Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Explaining SSI to C-suite executives, and anyone else for that matter

378 views

Published on

https://ssimeetup.org/explaining-ssi-c-suite-executives-anyone-else-john-phillips-webinar-48/
John Phillips from 460degrees in Australia has been exploring with his team for more than two years for a way to describe Self-Sovereign Identity (SSI) that was easy to understand. We think he has found a good method to make SSI easy to understand for any C-suite executive and business people that goes beyond the technology.

John published a video in late 2019 that we found deeply insightful and we have invited him to share this with the SSI Meetup audience. This demo has been going down amazingly well with audiences from c-suite technology execs to design students.

This approach quite literally animates the discussion. People add other objects into the mix, move things around, ask relevant, insightful, questions.

John will share the learnings he is gaining from University research, as well as the results of work in supporting capstone projects for higher education students, and how this has led us to a storytelling model to explain SSI.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Explaining SSI to C-suite executives, and anyone else for that matter

  1. 1. Explaining SSI to C-suite execs, and anyone else for that matter John Phillips Partner | Innovation | Self-Sovereign Identity Email: john.phillips@460degrees.com LinkedIn: https://www.linkedin.com/in/johnphillips11kps Twitter: @11dot2john SSIMeetup.org
  2. 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives
  3. 3. We’ve been trying to find better ways to explain SSI to people and organisations for over 3 years “We” is me, and for the last year and more, my fellow teammates at 460degrees. “We” is also the global SSI community. My guess is that “we” includes you too. SSIMeetup.org
  4. 4. Recently, we think we’ve found a way that works This deck tells the journey we’ve taken so far, what we’ve learnt (and are learning) along the way, where we are now, and where we want to get to next…. SSIMeetup.org
  5. 5. Like most, we started by learning the technology and explaining how it works We learnt about DIDs, DIDdocs, Verifiable Credentials, Hyperledger (Indy, Aries and Ursa), Byzantine Consensus Algorithms, Zero Knowledge Proofs, Sovrin, W3C, DIF, IETF, Edge devices, Agents, Wallets, uPort, etc. etc. We connected with everyone we could. And we would explain what we learnt. [And we need to keep learning and sharing today] SSIMeetup.org
  6. 6. During 2018 we finessed our approach, borrowing from those around us We created presentations that followed familiar paths: the internet was made without an identity layer, that cartoon image of a dog at a keyboard, digital identity is a problem for people and organisations, toxic data, history and principles, building blocks, standards and open-source software, and operational examples. We have over 60 presentations and our master deck has over 200 slides [not including these ones] - we never use it in full! SSIMeetup.org
  7. 7. In 2019, we started our investment in SSI technology We wanted to prove that the technology was real, that we could put it in the hands of people in the audience and show them it working. So we invested (and still invest) in the technology, building client focused demos, putting wallets in people’s hands, and exploring the technical angles that we’re interested in…. SSIMeetup.org
  8. 8. The thing was, tech-led wasn’t working very well … for us at least... SSIMeetup.org
  9. 9. We were “solving for the wrong problem” It wasn’t the best way to explain SSI for our audiences. It was as if we were trying to explain the internet by describing each RFC of the TCP/IP suite, to a bunch of AOL engineers… [When did you last try to explain how the internet works? How did that work out for you?] SSIMeetup.org
  10. 10. Intermission: SSIMeetup is a brilliant, and growing, source of material I’m presenting to an SSIMeetup audience, flattered by Alex’s request to present, and grateful for his help in making this work. If you want to learn about SSI and its practitioners, SSIMeetup is a great place to begin your journey, and to revisit. BUT while SSIMeetup is already a great resource, I think there is a gap in the material to date... SSIMeetup.org
  11. 11. Observation: Lots of technical explanation of how SSI works. Few simple explanations of the SSI experience My premise is that we all want SSI to succeed. To do that SSI needs to work technically AND we need to be able explain it. We need to win people, organisations and businesses over. To do that, we need to get better at explaining SSI, we need to share ideas on what’s working and what’s not. SSIMeetup.org
  12. 12. Why doesn’t starting with the tech work? Think about your audience If they are a technologist with experience in Digital Identity, they are most likely experienced in traditional IdAM If they’re a blockchain fan, then they’re looking for crypto and smart contracts everywhere If they’re a business executive, then they’re wondering whether this is worth listening to, is it a threat or opportunity for them in their role and for their business... SSIMeetup.org
  13. 13. Observation: If you start with the technology, attention drifts and the conversation loses focus Technologists with many years of mostly the same experience see everything through their own lens. Blockchain people keep talking about “crypto wallets” and keep thinking that we’re writing PII to the blockchain and/or monetising personal data. Business people get bored. You have 6 seconds to get their attention. SSIMeetup.org
  14. 14. [Oh the irony of writing that statement in a deck to be presented in a webinar. While I didn’t have a choice on this occasion, it still feels like I’m shooting in the dark] Unless the format demands that you have to, don’t start with a deck. If you do have to start with a deck, make sure you have room to tailor the story for the audience. Observation: If you start with a slide deck, you’re imposing a fixed story, with fixed content, on people you don’t know yet SSIMeetup.org
  15. 15. I really enjoy Philip Sheldrake’s contributions (webinar 24). He and others make important points and ask challenging questions. I also know that I (and others) can be easily distracted by considerations of the words “self”, “sovereign”, and “identity”. So for now I’m focused on how we might use SSI, for the good of all... Observation: If you start by trying to explain “self”, “sovereign”, and “identity”, you’ll likely never finish SSIMeetup.org
  16. 16. We wanted to humanise the conversation, to simplify and demystify SSI We wanted to avoid being derailed by questions before our audience had even understood the basic premise. We wanted to make sure that we had a common framework, and shared mental model, before encouraging questions. We wanted to distinguish clean and simple SSI from “SSI-washing” SSIMeetup.org
  17. 17. So in 2019 we did two things in parallel 1. External Research. We explored our contacts with Universities, looking to see how their students and academics might help us. 2. Internal Workshops. We did a retrospective on our own approach and thinking. SSIMeetup.org
  18. 18. With Universities, we explored projects with students and research with academics We completed capstone projects with two Universities, one with a group of Cybersecurity students, and one with a group of Design Students. We learnt lots from both. We also started a co-investment research program with the Smart Cities Research Institute team of Swinburne University to consider Digital Wallets in Smart Cities. SSIMeetup.org
  19. 19. These two areas are worth their own, separate, explanation From the University capstone projects, we gained some great insights about what works, and what doesn’t work, when explaining SSI. [I’ll happily share the excellent Swinburne University design students’ work separately.] With the Smart Cities team we have just finished our first workshops with members of the general public and we’re learning LOTS more. SSIMeetup.org
  20. 20. Today I want to focus on the story that got the attention of Alex (and a few others) We were looking for a way to explain SSI to the UX design students at Swinburne and played with some concepts we had used in other sectors... SSIMeetup.org
  21. 21. We used a mash-up of Human Centred Design, Innovation and Google Ventures “Sprint” And we looked in our stationary and craft drawer for inspiration... SSIMeetup.org
  22. 22. And we wrote a simple story SSIMeetup.org
  23. 23. Australia is home to (arguably) the oldest civilisations in the world. These are peoples whose culture was maintained for over 40,000 years by storytelling. Stories are powerful Why Stories? Because people, all people, all of us [you included], remember things best when told as a story SSIMeetup.org
  24. 24. Critically, and very deliberately, we give our story a human angle We give the characters in our story a name and a back story. “Meet Jackie, she’s a successful young adult living in an apartment. Jackie has just got a new job and wants to move nearer to work.” SSIMeetup.org
  25. 25. Think of this as mixing the [anodyne] use-case model with personas and Human Centred Design [In My Opinion] The way we normally present Use-Cases is an almost completely useless way to explain something to an audience. SSIMeetup.org
  26. 26. Human Centred Design gives us a framework to test and explore “wicked” problems [In My Opinion] Digital Identity is a “wicked problem”. It is technically complicated, and socially / politically complex. SSIMeetup.org
  27. 27. This is an example of storytelling in a business context... Business Stories are short and have a structure along the lines of: • This used to be the case • Then this happened • So we’re doing this • So that we can achieve this Our story structure is a little different, but shares much of the DNA. SSIMeetup.org
  28. 28. You might recognise the similarity with “Situation; Complication; Resolution” Often attributed to McKinsey and related to the Minto Pyramid, you can find lots of material about this pattern on line. You’ll see that we use Situation; Resolution; Complication We put the complication last? Why? Well let’s see... SSIMeetup.org
  29. 29. Important Point: Ask permission to tell the story first… “We’d like to explain SSI in a way that will help us all get on the same page and provide a framework for our conversation. It will take about 7 minutes. After that we can demonstrate the technology and discuss business models and any technical questions you may have. Is that OK?” SSIMeetup.org
  30. 30. We introduce the story as having three parts Part 1 - The current, physical, world Why? To establish a shared experience Part 2 - The SSI world Why? To demonstrate how similar SSI is to the shared experience of the physical world Part 3 - The current digital world Why? To show the broken nature of centralised and federated systems - to give a “call for action” SSIMeetup.org
  31. 31. So THIS is our SSI demo kit... SSIMeetup.org
  32. 32. Let’s see it in action... SSIMeetup.org
  33. 33. Part 1: The world we live in now What’s it like to rent a new apartment, now? SSIMeetup.org
  34. 34. Meet Jackie, she’s a successful young adult living in an apartment. Jackie has just got a new job and wants to move nearer to work. SSIMeetup.org
  35. 35. Jackie has a driving licence and pays one of the utility bills for the apartment. She keeps her driving licence in her wallet and the bills in a drawer of a desk at her apartment SSIMeetup.org
  36. 36. These are physical “credentials”, they state • who issued them • who they were sent to, • and other information relevant to their purpose SSIMeetup.org
  37. 37. Jackie has found an apartment she likes managed by “Highly Rated Rentals” SSIMeetup.org
  38. 38. Highly Rated Rentals tell Jackie that they’d love to rent the apartment to her, and that she’ll need to provide some identity information, and her bank account details. SSIMeetup.org
  39. 39. Jackie has just opened a new account at a bank, so she asks them for an account statement SSIMeetup.org
  40. 40. Jackie takes the three documents with her to the rental agency... SSIMeetup.org
  41. 41. And they take copies of everything. [… Jackie hopes they keep the copies very securely….] SSIMeetup.org
  42. 42. Sometime (days) later, the rental agency call Jackie and tell her that everything went through OK, and can she come back to the office to sign the agreement, pay the bond, and pick up the keys? SSIMeetup.org
  43. 43. Jackie goes back to Highly Rated Rentals and completes the transaction So now Jackie has keys to her new apartment and a new document to store SSIMeetup.org
  44. 44. And that’s the world that most of us live in right now. We use physical documents to prove things, and we receive physical documents in return. SSIMeetup.org
  45. 45. Part 2: The SSI world It’ll be quite like the current experience, but a bit better... SSIMeetup.org
  46. 46. First we give Jackie a digital wallet. This is usually an app on Jackie’s phone but it can be any SSI capable secure storage device. SSIMeetup.org
  47. 47. Now the physical documents are Verifiable Credentials. The digital credential and its contents are cryptographically signed by the issuer and addressed to Jackie SSIMeetup.org
  48. 48. Jackie can share the credentials with whoever she chooses, in whole or in part, or even by proving that she has the credential (and that’s all they need to know). SSIMeetup.org
  49. 49. Highly Rated Rentals tell Jackie they’d love to rent the flat to her, and they can do all the checks in seconds, but they still need the same information. SSI doesn’t change the law, nor does it need to. SSIMeetup.org
  50. 50. Highly Rated Rentals send a “Proof Request” to Jackie’s wallet. Her wallet tells her what they want to know, and which of her verifiable credentials can answer those questions. SSIMeetup.org
  51. 51. Jackie still needs to confirm her bank account details, so she connects with her new bank and gets them to send her a verifiable credential of her account. SSIMeetup.org
  52. 52. Now she can use her Verifiable Credentials to respond to Highly Rated Rentals with a Proof Response SSIMeetup.org
  53. 53. The proof response is cryptographically signed by Jackie, sent to Highly Rated Rentals, and contains the three things they asked about. SSIMeetup.org
  54. 54. For each credential, Highly Rated Rentals can do four checks: • Who issued the credential (do they know and trust them?) • Was it issued to Jackie (is this hers?) • Has it been changed in any way? (has she changed the details?) • Has it been revoked? (important for some things) SSIMeetup.org
  55. 55. They do this by checking the signatures of each issuing authority and any revocation lists. Importantly, they can do this without contacting the issuing authority as this would be a breach of privacy. This is our “ledger” - labelled lollipop sticks SSIMeetup.org
  56. 56. The public signatures of issuing authorities, and other information that they choose to share, are stored in a trusted place. There are already 32 different places (methods) to write the information. SSIMeetup.org
  57. 57. The verifiable credential includes a pointer to public information about the issuer, including the public keys they use for signatures. Issuers can choose where to store their information, so long as that location is trustworthy and a verifying party can find it and open it. SSIMeetup.org
  58. 58. Jackie’s credentials pass the tests, and Highly Rated Rentals offer Jackie a Rental Agreement. This arrives at Jackie’s wallet as a new credential offered by Highly Rated Rentals. SSIMeetup.org
  59. 59. Jackie accepts the offer, and the new credential is stored in her wallet along with her other exchanges with Highly Rated Rentals. Highly Rated Rentals get a confirmation that Jackie has accepted the offer. SSIMeetup.org
  60. 60. Jackie pays the bond and picks up her keys. As you can see, SSI is pretty much like the current world Just more secure, more private, more efficient…. ... BETTER SSIMeetup.org
  61. 61. Part 3: The broken promise of current digital identity models That’s all very cool, but that’s not the digital world we currently live in... SSIMeetup.org
  62. 62. This “Sparkly Ball” was what we found in the craft drawer and decided to use as a prop for current digital identity systems. It stuck, and we’re fond of it, even if its sparkles are beginning to fall out! Introducing the sparkly ball SSIMeetup.org
  63. 63. When we describe the sparkly ball in Australia, we use examples such as the “login with” systems of Facebook and Google, and the “identity systems” of AppleID, AusPost Digital ID, MyGovID, etc. SSIMeetup.org
  64. 64. We explain that the Sparkly Ball is our euphemism for current centralised identity and federated identity systems SSIMeetup.org
  65. 65. Each of these systems allocates you with an “identity” that you can use to authenticate yourself to other organisations in the network. Back to Jackie... SSIMeetup.org
  66. 66. In return for telling the sparkly ball a bunch of stuff about herself, Jackie gets allocated an identifier... SSIMeetup.org
  67. 67. When Jackie uses this identifier with her bank, the bank asks the Sparkly Ball to authenticate it… And the Sparkly Ball learns that Jackie is talking to the bank... SSIMeetup.org
  68. 68. When Jackie uses this identifier with Highly Rated Rentals, they ask the Sparkly Ball to authenticate it… And the Sparkly Ball learns that Jackie is talking to the Highly Rated Rentals... SSIMeetup.org
  69. 69. Everytime Jackie uses the identifier, the Sparkly Ball knows. Some Sparkly balls go to considerable efforts to try not to notice and to forget what they learn. Apple for example promises to forget after 30 days [page 6, here]. SSIMeetup.org
  70. 70. Some try to “blind” themselves, covering their digital eyes and ears. But others don’t, and use the data they gain about you for their own reasons. Good or bad intentions, the architecture means that they are always in the loop SSIMeetup.org
  71. 71. So we don’t like Sparkly Balls SSIMeetup.org
  72. 72. The END SSIMeetup.org [of the Jackie demo]
  73. 73. Typical next steps in our conversations... At this point we usually offer to run one of our software demos. Then we start to explore their technical and business questions… “What’s on the ledger? [again] “How do we make money/reduce risk/improve our customer experience?” etc. SSIMeetup.org
  74. 74. So there you have it, our simple way to demo SSI... The original LinkedIn Post and video that attracted Alex’s attention is on LinkedIn here We’ve since made a (slightly) improved recording of this approach here And we’ve built cartoon versions and even role played this with real people at meetups… And we’re writing other stories for Jackie... SSIMeetup.org
  75. 75. We continue to look for new ways to support the adoption of SSI • Continue to sponsor research and student projects with Universities • Co-Chairs (APAC) for the Sovrin Guardianship Working Group • Actively explaining SSI to government and industry bodies • Promoting the commercial trial and adoption of SSI. [we’re not a charity!] SSIMeetup.org
  76. 76. We’re still learning. We would be very interested to hear what’s working, or not, when you explain SSI. We’d be happy to connect! The last slide in this deck has the team’s full contact details... SSIMeetup.org
  77. 77. Finally, I was asked to add a list of any books that have helped me understand identity better. I’m an avid reader. ALL stories explore identity in one way or another. This is a big and growing list... Here are some of the non-fiction and fiction books that have shaped my thinking Philosophy • Kwame Anthony Appiah - The Ethics of Identity [or listen to his excellent BBC Radio 4 Reith Lecture podcasts on identity] • AC Grayling - lots, but a nice introduction is “Thinking of Answers: Questions in the Philosophy of Everyday Life” • I’ve also struggled through others such as Kirkegaard, Wittgenstein, Kant and Russell • And I had the usual youthful fascination with existentialism [Sartre, Camus, Goethe, de Beauvoir, Kundera etc.] Non-Fiction • Rachel Botsman - Who Can you Trust • Soshana Zuboff - The Age of Surveillance Capitalism • Yuval Noah Hurari - Sapiens, Homo Deus, Lessons for the 21st Century • Hans Rosling - Factfulness • Richard H. Thaler - Misbehaving: How Economics Became Behavioural • Daniel Kahneman - Thinking, Fast and Slow • Dan Ariely: Predictably Irrational • Randall Munroe - Thing Explainer • Nassim Nicholas Taleb - Antifragile Fiction: • Ben Elton - Identity Crisis • Philip K Dick - Flow My Tears, The Policeman Said [and other titles] • Daniel Suarez - Daemon • Richard Morgan - Altered Carbon • Pretty well everything by William Gibson SSIMeetup.org
  78. 78. The SSI team at 460degrees are John Phillips, Jo Spencer and Jack Dwyer. We are passionate students, evangelists, and enablers of Self-Sovereign Identity. We believe that Self-Sovereign Identity is a better model for digital privacy, security and trust for people, organisations, and things on a global scale. We see SSI as a disruptive but positive force, a change for good. We want to be a catalyst for that change, helping people and organisations navigate their way to a better digital future. Thanks for the chance to share John Phillips Partner | Innovation | Self-Sovereign Identity Email: john.phillips@460degrees.com LinkedIn: https://www.linkedin.com/in/johnphillips11kps Twitter: @11dot2john Jo Spencer Champion | Payments | Self-Sovereign Identity Email: jo.spencer@460degrees.com LinkedIn: https://www.linkedin.com/in/jospencer-1pg Twitter: @spencerjed Jack Dwyer Development Lead | Self-Sovereign Identity Email: jack.dwyer@460degrees.com SSIMeetup.org

×