SlideShare a Scribd company logo

Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity

Data Con LA, profile picture
Data Con LA

Harrison, CEO of Spokeo, discusses identity in the Web3 context, emphasizing decentralized identity and self-sovereign identity (SSI) that empowers users to control their own digital identities. The document outlines the current centralized identity model and the vast market for identity services, estimated to generate over $70 billion annually in the U.S., and highlights the benefits of decentralized identity for enhanced user privacy and data verification. Key technologies enabling decentralized identity include verifiable credentials, decentralized identifiers (DIDs), and entity resolution techniques.

Data & Analytics
1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Identity in Web3
CONFIDENTIAL About Harrison, @theCEODad • CEO & Co-Founder of Spokeo • Co-Chair of W3C Credentials Community Group • Dad of 3 sons About Spokeo • Spokeo is a people intelligence service that helps over 15M users a month to search and connect with others • We are the only Data + UX company in our space, organizing over 16 billion records into 600M entities • We generate about $90M/year and have been profitable without VC funding since 2008 About
What Is Identity? Identity is the accessible data about an entity
CONFIDENTIAL Identity is accessible data or characteristics that define a distinct entity. It answers who we are • People Data: Include name, contact info, personality, behaviors, demo, credit, reputation, … Data sources could be first-party, second-party, or third-party • Entity Being: Entity is a thing with distinct and independent existence. The constituent parts could change over time but remain connected • Access Control: Make sure that the right people can access the right data or resources. Include authentication, authorization, and audit processes What is Identity?
CONFIDENTIAL Identity today is the How to the What, or a means to an end. Itʼs the much-needed fabric of the Web that empowers: • People Search: Connect and verify people with trust • Genealogy: Research ancestors and heritage • Fraud Prevention: Identify and prevent fraud • Financial Crime Compliance: KYC, AML, … etc • Credit and Payments: Facilitate financial transactions • Authentication: Secure account access • ID Protection: Secure digital identities • B2B Marketing: Find sales leads and customers • Marketing Analytics: Optimize ad spend and reach Identity Use Cases
CONFIDENTIAL Identity market is huge and generates more than $70B/year in the US alone (a non-exhaustive list of segments below): • B2C People Search: ~$500M • B2C ID Protection and Password Managers: ~$5B • B2C Genealogy: ~$1.5B • B2B Identity Verification & Fraud Prevention: ~$20B • B2B Authentication & KYC: ~$10B • B2B Identity & Access Management: ~$5B • B2B Credit Bureau: ~$15B • B2B FCRA Employment Screening: ~$2B • B2B Marketing Tech: ~$75B Identity Markets in the US
What is Identity in Web3? Identity in Web3 is the Decentralized Identity
CONFIDENTIAL Web3 is the decentralized web that heralds the concept of digital ownership • Decentralization: The distribution of control or power to multiple entities rather than a single one • Digital Ownership: The state or fact of legal possession and control over digital, intangible properties in the metaverse • Tokenomics: The economics and factors around how to value and price a token or cryptocurrency If Web1 is Read and Web2 is Read & Write, then Web3 is Read & Write & Own What is Web3?
CONFIDENTIAL The problem of decentralized identity can be broken down to decentralized entity, decentralized data aggregation, and decentralized data access Decentralized Identity Entity Data Access Centralized SSN, Passport #, Twitter Handle, Facebook ID, URL, Vendor IDs Big Tech, Government, Credit Bureaus, Data Aggregators Social Login, Federated ID, Big Tech, Govern. Decentralized Decentralized Identifier, Soulbround NFT, Entity Resolution, HD Keys Verifiable Credentials, Personal Data Store, IPFS, De. Reputation Self-Sovereign Identity, Self-Issued OpenID Provider
CONFIDENTIAL Decentralized identity will overtake (but not kill) the current centralized identity paradigm because: • Data Regulations: CCPA, CPRA, and GDPR has created data rights. FCRA, HIPAA, and other laws require user consent. eIDAS in Europe requires SSI • Data Quality: Multi-party (1st + 2nd + 3rd-party) data validation and the incorporation of UGC ensures better data quality than single-party approaches • Network Effect: Identity as a multi-sided platform enables virality and network effect • Web3 Movement: New genʼs distrust for big tech will lead to decentralization and the next ebb/flow in Social Cycle Theory Why Decentralized Identity?
Self-Sovereign Identity SSI empowers users control of their identities
CONFIDENTIAL Identity can be modeled as a multi-sided network with 3 IAM (Identity and Access Management) roles: • Searcher & Verifier: User or business who wants access to Data Subjectʼs identity for ID verification, authentication, investigation, … purposes • Data Subject & Holder: User or business whose identity is being accessed. Ex: User who wants access to a service, person being investigated, … • Issuer & Data Source: User or business who creates identity info about the data subject. Ex: DMV (driver license), Uber (driver profile), users (user ratings), … • The same person can wear one or multiple roles Identity Access Model Identity’s Role-Based Access Control Model Data Subject Searcher Issuer
CONFIDENTIAL Centralized Trust Model Holder / Data Subject S e a r c h e r r e q u e s t s i n f o a b o u t D a t a S u b j e c t f r o m D a t a S o u r c e s w i t h o u t D a t a S u b j e c t ’ s k n o w l e d g e Verifier / Searcher Issuer / Source / ID Provider 1. Anonymous Search Data Subject is unaware of id transaction The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model
CONFIDENTIAL Centralized Trust Model Holder / Data Subject V e r i fi e r r e q u e s t s i n f o a b o u t D a t a S u b j e c t f r o m D a t a S o u r c e s w i t h o u t D a t a S u b j e c t ’ s k n o w l e d g e Verifier / Searcher Issuer / Source / ID Provider 2. ID Verification Data Subject is unaware of how it works. Ex: ThreatMetrix, Ekata The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model
CONFIDENTIAL Centralized Trust Model Holder / Data Subject S e r v i c e P r o v i d e r r e d i r e c t s U s e r / H o l d e r t o I d e n t i t y P r o v i d e r ( e . g . G o o g l e / F a c e b o o k L o g i n ) f o r a u t h e n t i c a t i o n Verifier / Searcher Issuer / Source / ID Provider 3. Social Login ID Provider (ex: Google Login) intermediates id transaction The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model U s e r / H o l d e r l o g i n s a n d a u t h e n t i c a t e s w i t h I d e n t i t y P r o v i d e r . I d e n t i t y P r o v i d e r t h e n i s s u e s a u t h o r i z a t i o n t o k e n
CONFIDENTIAL Centralized Trust Model Holder / Data Subject S e a r c h e r ( C o m p a n y ) r e q u e s t s i n f o a b o u t D a t a S u b j e c t ( C a n d i d a t e ) f r o m D a t a S o u r c e s t o p e r f o r m t h e s c r e e n Verifier / Searcher Issuer / Source / ID Provider 4. FCRA Screening Company intermediates id transaction The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model Searcher (Company) requests the permission of Data Subject (Candidate) for employment screening
CONFIDENTIAL (4) Data Subject sends verifiable data presentation about them back to Searcher / Verifier Holder / Data Subject Issuer / Source / ID Provider ( 3 ) I s s u e r i s s u e s v e r i fi e d d a t a a b o u t D a t a S u b j e c t t o D a t a S u b j e c t The power over ID transactions lies within User / Data Subjectʼs control • Self-Sovereign Control: Data Subject intermediates ID txn and controls what to share to whom • Ultimate Decentralization: If all ID txn are self-sovereign, tens of billions of Data Subjects gain full control over their identities • New Economy: The emergence of identity ownership will empower new economy / capitalism Future SSI Model Self-Sovereign Identity User / Data Subject intermediates id transaction Verifier / Searcher ( 2 ) D a t a S u b j e c t r e q u e s t s I s s u e r ( s ) f o r t h e i r d a t a (1) Searcher / Verifier requests Data Subject for their info
Notable Technologies How to enable Decentralized Identity
CONFIDENTIAL Verifiable Credentials empowers decentralized triangle of trust via cryptographic proof • Credential: A set of claims (attributes about Data Subject) made by an Issuer. Like “record” or “row” • Verifiable Credential: Credential that is digitally signed by Issuer and can be cryptographically verified • Cryptographic Proof: Issuer signs cred with its private key. Verifier verifies cred with Issuerʼs public key • Issuer vs. Holder Signatures: Holder/Presenter aggregates creds into a presentation and signs it • Transitive Trust: Verifier can trust a credential without interacting with the Issuer. Decouple Data, Trust, Access Verifiable Credentials
CONFIDENTIAL Presentation is an aggregate of one or more credentials that represents a persona or a facet of an identity • Verifiable Presentation: A presentation doc digitally signed and attested by the Holder (e.g. Presenter) • Decentralized Aggregation: Localized data aggregation by Data Subject / Userʼs identity wallet • Selective Disclosure: The ability of Holder to make fine-grained decisions about what information to share • Zero-Knowledge Proof: Prove that something is true without conveying any additional information • Privacy Recommender: Recommend what to share to whom, when, and where Verifiable Presentation
CONFIDENTIAL Identifier is the name of an entity. Unique identifier uniquely identifies an entity and enables its existence • Decentralized Identifiers (DIDs): A new unique identifier that doesnʼt require a centralized registration authority and is often generated cryptographically • Self-Sovereign Control: Enable Controller or Subject to prove control without requiring 3rd-party permission • Cryptographic Proof: Signer signs DID with its private key. Verifier verifies cred with Signerʼs public key • Distributed Ledger: “Blockchain” tech often used as verifiable data registries where the DIDs are recorded • DIDComm: Communication protocol built atop of DIDs Decentralized Identifier
CONFIDENTIAL Entity Resolution creates a digital identity by connecting records referring to the same entity across different sources • Record Matching: Compare and decide whether two records refer to the same entity • Record Linking: Create and assign an unique identifier to records and connect them together • Horizontal Linking: Linking where all info required to generate an identifier is within a row or record. Ex: Phone IDs or Address IDs • Vertical Linking: Linking where info required to generate an identifier is not contained solely within its own row. Ex: Person IDs Entity Resolution
CONFIDENTIAL Authentication creates and/or proves the linkage between a physical identity and a digital identity • Multi-Factor Authentication: Multiple evidences across different dimensions ensure higher security • Inherence Factors: Who you are. Ex: Facial biometrics, fingerprint, voice authentication, typing behaviors, … • Knowledge Factors: What you know. Ex: Password, secret phrase, Knowledge-Based Authentication, … • Possession Factors: What you have. Ex: SMS One-Time Passcode, Email Verification, Hardware Security Key, … • Location Factors: Where you are • Proxy Factors: Trust authn. done by 3rd parties Authentication
Learn More Follow me @theCEODad or @Tang_Toks Follow @Spokeo, and check out Spokeo.com/Careers
CONFIDENTIAL

More Related Content

PDF
Introduction to Self-Sovereign Identity
Karyl Fowler
 
PDF
Identity 101: Boot Camp for Identity North 2016
Kaliya "Identity Woman" Young
 
PPTX
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Andrew Hughes
 
PPT
Mature Digital Trust Infrastructure - Are we there yet?
sorenpeter
 
PPTX
Jan Keil - Identity and access management Facts. Challenges. Solution
Timetogrowup
 
PDF
Attacking Decentralized Identity.pdf
ssuser264cc11
 
PPTX
Identity Managment
Alanoud Alqoufi
 
PPTX
Identity management in blockchain technology.pptx
ratheetripti
 
Introduction to Self-Sovereign Identity
Karyl Fowler
 
Identity 101: Boot Camp for Identity North 2016
Kaliya "Identity Woman" Young
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Andrew Hughes
 
Mature Digital Trust Infrastructure - Are we there yet?
sorenpeter
 
Jan Keil - Identity and access management Facts. Challenges. Solution
Timetogrowup
 
Attacking Decentralized Identity.pdf
ssuser264cc11
 
Identity Managment
Alanoud Alqoufi
 
Identity management in blockchain technology.pptx
ratheetripti
 

Similar to Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity (20)

PPTX
Secure Identity management blockchain ppt.pptx
ratheetripti
 
PPTX
Age Verification: Reaching a Tipping Point
Dr Rachel O'Connell
 
PDF
Do I Know You? Identity on the Internet and the Question of Trust
Kevin Goldsmith
 
PPT
How To Prevent The World Wild Web Identity Crisis
wieringa
 
PDF
Self-Sovereign Identity: Lightening Talk at RightsCon
Kaliya "Identity Woman" Young
 
PPTX
CPA - Introduction to Digital Identity - rev20171102
Jean-François LOMBARDO
 
PDF
BlockchainHub Graz Meetup #24 - Self-Sovereign Identity - Andreas Abraham
BlockchainHub Graz
 
PDF
Future of digital identity programme summary - 19 mar 2019 lr
Future Agenda
 
PPTX
unit4.pptx
ApurvSingh65
 
PDF
Trust and inclusion
Noreen Whysel
 
PDF
[WSO2Con USA 2018] Identity is Eating the World!
WSO2
 
PDF
The Domains of Identity & Self-Sovereign Identity MyData 2018
Kaliya "Identity Woman" Young
 
PPTX
Identity Management for Web Application Developers
WSO2
 
PDF
WEB 3.0 & IDENTITY: THE NEW ERA OF DIGITAL IDENTITY
Liveplex
 
PDF
Identity is Eating the World!
Prabath Siriwardena
 
PDF
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Kaliya "Identity Woman" Young
 
PPTX
Digital Identity by Roxana Nasoi Transylvania Crypto Conference #TCConf
Roxana Nasoi
 
PPTX
The Meeting Of The Waters Becker 10MAY22
Michael Becker
 
PDF
Identity Trust Framework Survey
adremllc
 
PDF
What is self-sovereign identity (SSI)?
Evernym
 
Secure Identity management blockchain ppt.pptx
ratheetripti
 
Age Verification: Reaching a Tipping Point
Dr Rachel O'Connell
 
Do I Know You? Identity on the Internet and the Question of Trust
Kevin Goldsmith
 
How To Prevent The World Wild Web Identity Crisis
wieringa
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Kaliya "Identity Woman" Young
 
CPA - Introduction to Digital Identity - rev20171102
Jean-François LOMBARDO
 
BlockchainHub Graz Meetup #24 - Self-Sovereign Identity - Andreas Abraham
BlockchainHub Graz
 
Future of digital identity programme summary - 19 mar 2019 lr
Future Agenda
 
unit4.pptx
ApurvSingh65
 
Trust and inclusion
Noreen Whysel
 
[WSO2Con USA 2018] Identity is Eating the World!
WSO2
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
Kaliya "Identity Woman" Young
 
Identity Management for Web Application Developers
WSO2
 
WEB 3.0 & IDENTITY: THE NEW ERA OF DIGITAL IDENTITY
Liveplex
 
Identity is Eating the World!
Prabath Siriwardena
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Kaliya "Identity Woman" Young
 
Digital Identity by Roxana Nasoi Transylvania Crypto Conference #TCConf
Roxana Nasoi
 
The Meeting Of The Waters Becker 10MAY22
Michael Becker
 
Identity Trust Framework Survey
adremllc
 
What is self-sovereign identity (SSI)?
Evernym
 
Ad

More from Data Con LA (20)

PPTX
Data Con LA 2022 Keynotes
Data Con LA
 
PPTX
Data Con LA 2022 Keynotes
Data Con LA
 
PDF
Data Con LA 2022 Keynote
Data Con LA
 
PPTX
Data Con LA 2022 - Startup Showcase
Data Con LA
 
PPTX
Data Con LA 2022 Keynote
Data Con LA
 
PDF
Data Con LA 2022 - Using Google trends data to build product recommendations
Data Con LA
 
PPTX
Data Con LA 2022 - AI Ethics
Data Con LA
 
PDF
Data Con LA 2022 - Improving disaster response with machine learning
Data Con LA
 
PDF
Data Con LA 2022 - What's new with MongoDB 6.0 and Atlas
Data Con LA
 
PDF
Data Con LA 2022 - Real world consumer segmentation
Data Con LA
 
PPTX
Data Con LA 2022 - Modernizing Analytics & AI for today's needs: Intuit Turbo...
Data Con LA
 
PPTX
Data Con LA 2022 - Moving Data at Scale to AWS
Data Con LA
 
PDF
Data Con LA 2022 - Collaborative Data Exploration using Conversational AI
Data Con LA
 
PDF
Data Con LA 2022 - Why Database Modernization Makes Your Data Decisions More ...
Data Con LA
 
PDF
Data Con LA 2022 - Intro to Data Science
Data Con LA
 
PDF
Data Con LA 2022 - How are NFTs and DeFi Changing Entertainment
Data Con LA
 
PPTX
Data Con LA 2022 - Why Data Quality vigilance requires an End-to-End, Automat...
Data Con LA
 
PPTX
Data Con LA 2022-Perfect Viral Ad prediction of Superbowl 2022 using Tease, T...
Data Con LA
 
PPTX
Data Con LA 2022- Embedding medical journeys with machine learning to improve...
Data Con LA
 
PPTX
Data Con LA 2022 - Data Streaming with Kafka
Data Con LA
 
Data Con LA 2022 Keynotes
Data Con LA
 
Data Con LA 2022 Keynotes
Data Con LA
 
Data Con LA 2022 Keynote
Data Con LA
 
Data Con LA 2022 - Startup Showcase
Data Con LA
 
Data Con LA 2022 Keynote
Data Con LA
 
Data Con LA 2022 - Using Google trends data to build product recommendations
Data Con LA
 
Data Con LA 2022 - AI Ethics
Data Con LA
 
Data Con LA 2022 - Improving disaster response with machine learning
Data Con LA
 
Data Con LA 2022 - What's new with MongoDB 6.0 and Atlas
Data Con LA
 
Data Con LA 2022 - Real world consumer segmentation
Data Con LA
 
Data Con LA 2022 - Modernizing Analytics & AI for today's needs: Intuit Turbo...
Data Con LA
 
Data Con LA 2022 - Moving Data at Scale to AWS
Data Con LA
 
Data Con LA 2022 - Collaborative Data Exploration using Conversational AI
Data Con LA
 
Data Con LA 2022 - Why Database Modernization Makes Your Data Decisions More ...
Data Con LA
 
Data Con LA 2022 - Intro to Data Science
Data Con LA
 
Data Con LA 2022 - How are NFTs and DeFi Changing Entertainment
Data Con LA
 
Data Con LA 2022 - Why Data Quality vigilance requires an End-to-End, Automat...
Data Con LA
 
Data Con LA 2022-Perfect Viral Ad prediction of Superbowl 2022 using Tease, T...
Data Con LA
 
Data Con LA 2022- Embedding medical journeys with machine learning to improve...
Data Con LA
 
Data Con LA 2022 - Data Streaming with Kafka
Data Con LA
 
Ad

Recently uploaded (20)

PPTX
New ISO 27001_2022 standard and the changes
Mayank Mathur
 
PPTX
STERILIZATION AND DISINFECTION-1.ppthhhbx
DivuuJain
 
PDF
annual-report-2024-2025 original latest.
nityanema19
 
DOCX
Factor Analysis Word Document Presentation
SoeMoe58
 
PPTX
sac 451hinhgsgshssjsjsjheegdggeegegdggddgeg.pptx
Akash486765
 
PPT
Predictive modeling basics in data cleaning process
Amarjeet Jayanthi
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPTX
Topic 5 Presentation 5 Lesson 5 Corporate Fin
kevinluvr
 
PPTX
QUANTUM_COMPUTING_AND_ITS_POTENTIAL_APPLICATIONS[2].pptx
ArmanShaikh41
 
PDF
Microsoft Core Cloud Services powerpoint
KamelAbouSaleh1
 
PPTX
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
PDF
Transcultural that can help you someday.
jhongarin24
 
PPTX
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
PDF
Introduction to the R Programming Language
Suraj Patil
 
PDF
Jean-Georges Perrin - Spark in Action, Second Edition (2020, Manning Publicat...
Pablo Jose Prieto Entenza
 
PPTX
AI Strategy room jwfjksfksfjsjsjsjsjfsjfsj
ankitpratapsingh28
 
PPTX
Leprosy and NLEP programme community medicine
Vinodhini Balamurugan
 
PPTX
Copy of 16 Timeline & Flowchart Templates – HubSpot.pptx
ahsonbashir
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
PDF
Business Analytics and business intelligence.pdf
khalidisah4750
 
New ISO 27001_2022 standard and the changes
Mayank Mathur
 
STERILIZATION AND DISINFECTION-1.ppthhhbx
DivuuJain
 
annual-report-2024-2025 original latest.
nityanema19
 
Factor Analysis Word Document Presentation
SoeMoe58
 
sac 451hinhgsgshssjsjsjheegdggeegegdggddgeg.pptx
Akash486765
 
Predictive modeling basics in data cleaning process
Amarjeet Jayanthi
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
Topic 5 Presentation 5 Lesson 5 Corporate Fin
kevinluvr
 
QUANTUM_COMPUTING_AND_ITS_POTENTIAL_APPLICATIONS[2].pptx
ArmanShaikh41
 
Microsoft Core Cloud Services powerpoint
KamelAbouSaleh1
 
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
Transcultural that can help you someday.
jhongarin24
 
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
Introduction to the R Programming Language
Suraj Patil
 
Jean-Georges Perrin - Spark in Action, Second Edition (2020, Manning Publicat...
Pablo Jose Prieto Entenza
 
AI Strategy room jwfjksfksfjsjsjsjsjfsjfsj
ankitpratapsingh28
 
Leprosy and NLEP programme community medicine
Vinodhini Balamurugan
 
Copy of 16 Timeline & Flowchart Templates – HubSpot.pptx
ahsonbashir
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
Business Analytics and business intelligence.pdf
khalidisah4750
 

Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity

  • 2. CONFIDENTIAL About Harrison, @theCEODad • CEO & Co-Founder of Spokeo • Co-Chair of W3C Credentials Community Group • Dad of 3 sons About Spokeo • Spokeo is a people intelligence service that helps over 15M users a month to search and connect with others • We are the only Data + UX company in our space, organizing over 16 billion records into 600M entities • We generate about $90M/year and have been profitable without VC funding since 2008 About
  • 3. What Is Identity? Identity is the accessible data about an entity
  • 4. CONFIDENTIAL Identity is accessible data or characteristics that define a distinct entity. It answers who we are • People Data: Include name, contact info, personality, behaviors, demo, credit, reputation, … Data sources could be first-party, second-party, or third-party • Entity Being: Entity is a thing with distinct and independent existence. The constituent parts could change over time but remain connected • Access Control: Make sure that the right people can access the right data or resources. Include authentication, authorization, and audit processes What is Identity?
  • 5. CONFIDENTIAL Identity today is the How to the What, or a means to an end. Itʼs the much-needed fabric of the Web that empowers: • People Search: Connect and verify people with trust • Genealogy: Research ancestors and heritage • Fraud Prevention: Identify and prevent fraud • Financial Crime Compliance: KYC, AML, … etc • Credit and Payments: Facilitate financial transactions • Authentication: Secure account access • ID Protection: Secure digital identities • B2B Marketing: Find sales leads and customers • Marketing Analytics: Optimize ad spend and reach Identity Use Cases
  • 6. CONFIDENTIAL Identity market is huge and generates more than $70B/year in the US alone (a non-exhaustive list of segments below): • B2C People Search: ~$500M • B2C ID Protection and Password Managers: ~$5B • B2C Genealogy: ~$1.5B • B2B Identity Verification & Fraud Prevention: ~$20B • B2B Authentication & KYC: ~$10B • B2B Identity & Access Management: ~$5B • B2B Credit Bureau: ~$15B • B2B FCRA Employment Screening: ~$2B • B2B Marketing Tech: ~$75B Identity Markets in the US
  • 7. What is Identity in Web3? Identity in Web3 is the Decentralized Identity
  • 8. CONFIDENTIAL Web3 is the decentralized web that heralds the concept of digital ownership • Decentralization: The distribution of control or power to multiple entities rather than a single one • Digital Ownership: The state or fact of legal possession and control over digital, intangible properties in the metaverse • Tokenomics: The economics and factors around how to value and price a token or cryptocurrency If Web1 is Read and Web2 is Read & Write, then Web3 is Read & Write & Own What is Web3?
  • 9. CONFIDENTIAL The problem of decentralized identity can be broken down to decentralized entity, decentralized data aggregation, and decentralized data access Decentralized Identity Entity Data Access Centralized SSN, Passport #, Twitter Handle, Facebook ID, URL, Vendor IDs Big Tech, Government, Credit Bureaus, Data Aggregators Social Login, Federated ID, Big Tech, Govern. Decentralized Decentralized Identifier, Soulbround NFT, Entity Resolution, HD Keys Verifiable Credentials, Personal Data Store, IPFS, De. Reputation Self-Sovereign Identity, Self-Issued OpenID Provider
  • 10. CONFIDENTIAL Decentralized identity will overtake (but not kill) the current centralized identity paradigm because: • Data Regulations: CCPA, CPRA, and GDPR has created data rights. FCRA, HIPAA, and other laws require user consent. eIDAS in Europe requires SSI • Data Quality: Multi-party (1st + 2nd + 3rd-party) data validation and the incorporation of UGC ensures better data quality than single-party approaches • Network Effect: Identity as a multi-sided platform enables virality and network effect • Web3 Movement: New genʼs distrust for big tech will lead to decentralization and the next ebb/flow in Social Cycle Theory Why Decentralized Identity?
  • 11. Self-Sovereign Identity SSI empowers users control of their identities
  • 12. CONFIDENTIAL Identity can be modeled as a multi-sided network with 3 IAM (Identity and Access Management) roles: • Searcher & Verifier: User or business who wants access to Data Subjectʼs identity for ID verification, authentication, investigation, … purposes • Data Subject & Holder: User or business whose identity is being accessed. Ex: User who wants access to a service, person being investigated, … • Issuer & Data Source: User or business who creates identity info about the data subject. Ex: DMV (driver license), Uber (driver profile), users (user ratings), … • The same person can wear one or multiple roles Identity Access Model Identity’s Role-Based Access Control Model Data Subject Searcher Issuer
  • 13. CONFIDENTIAL Centralized Trust Model Holder / Data Subject S e a r c h e r r e q u e s t s i n f o a b o u t D a t a S u b j e c t f r o m D a t a S o u r c e s w i t h o u t D a t a S u b j e c t ’ s k n o w l e d g e Verifier / Searcher Issuer / Source / ID Provider 1. Anonymous Search Data Subject is unaware of id transaction The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model
  • 14. CONFIDENTIAL Centralized Trust Model Holder / Data Subject V e r i fi e r r e q u e s t s i n f o a b o u t D a t a S u b j e c t f r o m D a t a S o u r c e s w i t h o u t D a t a S u b j e c t ’ s k n o w l e d g e Verifier / Searcher Issuer / Source / ID Provider 2. ID Verification Data Subject is unaware of how it works. Ex: ThreatMetrix, Ekata The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model
  • 15. CONFIDENTIAL Centralized Trust Model Holder / Data Subject S e r v i c e P r o v i d e r r e d i r e c t s U s e r / H o l d e r t o I d e n t i t y P r o v i d e r ( e . g . G o o g l e / F a c e b o o k L o g i n ) f o r a u t h e n t i c a t i o n Verifier / Searcher Issuer / Source / ID Provider 3. Social Login ID Provider (ex: Google Login) intermediates id transaction The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model U s e r / H o l d e r l o g i n s a n d a u t h e n t i c a t e s w i t h I d e n t i t y P r o v i d e r . I d e n t i t y P r o v i d e r t h e n i s s u e s a u t h o r i z a t i o n t o k e n
  • 16. CONFIDENTIAL Centralized Trust Model Holder / Data Subject S e a r c h e r ( C o m p a n y ) r e q u e s t s i n f o a b o u t D a t a S u b j e c t ( C a n d i d a t e ) f r o m D a t a S o u r c e s t o p e r f o r m t h e s c r e e n Verifier / Searcher Issuer / Source / ID Provider 4. FCRA Screening Company intermediates id transaction The power over ID transactions lies outside of Data Subjectʼs control 1. Anonymous Search: Data Subject is unaware of ID transaction 2. ID Verification: Data Subject is unaware of how it works 3. Social & Federated Login: ID Provider (ex: Google Login) intermediates ID transaction 4. FCRA Employment Screening: Company intermediates between Data Subject and Data Sources Current ID Access Model Searcher (Company) requests the permission of Data Subject (Candidate) for employment screening
  • 17. CONFIDENTIAL (4) Data Subject sends verifiable data presentation about them back to Searcher / Verifier Holder / Data Subject Issuer / Source / ID Provider ( 3 ) I s s u e r i s s u e s v e r i fi e d d a t a a b o u t D a t a S u b j e c t t o D a t a S u b j e c t The power over ID transactions lies within User / Data Subjectʼs control • Self-Sovereign Control: Data Subject intermediates ID txn and controls what to share to whom • Ultimate Decentralization: If all ID txn are self-sovereign, tens of billions of Data Subjects gain full control over their identities • New Economy: The emergence of identity ownership will empower new economy / capitalism Future SSI Model Self-Sovereign Identity User / Data Subject intermediates id transaction Verifier / Searcher ( 2 ) D a t a S u b j e c t r e q u e s t s I s s u e r ( s ) f o r t h e i r d a t a (1) Searcher / Verifier requests Data Subject for their info
  • 18. Notable Technologies How to enable Decentralized Identity
  • 19. CONFIDENTIAL Verifiable Credentials empowers decentralized triangle of trust via cryptographic proof • Credential: A set of claims (attributes about Data Subject) made by an Issuer. Like “record” or “row” • Verifiable Credential: Credential that is digitally signed by Issuer and can be cryptographically verified • Cryptographic Proof: Issuer signs cred with its private key. Verifier verifies cred with Issuerʼs public key • Issuer vs. Holder Signatures: Holder/Presenter aggregates creds into a presentation and signs it • Transitive Trust: Verifier can trust a credential without interacting with the Issuer. Decouple Data, Trust, Access Verifiable Credentials
  • 20. CONFIDENTIAL Presentation is an aggregate of one or more credentials that represents a persona or a facet of an identity • Verifiable Presentation: A presentation doc digitally signed and attested by the Holder (e.g. Presenter) • Decentralized Aggregation: Localized data aggregation by Data Subject / Userʼs identity wallet • Selective Disclosure: The ability of Holder to make fine-grained decisions about what information to share • Zero-Knowledge Proof: Prove that something is true without conveying any additional information • Privacy Recommender: Recommend what to share to whom, when, and where Verifiable Presentation
  • 21. CONFIDENTIAL Identifier is the name of an entity. Unique identifier uniquely identifies an entity and enables its existence • Decentralized Identifiers (DIDs): A new unique identifier that doesnʼt require a centralized registration authority and is often generated cryptographically • Self-Sovereign Control: Enable Controller or Subject to prove control without requiring 3rd-party permission • Cryptographic Proof: Signer signs DID with its private key. Verifier verifies cred with Signerʼs public key • Distributed Ledger: “Blockchain” tech often used as verifiable data registries where the DIDs are recorded • DIDComm: Communication protocol built atop of DIDs Decentralized Identifier
  • 22. CONFIDENTIAL Entity Resolution creates a digital identity by connecting records referring to the same entity across different sources • Record Matching: Compare and decide whether two records refer to the same entity • Record Linking: Create and assign an unique identifier to records and connect them together • Horizontal Linking: Linking where all info required to generate an identifier is within a row or record. Ex: Phone IDs or Address IDs • Vertical Linking: Linking where info required to generate an identifier is not contained solely within its own row. Ex: Person IDs Entity Resolution
  • 23. CONFIDENTIAL Authentication creates and/or proves the linkage between a physical identity and a digital identity • Multi-Factor Authentication: Multiple evidences across different dimensions ensure higher security • Inherence Factors: Who you are. Ex: Facial biometrics, fingerprint, voice authentication, typing behaviors, … • Knowledge Factors: What you know. Ex: Password, secret phrase, Knowledge-Based Authentication, … • Possession Factors: What you have. Ex: SMS One-Time Passcode, Email Verification, Hardware Security Key, … • Location Factors: Where you are • Proxy Factors: Trust authn. done by 3rd parties Authentication
  • 24. Learn More Follow me @theCEODad or @Tang_Toks Follow @Spokeo, and check out Spokeo.com/Careers