Verifiable Credentials go mainstream at Identiverse 2022
The digital identity community came together last week at arguably the first major and fully in-person conference since 2019 – Identiverse 2022. After a two year hybrid model due to the pandemic, Identiverse was back in session with four days of sessions and over 175 individual presenters. Attendance matched the 2019 event in Washington, D.C. The general feeling among attendees was that it’s good to be back.
CyberRisk Alliance acquired Identiverse from Ping Identity in December 2021. Digital identity is increasingly becoming a critical area of expertise for good security practices, so it makes sense for Identiverse to find a home in the security space.
“The digital identity industry, and the standards, technologies, products and solutions that we build, are on the cusp of enabling a fundamental change in the way that we get ‘life’ done in the digital world,” says Andrew Hindle, content chair for Identiverse.
Verifiable Credentials breakthrough
Verifiable Credentials was a breakthrough topic and it’s clearly on the path to mainstream adoption. Main sessions by Microsoft and Avast showcased their application of VCs in the IAM landscape, showing VCs aren’t the future anymore–they are the present.
Microsoft’s Kristina Yasuda kicked off a general introduction, ‘What is a Verifiable Credential, and Why Does it Matter?’ Microsoft has been a long-time supporter of Verified Credentials, and Kristina Yasuda is the co-chair of the recently re-chartered Verifiable Credentials Working Group. Yasuda and Microsoft also demonstrated what SC Media describes as an “open, standards-based self sovereign identity package” at the event.
Drummond Reed and Brent Zundel, both at Avast, presented ways in which VCs can be used with existing IAM systems in their ‘How Verifiable Credentials Can Enhance and Extend Existing IAM Systems.’
Kaliya Young presented a historical context in her session, ‘Seeing Self-Sovereign Identity in Historical Context.’ And the panel ‘Establishing Trust with Decentralized Identity Networks, Verifiable Credentials, and Zero Trust’ discussed how you can improve security using verifiable credentials and decentralized networks.
Last but not least, Steve Pannifer, managing director of Consult Hyperion, gave a fascinating presentation comparing decentralized identity components to central banking components in his ‘Decentralized Identity – The Key to Central Bank Digital Currency.’ Is the dream of a digital currency using existing decentralized identity technology really viable to central bankers? It’s a long shot, but Pannifer gave me hope!
Keynotes of note
Ian Glazer, the SVP of Identity Product Management at Salesforce shared his ‘Lessons on the Road to Complete Customer MFA Adoption,’ a heartfelt keynote that shared the journey of building and releasing MFA to 100 percent of customers in 1 year (or at least the attempt to do so). I was especially touched with Glazer’s suggestion to hire a writer at the beginning of the project — because it forced the technical team to explain what they were building to a non-technical person, who in turn used their learning process to explain what was being built to customers. It’s an important insight that I, unfortunately, don’t see many companies or new technologies utilizing.
Steve Lockstep was as provocative as ever in his two sessions, challenging the digital identity industry to stop using the term identity. I love Lockstep’s provocation, but I didn’t quite agree we should drop the term identity. And I love the identity profession’s navel gazing – philosophizing about the nature of identity is one of the things we love!
Social engineer Rachel Tobac scared the audience with her ‘Hacking Trust’ keynote showing the ways even the best IAM and MFA security can be sneaked through incorrect answers, “innocent” questions, realistic scenarios and Amygdala hijacking – which is when a hacker evokes your emotion to shut down your rationality.
Nishant Kaushik, CTO at Uniken gave us hope after Tobac’s session describing how we can use digital identity to build trust into our products and systems in his ‘The Design of Trustworthy Things.’
“There has been tremendous progress over the past 24 months across the board, including passwordless solutions, powerful token experiences with passkeys, prototypes of verifiable credentials, and more effective fraud detection using shared signals. This work is the key enabler for better customer and citizen experiences,” says Identiverse’s Hindle.
The place for identity
Identiverse is also the place to learn about the organizations that support the digital identity community via specific standards and community focus, like the OpenID Foundation, Open Identity Exchange, Kantara, Women in Identity and IDPro (disclaimer, I am also the president and executive director).
There were also many sessions on FIDO’s new passwordless solution and improving the password paradigm. But I’ll save those details for my next piece.
If you missed Identiverse 2022, don’t fret. Sessions are recorded and will be available in a couple weeks. If you don’t want to wait, there are plenty of sessions from the archives.
Planning for Identiverse 2023 has already begun – it will be held at the Aria Resort & Casino in Las Vegas, May 30 to June 2. See you there!
About the author
Heather Vescent is a digital identity industry thought leader and futurist with more than a decade of experience delivering strategic intelligence consulting to governments, corporations and entrepreneurs. Vescent’s research has been covered in the New York Times, CNN, American Banker, CNBC, Fox and the Atlantic. She is co-author of the The Secrets of Spies, The Cyber Attack Survival Manual and The Comprehensive Guide to Self Sovereign Identity.