EIC 19: the industry SSI “acceptance”

We are currently living an exciting time. A time in which country boundaries are a being blurred by the digital economy, but at the same time are more present than ever when Google decided to discontinue the support on Huawei’s devices, and raising thus, a cold technology war between countries. And at the same time, it was recently the GDPR’s first anniversary, where Europe regulated the privacy of the europeans’ consumers data, making then, the physical borders more explicitly and aware than ever.

Companies had to face a dichotomy: to keep the European clients and adapting their internal systems in a rush, or to loose them and the correspondent business, but leaving the risk aside. “You [as a company] had to choose your less bad option”, said Dana Fox, Athena Software Vice President, in an interesting session held at the European Identity & Cloud Conference (EIC) in Munich two weeks ago were world-class speakers and executives provided with a comprehensive overview of future trends in internet security and identity management as well as current projects.

Dana explained his tough experience of adapting their company based in Waterloo, Canada, to keep to the GDPR regulations, setting a new operations base in UK, and adjusting their internal clients’ data systems. “And now what will happen with the Brexit?”, he asked, “Should we move again to other European country?”.

This is another difficulty that companies that decided to be based in UK need to face for the unforeseen future. This Sunday are the Europeans elections, where UK is still voting as a member of the European Union, but for how long?

Business questions like those illustrates the debates exposed at the EIC conference. It is a business-oriented congress, quite opposite to the Internet Identity Workshop, much more tech-oriented, but both conferences are connected in the sense that EIC is a key place to take the temperature of your solution crafted at IIW and receive feedback from the industry that should deploy it.

EIC 2019 Edition was clearly noticeable by the prominence of Self-Sovereign Identity solutions, or SSI, along with IAM (Identity and Access Management Protocols), AI (Artificial Intelligence) and microservices. Such was the notorious effect that Evernym was awarded as the “Best SSI Project” at this year’s edition for their great job to the rest of the industry.

Identity, as Martin Kuppinger stated, has evolved to a “Shared Phase” where business, data, services and AI mandates shared identities. It is more necessary than ever that companies resolve “the identity issue”. As Kim Cameron, Architect of Identity at Microsoft, detailed in his excellent keynote, “everybody is connected to everybody, and every person should own her identity”.

From an SSI perspective, EIC set a coalition from the pro-SSI, such as Microsoft, IBM, Mastercard, Evernym, etc., to fight against the data abuses from the GAFAs (Google, Amazon, Facebook and Apple), which are “the new devils”, as Katrina Dow mentioned in her keynote.

Standards and interoperability are the grounds on which to build an SSI solution to make it usable on a mass scale and accepted for the industry. Lot of work is being accomplished. Microsoft encourages other players to join the organizations working on the standards, such as, DIF or W3C, while at the same time, develops new open-source projects, i.e. a layer-2 scalable protocol, called Sidetree, and its implementation on Bitcoin, ION. Also, IBM presented their demos on their recently launched SDK to build SSI solutions based on Sovrin, and Novartis showcased their supply chain credentials exchange project also based on Sovrin.

While EIC was a conference to showcase new projects, it was also the perfect place to reinforce the vision on SSI and continue to educate the industry. Doc Searls, Editor-in-Chief of Linux Journal, gave an excellent keynote on identity, setting the start of any solution on the individual first, and Phil Windley, Enterprise Architect in the Office of the CIO at Brigham Young University, presented an Identity Metasystem for SSI, referencing the Kim Cameron’s visionary paper on identity, the 7 Laws of Identity, and adapting it to the current SSI framework being developed by the Sovrin Foundation.

An Identity Metasystem, showed by Phil Windley

Despite those initiatives presented along the EIC conference and the continuous effort being done from the identity community, there is a lot of work to do.The industry distills skepticism about the enterprise value of a real self-sovereign identity solution. “Are consumers really requesting this?”, “What is the business model of it?”, or simply put “Show me the money” were frequently raised thoughts on any SSI conference at EIC. Companies need to integrate the SSI to their legacy enterprise systems, and be able to coexist with the current authentication mechanisms; all views should be taken into account to a whole SSI solution (a user, a company, a relying party, a government, etc.)…

Just a few examples were presented that showcased an actual use of a self-sovereign identity with verifiable credentials exchanges, but I am sure that next year there will be many more!

As Cameron said, “in 5 years we are going to see it as a reality”.

Let’s make it happen!