazaar in the only money that we make is enough to keep the software up to date and do deployments and things like that. But the key thing to understand here is that digital bizarre can get fired, right? So it is entirely up to the community and the foundation on whether or not they want to keep paying us to, you know, work on the software and upgraded in, you know, do attack mitigation and all that kind of stuff. The foundation could also go and find somebody else to do that as well. Sure. Because you created it, you're the default for now. And once everything goes live, the foundation will have the choice of whether to continue with you or move on to a different that's. Speaker 2 00:17:34 Right. Yeah. I mean, various one is not a money-making operation, right. It's like, like if we wanted to do that, we would just launch a cryptocurrency. Right. Or, um, you know, we would package it up and sell it to a VC because the technology there is, is pretty interesting. Digital tools are needed verus one, because we were counting on other dead methods to go to production and be stable. And over the years that did not happen. Right. So there've been a number of dead methods that, that digital Bazaar wanted to use, but, you know, development was delayed or there was some weird political stuff that was going on or we couldn't, we couldn't count on it. Right. Uh, we, we weren't comfortable with the mathematical proofs. We weren't comfortable with the performance and things like that. So verus one, you know, we created verus one as kind of a backup to if, if these other systems fail and, you know, in hindsight it was a very good idea. Speaker 2 00:18:32 Like it was a good call, right? Because now we're going to production with a number of our products and there isn't a dead ledger that we would be able to, uh, confidently say we trust, uh, in front of our customers. Right. And so did verus one is that digital Bazaar is like we're did method and did ledger agnostic. Anything that works in production is good for us, but, uh, we don't know of many that exists today where we could stake, you know, our company's future on, uh, you know, that, that did method. Great. So you've had success with a couple of projects, um, and we want to turn our attention to two of them. The first is the work you've done with DHS and SVIP. That's the department of Homeland security, uh, Silicon valley innovation program. Um, I think digital Bazaar is about to enter into phase three, or I should say more accurately. Speaker 2 00:19:28 You have completed phase two, um, and we're anticipating a future work together. Tell us about that and how you were involved and how it's helped move things forward. Yeah. So the, the DHS, um, you know, SVIP programs, you know, interesting. I think the, the more interesting thing is, uh, is, are the people behind it, right? So specifically in Neil, John is, uh, you know, the, kind of the brainchild behind funding, uh, you know, a subset of the work in, in this, uh, area. So, so, uh, Neil is, we should absolutely credit him with being one of the first people to see the benefit of this technology, not just decentralized identifiers, but verifiable credentials and encrypted data volts. And, you know, a lot of this other stuff he saw that it could solve a problem, you know, in the us federal government, in the, he put money behind it. Speaker 2 00:20:23 And that is really difficult to do, you know, uh, as, as the federal government, but those early bets that he, he took are starting to, you know, are absolutely starting to pay off. So they were there, you know, just a handful of us in the room when the Neal asked us to kind of talk about where we wanted to go with decentralized identifiers. So, you know, drum drum and read Les chase and Christopher Allen and myself, we're in the room kind of pitching what decentralized identifiers and verifiable credentials could be come back in like 2015. And so that's kind of where that initial set of funding, you know, came from in, in really, it was like an exploration of, you know, blockchain's, should the federal government pay attention to them? What can they do? What can they not do? Uh, Neil was very interested in how these could be used for like privacy preserving identity use cases. Speaker 2 00:21:15 Us government ends up sitting on a lot of PII that they don't want to sit on like the U S government law by and large. Uh, and again, clearly I'm not speaking for the us government, but this, this is what I've kind of heard been said publicly. They don't want to hold on to a whole bunch of PII. They just want to give people authorization to do things within the U S right authorization to come into an out of the country, passports, uh, authorization to, uh, you know, be employed, uh, you know, work permits, uh, if, if you don't, uh, you know, if you're not a permanent resident authorization to be a permanent resident in all of these things basically just require you to be vetted at some point in time. And then, you know, ideally they get rid of the information, right? They, they trust the processes that they have, and they don't hold on to, you know, all this kind of toxic data. Speaker 2 00:22:05 And that's one of the great things that like decentralized identifiers and verifiable credentials, uh, give federal governments of any kind is all of a sudden they can actually hand identifiers and the credentials over to citizens, and then the citizens can, can hold on to that. Right. So that's kind of, you know, that's, that's where U S federal government's coming from in, in over the years, more and more like parts of the U S federal government are seeing how DIDs and verifiable credentials can help them, uh, solve problems that they have. So, you know, everything from, uh, imports into and out of the country, like literally, where did this box of mangoes come from? Uh, is this car that's being imported into the country? Um, you know, where was it, uh, put together? Does it contain, uh, you know, uh, NAFTA parts in it? So it, should it get a tax rebate discount as a result of it, permanent resident cards like travel documents, you know, how do we make it? Speaker 2 00:23:07 So those are harder to forge so that, you know, we, we are, uh, more sure about the documents that people are using to get into and out of the country, um, or rather get into the country. And so it's, it's like all of those use cases that, you know, Neil specifically was like, this technology could help all of those things. And he's been very successful at, at redirecting funding. And this is the really awesome thing about this redirecting funding, so that these companies that are building technologies, these technologies are working out in the public to put it together, not behind closed doors, not in like government to vendor interactions, but in EAL has been very, um, effective at pushing the vendors out into the public, in and going, you invent all of this stuff out there in the public, so everyone can see what you're doing, um, so that everyone can provide input in, you know, and, and so nobody thinks something nefarious is going on behind the scenes, you know, as well. Speaker 2 00:24:09 Right. That's great. Yeah. I love the Neil's role in, uh, advocating for interoperability and avoiding vendor. Lock-in. I think it's even more fascinating that the federal government is helping open up this industry. Many of us certainly I've been involved in the user centric world for maybe 15 years, and many of us have the expectation that because the federal government holds all the power, of course, they're going to want to control everything and to know everything, right. Wait, when we think of three letter acronym agencies, we think of groups that are watching us. And when a Neil showed up representing DHS at the internet identity workshop, I was like, who's his big brother sitting next to me, but then he started saying really smart stuff, because in fact there are good reasons for many, many federal systems to avoid trying to know everything and control everything because that's not their mandate. Speaker 2 00:25:01 Yup. Yup. Yeah. I mean, a lot of people don't, I mean, you know, it's easy to put the tinfoil hat on and go like, oh, they're trying to watch everything that we do. And, and there are certainly parts of government that, that wants that. Right. I mean it, because it, it, it supports their mission, right. So, you know, CIA NSA, you know, they're, they're things that they, that really help them if they know as much as they possibly can. Right. But there are other parts of government that are like, no, that's a really bad idea. And we shouldn't do that for our citizens. Right. So there's, there's something called the DHS privacy office. And it's filled with lawyers in their job is to go, no, you cannot collect this information on citizens. No, you cannot allow a company, a private company to collect that kind of data, you know, on, on citizens, on behalf of the government. Speaker 2 00:25:46 Right. I mean, the sad part is, is like, they've got really good controls in place to prevent government entities from collecting that information. But when it comes to like Facebook and like private organizations, it's like do whatever. Right. Um, so anyway, you know, I think it is very good to peop for people to be skeptical of all of the entities that are involved in, you know, VCs and DIDs, everyone's got a motivation. Right. And it's good to understand those motivations. And I do, you know, having, having been in the space for awhile, I haven't seen anything nefarious happened, but you know, at the same time, of course I'd say that. Right. Um, cause we're working on, but I mean seriously, like people don't understand the checks and balances that exist in the federal government to stop things like this from happening. It doesn't mean that they always work. Speaker 2 00:26:41 Right. I mean, we've, we've, uh, we've just been through like an insurrection in the, in the United States. And so they're the, you know, the checks and balances don't always work, but at the same time they are there and they're really good people, um, that are trying to do their best to, to, um, to enforce those things. So there was a second project that you mentioned earlier with the national association of convenience stores that I wanted to give you a chance to explain what's going on there and what maybe people can expect to see in the future and what might be the first consumer facing did project that people will be able to actually take part in next is really interesting. Next is, uh, having it's, you know, it's, it's, what's on the tin, they are the national association convenience stores. So if you're at a convenience store in the United States, there are hundred and 52,000 convenience stores in the United States. Speaker 2 00:27:36 If you fill up on gas, if you go and get a big gulp, if you, you know, buy chips, uh, lotto, uh, vape cigarettes, alcohol, you know, a tin of tuna or chef Boyardee right there, your corner convenience store, right. In, in the really cool thing. The thing I love about NAX is that the vast majority of the stores are individually owned and run middle-class jobs. This, this is like, this is like the beating heart of America. These are all, you know, families. And in these families, their business is convenience stores and they own, uh, you know, just a handful of convenience stores and that's a family business. And a lot of people don't know this, you know, convenience stores lose money, selling gas. They don't make a profit, hardly ever. The thing that they make money on is when people walk into the store and buy something like a, you know, a sandwich or a drink, or that's where, you know, they, they make most of their money. Speaker 2 00:28:36 And so, you know, convenience stores sell everything that you can think of. Um, in some of those things are age restricted products, right? So again, uh, alcohol, tobacco, vape, uh, lottery, those are all age restricted. And what a lot of people don't know is like energy drinks are age restricted. You have to be over the age of 16 to buy them. You know, there's this week hard program in the United States. When you walk up to a convenience store, a checkout counter there's little red sign that says we card. And if you look like you're under the age of, uh, you know, 30 or 40, um, they make sure that you're carded, right? And so you take your, uh, your driver's license out, you show it to the cashier, the cashier looks at the front and back of it, make sure you're of age, uh, to buy the product and that's that. Speaker 2 00:29:19 But that's basically, that's all they kind of have to do in, in lately. The types of fake IDs that are flooding into the U S market have gotten so good that it's impossible to tell a fake, uh, from a real document. Um, so that means like the holograms exists, the pictures exist, you know, they're full color, uh, and they're fairly easy to buy, you know, off the internet. The other thing that's, you know, starting to come into play is, you know, cannabis is being legalized across the United States and these stores, you know, they, they don't want to be put at a disadvantage selling this stuff, but that requires them to be able to put limits on some of the things that they sell potentially, you know, the FDA might, uh, end up saying, you've got to, you've got to understand systemically if somebody is going, going in and buying, you know, thousands upon thousands of, uh, age-restricted goods, because they're either social selling or, you know, they're repackaging and redistributing. Speaker 2 00:30:18 Um, so there are all these things that, you know, are, are, are things they want to be able to do better. One of them is they want stronger, you know, digital IDs in them there. And they know about DIDs and verifiable credentials. In fact, the national association, convenience stores were one of the first group, uh, groups to see the value in, um, uh, DIDs and VCs. And just to put this in perspective, this is not a small industry, right? This is, this is a, a sizeable chunk of us GDP that flows through these, uh, through these stores. And the other thing that they really care about is, you know, these, there are 150, 2000 stores. They really care about having that relationship with their customer. They, their customers trust them, right? It's literally, if you're in a city, you walk downstairs, you walk into your corner, convenience store, you say, Hey to the shop owner, because you know them, they live in your neighborhood. Speaker 2 00:31:11 You buy a couple things and leave that, that relationship's important to them. And so their, their view on all of this is they want privacy preserving technologies. They absolutely want to make sure that nobody is collecting data on their customers. They, they, uh, you know, Amazon is trying to wipe these folks, you know, off of the map, um, because, you know, through the Amazon convenience stores and things like that. And so they view, you know, the national association of convenience stores, they view like they're there to protect the customer. They want to make sure that, you know, they're protecting the customer's privacy, that they're not being tracked store to store, but they're meeting their regulatory obligations. So, you know, fast forward a bit NAX their new program. This is called true age. Their true age program is powered by decentralized identifiers. So they, they, you know, they, they are going to use debts in the future, but today they largely use verifiable credentials. Speaker 2 00:32:07 But as far as the issuance infrastructure is concerned, NAX is going to use virus one as, as, uh, you know, one of the DIDs that they support. There are other follow on, you know, they'll, they'll basically support any did that's that's production quality. Uh, but verus one is one of the first that they're going to support. There's another question of like, okay, now that people have these digital wallets and they have these digital age tokens in these wallets. So part of the program has to do with removing the, uh, driver's license from the mix, right? So when you, when you show a driver's license to a clerk, they get all kinds of insight into your personal data that you don't want them to have. Like they see where you live. Like that's one of the things on your driver's license, they see your height, weight, eye, color, types of motor vehicles. Speaker 2 00:32:53 You can operate where you live too much information. All they really need to know is whether or not you're above a certain age or not. Right. If your driver's license is scanned, they get all this information in a digital form, which I believe there are a couple of lawsuits, um, out there where it can stores have been selling personal information that they've scanned from driver's place. Yep. That's right. Yeah. So, so they don't, um, you know, th they don't want, they don't want to touch that again, just like the us federal government. They don't want to touch that personally identifiable information. And so we're trying to convert that, that thing, the driver's license into an age token that basically says whether or not you're above age or not, you know, whether or not you're over the age of 16 or 18 or 19 or 21, there, there's the kind of the ages. Speaker 2 00:33:40 And, um, and they just want to stay in that at the point of sale and be done with it. Right. But at the same time, they want to make sure that if you're doing something like buying a regulated product of some kind that may have limits like cannabis, um, that they can provide that as a service to, you know, these convenience stores. So this, this, this system, when, you know, it's in pilot, it went into pilot in November, and it's moving its way through to production, and it is going to go, you know, the, it is, the reach is 152,000 stores in the U S there are about 60 million people that, uh, knacks age checks every single day in about 220 million people that walk into a convenience store at least once a year. So, Manny, I understand how selective disclosure through VCs can provide some privacy benefits, because you're not disclosing everything like the famous problem of the bouncer, getting your home address, where they have no need for that. Speaker 2 00:34:39 But you do more than that. It could you walk into how, how is this not a surveillance network? That's like digital cookies for every time I go into the convenience store and buy a six pack. Yeah, yeah, yeah. I mean, we really wanted to avoid that the amount of like security and privacy, privacy engineering that has gone into this project at least is staggering to me because, you know, we get exposed to a number of different high tech companies, but the national association, convenience stores is the one that, that is the most advanced as far as trying to protect, uh, you know, customer data. So, so, so basically, you know, the way that it works is you, you take, you know, an identity document today, it's a driver's license in the future. It may be like a permanent resident card from the department of Homeland security. Speaker 2 00:35:30 That information goes into the system. Once in your ages, you know, your, the, your birth date is basically, you know, pulled off of that. And, and you generate basically whether or not the person is over ager or not, at that point, the data itself that, that data, and the only pieces of data that go into the system is the driver's license number, the state that issued it, uh, your date of birth and the expiration date, that's it, that's the only piece of those are the only pieces of information that are kept. And then we take that and we encrypt it and we put it in the database that requires, and we doubly encrypt it so that you need multiple people under like a subpoena to decrypt that information. So even the stuff that is just like those four pieces of information, driver's license, issuing, state, date of birth, and an expiration date for the license. Speaker 2 00:36:24 We don't, we can't even see that after you were onboarded. And so the only thing that exists in the system is w w what age, what age over in, in, you know, with that kind of pseudonymous, uh, ID that exists in the system, we associate, you know, limits that, that you may have, right? And we throw the information out, we throw those, you know, that purchase history that you have, we throw it out as soon as we can, right? Because again, it's toxic data. They don't want to hold onto it. And this is very different from like the way websites work with cookies today. And the tracking cookies that, you know, Google provides so that people can follow you around as you go from website to website, and now it's going into the real world, like, you know, the, your, the phones that you use and the interactions that you have through your mobile phone, uh, you know, that that data is collected and it is sold. Speaker 2 00:37:17 And knacks does not want to do that. That is not, you know, that that is the job of a loyalty program. And that is something that requires customer consent. Um, and Max's like, their message is pretty clear. They're like, we are not Amazon. We are not Google. We're not going to track you, uh, you know, in those ways. So they, they, you know, th the whole system we've gone to great lengths to try and, and do, you know, really good privacy and security engineering. And the last, last thing there was, you know, well, why aren't we doing selective disclosure? Why aren't we doing, you know, these fancies or knowledge, proof, you know, things it's because the only thing that we need to disclose is whether or not you're over a particular age or not, like, that's, it, it's one piece of information and that's, and that's what the system depends on, right? Speaker 2 00:38:07 So we try to not get fancy with the cryptography. We try to use stuff that's been known to work for a very long time, and we do data minimization as much as we possibly can, um, you know, across all these interactions. So I want to dig a little bit deeper in that. Um, you guys have a very unique approach to pairwise identifiers, uh, to oversimplify your architecture. But when, uh, when a customer goes into a store and this store manages that transaction, it actually gets recorded with a different identifier. Every time they go into a store, could you unpack how that works and how those tokens sort of flow creates this privacy? Sure. Yeah. So, so the, the basic concept that's operating here is that we don't want like knacks in, in the convenience store industry. The idea here is that, um, we don't want to attract people, right. Speaker 2 00:39:02 And in order to make that happen, we need to make sure that when the customer shows up and shows an identifier of some kind, it is a new identifier every single time. Right. And they're, non-correlated identifiers. So that's a key, that's a key part of the, of, um, what we're going for. And so we, we can do that through, you know, verifiable credentials and things like that, to be very clear, we don't put a did on that token that someone uses, uh, in the store, right? There's no, every, every part of that thing is, is new every time it's used and that token. So, so the only thing that the deal with the stores here is that when you walk in as a customer, this store in the scan that you buy, you try to buy something that's age restricted. When they scan that token, they keep the token on record. Speaker 2 00:39:51 And by keeping the token on record, they can say, look, we checked for ID and they take that token and they send it up to a server and it comes back as like, yeah, this token is, is, um, uh, is valid. It hasn't been used before, uh, or, uh, this token has been used somewhere else. It's invalid. Right. Um, and by doing that, they're effectively doing the age check, right? Except the benefit here is the clerk didn't have to try and determine if this is a fraudulent ID. There was a digital signature on the token that was issued by the national association of convenience stores. So, you know, it's a valid issued token, you know, that the token hasn't been spent before in, because of all of those things lining up that meets the regulatory obligation that the, um, that the store has. And so when that same person goes into another store or a store in the same chain, that next ID that scan the QR code that scanned off their phone is an entirely new token, basically an entirely new, random number that's done scans, same check happens. Speaker 2 00:40:59 And so it is impossible for those two stores to correlate that individual, um, through the use of those single use tokens, the single use synonymous tokens. One of the things that's interesting about this approach with through age is how cost-effective it is for the convenience store owners who are the moral authority for next. So next has a very interesting alignment with their members to keep the costs low. That stands in stark contrast to other, uh, efforts, often startups who have ideas about age verification platforms and what they can charge. Um, could you talk real quickly about how the economics work here? Yeah, so, so the, the, the economics in the convenience store industry are it's pretty brutal, right? So, you know, most convenience stores sell, uh, gas at a loss. And the reason they do that is to get people to come in to the convenience store and buy products in the convenience store. Speaker 2 00:41:58 That's where they actually make their money. If a convenience store does a million dollars, uh, you know, of business a year, their profit on that is usually around $20,000. And so convenience stores are incredibly cost conscious in NAX basically said, look, you know, if we don't do this, our convenience stores are going to start hurting. Our margins are going to get thinner and thinner and thinner. And so whatever we do, it needs to be free, right? Because they can't afford, you know, they can't, you can't even afford a penny, uh, you know, a verification, right. And so what NAX said was, uh, we're gonna use our association power to convene all these people together. You know, there, there are, you know, the, the companies that sell age restricted products, they they're the ones with the deep pockets. They're the ones that can pay for this. Speaker 2 00:42:52 And all they need to do is cover the cost of operating the network. Um, we need to make sure that this is free $0, 0 cents for all the convenience stores, because they don't have the margins, you know, to pay for this. Um, uh, in, in what we also need to make sure that we do is align with where the federal government is going with this technology, right. We want, we have massive scale. So, like I said, 60 million age verifications, a day, 220 million people in the U S going into a convenience store, you know, once a year, massive scale. And we want to make sure that we're dovetailing in with the techno technology that the U S federal government is working on, because we depend on them for onboarding their IDs. We use driver's licenses to onboard people into the system, and we need better digital IDs. Speaker 2 00:43:48 Right. And if we dovetail with the technologies that they're funding, the, the chances that this is going to be cheaper in the future are higher, right? So that's kind of where the economics come into play. They NAX doesn't have an option. They need to use the most cost-effective technology. And right now that cost-effective technology, you know, turns out, it turns out it's verifiable credentials and decentralized identifiers. And because they have known about this work for five plus years, they're able to, they were able to move quickly on it, right. I mean, they saw an opportunity and they were like, we know exactly what we can apply to the problem. And to tell you how quickly this came together, you know, it was, we started on the program last may. It took us about seven months to architect, design build and deploy the system into pilot, which is like breakneck speed. Speaker 2 00:44:43 And that happened, you know, last November, right? And so when NAX decides they want to do something, they can move really fast on it. And in, and now it's available like to any convenience store, you know, that that can integrate with the system it's free. So there's no reason for convenience stores not to use the system. Right. The only thing they need is a, is a point of sale device that is capable of talking with the true aid system. Uh, and those things are being built to built into large point of sale systems. Uh, you know, as we speak, as we move into wrapping up here, I did just want to clarify one point on the privacy. You mentioned that the true age system only records four pieces of data off of driver's license. Right now, I believe it was the date of birth driver's license number, expiration date, and, uh, the state that issued the license. Speaker 2 00:45:36 Um, so this would imply that even if someone was able to get the database of this set of data for all the driver's license, they still wouldn't have a name even of the purchase. So they'd have to find a way to either also hack the DMV that has the database of names, or, uh, somehow know that out of band. Yeah, that's exactly right. Yeah. I mean, so, so let's say that somebody breaks into this system, right. And they were able to steal the database, the database is doubly encrypted. Right. And so in order to decrypt the database, they would have to break into, um, you know, two different sorts of organizations to even decrypt the information. And again, that's like massively, highly unlikely, right? Because these things are protected by hardware security and all that kind of stuff. But even like, you know, let's just say that they're able to do that. Speaker 2 00:46:30 Then all they have are those four pieces of information. So then they have to break into the DMV to figure out who the person is. Right. And so this is, this is, you know, like you would think like, this is overkill for an age verification system. Like people don't, you know, like, you know, you've applied to jobs before where they've taken more of your data and then photocopied it and shoved it in a unlocked file cabinet in the back of the store. Right. Um, but, but this goes to, you know, this goes to show you the lengths to which NAX goes to, to protect customer data, uh, in to make sure that they're only collecting the stuff that they absolutely have to, and then, you know, locking it away, doubly encrypted, you know, behind multiple firewalls in, in ways that even if you were able to get somehow, uh, you know, amazingly get to, uh, you know, the decrypted data, you would still need to break into the DMV or interact with the DMV to pull that, you know, record. Speaker 1 00:47:31 Yeah. It feels like that's the kind of information that, um, that anybody out in the world just the general public would love to know. Like, I always hate scanning my whatever, you know, especially driver's license and to know like, oh, I'm going to scan this thing and you're going to gather only the information you need and the other stuff is, uh, not available. And then it's also going to be encrypted. Sure. That makes me want to do it that much more instead of like, you know, having a mindset of like, ah, another one of these things I have to do. So Speaker 2 00:48:00 That's great. Yeah. I mean, and you know, and, you know, I think so, so it's great. Like, I, you know, my, my hope here is that, uh, people appreciate the lens that max has gone to, to protect people's privacy and it's way above and beyond what just about everybody else in the industry's doing. Right. I don't think just this industry, I think if you look at the internet in general, most, any industry yeah. No app. Yeah, absolutely. Yeah. So that's the thing, I don't know though, like, you know, it's, it's hard to tell how much people value their privacy, because I mean, you know, there's still plenty of people that use Facebook and don't see any issue with the amount of data that, you know, Facebook is collecting, or even if they do see an issue with it, it's not enough to, you know, get them to stop, um, you know, using Facebook or, um, you know, things of that nature. Speaker 2 00:48:54 Yeah. So just to move on, what's next for verus one and, uh, yourself at digital disarm. Um, so I mean, you know, various one is, uh, marching towards, uh, production. Uh, at this point, you know, we've done a tremendous amount of work at, you know, making sure that all the mathematical proofs are valid, that all the performance characteristics are where we, where we want them to be. Um, you know, the ledger is being, uh, you know, going to be red teams, which basically means like, you know, a bunch of professionals are gonna attack the ledger and an attempt to take it down as a part of, uh, you know, vetting by the us federal government. Um, and so it's, it's mostly kind of polished work. That's, that's left for various one, all the, all the core algorithms and, um, things of that nature, uh, you know, are, are there and have been implemented for a while now. Speaker 2 00:49:45 Um, at this point we're focusing on trying to get it to production. And again, there's like, you know, there's no, no ETA on it, but we do have these federal government programs and the national association convenience store program, that's really pushing us to get it done, uh, in and out into production soon. So, you know, it's, it's, it's more of the same, right? I'd say it's a, it's a big grind getting these, um, uh, these systems up and running in a full blown production capacity. Once we do that, once we stand the ledger up in production, um, you know, then we're going to hand it over to the various one foundation. So we've got this amazing board of governors, some of the same people that, uh, you know, uh, created the, um, the initial internet and built the, the initial internet out. So they understand how to build, you know, global systems. Speaker 2 00:50:37 Um, we need to get, uh, you know, uh, a lot more of this information out to the public about how the foundation operates and how you can provide input, uh, to the community. Um, and then, you know, and then it's a handoff, right? At that point, we just kind of, you know, digital is, are stops being kind of the, the leader of everything. And we basically stepped back into a maintenance capacity and we kind of push this boat. We built out into the water, um, and hope that the foundation and the community take good care of it. Yeah, exactly. Um, and, you know, we, we expect that to take a while, right. I mean, it's not going to happen overnight. It's going to take, you know, a year or two, I think, for the transition to happen. Sure. Are there any projects coming down the pipeline that you can talk about? Speaker 2 00:51:29 Um, unfortunately there are a bunch of a bunch of cool ones, um, but they're all under nondisclosure. Um, so unfortunately, no, not, not right now. Um, the big ones, you know, the big ones that we're really excited about or is this, you know, huge nationwide us national association of convenience stores rollout and, you know, the additional, um, the, the, the growing momentum that the U S federal government has in deploying DIDs and, um, and verifiable credentials. And, you know, we're, we're thrilled that, you know, verus one is in the running, uh, for being one of the, one of the did methods that the us federal government might support. Excellent. Speaker 1 00:52:14 Yeah. Well, it's been really exciting to hear, um, how DIDs and VCs, uh, in the hands here of verus one and it is, is making its way into public use, into day-to-day use. Speaker 2 00:52:28 Yeah, well, hopefully, yeah. I mean, we're like, we're really excited about it, right? I mean, the reason we're the reason we're working with, you know, a kind of a global community on this stuff is we want it to work for everyone in, we want it to get out there into the world. We want people, you know, to use it. That's one of the, you know, it's one of the reasons that, uh, you know, programmers and computer scientists do what they do is they, they want to help other people and they want other people to use the stuff that they're building. So, yeah, we're really excited about, you know, that, that becoming a reality over the next couple of years. Speaker 1 00:53:05 Awesome. And with that, we'll go ahead and change gears to our shameless plug section of the podcast. Speaker 2 00:53:13 I have one. So I just heard this last week that, uh, I think it's, Moderna, I'll put a URL in the show notes, um, is moving into phase, or has already moved into phase one clinical trials, applying its MRNs technology, which, uh, delivered the COVID vaccine or their COVID vaccine for both HIV and influenza vaccines. And it's just crazy to me that this technology that had not been deployed a year ago is now making such headway. And I know it didn't happen overnight, but kudos to see it really coming to the fore. And if, if we can get a true vaccine to the influenza that would save thousands of lives every year would be amazing. So that's my shout out. I'll have a URL for one of the stories in case you're curious about it. Speaker 1 00:54:01 All right. That will bring us to the end of our show today. Wait, Speaker 2 00:54:05 Manna, you don't have a shameless plug. I don't, I, you know what I, I, this sounds so lame, but I ran out of time to look for a woman I've literally been, been dealing with, you know, people attacking me on mailing lists and attacking the link data signature stuff. Yeah. Speaker 1 00:54:25 Invites to podcasts and stuff, Speaker 2 00:54:28 Prep calls, technical problems. Speaker 1 00:54:31 And that will bring us to the end of our show today. Manu, Speaker 2 00:54:34 Thank you for joining us on the show today. Thanks also to our staff, our producer, Erica coddle, and cohost Eric shoe, wherever Speaker 1 00:54:42 You find the rubric podcast, please take a moment to subscribe to our feed. So you'll be notified when our next episode is released. We look forward to you joining us next time. Speaker 0 00:54:52 Information, opinions and recommendations presented in this podcast are for general information only. And any reliance on the information provided in this podcast is done at your own risk. The views, thoughts, and opinions expressed by the speakers in this podcast belong solely to the speakers and not necessarily to the speakers, employer, organization, committee, or other group or individual.

Other Episodes

Episode 0

April 22, 2022 01:12:39
Episode Cover

Bitcoin Gets Ionic (did:ion)

The method did:ion began as an exercise in scalability. Backed by Microsoft, did:ion is a layer 2 “identity” network built on top of bitcoin...

Listen

Episode 2

May 25, 2021 00:57:18
Episode Cover

DIDs Are Magical

We talk with the folks making Decentralized Identifiers a reality. The co-chairs of the World Wide Web Consortium’s Decentralized Identifier Working Group, Dan Burnett...

Listen

Episode 0

May 25, 2021 00:57:11
Episode Cover

DIDs Are Magical

We talk with the folks making Decentralized Identifiers a reality. The co-chairs of the World Wide Web Consortium’s Decentralized Identifier Working Group, Dan Burnett...

Listen