Evernym AMA

From IIW

Evernym AMA

Tuesday 3E

Convener: Richard Esplin

Notes-taker(s): Drummond Reed

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Introductions: Where are you from, and why are you interested in Identity.

  • Privacy “making sure our kids aren’t monitored everywhere”
  • Trusted computing and trust issues in computing
  • Bringing people together
  • Having a way to truly prove who you are while retaining control
  • Interesting technically (and increasing interesting politically)
    • Removing control from gov’t
  • Lots of efficiencies to be gained by fast verification
  • Identification of the entities in a supply chain
  • Telecommunications (peer wise communication) using SSI/DIDComm
  • Governance and how it fits in identity infrastructure


Evernym use cases: http://www.memberpass.com/ - The digital credential being developed by CULedger

    • Give customers surity of knowing who the person they are talking to online is who they say they are
  • Transferring medical personnel with VCs, went from days to minutes to transfer
  • Prove doctors are not sick the day before
  • Alberta Credentials Ecosystem (ACE)—http://www.aceprogram.ca/


Question about what our technical focus areas are. Richard’s answer:

  • We are very happy with the work we’ve done on the Hyperledger Indy/Ursa/Aries stack in terms of core DID and VC functionality
  • We are very excited about new technical functionality like Rich Schemas
  • Moving from the abstract/theory to actually doing it is very exciting
  • Much of our focus right now is on the rest of the business problems, tooling, and governance needed to deliver a “whole product” to customers


Verity and LibVCX?

  • Evernym started with code that looks like hyperledger and aries
  • The core of it was a library calle LibVCX. Got a lot of mileage, but was hard to keep revising to bring it current with Aries interop specs.
  • The work on interop has revealed a lot about the specs and where the gaps on interop really are
  • The Verity product was a rewrite, starting anew, designed to take advantage of all the learnings. Verity will use Indy and the Aries libraries but builds on top of those components.
    • Will not be put back into hyperledger

What do you open source vs keeping closed?

  • Open sourcing is very time consuming
    • Have to get alignment through the org
  • Accelerated adoption that comes from openness Vs. commercial viability
  • Controlling your business to make money
  • Take into account how “easy” something is, if it’s easy then you should probably just open it
  • Write down and stick to principles for when to open source
    • Publish these principles for contributors
  • Will have another session dedicated to this topic.


Shift from Federated IDs to SSI changed everything, and it is much better.

  • Short term is an integration play: SSI credential issuance is about how someone gets their identity. Traditional IAM systems pick up once the identity is granted, and integrates throughout the enterprise.
  • Long term: SSI is a paradigm shift. Enterprises have a hard time buying something that is new, but we are at the tipping point where enterprises can by a native SSI solution.


Where the identity industry is going, especially regarding KYC and AML.

  • South African banks are experimenting with KYC (get the national ID into the bank), but staying away from AML (it’s opinionated has more liability).
  • Eventually there will be primary SSI credentials, but the industry can bootstrap with secondary credentials: proof that a primary credential (physical) was presented..
    • When ingesting an identity document, there are a lot of edge cases that makes it hard to process.
  • Over time, there will be a “supply chain” of credentials. Issuers who check credentials, and provide new credentials for a specific purpose within a different trust model.
  • Goal is to achieve a “web-like” adoption model. We publish our data so others can link to it, and then we can link to their data . . .
  • CULedger’s Memberpass originally thought “KYC / AML is the problem we should solve”. But currently that is the banker’s job. It is a big problem, and technology is a small part of it. Someone has to accept the liability of the credential. So focus currently is:
    • Making things inside the credit union easier (authenticate customers).
    • Prove to a 3rd party that the person is an actual human.

http://www.r3.com/videos/building-global-payment-networks-for-credit-unions-corda-settler-and-self-sovereign-identity/

Related to adoption, do we have efforts in the works to make SSI a built-in browser standard so that for example consumers can have a built-in DID wallet in the browser?