►
From YouTube: Decentralized Identities-July 2020
Description
In this month's Microsoft identity platform call, Matthijs Hoekstra, Program Manager, goes into detail about Decentralized Identities and shares scenarios you can build with it.
Resources
View presentation https://aka.ms/AA918um
White paper aka.ms/didwhitepaper
Docs aka.ms/opendid
Stay connected
Twitter https://twitter.com/microsoft365dev
YouTube https://aka.ms/M365DevYouTube
Blogs https://aka.ms/M365DevBlog
A
Hello
welcome
everybody
thanks
stephen
for
inviting
me
for
the
community
call.
It
is
actually
the
first
time
and
he
asked
it
a
couple
of
times
before
so
again,
I'm
I'm
a
colleague
of
stephen.
I
want
to
shout
out
to
stephen
for
organizing
all
this
work
around
the
communities
and
enable
everybody
to
be
able
to
speak.
That's
much
appreciated.
A
A
This
is
not
a
topic
which
hasn't
been
discussed
before
we
presented
around
this
at
ignite
at
build
see.
This
is
my
interpretation
of
of
the
the
technology
in
the
platform,
I'm
an
I'm
a
developer
guy,
so
I
typically
work
with
developers
help
them
integrate
their
solutions
with
our
identity
stack
like
ad
or
btc,
although
more
aed,
to
be
honest,
using
our
libraries
explain
how
they
work.
A
I've
been
assigned
to
work
now
with
the
decentralized
entity
team
and
help
them
do
the
first
proof
of
concept
of
pilots
with
our
customers
and
and
train
our
partners.
A
So
I
like
to
talk
to
what
is
decentralized
entities
and
why
we
think
it's
important
and
also
why
you
or
you
should
or
should
not
care
as
a
developer
or
an
architect.
I
want
to
explain
a
bit
how
the
technology
works
and
there's
plenty
of
time
for
q
a
feel
free
to
to
ask
the
questions
I
am
as
well.
You
can
speak
up
if
you
are
not
shy
as
well.
A
A
So
if
you
want
to
allow
access
to
an
expense
tool,
if
people
did
some
kind
of
compliance
training
well,
what
would
you
do
in
the
expense
tool
when
people
log
in
you
probably
will
do
an
api
call
to
the
trading
system
to
figure
out?
Did
steven
actually
finished
his
training
this
year?
Did
my
dice
do
that
as
when
he
logs
in?
If
that's
true,
okay,
I'm
gonna
grant
you
access.
A
That's
not
impossible
to
do.
Probably
not
even
that
hard
if
there's
an
api,
that's
going
from
the
training
system,
but
now
I
want
to
accept
certain
trainings
from
a
linkedin
or
microsoft,
learn
or
plural
site
or
something
else
it's
getting
more
complicated,
because
if
they
have
an
api,
they're,
probably
all
different.
How
do
you
authenticate
against
those
and
get
that
information
out
there?
So
these
systems
are
can
be
hard
or
in
the
case
of
12
000
companies
want
to
work
together.
A
This
is,
for
example,
nxs
in
the
uk,
setting
up
for
one
company
federation
with
twelve
thousand
different
companies
and
do
that
for
all
those
twelve
thousand
companies,
so
their
users
can
actually
start
collaborating
together,
I'm
sure,
if
your
consultancy
company,
you
would
love
to
set
it
up
for
the
companies,
because
it's
a
ton
of
work,
but
you
see
you
can
see
that
this
is
really
really
hard
or
allowing
a
50
discount
for
any
student
in
the
country.
A
How
do
you
check
if
somebody's
a
real
student
check
and
age,
so
you
know
that
people
are
older
than
20
or
21
years
old?
I
know
with
a
b2c.
We
actually
have
an
an
and
a
check
for
people
if
they
are
a
miner
or
not
so
the
21
years
can
be
flexible,
but
just
proving
that
you
are
20
years
old
or
older
to
be
able
to
buy
alcohol
in
the
store,
for
example,
that
that's
something
which
is
is
hard
to
do
today.
A
The
last
one-
and
this
is
actually
a
real
case
for
for
for
companies
like
well-
I
you
want.
I
want
you
to
prove
that
you
actually
have
a
degree
in
medicine.
You
are
allowed
to
practice
medicine,
so
you're
not
like
dr
phil.
You
can
call
yourself
a
doctor,
but
you
can't
practice
practice
medicine
and
you
work
for
any
of
these
companies.
A
So
this
is
more
my
introduction,
okay!
Well,
what
kind
of
solutions
do
I
think
about
when
I'm
a
developer
or
an
architect?
And
how
would
I
solve
these
so
that
in
mind,
like
okay,
well,
you're,
now
thinking
about
oh
well,
I
would
build
this
system.
I
will
be
listening.
A
Let's
see
how
you
would
solve
this
so
that
we
are
building
this
and
the
current
state
is
typically,
your
identity
consists
of
username
and
password,
hopefully
with
mfa,
although
we
are
moving
to
a
more
positive
environment,
but
your
identity
is
typically
tied
to
a
app
with
a
username
all
right,
but
it's
more
identity
is
everything
you
do
right.
You
get
your
achievements,
you
buy
stuff,
you
play
your
games,
it's
at
work,
it's
at
home,
your
education,
although
we
think
well,
it's
all
unique.
A
We
typically
reuse,
usernames
and
passwords
everywhere,
with
all
the
problems
going
with
that
right,
if
you're
doing
anything
with
identity.
This
should
be
known,
endless
breaches
of
personal
data
that
we
spend
billions
of
dollars
to
do
all
this
and
actually
prove
things,
there's
a
lot
of
people
who
don't
even
have
a
valid
identity
like
a
password
or
a
driver's
license,
and
in
some
case
entire
identity
systems
disappear,
including
your
identity.
A
So
what
our
customers
ask
is
well,
I
want
more
privacy
control
over
my
identity
and
my
data
and
the
question
we
generally
ask
is
well.
Do
you
remember
the
last
20
websites
you've
used
what
account
you
used
and
what
information
you
shared
with
those
websites?
I
don't
know
and
by
the
way
you
probably
share
a
lot
of
stuff.
Meanwhile,
because
you're
still
signed
into
facebook
on
all
those
different
sites
as
well.
A
You
want
to
be
protected
from
hacks
and
breaches
right
and
organizations.
They
have
a
lot
of
requirements
as
well.
They
want
to
collaborate
with
a
lot
of
people.
It's
not
just
internal
anymore,
reduce
risk.
Gdpr
is
a
big
thing,
especially
in
europe
are
the
anti-money
laundry
systems.
The
financial
organizations
have
to
get
in
place.
A
A
So
it's
more
the
high
level
statement
right.
We
want
everybody
to
have
a
digital
identity,
you
own
and
you
control.
It's
secure
and
it
can
store
elements
of
your
identity
securely
and
you
control
when
you
want
to
expose
what
information
to
whom,
but
it
has
to
be
seamless,
integrate
right.
We
can
make
technology
which
is
not
user
friendly.
A
At
that
time,
the
technology
will
fall
apart,
even
if
the
technology
is
really
good,
so
the
user
experience
is
actually
a
key
in
in
building
these
kind
of
solutions
all
right.
How
does
this
look
like
in
practice?
So
let
me
just
show
you
something
and
let's
see
if
it
works
today
I
got
my
phone
here,
an
android
phone,
and
I
have
my.
A
A
A
I
logged
in
already
that's
why
it's
so
quick
I
accept,
and
if
lifting
works
correctly,
I'm
now
issued
a
we
call
it
a
verifiable
credential,
a
digital
identity
on
my
authenticator
app
or
my
wallet.
So
I
have
my
university
card
here.
There's
some
details.
Where
that
I
use
it
everything
is,
is
stored
on
my
wallet.
We
call
it
the
the
mic
stuff.
A
This
is
microsoft
indicator,
it's
the
it's
the
wallet
so
now
I
got
my
digital
identity
for
my
university,
for
example,
the
scenario
I
told
you
I
want
to
give
discount
to
any
student,
so
this
is
a
website
where
they
give
discounts
to
contoso
university
students.
So
it
asks
me
to
help.
Can
you
prove
that
you
actually
are
a
student?
So
what
I
can
do
now
scan
this
qr
code.
A
A
So
I
got
myself
one
or
more
identities.
I
got
a
business
card.
I
got
a
verified
employee
card.
If
I
now
look
on
the
activity
I
can
see
it
was
verified
when
it
was
issued
by
the
contoso
university
and
now
it's
verified
by
the
fabrication
bookstore.
So
I
actually
have
a
receipt
of
every
time.
I'm
using
my
my
credential
and
I
should
be
able
here
to
revoke
access
to
the
to
the
to
the
bookstore
as
well.
When
I
decide
to
do
that
all
right.
A
So
how
does
all
this
magic
work?
Because
this
is
this-
didn't
seem
very
complex
at
all
and
I
think
that's
a
good
thing,
because
every
user
experience
should
be
easy
and
there's
still
a
lot
of
work.
We
have
to
do
and
I'll
talk
about
those
details
later,
so
I
didn't
do
a
build
up
slide.
So
all
these
different
pieces
we
have
in
place
in
the
middle
is
the
user
agent,
the
wallet
or
the
authenticator
gap,
in
our
case
and
in
the
text
beliefs
is
that
we've
tried
to
build
everything
standards-based.
A
We
are
working
in
the
dif,
the
distributed
identity
foundation
and
obviously
the
w3c
to
make
sure
that
everything
we
do
is
based
on
on
on
a
standard.
So
I
got
my
wallet
and
the
specifications
are
still
in
in
working.
I
order.
I
can
store
some
information
about
myself
in
this
case.
It's
done
in
the
wallet,
but
this
could
be
something
in
the
cloud
in
the
future
as
well.
A
I
can
exchange
credentials
between
myself
and
a
resource
like
the
website
and
I'll
talk
about
how
it
works
in
a
little
bit.
That's
all
based
on
the
fervor
viral
credentials,
standard
from
the
w3c
and
the
big
difference
here
is
well.
We
talked
about
decentralized
systems
is
if
you
are
familiar
with
how
aed
works.
A
A
So
what
happens
is
if
you're
familiar
with
current
technology
like
80
or
b2c
or
identity
server?
Whatever
idp
you
use,
what
happens?
Is
you
go
to
a
website?
The
website
said
I
don't
go
away.
I
don't
know
who
you
are.
They
send
you
back
to
that
central
idp.
They
register
their
application
with
that's
always
a
single
one,
sometimes
too,
but
typically
a
single
one.
A
There
you
sign
in
ad
shows
you
a
nice
login
page
username,
password
mfa,
fido,
whatever
you
get
back
an
id
token,
that's
what
you
present
to
the
website.
The
website
says:
well,
here's
an
id
token!
Well,
my
dice
there's
a
key
id
in
the
header
and
there's
a
signature
on
the
bottom.
Let
me
check
that
signature.
It
goes
back
to
the
hard-coded
endpoint
from
the
idp
retrieves.
The
public
keys
validates
your
id
token
to
make
sure
it's
signed
with
the
private
key
of
the
idp.
If
that
checks
out
it.
A
No
it's
it's
me
and
it
signs
you
into
the
to
the
website.
What
we're
now
creating
is,
since
I
have
my
own
identities
issued
by
any
or
more
issuers,
how
do
we
validate
if
that's
actually
real?
So
what
happens
is
that
contoso
university
publishes
their
public
key
material
me
as
a
user?
When
I
got
my
identity,
my
public
key
information
is
published
in
a
data,
central
and
then
digital
database
as
well
the
same
with
the
the
websites.
A
So
how
does
the
website
check
if
the
signatures
are
correct,
so
what
they
do
they
go
to
this
distributed
system
here,
and
this
is
based
on
blockchain
technology
and
retrieved,
the
public
key
from
me.
So
it
knows
like
well
wait
a
minute,
the
id
user.
What's
your
public
key,
the
id
issuer?
What's
your
public
key
and
then
it
can
actually
verify
if
those
signatures
are
from
those
people.
That's
the
biggest
piece
of
differences
versus
a
central
identity
provider.
A
So
if
I
am
an
employer-
and
I
want
to
be
able
to
validate
diplomas
from
a
user,
I
can
go
to
another
click
through.
I
can
actually
go
to
czech
diplomas
from
all
the
universities
in
the
us,
so
it
doesn't
have
to
be
a
single
university
and
all
those
universities
can
actually
issue
those
diploma
credentials
by
themselves.
A
So
what
isn't
vc
for
real?
It's
just
a
job,
so
you
can
see
one
if
you're
familiar
with
id
tokens.
They
look
familiar,
there's
a
there's,
a
header.
Obviously
the
key
id
is
here
and
typically
that's
like
a
number
and
you
go
back
to
that
idp.
Well,
there's
no
central
idp
because
I'm
my
own
idp,
so
we
go
to
the
decentralized
database
and
retrieve
that
public
key
and
validate
the
signature
which
is
on
the
bottom.
That's
simply
really
simply
simplified
what
what
these
are
the
lines
identities,
however?
Technically
how
the
technically
works?
A
Microsoft
is
building
a
few
pieces
of
technology
and
I'll
go
to
the
list
later,
but
first
of
all,
you
have
to
be
able
to
issue
credentials
so
we're
building
an
issue,
a
credential
service
on
top
of
azure
active
directory,
which
is
now
a
private
preview
where
you
can
actually
create
and
design
those
credentials.
Think
about
a
electronic
diploma
or
you're,
proving
that
you're
working
for
your
employer
passport
driver's
license.
Anything
can
actually
be
a
credential.
A
So
if
it's
going
to
be
outside
of
aed,
then
the
federation
is
going
to
be
complicated.
If
you
want
to
limit
the
tenants,
you're
gonna
trust-
and
I
guess
back
to
this
scenario,
what
if
you
want
to
trust
just
contoso
and
we're
gonna
talk
about
how
that
verification
works?
It's
actually
a
interesting
problem.
We
still
have
to
tackle.
How
do
I
know
this
is
actually
contoso
university.
How
do
I
know
it's
not
just
mata
spun
up
and
contos
university
issuer,
because
anybody
can
be
issuing
identities
and
and
say
well,
I'm
in
university.
A
A
Where
does
the
trust
start?
If
you
compare
to
public
key
chains,
there's
a
root
ca.
Okay,
which
would
say:
do
you
trust
and
which
one
not
so
that
that
kind
of
system
you
have
to
think
of
so
we're
building
the
infrastructure,
but
the
trust
system
is
still
something
which
has
to
happen
so
universities
have
to
come
together
and
make
sure
there
is
like
some
kind
of
database
with
real
universities
I
can
get
to
and
to
make
sure
that
when
I
start
validating
those
those
credentials,
I
know
it's
going
from
a
valid
university.
A
So
kevin
I'm
not
sending
two
id
tokens,
I'm
sending
one
credential
with
two
signatures.
So
once
is
from
the
issuer.
Who
said
who
gave
me
the
credential,
and
one
is
for
me,
so
it's
the
employer
knows
it's
actually
coming
from
me
and
not
somebody
else
so
so
paul.
I
hope
that
answers
your
question.
So
I'll
talk
a
little
bit
about
the
code,
how
you
can
specify
what
issue
is
you
want
your
your
your
way
requesting?
A
Because
that's
something
you
want
to
do
for
the
user
anyway,
so
the
few
things
you
have
to
do
is
you
have
to
design
the
contract
so
what's
in
the
credential
and
also
how
it
looks
and
feels
so,
you
can
understand
when
we
can
work
with
customers,
we're
going
to
spend
most
of
the
time
about
the
color,
the
icons
and
and
the
images
and
the
rest
is
spent
on
implementation.
It's
like
a
sharepoint
project.
We
spend
most
of
the
time
the
look
and
feel
and
the
rest
is
done
on
implementation.
A
A
There's
some
claims.
I
want
to
to
collect
a
student
number
and
an
expiration
date,
and
maybe
a
profile
picture,
nothing
fancy
here,
then
that's
the
well.
How
do
I
get
those
credentials
inside
of
this
pc
there's
different
ways
today
I
can
self
a
test,
so
you
ask
the
user:
what's
your
favorite
color?
I
can
map
from
a
id
token
that's
what
we
did
here.
A
So
I
map
this
claim
student
id
given
name
family
name
to
the
claims
inside
of
my
vc,
so
whatever
the
id
tokens
provide
you
can
map,
I
can
also
ask
for
another
credential
to
be
part
of
it.
So,
for
example,
I
will
only
issue
your
student
card.
If
you
first
present
me
a
I
don't
know,
citizen
card
or
passport
or
driver's
license,
and
I
can
use
the
claims
from
that
credential
to
create
a
new
credential
based
on
that
vc
and
perhaps
an
id
token
as
well.
A
A
So
what
happens
in
this
case?
I
was
logging
into
the
website,
but
you
can
imagine
sending
an
email
to
a
student.
Here's
how
you
can
retrieve
your
digital
identity,
they
scan
with
their
wallet
and
what
we
do
show
the
card
they
have
to
sign
in.
This
is
the
request
we
actually
send
to
the
authenticator
app
and
we're
going
to
ask
you
to
well.
This
is
the
credential
type
we're
going
to
create?
That's
the
student
id
credential,
that's
just
a
string
and
the
contract
can
be
downloaded
here.
A
A
Of
course,
the
request
is
signed
by
the
issuer,
so
the
authenticator
can
actually
check
if
the
request
is
coming
from
the
right
from
the
right
party
and
it's
signed
correctly,
the
student
logs
in
signs
in
so
you
get
an
id
token
back.
It's
a
regular
oidc.
You
can
see
it
on
the
top,
nothing
fancy
there
there's
a
bailout,
you
get
back
and
that's
something
like
the
first
name
last
name
which
studentd
we
can
then
map
back
to
the
credential
and
they
can
accept
the
card.
A
A
And
then
we
issue
you
the
credential,
like
I
said
before
so
there's
the
issuer,
the
identity,
that's
the
subject
and
that's
the
signature
from
the
from
the
issuer.
Oh,
I
couldn't
have
clicked
sorry
about
that.
I
got
my
credentials.
I
got
my
claims
student
id,
etc.
We
also
have
a
link
where
somebody
can
check
if
the
status
of
the
credential
is
still
valid.
A
So
once
I
present
that
credential
there
needs
to
be
a
way
for
the
relying
party
or
the
website
to
validate
if
that
credential
is
actually
still
valid,
because
I
can
carry
it
along
on
my
phone,
but
maybe
somebody
revoked
it
because
of
reasons.
So
we
provide
a
way
to
contact
a
issuer
to
see
if
that
stage
is
still
still
valid.
This
also
brings
an
issue
to
life
as
well
wait
a
minute
how
about
privacy?
A
I
don't
want
to
know
that
bookstore
calling
my
issuing
website.
This
is
university,
so
they
know
I'm
trying
to
buy
a
book.
So
that's
actually
a
real
problem.
We
still
need
to
figure
out
how
to
solve,
for
example,
thinking
about,
but
it
has
to
be
in
standard
way.
So
everybody
working
in
this
area
can
do
it
the
same
way.
A
In
addition
with
the
database
on
on
the
bitcoin,
are
at
that
blockchain
ledger
as
well,
so
we
can
look
up
status
of
those
credentials
in
a
decentralized
way
instead
of
going
back
to
the
same
issue,
but
today's
status
is
that
we're
going
to
do
a
call
back
to
the
issuer
to
figure
out
if
that
credential
is
still
is
still
valid
and
obvious.
That's
the
signature
of
the
did
at
the
issuing
the
id,
so
we
can
validate
if
the
credential
is
correct
and
then
it's
stored
in
my
in
my
phone.
A
What
happens?
If
I
want
to
verify
my
credential,
the
bookstore
actually
sends
the
right
request.
So
authenticator
can
come
up
with
the
right
cards,
so
the
relying
party
or
the
website.
Well,
I
need
a
student
card
from
contoso.
I
need
a
driver's
license.
I
need
a
passport
or
maybe
I
need
three
of
those
before
I
can
actually
sign
you
in
that's
up
to
the
relying
party
and
an
authenticator
can
actually
figure
out
wait
a
minute.
I
got
these
cards
of
these
credentials
on
the
phone.
A
All
these
are
relevant
and
the
user
can
they
actually
pick
and
choose
if
that's
relevant,
which
one
they
want
to
use
to
prove
that
they
are
who
they
are.
They
say
they
are,
for
example,
a
relying
party
can
ask.
Well
I
want
you
to
prove
your
identity
with
either
your
driver's
license
or
your
passport
and
a
user
can
then
choose
which
one
they
want
to
use
if
they
have
both.
A
And
how
we
do
that
is
by
creating
those
attestations,
so
there's
the
one
here
in
the
middle
and
in
this
case
we
only
want
to
provide.
Oh,
I
want
the
credential
type
of
student
id
credential
from
contoso
university
and
that's
the
only
one.
I
trust
I
can
actually
add
well
and
only
from
this
issuer.
So,
for
example,
I
want
the
driver's
license
issued
by
the
dmv
and
a
passport
licensed
by
the.
I
don't
know
whatever
department
it
is
in
the
u.s.
I
don't
have
a
u.s
passport,
so
that's
the
combination.
A
A
A
A
I
don't
want
to
share
all
of
the
information
to
the
bookstore.
I
only
prove
that
I'm
a
student
or
maybe
I
only
want
to
which
degree
I
have
so.
What
we
need
is
a
system
where
we
can
selectively
disclose
information
for
my
credential,
but
as
you
remember,
that
credential
completely
was
signed
by
the
issuer.
So
if
I
start
taking
it
apart
and
just
provide
pieces
of
that
credential
to
the
bookstore,
the
signature
will
be
wrong.
A
I
have
really
no
clue
how
it
works
exactly,
but
there's
a
lot
of
crypto
surrounded
by
it,
and
I
know
that
our
team
is
working
with
microsoft,
visas
to
come
up
with
the
right
solution
in
a
standard
way
and
the
other
one
is
going
back
to
the
issuers
of
all.
I
need
this
credential,
but
with
only
this
information
and
pass
it
back,
for
example,
if
I
want
to
prove
I'm
20
years
older
well,
this
is
my
credential.
I
got
from
you
with
my
date
of
birth.
A
A
A
A
This
insurance
company
signing
with
my
id
the
idea
one
two
three
four
five:
I'm
not
aware
that
this
insurance
company
has
a
deal
with
facebook
that
they
can
share
personal
information
and
they
find
out
that
I
post
a
lot
of
pictures
of
me:
skydiving
going
mountain
biking
on
dangerous
roads
and
mountains
and-
and
they
said
well,
the
idea-
one,
two
three
four
five
you're
a
bit
too
high
of
a
risk
for
us,
so
we're
gonna
decline
your
insurance
policy.
A
So
I
still
want
to
use
a
single
identity,
but
I
want
to
be
able
to
use
that
same
identity
without
the
the
the
possibility
of
those
different
websites
correlate
information.
So
they're
coming
up
now
with
a
standard
way
of
doing
that
where
I
provide
my
identity,
but
it's
not
correlatable
with
somebody
else,
pairwise
something.
A
So
let
me
just
pause
and
answer
some
questions
here.
What's
the
biggest
advantage
of
different
centralized
from
business
perspective,
the
real
world
problem,
if
you
just
want
to
authenticate
people
think
about
if
you're
building
a
site
you
want
to
allow
anybody
from
outside
to
org
to
enter
as
well
so
think
about
b2b.
If
that's
familiar
to
you
without
setting
up
the
federation
or
inviting
them
as
a
guest
inside
of
your
tenant,
we
could
use
the
id
to
do
that
and
make
it
really
easy
people
bring
their
own
identity.
A
That's
something
you
trust
and
there
might
be
a
workflow
how
you're
gonna,
invite
people
and
trust
them,
but
that's
what
you
can
do
if
you
want
to
allow
any
student
and
you're
a
central
system,
are
you
gonna?
Have
all
those
students
create
an
account
in
your
system,
prove
that
they
are
students
before
they
can
sign
in
and
use
your
system?
A
If
you
are
building
that
system?
Okay,
you
got
the
expense
tool,
but
you
want
to
prove
people
have
the
right
certification
before
they
allowed
to
use
the
expense
tool.
Can
I
build
it
today
without
a
resupply
system
sure,
but
it's
going
to
be
hard,
especially
when
you
want
to
do
that
for
a
couple
of
systems
against
a
couple
of
training
systems,
for
example.
A
So
it
saves
you
from
implementing
all
those
api
calls
on
the
back
end,
for
example,
so
paul
asked
if
I
have
multiple
the
ids,
so
the
wallet
is
actually
has
to
be
smart
enough
to
understand.
Wait.
A
minute
is
asking
for
a
university
card
say,
for
example,
any
university,
and
you
happen
to
go
to
two
you
can
choose
which
card
you
want
to
use.
A
A
A
Vs
code
here
so
we
built
an
sdk,
it's
a
node
and
I
am
just
all
due
doing
a
lot
of
net
in
the
past.
So
node
is
getting
me
and
a
bit
of
head
stretch
once
in
a
while,
especially
when
I
suddenly
have
30
000
files
installed,
but
whatever
the
first
thing
we
do
is
ask
to
show
a
qr
code
and
what
we
do
is
we
have
a
requestor
builder.
A
A
A
So
this
is
the
real
request
built.
I
cache
it.
I
retrieve
it.
This
is
where
the
phone
knows.
What
to
do.
I
have
to
sign
in.
I
have
to
enter
some
information,
et
cetera,
et
cetera,
once
it's
done
doing,
that
the
response
is
sent
back
and
we
will
validate
the
response
and
make
sure
it's
all
trusted,
et
cetera,
et
cetera.
So
the
website
for
issuing
is
actually
very
simple.
Verifying
is
even
simpler,
and
I
know
this
is
too
much,
but
the
github
repo
is
linked
in
the
documentation
that
you
sent.
A
I
just
want
to
show
at
least
a
bit
a
little
bit
of
code
and
and
and
maybe
seem
kind
of
smart
here
I
have
the
configuration
done.
This
is
the
verifying
website.
So
I
want
to
check.
I
can
give
me
this
qr
code
and
once
it
checks
out
I'm
going
to
get
to
access
or
your
discount.
What
not
so
I
configure
in
this
case
a
credential
type.
A
I
want
people
to
sign
to
show
me
a
credential
which
is
from
the
schema
educational
credential
awarded
and
by
the
way
I
like
them
from
this
issuer
id,
and
we
use
that
information
in
the
presentation
request.
So
we're
going
to
build
the
presentation
request,
credential
type.
This
is
the
one
I'm
requiring
I'm,
not
even
using
the
the
issue
here
and
later,
when
I'm
validating.
Let
me
see
that's
here,
I'm
going
to
create
a
validator,
I'm
going
to
check
if
that
credential
is
actually
coming
from
that
issuer.
That's
what
I
do
here.
A
So
the
sdk
makes
all
this
work.
Quite
quite
simple,
so
there's
not
a
lot
of
there's
another
level
of
lines
of
code.
I
don't
know
if
it
makes
sense
or
not,
but
I
I
I
specify
the
request.
I
need
I'm
just
going
too
fast.
I
apologize
oh
here
it
is,
I
created
the
request.
I
specified
a
credential
type
and
required.
This
is
a
really
simple
scenario.
It
could
be
multiple
ones
right.
I
want
this
one,
this
one
and
this
one
and
then
it's
going
to
ask
me
for
multiple
ones.
A
Here
it
is,
this
is
just
a
demo
thing
we
have
so
I
want.
I
require
a
business
card
and
I
require
a
food
roof
cart
and
I
require
what
do
because
the
other
one
oh
yeah,
the
contoso
card,
create
a
qr
code.
If
I
know
scan
this,
hopefully,
unless
I
just
do
this
on
the
fly,
look,
it
asks
three
of
these
cards
and
I
can
now
decide
if
I
want
to
provide
this.
So
what
this
request
actually
did
was
simply
adding
different
schemas
required,
and
I
click
accept.
A
It
was
approved,
I
can
see
the
check
response,
this
stopped
the
video
automatically.
So
when
I
go
now
back
to
my
card,
I
can
actually
see
it
was
verified
by
the
digitalized
identity
team.
That's
the
site,
which
is
this
is
the
site.
I
just
I
just
used
same
with
the
verified
employee
card.
I
can
see
the
recent
activity
as
well,
so
I
can
actually
create
requests
which
requires
multiple
cards
to
represent
and
again
that
that's
the
the
thing
we
are
trying
to
build
now
is
to
implement
a
much
richer,
richer
presentation,
language.
A
Where
I
can
say
I
just
want
this
claim
from
this
schema.
I
need
this
claim
from
that
schema.
Please
provide
me
a
combination
and
then
I'll,
let
you
in
will
she
did
offerings
become
available
to
microsoft's
live
id
yeah.
That's
a
good
question.
So,
what's
going
to
happen?
So
my
guess
is
this
technology,
since
it's
so
new,
it
will
be
running
side
by
side
and
maybe
in
certain
scenarios
it
has
to
be
the
only
technology.
A
A
So
what
are
we
building
we're
building
an
issuing
service
so
how
we
get
those
public
keys
on
the
blockchain?
That's
actually
really
complex
with
all
the
mining
and
the
digital
system,
people
proving
it
and
the
majority
has
to
accept
blah
blah
and
it's
also
slow.
A
So
we
are
working
with
the
dif
iron
project
and
iron
is
actually
a
implementation
of
a
side
treat
protocol
on
top
of
bitcoin,
where
we
can
like
collect
like
10
000
transactions
and
put
them
on
that
disability,
ledger
and
think
about
bitcoin
or
any
blockchain
as
a
right
of
event.
Only
log
file,
which
is
like
cryptographically
sound,
can
be
tampered
with,
etc,
etc.
So
that's
the
digital
network,
we're
gonna,
store
and
there's
a
lot
of
fancy
things
going
on.
A
I
don't
even
understand
how
it
works,
but
I
got
an
api
issue
me,
a
credential
from
this
type
and
let
the
user
go
to
the
hoopla
and
issue
that
credential.
That's
what
we're
building
we're.
Building
a
digital
wallet.
That's
the
authenticator
app
and
we
are
building
a
bunch
of
sdks
the
ir
network,
which
is
on
top
of
the
the
the
ledger.
That's
something
we
are
contributing
code
to
to
the
daf
iron
project,
so
this
is
not
that
that
distributed
network.
That's
not
microsoft.
A
Technology,
that's
dif
technology
and
we
just
happen
to
contribute
code
to
their
project.
To
make
you
understand,
this
is
not
a
microsoft
solution,
we're
building
and
verify
sdk,
that's
the
few
lines
of
code.
I
just
quickly
briefly
showed
you
where
we
can
verify
the
credentials
and
create
those
requests.
We
can
use
this
to
create
an
issue
and
request
as
well.
There's
a
crypto
sdk
on
it,
the
android
sdk.
We
have
that's
the
wallet
piece
of
authenticator,
so
authenticator
itself
is
not
open
source,
but
the
wallet
piece
we
are
building
that
sdk
is
open
source.
A
So
you
could
pick
it
up
and
build
your
own
wallet
if
you
want
to
so
why
are
we
using
bitcoin
and
interior?
Actually,
there
is
an
implementation
of
this
on
ethereum,
so
the
site
3
protocol
is
ledger.
Independent
iron
is
the
bitcoin
implementation.
There
is
one
for
ethereum
as
well.
Bitcoin
is
bigger.
A
It's
been
a
long,
it's
been
around
for
for
a
long
time
with
a
net
time
of
I
think
five
ninths.
For
so
far,
so
it's
very
secure
and
robust
that's
one
of
the
main
reasons,
but
in
theory
we
could
switch.
I
just
we
just
happen
to
have
now
chosen
bitcoin,
but
they
should
be
interoperable.
So
if
somebody
runs
on
ethereum,
since
we
have
a
universal
resolver
where
they
can
figure
out
where's,
my
did
one
two.
Two
five
they're
gonna
go
to
the
right
network.
Yes,
there
will
be
an
ios
version.
A
A
A
It's
easy
to
get
started
it's
hard
to
get
right,
it's
easy
to
do
it
wrong
and
not
insecure,
even
validating
a
simple
jot
is
hard.
I
had
no
clue
how
complex
it
could
be
with
all
the
the
different
rules
and
exceptions.
You
can
have,
and
it's
actually
an
an
angle
of
attack,
so
please
use
a
library
to
to
verify
credentials.
You
don't
have
to
use
hours
if
you
don't
want
to,
but
the
the
the
the
sdk
helps
you
validate.
Those
tokens
create
those
shield
requests
and
self-issued
open
id
connect
protocol
requests.
A
So
it's
like
oidc
but
self-issued
topics.
That's
the
that's
the
important
piece
of
the
protocol
where
we
are
using
customers.
If
you
want
to
use
another
stack.
So
at
this
moment
it's
note,
the
blockchain
community,
the
iron
community
and
all
that
stuff
is
heavily
node
based,
so
it's
actually
built
in
typescript.
To
be
honest,
so
the
the
links
to
the
sdks
are
in
the
end
slide.
A
This
is
the
concept
it
used.
It's
the
build
a
pattern.
If
you're
familiar
with
it,
I
kind
of
like
the
the
sdk
how
to
use
this
easy.
I
can
just
do
a
dot,
some
something
and
edit,
for
example.
I
didn't
really
show
the
the
crypto
piece
I
can
use
a
private
key
from
disk,
but
it's
very
easy
to
add
a
key
vault
and
the
private
key
as
well.
A
So
it's
very
easy
to
to
extend,
and
here
when
you
build
the
validator,
I
only
want
to
trust
tokens
from
this
issuer
for
this
audience
etc,
and
you
can
just
add
a
bunch
of
them
here.
So
it's
in
a
very
straightforward
pattern.
A
A
If
that's
done
properly,
it's
even
possible
to
move
from
one
wallet
to
another
wallet
and
again
everything
we
do
is
done
to
the
community
and
the
standards
community.
So
we
don't
try
to
invent
ourselves
and
if
we
invent
something
it's
always
being
validated
with
with
the
community
and
make
sure
it's
going
to
be
in
a
standard.
A
There's
some
white
paper
there's
some
other
information
on
open
the
id,
but
the
project
I
just
linked
in
the
im
window.
That's
the
that's
the
the
one
I
would
get
started,
there's
where
we
have
the
samples,
the
explanations
how
it
works.
The
one
thing
you
cannot
do
today
is
issue
credentials
yourself
to
our
system.
We
still
in
private
preview.
A
We
probably
what
I'm
trying
to
do
myself
is
create
a
playground
which
we're
going
to
host,
so
customers
can
actually
start
using
the
playground
to
get
credentials
and
anybody
can
build
a
fair
firing
website
and
ask
for
a
certain
amount
of
credentials.
So
I'm
gonna
make
sure
that's
gonna
be
a
playground
where
you
can
get
several
different
credentials
and
start
experimenting
a
little
bit
with
the
with
the
technology.
A
There's
a
bunch
of
other
developer
community
calls
this
from
slice
from
steven.
So
make
sure
you
if
this
other
topic,
you're
interested
in
to
join
those-
and
I
guess
this
is
the
last
slide
for
today.
So
again,
I
quickly
walk
you
through
why
we
think
deity
is
important.
I
see
personally
believe
that
this
is
gonna,
be
the
next
big
thing.
There's
so
much
stuff,
we
can
do
with
a
decentralized
identity.
Think
about
devices
talking
to
other
devices,
there's
actually
a
standard
way
to
to
do
that
with
these
identities
as
well.
A
So
you
don't
need
a
central
system
where
everything
is
registered
for
everybody.
You
can
actually
start
defenderizing
those
those
systems
and
trusting
those.
So
at
the
moment,
there's
no
plan
for
net.
Yet
so
at
the
moment,
it's
all
node,
nothing
prevents
you
from
creating
a
little
node
server,
so
you
can
call
from
your.net
packages
and
that's
the
approach
I
would
recommend
today
makes
it
really
easy.
A
So
you
host
the
the
node
stuff
somewhere
else,
and
you
just
call
here
the
api's,
you
you
provide
yourself
and
why
is
the
demo
not
done
in
typescript?
I'm
not
sure
why
I
know
danny
built
it.
I
guess
he
liked
javascript
better.
A
I
don't
really
mind
it's
all.
It's
a
bit!
It's
it's
more!
The
same.
Let's
be
honest,
the
sample
is
really
really
simple.
So
it's
very
easy.
If
you
want
to
use
typescript,
it's
very
easy
to
to
pick
it
up
right.
A
When
is
this
ready
for
public
preview?
I
think
what
we
announced
at
build
was
somewhere
in
the
end
of
this
calendar
year.
I
think
that
was
today
and
if
I'm
lying
now
then
okay-
I
guess
I
I
said
something
I
shouldn't
have
said,
but
I
think
that's
what
we
said
publicly,
what
I
like
about
this
project
that
is
actually
done
in
the
open
every
code,
all
the
code
we
are
building,
except
for
the
back-end
issuing
servers,
but
all
the
sdks
and
all
that
stuff
it's
on
github.
A
So
on
the
did
project
you
find
the
link
to
the
github
repo
as
well.
That
seems
to
be
all
the
questions
so
far.
Anything
else
did
it
make
any
sense
or
like
yeah,
but
I
actually
don't
make
sense
at
all.
A
You
have
to
start
over
again
so
today,
as
a
developer,
it's
probably
oh
thanks
channel,
I'm
not
sure
they
fixed
the
link,
there's
a
short
term,
there's
nothing
to
do
for
you
as
developer
right.
The
technology
is
not
available.
Although
there
are
some
competitors
who
build
similar
technology,
they
might
have
their
own
implementation,
not
standard
based
or
not.
A
But
that's
that's
other
place
the
market,
but
I
think
as
a
developer
or
an
architect,
it's
smart
to
start
thinking
about
what
these
kind
of
what
this
kind
of
technology
can
do
and
how
you
would
solve
your
problems
in
the
future,
so
maybe
not
in
a
bigger
ecosystem
play
yet,
but
for
your
solution,
I
think
it
makes
sense.
We
see
the
customers
we're
working
now
like
actually
have
really
good
use
cases,
whereas
technology
actually
solves
a
lot
of
problems.
A
We
see
a
lot
of
interest
in
the
market
for
people
where
they,
like
the
initial
scenarios
are
sketched.
I
didn't
I
didn't
make
them
up.
That's
actually
real
questions
we
have
for
customers
other
would
solve
that
technology.
So
this
is
not
something
we
just
dreamed
up
and
hopefully
it
will
land
somewhere.
This
is
actually
coming
from
real
customer
demand.
It's
just
a
really
different
way
of
approaching
the
problems
and
that's
to
be
honest,
my
my
mental
mall
is
still
changing
right.
A
For
example,
you
have
an
account
which
is
valid
or
you
don't,
but
a
driver's
license
can
be
invalid.
They
can
still
prove
them.
20
years
old,
at
least
20
years
old,
so
there's
this
there's
going
to
be
different
concepts.
You
can
use
and
different
problems
you
can
solve
with
this
technology.
That's
what
I
like
about
it!
So
all
right!
It's
a
minute
for
the
hour!
Thank
you
for
joining
today
feel
free
to
reach
out.