Explaining SSI to C-suite executives, and anyone else for that matter

Explaining SSI to C-suite execs,
and anyone else for that matter
John Phillips Partner | Innovation | Self-Sovereign Identity
Email: john.phillips@460degrees.com
LinkedIn: https://www.linkedin.com/in/johnphillips11kps
Twitter: @11dot2john
SSIMeetup.org

1. Empower global SSI communities
2. Open to everyone interested in SSI
3. All content is shared with CC BY SA
SSIMeetup.org
Alex Preukschat @SSIMeetup @AlexPreukschat
Coordinating Node SSIMeetup.org
https://creativecommons.org/licenses/by-sa/4.0/
SSIMeetup objectives

We’ve been trying
to ﬁnd better ways
to explain SSI to
people and
organisations for
over 3 years
“We” is me, and for the last year and
more, my fellow teammates at
460degrees.
“We” is also the global SSI
community.
My guess is that “we” includes you
too.
SSIMeetup.org

Recently, we think
we’ve found a way
that works
This deck tells the journey we’ve
taken so far, what we’ve learnt (and
are learning) along the way, where we
are now, and where we want to get to
next….
SSIMeetup.org

Like most, we
started by learning
the technology and
explaining how it
works
We learnt about DIDs, DIDdocs,
Veriﬁable Credentials, Hyperledger
(Indy, Aries and Ursa), Byzantine
Consensus Algorithms, Zero
Knowledge Proofs, Sovrin, W3C, DIF,
IETF, Edge devices, Agents, Wallets,
uPort, etc. etc.
We connected with everyone we
could. And we would explain what we
learnt.
[And we need to keep learning and
sharing today]
SSIMeetup.org

During 2018 we
ﬁnessed our
approach,
borrowing from
those around us
We created presentations that
followed familiar paths: the internet
was made without an identity layer,
that cartoon image of a dog at a
keyboard, digital identity is a problem
for people and organisations, toxic
data, history and principles, building
blocks, standards and open-source
software, and operational examples.
We have over 60 presentations and
our master deck has over 200 slides
[not including these ones]
- we never use it in full!
SSIMeetup.org

In 2019, we started
our investment in
SSI technology
We wanted to prove that the
technology was real, that we could
put it in the hands of people in the
audience and show them it working.
So we invested (and still invest) in
the technology, building client
focused demos, putting wallets in
people’s hands, and exploring the
technical angles that we’re interested
in….
SSIMeetup.org

The thing was,
tech-led wasn’t
working very well
… for us at least...
SSIMeetup.org

We were “solving
for the wrong
problem”
It wasn’t the best way to explain SSI
for our audiences.
It was as if we were trying to explain
the internet by describing each RFC
of the TCP/IP suite, to a bunch of
AOL engineers…
[When did you last try to explain how
the internet works? How did that
work out for you?]
SSIMeetup.org

Intermission:
SSIMeetup is a
brilliant, and
growing, source of
material
I’m presenting to an SSIMeetup
audience, ﬂattered by Alex’s request
to present, and grateful for his help in
making this work.
If you want to learn about SSI and its
practitioners, SSIMeetup is a great
place to begin your journey, and to
revisit.
BUT while SSIMeetup is already a
great resource, I think there is a gap
in the material to date...
SSIMeetup.org

Observation:
Lots of technical
explanation of how
SSI works.
Few simple
explanations of the
SSI experience
My premise is that we all want SSI to
succeed.
To do that SSI needs to work
technically AND we need to be able
explain it. We need to win people,
organisations and businesses over.
To do that, we need to get better at
explaining SSI, we need to share
ideas on what’s working and what’s
not.
SSIMeetup.org

Why doesn’t
starting with the
tech work? Think
about your
audience
If they are a technologist with
experience in Digital Identity, they are
most likely experienced in traditional
IdAM
If they’re a blockchain fan, then
they’re looking for crypto and smart
contracts everywhere
If they’re a business executive, then
they’re wondering whether this is
worth listening to, is it a threat or
opportunity for them in their role and
for their business...
SSIMeetup.org

Observation: If you
start with the
technology,
attention drifts and
the conversation
loses focus
Technologists with many years of
mostly the same experience see
everything through their own lens.
Blockchain people keep talking about
“crypto wallets” and keep thinking
that we’re writing PII to the
blockchain and/or monetising
personal data.
Business people get bored. You have
6 seconds to get their attention.
SSIMeetup.org

[Oh the irony of writing that
statement in a deck to be presented
in a webinar. While I didn’t have a
choice on this occasion, it still feels
like I’m shooting in the dark]
Unless the format demands that you
have to, don’t start with a deck.
If you do have to start with a deck,
make sure you have room to tailor
the story for the audience.
Observation: If you
start with a slide
deck, you’re
imposing a ﬁxed
story, with ﬁxed
content, on people
you don’t know yet
SSIMeetup.org

I really enjoy Philip Sheldrake’s
contributions (webinar 24). He and
others make important points and
ask challenging questions.
I also know that I (and others) can be
easily distracted by considerations of
the words “self”, “sovereign”, and
“identity”.
So for now I’m focused on how we
might use SSI, for the good of all...
Observation: If you
start by trying to
explain “self”,
“sovereign”, and
“identity”, you’ll
likely never ﬁnish
SSIMeetup.org

We wanted to
humanise the
conversation, to
simplify and
demystify SSI
We wanted to avoid being derailed by
questions before our audience had
even understood the basic premise.
We wanted to make sure that we had
a common framework, and shared
mental model, before encouraging
questions.
We wanted to distinguish clean and
simple SSI from “SSI-washing”
SSIMeetup.org

So in 2019 we did
two things in
parallel
1. External Research. We explored
our contacts with Universities,
looking to see how their
students and academics might
help us.
2. Internal Workshops. We did a
retrospective on our own
approach and thinking.
SSIMeetup.org

With Universities,
we explored
projects with
students and
research with
academics
We completed capstone projects
with two Universities, one with a
group of Cybersecurity students, and
one with a group of Design Students.
We learnt lots from both.
We also started a co-investment
research program with the Smart
Cities Research Institute team of
Swinburne University to consider
Digital Wallets in Smart Cities.
SSIMeetup.org

These two areas
are worth their
own, separate,
explanation
From the University capstone
projects, we gained some great
insights about what works, and what
doesn’t work, when explaining SSI.
[I’ll happily share the excellent
Swinburne University design
students’ work separately.]
With the Smart Cities team we have
just ﬁnished our ﬁrst workshops with
members of the general public and
we’re learning LOTS more.
SSIMeetup.org

Today I want to
focus on the story
that got the
attention of Alex
(and a few others)
We were looking for a way to explain
SSI to the UX design students at
Swinburne and played with some
concepts we had used in other
sectors...
SSIMeetup.org

We used a
mash-up of Human
Centred Design,
Innovation and
Google Ventures
“Sprint”
And we looked in our
stationary and craft drawer
for inspiration...
SSIMeetup.org

And we wrote a
simple story
SSIMeetup.org

Australia is home to
(arguably) the oldest
civilisations in the world.
These are peoples whose
culture was maintained for
over 40,000 years by
storytelling.
Stories are powerful
Why Stories?
Because people, all
people, all of us [you
included], remember
things best when told as
a story
SSIMeetup.org

Critically, and very
deliberately, we
give our story a
human angle
We give the characters in
our story a name and a
back story.
“Meet Jackie, she’s a
successful young adult
living in an apartment.
Jackie has just got a new
job and wants to move
nearer to work.”
SSIMeetup.org

Think of this as
mixing the
[anodyne] use-case
model with
personas and
Human Centred
Design
[In My Opinion]
The way we normally
present Use-Cases is an
almost completely useless
way to explain something to
an audience.
SSIMeetup.org

Human Centred
Design gives us a
framework to test
and explore
“wicked” problems
[In My Opinion]
Digital Identity is a “wicked
problem”.
It is technically
complicated, and socially /
politically complex.
SSIMeetup.org

This is an example
of storytelling in a
business context...
Business Stories are short and have
a structure along the lines of:
• This used to be the case
• Then this happened
• So we’re doing this
• So that we can achieve this
Our story structure is a little different,
but shares much of the DNA.
SSIMeetup.org

You might
recognise the
similarity with
“Situation;
Complication;
Resolution”
Often attributed to McKinsey and
related to the Minto Pyramid, you can
ﬁnd lots of material about this
pattern on line.
You’ll see that we use
Situation; Resolution; Complication
We put the complication last? Why?
Well let’s see...
SSIMeetup.org

Important Point:
Ask permission to
tell the story ﬁrst…
“We’d like to explain SSI in a way that
will help us all get on the same page
and provide a framework for our
conversation.
It will take about 7 minutes.
After that we can demonstrate the
technology and discuss business
models and any technical questions
you may have.
Is that OK?”
SSIMeetup.org

We introduce the
story as having
three parts
Part 1 - The current, physical, world
Why? To establish a shared experience
Part 2 - The SSI world
Why? To demonstrate how similar SSI is to the
shared experience of the physical world
Part 3 - The current digital world
Why? To show the broken nature of centralised
and federated systems - to give a “call for
action”
SSIMeetup.org

So THIS is our SSI
demo kit...
SSIMeetup.org

Let’s see it in
action...
SSIMeetup.org

Part 1: The world
we live in now
What’s it like to rent a new
apartment, now?
SSIMeetup.org

Meet Jackie, she’s a
successful young adult
living in an apartment.
Jackie has just got a new
job and wants to move
nearer to work.
SSIMeetup.org

Jackie has a driving licence
and pays one of the utility
bills for the apartment.
She keeps her driving
licence in her wallet and the
bills in a drawer of a desk at
her apartment
SSIMeetup.org

These are physical
“credentials”, they state
• who issued them
• who they were sent to,
• and other information
relevant to their purpose
SSIMeetup.org

Jackie has found an
apartment she likes
managed by “Highly Rated
Rentals”
SSIMeetup.org

Highly Rated Rentals tell
Jackie that they’d love to
rent the apartment to her,
and that she’ll need to
provide some identity
information, and her bank
account details.
SSIMeetup.org

Jackie has just opened a
new account at a bank, so
she asks them for an
account statement
SSIMeetup.org

Jackie takes the three
documents with her to the
rental agency...
SSIMeetup.org

And they take copies of
everything.
[… Jackie hopes they keep
the copies very securely….]
SSIMeetup.org

Sometime (days) later, the
rental agency call Jackie
and tell her that everything
went through OK, and can
she come back to the oﬃce
to sign the agreement, pay
the bond, and pick up the
keys?
SSIMeetup.org

Jackie goes back to Highly
Rated Rentals and
completes the transaction
So now Jackie has keys to
her new apartment and a
new document to store
SSIMeetup.org

And that’s the world that
most of us live in right now.
We use physical documents
to prove things, and we
receive physical documents
in return.
SSIMeetup.org

Part 2: The SSI
world
It’ll be quite like the current
experience, but a bit
better...
SSIMeetup.org

First we give Jackie a
digital wallet.
This is usually an app on
Jackie’s phone but it can be
any SSI capable secure
storage device.
SSIMeetup.org

Now the physical
documents are Veriﬁable
Credentials.
The digital credential and
its contents are
cryptographically signed by
the issuer and addressed to
Jackie
SSIMeetup.org

Jackie can share the
credentials with whoever
she chooses, in whole or in
part, or even by proving that
she has the credential (and
that’s all they need to
know).
SSIMeetup.org

Highly Rated Rentals tell
Jackie they’d love to rent
the ﬂat to her, and they can
do all the checks in
seconds, but they still need
the same information.
SSI doesn’t change the law,
nor does it need to.
SSIMeetup.org

Highly Rated Rentals send a
“Proof Request” to Jackie’s
wallet.
Her wallet tells her what
they want to know, and
which of her veriﬁable
credentials can answer
those questions.
SSIMeetup.org

Jackie still needs to
conﬁrm her bank account
details, so she connects
with her new bank and gets
them to send her a
veriﬁable credential of her
account.
SSIMeetup.org

Now she can use her
Veriﬁable Credentials to
respond to Highly Rated
Rentals with a Proof
Response
SSIMeetup.org

The proof response is
cryptographically signed by
Jackie, sent to Highly Rated
Rentals, and contains the
three things they asked
about.
SSIMeetup.org

For each credential, Highly
Rated Rentals can do four
checks:
• Who issued the credential
(do they know and trust them?)
• Was it issued to Jackie
(is this hers?)
• Has it been changed in any way?
(has she changed the details?)
• Has it been revoked?
(important for some things)
SSIMeetup.org

They do this by checking
the signatures of each
issuing authority and any
revocation lists.
Importantly, they can do
this without contacting the
issuing authority as this
would be a breach of
privacy.
This is our “ledger” - labelled lollipop sticks
SSIMeetup.org

The public signatures of
issuing authorities, and
other information that they
choose to share, are stored
in a trusted place.
There are already 32
different places (methods)
to write the information.
SSIMeetup.org

The veriﬁable credential
includes a pointer to public
information about the issuer,
including the public keys they
use for signatures.
Issuers can choose where to
store their information, so
long as that location is
trustworthy and a verifying
party can ﬁnd it and open it.
SSIMeetup.org

Jackie’s credentials pass
the tests, and Highly Rated
Rentals offer Jackie a
Rental Agreement.
This arrives at Jackie’s
wallet as a new credential
offered by Highly Rated
Rentals.
SSIMeetup.org

Jackie accepts the offer,
and the new credential is
stored in her wallet along
with her other exchanges
with Highly Rated Rentals.
Highly Rated Rentals get a
conﬁrmation that Jackie
has accepted the offer.
SSIMeetup.org

Jackie pays the bond and
picks up her keys.
As you can see, SSI is pretty
much like the current world
Just more secure, more
private, more eﬃcient….
... BETTER
SSIMeetup.org

Part 3: The broken
promise of current
digital identity
models
That’s all very cool, but
that’s not the digital world
we currently live in...
SSIMeetup.org

This “Sparkly Ball” was what we found in the craft
drawer and decided to use as a prop for current digital
identity systems.
It stuck, and we’re fond of it, even if its sparkles are
beginning to fall out!
Introducing the
sparkly ball
SSIMeetup.org

When we describe the
sparkly ball in Australia, we
use examples such as the
“login with” systems of
Facebook and Google, and
the “identity systems” of
AppleID, AusPost Digital ID,
MyGovID, etc.
SSIMeetup.org

We explain that the Sparkly
Ball is our euphemism for
current centralised identity
and federated identity
systems
SSIMeetup.org

Each of these systems
allocates you with an
“identity” that you can use
to authenticate yourself to
other organisations in the
network.
Back to Jackie...
SSIMeetup.org

In return for telling the
sparkly ball a bunch of stuff
about herself, Jackie gets
allocated an identiﬁer...
SSIMeetup.org

When Jackie uses this
identiﬁer with her bank, the
bank asks the Sparkly Ball
to authenticate it…
And the Sparkly Ball learns
that Jackie is talking to the
bank...
SSIMeetup.org

When Jackie uses this
identiﬁer with Highly Rated
Rentals, they ask the
Sparkly Ball to authenticate
it…
And the Sparkly Ball learns
that Jackie is talking to the
Highly Rated Rentals...
SSIMeetup.org

Everytime Jackie uses the
identiﬁer, the Sparkly Ball
knows.
Some Sparkly balls go to
considerable efforts to try
not to notice and to forget
what they learn.
Apple for example
promises to forget after 30
days [page 6, here].
SSIMeetup.org

Some try to “blind”
themselves, covering their
digital eyes and ears.
But others don’t, and use
the data they gain about
you for their own reasons.
Good or bad intentions, the
architecture means that
they are always in the loop
SSIMeetup.org

So we don’t like
Sparkly Balls
SSIMeetup.org

The END
SSIMeetup.org
[of the Jackie demo]

Typical next steps
in our
conversations...
At this point we usually offer to run
one of our software demos.
Then we start to explore their
technical and business questions…
“What’s on the ledger? [again]
“How do we make money/reduce
risk/improve our customer
experience?”
etc.
SSIMeetup.org

So there you have
it, our simple way
to demo SSI...
The original LinkedIn Post and video
that attracted Alex’s attention is on
LinkedIn here
We’ve since made a (slightly)
improved recording of this approach
here
And we’ve built cartoon versions and
even role played this with real people
at meetups…
And we’re writing other stories for
Jackie...
SSIMeetup.org

We continue to
look for new ways
to support the
adoption of SSI
• Continue to sponsor research
and student projects with
Universities
• Co-Chairs (APAC) for the Sovrin
Guardianship Working Group
• Actively explaining SSI to
government and industry bodies
• Promoting the commercial trial
and adoption of SSI.
[we’re not a charity!]
SSIMeetup.org

We’re still learning.
We would be very
interested to hear
what’s working, or
not, when you
explain SSI.
We’d be happy to connect!
The last slide in this deck
has the team’s full contact
details...
SSIMeetup.org

Finally, I was asked to add a list
of any books that have helped
me understand identity better.
I’m an avid reader. ALL stories
explore identity in one way or
another. This is a big and
growing list...
Here are some of the non-ﬁction
and ﬁction books that have
shaped my thinking
Philosophy
• Kwame Anthony Appiah - The Ethics of Identity [or listen to his
excellent BBC Radio 4 Reith Lecture podcasts on identity]
• AC Grayling - lots, but a nice introduction is “Thinking of
Answers: Questions in the Philosophy of Everyday Life”
• I’ve also struggled through others such as Kirkegaard,
Wittgenstein, Kant and Russell
• And I had the usual youthful fascination with existentialism
[Sartre, Camus, Goethe, de Beauvoir, Kundera etc.]
Non-Fiction
• Rachel Botsman - Who Can you Trust
• Soshana Zuboff - The Age of
Surveillance Capitalism
• Yuval Noah Hurari - Sapiens, Homo Deus,
Lessons for the 21st Century
• Hans Rosling - Factfulness
• Richard H. Thaler - Misbehaving: How
Economics Became Behavioural
• Daniel Kahneman - Thinking, Fast and Slow
• Dan Ariely: Predictably Irrational
• Randall Munroe - Thing Explainer
• Nassim Nicholas Taleb - Antifragile
Fiction:
• Ben Elton - Identity Crisis
• Philip K Dick - Flow My Tears, The
Policeman Said [and other titles]
• Daniel Suarez - Daemon
• Richard Morgan - Altered Carbon
• Pretty well everything by William Gibson
SSIMeetup.org

The SSI team at 460degrees are John Phillips, Jo
Spencer and Jack Dwyer. We are passionate
students, evangelists, and enablers of
Self-Sovereign Identity.
We believe that Self-Sovereign Identity is a better
model for digital privacy, security and trust for
people, organisations, and things on a global
scale.
We see SSI as a disruptive but positive force, a
change for good. We want to be a catalyst for that
change, helping people and organisations
navigate their way to a better digital future.
Thanks for
the chance to
share John Phillips Partner | Innovation | Self-Sovereign Identity
Email: john.phillips@460degrees.com
LinkedIn: https://www.linkedin.com/in/johnphillips11kps
Twitter: @11dot2john
Jo Spencer Champion | Payments | Self-Sovereign Identity
Email: jo.spencer@460degrees.com
LinkedIn: https://www.linkedin.com/in/jospencer-1pg
Twitter: @spencerjed
Jack Dwyer Development Lead | Self-Sovereign Identity
Email: jack.dwyer@460degrees.com
SSIMeetup.org

Explaining SSI to C-suite executives, and anyone else for that matter

More Related Content

What's hot (20)

Similar to Explaining SSI to C-suite executives, and anyone else for that matter (20)

More from SSIMeetup (18)

Recently uploaded (20)

Explaining SSI to C-suite executives, and anyone else for that matter