Make Decentralized Identity work in the real world with Decentralized Ecosystem Governance

Trevor, thank you, and thank you all for attending this. What possibly will be the most exciting talk of this entire conference. There are two points I want to make about the title, and the first is, what do I mean by ecosystem?

Well, I mean the smallest set of participants that can deliver value. And that's important to sort of dwell on that distinction because it can be, we can often end up thinking about ecosystems in, in decentralized identity as something that's vast in scale and has to be implemented by governments, which of course takes time and slows everything down.

Which leads me to the next point or next distinction in the title is that this, what I'm, what I'm going to explain to you today is how we deliver value to our customers now, how we enable them to deploy, build, and deploy decentralized identity ecosystems, what we call trusted digital ecosystems. Now. So it's not a theory, it's not a concept, it's not a philosophy.

Well, the philosophical aspects to it, it's about how we make this work in the real world. So there are five points I wanna make. The first is incredibly obvious.

Everyone, every ecosystem needs governance. That is self-explanatory, but that governance should be transparent, needs to be transparent.

And why, because the interesting things that we are going to see in this area is what happens at the edge. It's when ecosystems begin, small ecosystems begin interacting with other small ecosystems and scale up. And in order for that to happen, right, in order for hope, it's very bright. So I'm not sure what you can see in order for a financial ecosystem to interact with a travel ecosystem or a healthcare ecosystem, they have to be able to see each other's governance. So fairly straightforward point there. The next point is that no one is going to do governance for you.

Now, in what do I mean by that? I mean, when you are building an ecosystem, you have to solve an individual set of problems. And every system, every ecosystem, and this is what Edward Deming explained to us in the 1960s, every system has variance and you, you who are building a solution are in the best position to understand that variance and how to solve for it. So this is something that again, you should want to do because you understand the problem best.

It's almost a, a, a variation on that EU principle of subsidiary let's the local people, the local, the most local area that has to deal with the issue or has to build a solution, gets to decide how best that solution is implemented. Now the alternative is that you could make governance complex and difficult to follow. So how would you do that?

Well, you could create a governance framework around future wear, which is dead on arrival. People want to build now, they're not going to wait around for something that might or might not be available in six months or a year. If you wanna make governance really complex, you should require external authorities or sovereign governments to join an organization or to create a foundation in order to solve a problem that's not going to work, that doesn't respect the realities of political power.

And related to that is you need to, you need to understand the nature of accountability, especially in the public sector that authorities have to demonstrate, right? It. So if you are come with this with a naive sense of, well, you must do this and you must follow that, you are just not going to be listened to.

Similarly, you could also focus on policy ahead of use case, which creates all sorts of other limitations because in this emerging technology, you are actually learning how to do governments governance by doing and creating verifiable credential ecosystems. It's not going to be apparent what the best governance is ahead of the actual deployment. And then you could also add what I call disfluency to elegance.

So the, the really fantastic thing about decentralized identity is the user experience. Once they're actually experiencing it, it's an incredibly elegant solution, even though as we all know, it comes, we discuss it in ways that are very often very com complex. But it is a beautiful solution.

So why, if you want to make that, if you wanna take away the beauty, the elegance of that solution, you want to, you do so by adding lots of complexity. And what we know from cognitive studies is that when people struggle to understand something, they transfer their dislike o of that cognitive process onto the actual product or process that they are otherwise trying to master.

So again, it's a perhaps a long way of saying keep it really simple and clear. So the, what alternatives do we have then?

Well, we can strive to create tools and make governance as simple as possible. And that's the birth of decentralized ecosystem governance, what we call de gov. So we had direct experience of this working with CITA and the government, government of Aruba, and the issue was how do we manage covid testing and covid vaccination for travelers?

Now, there are two approaches. There's one approach is to get everybody in the world to agree to a, a set of standards and rules and then implement that solution.

Well, that not only it would suggest failure in theory, but it actually failed in practice, right? Nobody in a, in a, in a, in a situation that we experienced with Covid, that kind of large top-down governance model was ineffective, complex and centralized with d gov governance responds and integrates differences across jurisdictions, and more importantly, it gives control to the sovereign authority. So what came across most strongly in the development of this solution was that the government wanted to be in control of who entered the country according to what test for how long.

And d gov was a way of enabling that. So what is DV in practice? This may be difficult to see if you're at the back of the room. So it's an open source technology that enables you through an editor to create a governance file to describe the schemers and issuers and other information flows in your ecosystem. So the governance authority encodes the governance file, publishes it to the cloud, verifying organization downloads the governance file.

And in this case, the credential holder presents the credential and the verifying organization confirms the credential issuer via the encoded government file. So you can quickly scale governance across an ecosystem.

And again, the sovereign authority or the authority responsible for the particular use case is in control. So dkv, or there are, there are many different, there are a variety of different terms to describe the, the, the, the, this concept. Trustless is another one, but they're all pretty similar. But this is, it's being worked on at the Decentralized Identity Foundation as a, a specification. And there are collaborative effort efforts with the trust over IP foundation in order to make sure there isn't duplication or unintended consequences of different rules.

And so this is an outline of our in DCO proven governance. This is this similar to what you saw in the previous diagram. What this does though is again, it gives the governance authority a way to translate its rules, who it approves as issuers, what information flows if, then this happens if X, Y, et cetera, et cetera. And it propagates quickly through the system. So what are the benefits of doing governance this way?

Well, you have a governance editor that quickly allows you to do the, the following. And I'm, I'm fortunately there's, you probably can't see that, but you can actually try this out. If you go to Inicio Tech and you go to the section on governance editor, you can actually play with the governance editor and learn how it works.

So we have a, a demonstration on the site, but it provides templates for common verifiable credential presentation requests between parties, ways to create lists for approved identity issuers, approved verifiers, and, you know, rules for choreographing interactions between parties. And this also allows for hierarchical permissioning. So it's very powerful, it's very simple to update and propagate updates across the ecosystem. And there are a series of benefits. Key is that this, this, this is a way of removing error from the system.

Files can be cashed so you have offline or near offline functionality, which is important because you, it's not only the cases where you are, you need to be able to implement governance rules in offline environments, but you know, you are always at risk of a system going down in the grocery store. So it's important that governance is 24 7. And by cashing the govern, the machine readable files among every participant in the ecosystem, you are able to gain that offline functionality. There's also the benefits from not having an external party organize the updating of governance.

You can do this rapidly and that speed is, is vital for many to organize many ecosystems. It's also cost effective.

So your, you don't have to rely on an external bureaucracy to like a centralized trust registry to make everything function. You get control of your system. Now there's a lot of talk about trust registries as being vital to the future of decentralized identity.

And yes, true. But what we're saying is decentralize the trust registry.

I mean, why would you create an external bureaucracy when every participant can have the trust registry in their, on their phone mobile device, in their agent's software? And there's an important, there's an additional important point of this, is that if you create a centralized trust registry, you are creating the risk of rent seeking. And the last thing we want to do in, in, in, in to, to stymie this incredible technology is to set up tolls on verification. And if you create a bureaucracy for governance, that's the risk that you have.

So there is no need we can eliminate this, this middle this, this middle and go have enable governance to be portable and direct. And finally, cause I wanna leave some time for questions. I get back to the issue of complexity. What we've seen over, you know, the last three, four years is that governance is often perceived as a bigger problem than the problem that the technology is trying to solve.

And again, this sort of concept of disfluency that it's not that, you know, you, you have a business leader or a C-suite or even the lawyers who see governance as a problem, then immediately you have a blocker on adopting the technology. So we don't want to see that. What we want to see is the concert is to start with small as, as being beautiful. And that having a lightweight governance way of doing governance is the way you get to market fast is the way you learn how to optimize your deployment and the governance for that deployment and fundamentally how you realize value in this technology.

So that's, that's my spiel on governance. Thank you. So we actually have some time for questions. Okay.

Let's, let's start from here. Fabulous presentation. Thank you. So the governance file, this is terrific. Have you measured how quickly one could update the governance file? Is it in microseconds? It'd be interesting to have a slide. It shows old world, it would take days, weeks, months, whatever. Sure. That's A, and With you it's a mouse click. Have you measured how, how quickly that can be done? That's a great question and fortunately in the audience we have Sam Curran, who's one of the architects of decentralized ecosystem governance. So what's your answer to that, Sam? One second.

The microphone is the talking stick, right? The, it's a, it's a, it's a sign and a publish and then the, the actual retrieval just uses regular web technology like an HTP get. So this is, this is a rather rapid thing that you can do. The alternative of course is to, there are some ecosystems that exist today that have outsourced the updating of that to a third party, which means that you have to work with whatever processes they actually have in order to, to serialize that into a process. And so the alternative is, is just self-publishing of that, which is rather rapid. Is that good, Claire?

That's great. I want micro close enough. So you wanna add to some, add to that maybe. Would you like to add some That's good, thank you. By the way, we have one poll question. You could maybe participate it on that and then at the end of q and a maybe we can see the results. Any other question? So we have an online question then I can ask that one. What is the difference between hierarchical and distributed governance in a decentralized identity solution and why is it important for customers to be able to choose between them?

So I think the good example of this is if you are going to manage, say drones moving through different airspaces, right? You're going to the the, now I'm not an expert on the different controlling authorities in the US where I've lived most of my life, but you need to be able to coordinate permission between local airspace, federal airspace, national airspace. And that's when hierarchical permissioning, it's a great example of hierarchical permissioning comes into play.

So that using DICOM you are able to signal to the drone when they're moving to a different sort of a different governance sector or area or have to follow these different rules. So I think that's a, that would be an example of that. So I think we are about the time. So can you maybe share the poll results? I have it in front of me. Yeah. So it is 66% no.

And 30, 33% Yes only. Oh Good. That's good. So it really slowed down governance issues really slowed down the decentralized ID Department. Okay. Okay. That's not good. Thank you Matthew. Thank you.