MEF CONNECTS ID & AUTH: The Dawn of Personal and Organizational Identity Hybrid Event Recap

We had such a great experience at the?MEF CONNECTS ID & AUTH: The Dawn of Personal & Organizational Identity?hybrid event in London on May 25, 2023 (see the?event pictures?and?on-demand videos). I am so grateful to all the people that participated. People from 47 countries participated (before, in person and online, and after) in this content-rich, ground-breaking event. We had a global cast of 38 speakers for the first time at an industry event introducing and exploring the role of data at the confluence of ID & AUTH. Wow! It was an explosive day.

What some of the participants had to say:

• “Fantastic event”
• “Before yesterday, I didn’t think Personal Data and Identity were particularly relevant to what I do professionally. Boy, was I wrong!” - Michael Powers, Founder, aablar, 2023
• “Kudos”
• “The topics were varied…I appreciated the Red Cross session.”
• “This was an amazing event…I especially appreciate the OI and PI narrative expertly crafted throughout the day; it was a pleasure to have contributed to the experience. One of the best events I have had the pleasure to be part of.” - Ian Deakin, Principal Technologist, Alliance for Telecommunications Industry Solutions (ATIS)
• “As always, great content Mobile Ecosystem Forum and a broad range of speaker expertise on show. Keep up the great work.”-Alchemy Telco Ltd

ID & AUTH

I’d like to start my recap by defining what we mean by ID & AUTH. ID has two meanings and AUTH has four.

Identity

A new way of working with personal identity and organizational identity is shepherding a new era of trust.

• Personal Identity (PI), a mixed concept, on one side of the equation (organizational-centric approach) PI refers to the collection and management of data that helps organizations serve their customer, reduce friction in the customer journey, and mitigate fraud. In contrast, on the other side of the equation (people-centric approach), PI empowers people and gives them agency, dignity, sovereignty, and control of their phygital self (this will be done by deploying to them SmartWallets to store their verified credentials and personal information management services (PIMS) so that they can manage their data and enact their data rights).
• Organizational identity (OI), a new idea, OI is about issuing decentralized verifiable credentials to organizations so that organizations and engagements and interactions with an organization’s agents (humans, bots, machines, APIs, messages, etc.) can be cryptographically verified, automatically and without human intervention—globally, across jurisdictions and channels. For more on OI, see Timothy Ruff’s?The Dawn of Decentralized Organizational Identity, Part 1: Identifiers.

AUTH

AUTH refers to several critical concepts.

• Authentication, refers to the practice of verifying an entity’s (individual, organization’s, bot, machine, API, etc.) identity.
• Authorization, refers to the practice of ensuring an authorized entity is allowed to access a physical or digital environment and determining what they’re allowed to do.
• Authority, refers to the process of validating an individual’s (citizens, employees, bots, machines, and AIs) rights and powers, e.g., what rights and powers organizations have delegated to individuals and what authority these individuals have to represent themselves and their organizations.
• Authentic, refers to the process of verifying the undisputed origin, i.e., provenance, of content, a bot, change, AI, or an individual’s identity.

A Day Filled with Content and Discussion

During the day, we explored the imperative for bringing genuineness and liveness back to our digital and phygital engagements, the importance of dignified identity in emerging markets and humanitarian work, the many benefits and harms that may befall us from the collection and use of personal data and identity services, and current strategies industry actors are implementing to embrace the benefits and mitigate the harms from data and identifier use. The speakers explained in great detail the dawn of decentralized organizational identity, including the origins, governance models, standardization, and industry and regulation-recognized organizational identifiers, like the global legal entity identifier (register for a discounted LEI here) and verified legal entity identifier (vLEI). In one use case, it was shared that Finland has reduced the cost of its corporate tax filing processes by 99% with organizational identity. We also did a deep dive into the role of government and how emergent personal data and identity regulations reshape the world’s economies and the social, commercial, and civic landscapes. We covered the emergence of the open SmartWallet and how 4.0 billion wallets will be in place by 2024 (5.6 billion by 2030), as a result of government mandates and commercial necessity, will be placed in people’s hands in just a few years; We also address how power shifts from the platforms to the people. You don’t want to miss this content; All 17 of the?event sessions are available on-demand, for free.

My Key Takeaways

I walked away from this event with several key takeaways and insights, including the following:

• ID & AUTH Effects Every Engagement, ID & AUTH universally impacts everything, from fraud mitigation, moments of truth throughout the customer journey and life cycle, and enterprise supply and industry value chains. Implemented with care, ID & AUTH will open up a whole new world of value, create efficiencies and make our four universes—the digiverse, metavrese, phygiverse, and fediverse—safer and more secure for everyone.
• Hold Actors Accountable for their Actions: “Always Verify, Never Trust”, cybercriminals are incredibly skilled and people and organizations make mistakes. We must change our paradigm from “trust, but verify” to “always verify, never trust.” This means we need to insert cryptographic key management at every interaction so that industry actors—humans, bots, AI, APIs, etc.—can cryptographically verify and, without human intervention, know whom they’re dealing with and understand their authority. As an industry, we must also embrace solutions like?GLEIF’s legal entity identifiers,?Aegis Mobile’s organizational vetting?and?Telesign’s continuous trust. Approaches like these will make it extremely difficult, if not impossible, for cybercriminals to thrive or for people and organizations to skirt their responsibilities. We’ll be able to hold each other accountable for each other’s actions.
• Why ART Must Be True, holding people accountable for their actions (good and bad) builds trust. To measure accountability, we need attribution and reputation. We need to resolve this formula: Attribution+Reputation=Trust. We must efficiently and at scale embrace organizational identity practices and implement verified credentials into our everyday interactions.
• Opportunity Sits at The Intersection of Technological Potential and Politics, the introduction and adoption of OI and PI into the market will face certain headwinds. Technically most of what was discussed at the event is feasible, and all of it will be given time; however, organizations and people don’t like change. The commercial and civic political headwinds may challenge and slow the adoption of OI and PI solutions, but eventually, market conditions will force the inevitable shift to OI and PI implementations, as we need them to establish trust and the equitable and fair exchange of data. OI and PI implementation will help establish trust and will become competitive differentiators.
• Data Regulations and Standards Are Re-Shaping Market Conditions, regulatory actions will force the adoption of OI and PI solutions, as will emergent standards and protocols. For instance, age assurance regulations (there are over 100 of them) will require the Internet to become age-aware,?eIDAS?will mandate the role out of SmartWallets, the?EU?and?UK?data acts will transform data portability and intermediary data handling,?Markets in Crypto-Assets (MiCA)?will mandate that credentials be used to track asset exchanges, and countless other rules are coming. All these rules will sit alongside evolving and new protocol layers, like OI and PI data exchange protocols (KERI?or?SOLID). The new layers will sit on top of existing protocols like?HTTP?and?TCP/IP. Companies will thrive by building on top of these layers. We must, however, take care to ensure that privacy and security are protected and that current practices toward call and messaging labeling do not become censorship.
• Prepare for two new metrics: Number of Verified Credentials and The Identity Nexus Rate, as OI & PI and verified credentials evolve, we must prepare for two new metrics. At a macro level businesses, will be evaluated on the number of verified connections they maintain with those they serve, and at a macro level, economies will be evaluated on the The Identity NexusTM?Rate, a measure that evaluates the equality exchange of personal data and identity.
• There will be only one identifier format; everything else is a proxy: The Public-Private Key, in the future, there will be one primary identifier in engagements, a token. The token is a cryptographic public-private key. The exact format, e.g.?W3C verified credential?or something else, will vary. All other identifiers, like phone numbers, will be proxies to tokens.
• SmartWallets, applications, on device or in the cloud, built on open standards and governance, will put people and organizations in control of their verified credentials and as an extension to all their data. By 2025 there will be 5.5 to 8 billion SmartWallets in people’s hands. These SmartWallets can easily be recognized as the world’s 9th mass media. They will make the individual the center of engagement and bring in the era of verified connections.
• A Focus on Interoperability And Open vs. Closed Systems is Needed, with all the diversity in the world and the importance of respecting local context, what we need are secure open standards and protocols to facilitate consensual and adversarial interoperability amongst systems.?Closed systems will not scale. We need open systems. This interoperability will help us foster thriving micro and macro local, regional, and global ecosystems.

Huge Thanks!

An event like this does not happen without for elements: Speakers, Supporters, Participants, and the Event’s Team.

To our speakers

Here is a huge thanks to the speakers, and their companies, who put in countless hours, and years of effort, to prepare for the few minutes they had on stage. We thank you!

??Iain Corby?from Age Verification Providers Association ??Dario Betti?from Mobile Ecosystem Forum ??Michael Becker?from Identity Praxis, Inc.???Noah Rafalko?from TSG Global, Inc.???Michael Power?from aablar ??Timothy Ruff?from Digital Trust Ventures ??Randy Warshaw?from Provenant Inc.???Fraser King?from Vodafone ??Daniel Goldscheider?from OpenWallet Foundation ??Andrew Tobin?from Gen ??Nick Mothershaw?from Open Identity Exchange ??John Bruner?from Aegis Mobile ??Nicholas Venezia?from Centillion Group Inc.???Andrew Bud?from iProov ??Jimmy Jones?from ZARIOT ??Singe StJohn Deakins?from CitizenMe ??Stephan Wolf?from Global Legal Entity Identifier Foundation ??Eric Priezkalns?from Risk & Assurance Group ??Rebekah Johnson?from Numeracle ??Gary Fegan?from Fujitsu ??Kevin Sullivan?from Leading Points ??Marie Austenaa?from Visa ??David Palmer?from Vodafone ??Chris Swan?from ATSign ??Bradley Greer?from NetNumber ??Alison McDowell?from Beruku Identity ??Soren Schafft?from The Campaign Registry ??Simon Wood?from Ubisecure ??Russ Cohn?from OCR Labs ??David?Vigar?from TruSense ??Nassia Skoulikariti?from Apiro Data ??Steve Hewitt?from Profitunity Ltd ??Tom Fish?from Gener8 ??Ian Deakin?from Alliance for Telecommunications Industry Solutions (ATIS) ??Simon?Didcote?from OBS Medical ??Priyanka Patel?from Kenya Red Cross Society ??Ellery Shentall?from Department for Science, Innovation and Technology ??Eli Katz?from XConnect

To our supporters

Here is a huge thanks to our supporters, all of whom provided strategic advisory, financial, and promotional support. We thank you!

??Numeracle???XConnect???Netnumber???Aegis Mobile???ZARIOT???Global Legal Entity Identifier Foundation???TruSense???Ubisecure???IDVerse???Provenant Inc.

To the participants

Here is a huge thanks to the participants, those who showed up pre-event to encourage and support our efforts, who showed up in-person and online the day of, and for all those that continue to engage us and the content post-event. We thank you!

To the event staff

Here is a huge thanks to the MEF event staff. Hundreds of behind-the-scenes and very public moving parts must be attended to to put on an event like this one, all of which take hundreds of hours to execute. The MEF team makes it look easy. It is most certainly not. We thank you!

The Tip of the Iceberg

As great as this event was, it represent just the tip of the iceberg in our ID & AUTH journey. We have so much more to learn and address. For instance, we need to do a deeper dive into exploring more real-world use cases, go beyond developed Western market views and explore emerging market views in greater detail, go deeper into the emergent protocols, standards, and regulations, and foster an environment where buyers and sellers can get to getter to collaborate solve problems and serve people.

We’ve already started our planning for next year’s show; we are also working on other events (MWC Americans, MWC Barcelona 2024) as well as regional events and workshops, live steam, webinars, podcast (video and audio), briefings, partner events, reports, blogs, and more. If you’d like to get involved, be interviewed, or contribute content, please contact me,?Michael Becker, the MEF PD&I Working Group Chairman and CEO of Identity Praxis, Inc.

?#AccessibilitybyDesign #Addressability #AddressabilitybyDesign #AgeAssurance #AgeAwareness #AgeEstimation #AgeVerification #Agency #ArtificialIntelligence #ArtificialIntelligence #Attribute #Authentication #Authentication #Confidence #Cryptology #Cybercrime #Cybersecurity #DigitalAge #DigitalDemocracy #DigitalEra #DigitalIdentity #DigitalRelationship #DigitalTransformation #Digitalidentity #FIDO2 #GenuinePresence #GlobalDataWarming #GlobalLegalIdentifier #HumanRight #Humanity #Humanizing #Identity #IdentityManagement #Imbalance #InternetAgeAware #InternetOfThings #IoT #LEI #MarketForces #MobileIntelligence #MultipleMEs #NetworkAgents #OTP #OneTimePasscode #OnetoOneChannel #OpenSource #OpenSource #OpenWallet #OrganizationalIdentity #PASS #Passkey #PeopleCentric #PermissionManagement #PersonalData #PersonalIdentity #Phishing #PhoneIntelligence #PrivacybyDesign #Privacy #PrivacyPreservingTechnology #ProofofAge #Regulations #Risk #Robocalls #Robotxt #SIMBasedAuthentication #Security #SilentAuthentication #SmartWallet #SmartWallets #Smishing #SystemicTrust #TheIdentityNexus #Trust #VerifiedDelegableAuthority #WebAuthN #vLEI

Aegis Mobile Global Legal Entity Identifier Foundation (GLEIF) netnumber TSG Global, Inc. Numeracle Provenant Inc @TruSense Ubisecure XConnect ZARIOT Atsign IDVerse - An OCR Labs Company The Campaign Registry Telesign TSG Global, Inc. Age Verification Providers Association Mobile Ecosystem Forum

Marie Austenaa Dr. Michael Becker Dario Betti John Bruner Andrew Bud CBE FREng FIET Russ Cohn Iain Corby StJohn "Singe" Deakins Gary Fegan Daniel Goldscheider Bradley Greer Steve Hewitt Rebekah Johnson Jimmy Jones Fraser King Alison McDowell Nick Mothershaw David Palmer Eric Priezkalns Noah Rafalko Timothy Ruff Soren Schafft Nassia Skoulikariti Kevin Sullivan Chris Swan Andrew Tobin Nick Venezia David Vigar Eli Katz Randy Warshaw Stephan Wolf Simon Wood