Event Recording
Introducing The Global Assured Identity Network (GAIN)
100 experts propose an interoperable scheme to create a virtual IDP.
Thank you Martin for introducing us. Let's see if our slide is coming up. Yes. So I got free on, I are going to introduce this new initiative called gain global assured identity network to regain trust to the cyber space. In the beginning, there was trust in internet. Everybody was known to the network through their participating organization, and everybody knew that they are going to be held accountable. But with the introduction of commercial connection to the internet in the nineties, that trust was lost. Now people could act anonymously and some people started to feel that they probably are not going to held accountable. And criminals took advantage of that. The wild wild west era of the internet has come along since then many efforts to regain trust has been spent, but it has so far not been very effective financial crimes, born of illicit activities with a quantifiable impact to people are costing us up to 5% of GDP every year for every $1,000 of illegal funds in the financial system, a hundred dollars is spent for the compliance, but only $1 is intercepted. Guess what is the ROI? Redondo investment is miserable. The flip side of coin is the financial exclusion. As the cost for onboarding people into the financial account became so expensive, actually prohibitively expensive for those populations. They got excluded from the financial systems and thus became very hard to reach from the aid past point of view.
Many people say that a anonymity is good for privacy, and I agree, but the situation today is that it's only available to those with resource and the rest of us are pervasively tracked the resulting in the situation that only the criminals are enjoying the anonymity. So why are we not successful? Improving despite of 30 years of cost, effort, time, cost, and effort. It's because we haven't addressed the root cause. The identity and accountability of the participants in the network. What we need is to reestablish the accountability of every participants within the ecosystem, such ecosystem can interconnect each other based on comparability and the mutual recognition principles to form the network of accountable ecosystems that eventually covers the good majority of the cyberspace population gain. Global assured identity network is one such ecosystem gain is an overlay network of other internet that consists of accountable participants with assured identity. Only every participant identity proved through their hosting organization, primarily consisting of financial institutions and other regulated entities, which are required to identity proof, their customers, and the resulting high, a claims high assurance attributes are the basis of the identity information that are passed from identity information provider to running parties, part instruction of the end users.
This is very powerful. Now I can express that I'm over 18 and ABC bank attested is the third party attested claims instead of self claimed saying that I'm over 18. Believe me look into my eyes, which usually doesn't work. So I have to produce my identity document like driver's license or passport at which point I have given up so much more information that I should be. This premises is based on Ingle upon the identity proofing previously performed identity proof is a very, very costly proposition. If you had to do it for this identity information provision purpose only, then it may become very expensive and perhaps not commercially viable, but if it's done by the regulated entities, like, you know, financial institutions, the identity proof cost has been paid by their core business already so that this new proposition needs to take care of only small portion of the cost incremental cost. It's a little bit like a large retailers having so much redundancy in their computing power, which is resolved for the holiday season, started to, you know, lend out that computing power cloud computing, right?
Cool
Being IDT proofed in this network doesn't mean that user cannot act anonymously or pseudonymously in fact, we think they should be because we promote minimum disclosure. Only the difference is that at the time of dispute on the problems, they can be traced back. Those anonymous identities can be traced back to the real entity through due process and with a special designated opener so that we can quickly get into the dispute resolution mode. Ryan parties are identity proof as well. They are identity proof by an called service provider, which can be solved by banks, their banks, they Bo the Ryan part is into this game network and then identity information provider when connecting the end user to the running parties, they're going to make sure that running party is authenticated so that end user can feel safe at the same time. That means for the rowing party, they are being trusted by end users translating to more business. There's yet another advantage of this model. If row party wanted to connect with 8,000 banks worldwide, they have to register individually to those eight end points. And they also have to sign 8,000 times the contracts that's clearly not scalable in gain's case. They only need to register once to the gain network and the information the metadata is going to be shared among the order identity information provider. Thus, the rank party will get instant recognition from all the identity information provider in the network and will gain the reach to the global customer within gain.
As a result, individual chance, individuals can also access all the relying parties that they were not able to before, without needing to go and go through cumbersome setup each time. So it's gonna be easy, safe, and more choice for them. Of course, no process is perfect. There will be bad actors in the network as well, but the problem is, is much more tractable because that is going to be the exception instead of the norm. So it will be good enough to take action. Trust is reestablished.
Okay. Thank you. This will be a hard act to follow and not just in terms of dress code, but thank you. So thank you also for sketching, what the world is facing, which is not just a climate crisis, but an identity crisis. And the game paper lays out a potential to lose into that, to that identity crisis. One of the key elements in the game paper is indeed a big role for banks, not an exclusive role, but a big role for banks. Why banks and part of the answer goes back to Willie Sutton. A famous bank robber on, in old age was act was asked, why, why did he keep robbing banks? And his answer was because that's where the money is. And I would paraphrase that part of the reason for looking at banks is because that's where the data is. They do have the data on their customers and like they're used to treating your money only with your permission.
They should be able to handle your data with your permission. And the second thing that they have is authentication mechanisms. They can actually verify that you are you when you interact with them in the old days, they used to do that by checking your face in the bank, they've moved on, they then check your signature on transfer instructions. They then move to one time passwords, but now they just use the mobile as the second factor. So they have strong authentication in place and they know who you are. They have key data for, for identity, but there's a third element that banks bring to the table. And that is cooperation. They have a history, especially in payments of working together on standards and getting them adopted payments, only work. If multiple banks are involved, there are very few payments made to customers of the same bank.
So they've always been forced to cooperate both nationally and internationally. And these are some of the logos and names of platforms that have been built in the past by banks. Initially, some of them are no longer owned by banks, but they have a history of cooperating them in them. And I used to be head of standards at one of these institutions at swift was what the most fun job I held in my entire life was head of standards there. And one of the things I learned about standards is that standards are a great thing. And why, because there's so many to choose from that was an old joke, but it does bring home. The point that standards are only useful. If they get adopted, they do need to get adopted and banks have a good history of getting these standards adopted and used. So I would say those three things are a good reason for involving them and looking at them to help solve this, this identity crisis.
But there's a second, there's a second element. Why banks is one valid question. The other is why now and why now, part of why, why now is the situation that net sketched, there is a real need to solve this problem online and establish people's identity in a better way than ask them to scan their passports or go through video services, et cetera. But the other, the other reason why now is because the solution in terms of technology is available now. And I would say there are two key elements. One is APIs APIs, make it possible to have the banks share your data directly with the relying P party with your permission. And the second element is a set of protocols and standards like open ID connect. And, and there are a few more that are discussed here at this conference, but the standards to make that happen are also available right now. So the paper sketches, an overall vision where a combination of providers like banks, not exclusively banks and standards and technology APIs and, and open ID, et cetera, are brought together to provide this globally and thereby, as you say, reestablish trust. So that takes us back to the paper, which we all urge you to read. And maybe I, I handed back to my co-presenter here for, for the next steps they
Could continue, but yeah, I can also continue. So, so that's the paper that we are published. We have published just a few minutes ago, I think. Yeah. And you can go, you can read, scan the Q code to download the paper. It's a work of over 150 coauthors. So please do, and do not forget that we are going to have game panel discussion this Wednesday at pharmacy two down the hall and at 3:00 PM with this distinguished panelist. So if you have read the paper by then, then you can ask the questions there. Right?
That would be good. Yep.
So my call to action is join gain to regain the trust by contacting digital trust iif.com. And we have also set up an email address, info gain forum.org,
Things move fast. Yes. We have a, we have an email address, info gain forum.dot org, which is the other one to use.
So that's it. Well,
Maybe one more thing. Okay. Sure thing to steal from the guy with the turtleneck. Who's no longer with us, but there's one more thing. I think we want you all to read the paper, but we also want you to go back to your national communities, cuz a lot of this can be solved in a national context and then make it globally interoperable, but go back to your national communities, work with banks and other providers to get momentum going at the end of the day, because this is only, this is only gonna work if we solve this globally. And that starts often in the, in the national context, we can solve this in a way that leads the consumer in charge of their own data, rather than relying on large oligos to, to solve this forest. So go back to your local communities, work with them, have them read the paper, proselytize the paper, if you will. And, and see if we can get momentum at the national level in a lot of countries, that's already happening by the way, but the more, the better. And then we can indeed globally regain the trust. Thank you very much.
Thank you.
Many people say that a anonymity is good for privacy, and I agree, but the situation today is that it's only available to those with resource and the rest of us are pervasively tracked the resulting in the situation that only the criminals are enjoying the anonymity. So why are we not successful? Improving despite of 30 years of cost, effort, time, cost, and effort. It's because we haven't addressed the root cause. The identity and accountability of the participants in the network. What we need is to reestablish the accountability of every participants within the ecosystem, such ecosystem can interconnect each other based on comparability and the mutual recognition principles to form the network of accountable ecosystems that eventually covers the good majority of the cyberspace population gain. Global assured identity network is one such ecosystem gain is an overlay network of other internet that consists of accountable participants with assured identity. Only every participant identity proved through their hosting organization, primarily consisting of financial institutions and other regulated entities, which are required to identity proof, their customers, and the resulting high, a claims high assurance attributes are the basis of the identity information that are passed from identity information provider to running parties, part instruction of the end users.
This is very powerful. Now I can express that I'm over 18 and ABC bank attested is the third party attested claims instead of self claimed saying that I'm over 18. Believe me look into my eyes, which usually doesn't work. So I have to produce my identity document like driver's license or passport at which point I have given up so much more information that I should be. This premises is based on Ingle upon the identity proofing previously performed identity proof is a very, very costly proposition. If you had to do it for this identity information provision purpose only, then it may become very expensive and perhaps not commercially viable, but if it's done by the regulated entities, like, you know, financial institutions, the identity proof cost has been paid by their core business already so that this new proposition needs to take care of only small portion of the cost incremental cost. It's a little bit like a large retailers having so much redundancy in their computing power, which is resolved for the holiday season, started to, you know, lend out that computing power cloud computing, right?
Cool
Being IDT proofed in this network doesn't mean that user cannot act anonymously or pseudonymously in fact, we think they should be because we promote minimum disclosure. Only the difference is that at the time of dispute on the problems, they can be traced back. Those anonymous identities can be traced back to the real entity through due process and with a special designated opener so that we can quickly get into the dispute resolution mode. Ryan parties are identity proof as well. They are identity proof by an called service provider, which can be solved by banks, their banks, they Bo the Ryan part is into this game network and then identity information provider when connecting the end user to the running parties, they're going to make sure that running party is authenticated so that end user can feel safe at the same time. That means for the rowing party, they are being trusted by end users translating to more business. There's yet another advantage of this model. If row party wanted to connect with 8,000 banks worldwide, they have to register individually to those eight end points. And they also have to sign 8,000 times the contracts that's clearly not scalable in gain's case. They only need to register once to the gain network and the information the metadata is going to be shared among the order identity information provider. Thus, the rank party will get instant recognition from all the identity information provider in the network and will gain the reach to the global customer within gain.
As a result, individual chance, individuals can also access all the relying parties that they were not able to before, without needing to go and go through cumbersome setup each time. So it's gonna be easy, safe, and more choice for them. Of course, no process is perfect. There will be bad actors in the network as well, but the problem is, is much more tractable because that is going to be the exception instead of the norm. So it will be good enough to take action. Trust is reestablished.
Okay. Thank you. This will be a hard act to follow and not just in terms of dress code, but thank you. So thank you also for sketching, what the world is facing, which is not just a climate crisis, but an identity crisis. And the game paper lays out a potential to lose into that, to that identity crisis. One of the key elements in the game paper is indeed a big role for banks, not an exclusive role, but a big role for banks. Why banks and part of the answer goes back to Willie Sutton. A famous bank robber on, in old age was act was asked, why, why did he keep robbing banks? And his answer was because that's where the money is. And I would paraphrase that part of the reason for looking at banks is because that's where the data is. They do have the data on their customers and like they're used to treating your money only with your permission.
They should be able to handle your data with your permission. And the second thing that they have is authentication mechanisms. They can actually verify that you are you when you interact with them in the old days, they used to do that by checking your face in the bank, they've moved on, they then check your signature on transfer instructions. They then move to one time passwords, but now they just use the mobile as the second factor. So they have strong authentication in place and they know who you are. They have key data for, for identity, but there's a third element that banks bring to the table. And that is cooperation. They have a history, especially in payments of working together on standards and getting them adopted payments, only work. If multiple banks are involved, there are very few payments made to customers of the same bank.
So they've always been forced to cooperate both nationally and internationally. And these are some of the logos and names of platforms that have been built in the past by banks. Initially, some of them are no longer owned by banks, but they have a history of cooperating them in them. And I used to be head of standards at one of these institutions at swift was what the most fun job I held in my entire life was head of standards there. And one of the things I learned about standards is that standards are a great thing. And why, because there's so many to choose from that was an old joke, but it does bring home. The point that standards are only useful. If they get adopted, they do need to get adopted and banks have a good history of getting these standards adopted and used. So I would say those three things are a good reason for involving them and looking at them to help solve this, this identity crisis.
But there's a second, there's a second element. Why banks is one valid question. The other is why now and why now, part of why, why now is the situation that net sketched, there is a real need to solve this problem online and establish people's identity in a better way than ask them to scan their passports or go through video services, et cetera. But the other, the other reason why now is because the solution in terms of technology is available now. And I would say there are two key elements. One is APIs APIs, make it possible to have the banks share your data directly with the relying P party with your permission. And the second element is a set of protocols and standards like open ID connect. And, and there are a few more that are discussed here at this conference, but the standards to make that happen are also available right now. So the paper sketches, an overall vision where a combination of providers like banks, not exclusively banks and standards and technology APIs and, and open ID, et cetera, are brought together to provide this globally and thereby, as you say, reestablish trust. So that takes us back to the paper, which we all urge you to read. And maybe I, I handed back to my co-presenter here for, for the next steps they
Could continue, but yeah, I can also continue. So, so that's the paper that we are published. We have published just a few minutes ago, I think. Yeah. And you can go, you can read, scan the Q code to download the paper. It's a work of over 150 coauthors. So please do, and do not forget that we are going to have game panel discussion this Wednesday at pharmacy two down the hall and at 3:00 PM with this distinguished panelist. So if you have read the paper by then, then you can ask the questions there. Right?
That would be good. Yep.
So my call to action is join gain to regain the trust by contacting digital trust iif.com. And we have also set up an email address, info gain forum.org,
Things move fast. Yes. We have a, we have an email address, info gain forum.dot org, which is the other one to use.
So that's it. Well,
Maybe one more thing. Okay. Sure thing to steal from the guy with the turtleneck. Who's no longer with us, but there's one more thing. I think we want you all to read the paper, but we also want you to go back to your national communities, cuz a lot of this can be solved in a national context and then make it globally interoperable, but go back to your national communities, work with banks and other providers to get momentum going at the end of the day, because this is only, this is only gonna work if we solve this globally. And that starts often in the, in the national context, we can solve this in a way that leads the consumer in charge of their own data, rather than relying on large oligos to, to solve this forest. So go back to your local communities, work with them, have them read the paper, proselytize the paper, if you will. And, and see if we can get momentum at the national level in a lot of countries, that's already happening by the way, but the more, the better. And then we can indeed globally regain the trust. Thank you very much.
Thank you.
Stay Connected
How can we help you