Event Recording

Verifiable Credentials on the front line

Log in and watch the full video!

Learn how businesses are using verifiable credentials, decentralized orchestration and blockchain identity to reduce fraud, increase privacy and improve user experience. See real-world examples of production ready solutions from one state’s Department of Education and other public sector organizations. Learn how biometrics, proofing, KYC and other MFA services link with verifiable credentials through decentralized orchestration. See how paper-based documents like diplomas, academic transcripts and citizen identity are being replaced with verifiable credentials that reduce cost, increase security and privacy preservation. Learn how Ping Identity and other sources can issue and verify blockchain based verifiable credentials.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
All right. Thanks everyone. We're going to talk about today. We're gonna give some examples and talk about various projects with very verifiable credentials that, that we've worked on and, and other interesting things that are going on in the market for an agenda. The first first thing we're going to talk about a little bit is some decentralized identity basics. And we're gonna talk about adoption. Let me just go to the next slide. All right. I don't think this is the right deck. Can we switch it real quick, Raj Raj, or is it too tough? All right. Just two minutes. All right. Thank you. So I'll go through the overview real quick, and then we'll jump through those first couple slides when that's updated. But today we're gonna talk a little bit about the market challenges that we hear things that we hear from our customers when we're out consulting with, with them about decentralized projects and verifiable credentials.
And, and after that, we'll talk a little bit about the composable enterprise. Martin mentioned it, his keynote, the concept of this composable enterprise, and we're gonna show kind of how that could be achieved through orchestration at the, at the identity layer. So we'll give a quick background on that, and then we're gonna jump into four use cases for projects that we've worked on with verifiable credentials specifically. And I'll give an overview of those just while we're waiting. The first is the state of North Dakota in the us. As of right now, the state of North Dakota is issuing verifiable credentials to every one of their graduating seniors. And that verifiable credential contains the common learner record that the student can carry with them, and they can use that credential to apply for a job for higher education and anybody that's that's that's part of that ecosystem can, can use those credentials to immediately verify the learner record and the information contained within the really interesting thing about the project.
And we'll get into it in depth is that it's using a lot of things that, that these organizations use already today. So very important in the project, even though we're using a new technology to container and validate that, that, that record, we, we use the same format that has been around for years, so that everywhere downstream, it could be consumed naturally. All right, so let's try this again. So there's a market views, composable enterprise, and then our four opportunity, our four examples that we're gonna show and I'll hit those in a little bit. So first the market views, what do we see from our customers? What are they saying?
And the first and without doubt, the biggest is that there's the ideology behind verifiable credentials behind decentralization in general, as some future state. So everybody's waiting for something to become finalized before they jump in and start and start working through a solution. We're gonna show why that's just not necessary. Decentralization, loss of control, big perception that they're giving up and enterprise especially is giving up control when they decentralize the identity layer. That again, really isn't, isn't true. There's just some, some misunderstandings. Another big one we hear a lot is, is the, just the common misconceptions coming out of crypto. So is my data safe? Am I putting data on the blockchain? Is there all, all this other stuff that they just they hear about? And again, technology's always changing. So we really try to ground it in business problems, as opposed to, as opposed to talking technology.
When we're, when we're consulting with companies, replatforming is, is another huge one behind misconception. The idea of replatforming is scary. The enterprise is in a constant chain state of flux with systems coming and going. And so being able to, to show seamless integration with their existing systems is very important. If you want to even get out of the starting gates and then proof of life technical maturity, we're gonna show in these examples, three of the four that I've listed are in production today. Only one of 'em is still on pilot. And so we'll show again, some good proof of life in the industry of how these technologies and solutions can be used today to really affect some real change and cost savings in, in the enterprise. So composable enterprise, we talked about that a little bit, and to me, it's, it's orchestration, right? It's orchestration of tools and services and, and how those fit into existing enterprise applications or in, you know, the North Dakota case and educational systems, the existing systems, they have absolutely require requirement that we can do plug and play with with zero with legacy systems and do that in a way that doesn't require a bunch of code.
So if we lead out that conversation with, we know the perfect solution, here's a toolkit, right? We lose every one of those because people just don't have the time to, to invest in, in complicated projects. Most of the time, if you can go in and say, here's a code free solution, you plug this into that, you plug this in here and you know, the magic's in the middle, you can get a lot more traction. And then the customer has a bigger appetite for how to, how to evolve that, that solution themselves authentication flows have to be flexible. Not one rule can apply to all of the different identity providers or all this stuff. We'll see all of that. When we show an overview of the orchestrator application and a little bit, one really big thing that, that people are, are just starting to kind of think about is how to build that trust across different private ecosystems.
So in an enterprise, for example, they'll have their, they may have three or four identity systems. They may have a whole bunch of services and that's great. We can orchestrate those flows within their, within their ecosystem, but we also have to be able to cross that out into external ecosystem. This is where verifiable credentials really pick up speed, because it's a great container. It's a natural container if we're building that trust across those different ecosystems. So we built in a little bit and, and I'll show briefly how to, how to do a trust ecosystem, very important for the enterprise to be able to do that just by SHA saying, I'm going to share this particular thing with this organization and let the other organization take care of, or have a part in the security of, of those flows themselves. So using their identity providers, using their flows, instead of being completely reliant on the, the, the initial organization to set that all up, they need their own voice in that.
So very important piece of, of orchestration and building that composable enterprise that I think Martin was trying to get to lift and shift, obviously that you don't even need to say anything about shift. If you go in there with the concept of building something new, they'll show you the door quickly and the enterprise. And then we have to be able to add in a bunch of different operational things, biometrics, IGA, there's all these different things that the enterprise or other organizations are concerned with, that we have to be able to address. And we have to be able to build that into the flows. All right. So why is it all important? I mean, here's an interesting quote, right? There's going to be something and it's going to be huge. What's the total addressable market on, you know, on something like on something like this, it's absolutely massive.
So getting this right, I believe requires a dedicated platform that can bring best of breed solutions to an enterprise without waiting on legacy identity systems to catch up and without doing a bunch of bespoke integrations with different service or different vendors, enterprise, and most of our customers, they don't want a bunch of different vendors, right? They want a one stop shop. They want one product that can bring them the best of breed technologies so they can integrate and orchestrate naturally. So that's a huge part I think, of, of this. So let's talk about some, some examples, North Dakota, Dakota, I gave a pretty good overview and I'll show you some screenshots. We loaded in a bunch of screens of their actual system they're using today. And as I mentioned, all of the graduating seniors have the option now to download their learner record and take that.
And with, with other colleges and employers that have the ability to verify that that credential, it can immediately verify. So imagine you're going to a college to apply that process. Now goes from weeks sometimes of trying to verify all the legitimacy of this information that, that you're actually having to go and, and find that yourself, cuz the student doesn't bring it today. They just say, yeah, I graduated from this high school and then, and the, the college has to go and find all that information. Now they carry it with them. So that's a cool project. We're gonna talk about zoom bouncer, which is in the production app store with zoom. And it protects attendees with verifiable credentials, with a bunch of different things. We'll show you how that's done so you can prevent zoom, bombing, keep people outta your, outta your meetings. And again, you can go as superficial as possible.
Just enter your email address clear down to, you know, verify who you are through document scans and biometric proofs. So pretty interesting stuff. There also a citizen ID project, which I meant is in pilot, we did that for a, a state in the United States. It was looking at streamlining service access for their citizens. We'll show you a little bit about that. And then the ID ramp composer application as well, that just shows kind of how we can do all of this in a, in a, in an ecosystem or in a, you know, an enterprise ecosystem where we federate their different systems and services and then provide verifiable credentials as a replacement to a traditional and password or, you know, whatever, whatever you you choose to do there, I'll show a little bit of that. There's actually a fifth. If you, if you guys didn't see that yesterday, yesterday released a new category actually for verifiable credentials and CTO won the award for, for that, for the innovative work they did with the government of Aruba on travel and tourism.
So if you guys didn't catch that presentation yesterday, you know, you should check that out. It's a, it's another proof of life project that shows verifiable credentials in the, in the wild serving, serving use case. So, you know, congratulations to Adrian Yuri, Heather, and the NDCO team for putting together such a great project and winning that award yesterday. All right. So we reviewed this a little bit, replacing their paper with credentials. Here's what it looks like. So they've developed an open credential publisher and this publisher contains, you can see this student, Eric has one credential assign. They have the ability to share it. They can download it to any of the supportive wallets that that North Dakota chose to, to use for this project. So, you know, this is some, some interesting stuff here because this is vendor agnostic. So it doesn't matter. They didn't tie into a single vendor, they're using a standard and that can be consumed.
In this case, you see the ever connect me wallet and the ID ramp wallet are both equally capable of holding these credentials and taking this. So the student has a choice. They're not locked into a single single product. So this is, this is an important part of the project. I mentioned that we were using a common learner record. This has been around forever. This is what the CLR looks like from a student. And it contains, you know, grade levels credits all the stuff that many of the systems are geared up to accept already. So the last thing we wanted to do in this project is, is invent something that couldn't be consumed downstream by existing processes. So this CLR actually goes into the credential as an encrypted attachment. The credential verifies the package and the CLR gives them the, the PA or the, the data that they're used to seeing.
So it works quite well downstream, even though we have a new front door, if you'd like for instant verification or, or more quick verification of this data, the data itself still works downstream. So this was an important piece of the project and required some required some work on our part. This is just the interface that shows that we're gonna download that when the actual credential is presented, you can see the student just has the ability to accept that and, and put it into their wallet. And then as I mentioned, this allows them to take to, to an organization, a company, or a higher education institution, and simply present that credential, which can be immediately verified and validated without having to go back and talk to the, to the high school that, that issued it. So cool project. And if you wanna know more about that, please get a hold of me.
And I'll, I'll put you in touch with them directly. If you'd like to learn a little bit more about what they're doing, or of course, happy to answer any of those questions. The next project we talk about was, was bouncer. This is a project for zoom, specifically, designed to keep attendees out, unwanted attendees out of zoom meetings. The need really exploded when our world went virtual and everybody was, was doing zoom meetings. So it works really well. I'll show you some of the interfaces here as well. We're using traditional, you'll hear those recurring theme, but we're using traditional Federation processes enhanced and expanded by verifiable credentials to achieve some interesting results. So in this case, zoom is traditionally federated back to the bouncer application with SAML for, for the different groups. And then we're using verifiable credentials. We're using biometrics, we're using phyto, authenticators, everything else to, to actually let the customer choose how they wanna protect that zoom event.
So this is just a quick screenshot. You can see, you can see there's some, there's a, there's a simple email factor, which you can do. And these are, you can tell it's not too far outta development. There's some, some authentication token things that we probably need to clean up from a, a verbiage perspective, but we can allow a Google authenticator or AFI, or we can allow a verified email credential, or we can say just type it in, or we can allow a biometric verification so we can go simple liveness chest test to get in and make sure that it's a real human, or we can go through a complete document onboarding if you want to, to prove out that this list of, of, of users is allowed to, to get into my meeting. So, and you can see the allowed access list. So we tried to make it very easy for someone to come in and put in a list of five or six email addresses, and it'll basically keep everybody else out.
So this is kind of what it looks like when you try to join, you try to join, it'll come up and just say in the biometric case, it'll say, scan your face and, and get into the meeting. It's a really cool project. You should check it out. It is in the production app store right now for zoom. So, and it's pretty self-explanatory, it takes about five minutes to get through the initial setup of the, of the configuration. And then you can protect meetings. Anytime you wanna protect a meeting, you can, you can implement any of these features. The biometrics of course, does require some onboarding because you know, it's biometrics, but all the other features you can use, right outta the box, all right, moving on to citizen IDs. This is a project we work on for a, for a state in the us. They had 141 government is government provided services to their citizens.
And the thinking here was we wanna streamline this process. We can't ask our citizens to log in with 141 different sets of credentials, which is the way of the world today. So again, using traditional Federation protocols, we tied a number of their applications back to a translator, if you will, which is ID ramp up in this case. And we translated that into verifiable credentials. So there were two parts to this project. The first was getting the CIS and onboarded, and that required them to of course, download an application, right? So they could go through a biometric onboarding or, or even a manual verification onboarding. We did both for simplicity just to kind of see how it would work in, in the pilot. And, and once that citizen was onboarded, they were given a set of information, right? This might be information from their driver's license.
It might be information from, you know, a citizen ID card, whatever they wanted to, to, to happen to have in their wallet. The advantage was once it was in that wallet, all the decisions for which information they needed to present was out their hands. When they went to access any of those connected services, they just had to interact with the system via scanning, a QR, and the system would ask for the information it needed. So it would say, Hey, I'm looking for these three sets of information to get into maybe to get into housing or, or health and human services. But if you're going to court services, we need another set of information. Maybe we need, and, and the user doesn't have to figure that out, right? They don't have to go and find those attributes it's automatically figured out. And the credential presentation comes up to them and says, Hey, you're trying to access housing services.
It's asking for this. Do you wanna send it? Yes. And they go, so we created a pilot here that allowed any of those connected services to be accessed with one simple and single integration or interaction, and the end user that citizen did the same thing every single time, even though the, even though the, the information that they capture are being required is, is much different. So this is kind of what that looks like. You know, we replaced username and password with a really simple, really simple scan, and they scan that. And you can see it's asking for in this case, you know, social security number, which we never would, but anyway, example, and first name and last name. So really simple integration worked very well with, with this particular customer. And, and we're hoping that they eventually kick this outta pilot phase and, and get into production with it.
The last project that I'll show is just really the ID ramp interface. And I mentioned, I mentioned that the composer, the composable enterprise had some requirements right about integrating code free. And so this is really just an opportunity to show the work that that we're doing, or a couple slides on things that we're doing to affect that, that code free future. So as you can see in, in the ID ramp interface, you can bring in, this is a traditional identity stacks, bring any of those in that you would like and configure them support social login, or any kind of multifactor providers. And then for any, any service or any application or flow that you're trying to, to deploy, you can configure it to come back and use one of these identity providers or, or, or change the flow. So I think in this next example, I'm gonna show a, a Salesforce login, for example, and maybe for that Salesforce login in this case, I'm supporting a bunch of different identity providers.
So I'm saying to certain sets of users based on policy, if you wanna log to Salesforce, you can use any one of these providers. The one that we're demonstrating here is digital credential. So it must, you must have a digital credential. And then it's gonna ask for a phyto phyto compliant, multifactor, not sure why you do that, but it can be done. And that's, that's what we're showing here. So that is kind of what we're doing. I ramp up again, happy to talk to you about anything that you may want to ask questions on there. And I think that is all I have.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00