hello hello everyone very interesting
discussion we'll have today surrounding decentralized identity but as always before
we get started and our guests join uh make yourselves comfortable because i'm here to
give you some updates and i'm gonna start off with some community updates um our first campaign
on galaxy in guild has ended and we have announced the winners on our discord server so yeah if you
haven't joined our discord please do and check out the community announcements channel there you'll
see the entire list of winners if you're on that list um contact daniel one of our community
moderators and she'll be able to help you out so you can claim your prizes um next up uh exciting
news for ai uh because trend mechanic he founder of ocean protocol uh is joining us as strategic
advisor and this is a tremendous news because um trent has an immense background in in ai and
machine learning um he has been working in the in the field since the early 90s excuse me um
so yeah i would uh on behalf of our entire team i would like to welcome trend um and uh i know we
we are during an event now but uh i just wanna make sure that everyone is aware that on tuesday
for pmcet we have another twitter spaces with the osis uh which is the first launch pad on safar so
yeah uh exciting news make sure you join uh but yeah i see people have started joining so i'll pass the
mic to on my day hey everyone thanks for making the intro uh and yeah thank you everyone for being
here today we have an exciting space with louis i think that's french right louis bardet uh
uh from fractal id almost uh sorry it's spanish or catalan actually to be specific but yeah very happy
to be here okay yeah great to have you great to have you uh we're gonna go a little bit today over you
know um fractal id and idos and uh talk about the centralized identity and uh why why it's needed in
space uh what are the latest developments uh so maybe first a quick round of intros uh from me and louis
so i'm the being manager at oasis uh been with the table for quite a bit uh you've seen me on a
couple of spaces already now uh and so i'll pass the mic to louis to introduce himself
hi thank you very much for having me here today my name is louis i'm the chief growth officer at
fractal id and also the co-founder at idos uh we will have more to more time to talk about all
this but basically fractal id is one of the largest and oldest identity verification providers
focused exclusively on web3 and idos is a network for digital identifiers to be stored and shared
as well across the internet in a privacy preserving way and yeah back to you yeah thank you for the
quick intro uh i have to say uh we just recently you know onboarded with fractal id for our kyc and
kyb needs uh as there are some things that need to be done that way uh to be compliant and have to say
the experience was very good uh compared to some of the uh services we used in the past so yeah uh
and create services running there uh louis uh with fractal id it's very smooth and we can see that
with the focus on only web3 uh you can have a very good experience for the users so congrats on that
and yeah uh you already started uh speaking a little bit more about fractal id and idos uh and what's
the difference so maybe can you elaborate a little bit more you know in terms of um how you started
with fractal id what was the need and then uh why did you transition then towards idos uh as the next
step i guess in that uh id id space yeah yeah of course so um i think that you when you said that
uh you were talking about uh that you had to use fractal id to also perform some kyc you said because
there are some things that need to be done that way um and that's the reality and i think that's
the stance that many people uh have in web3 and on the internet and it's a normal stance to have
um because nobody likes to identify themselves i don't like to identify myself either but for
accessing some things you need to do it and that could be for compliance could be for accountability
it could be just to prove that you're a unique human i can go a little bit more on this in a bit
but in general it's something that in web3 especially has been needed for investment so far
and that's how we started so we actually started in 2017 you probably know about ocean protocol but
we supported them with their ico back then and then we saw that there was a need actually for many
other companies that wanted to raise funds to also uh do it in a proper way in a compliant way and
that's what we started doing um we then evolved into not only providing identity communication
services but to developing the centralized infrastructure for uh also digital identity
and that's what we have uh after many years put together in idos um idos is not a effort that we're
doing on our own fractal it is one of the of the building partners but for instance uh i can see here
as well uh luis from from quill as well that they are supporting us and we have been also building
this together with many ecosystems some of them we have already announced like near and gnosis but
soon there will be more news about it um and that's i think the evolution that we're going to take
we're going to be focusing more as well not only on the identification itself but on the infrastructure
and then opening it up for anyone to issue identifiers but people to own their own data
yeah exactly as you said right uh cryptos primarily wants to be left private uh and people don't like
to dock themselves but for certain things uh we just need to have this so we operate in that compliant
manner and we can move forward in this space and i guess yeah uh that's one of the stepping stones
going there uh were there any challenges that you face you know starting out with factory ib uh back
into 17 uh in terms of i don't know compliance or just uh acceptance in the space was there like a
a big rush uh towards your services you know there was a big need in the market or uh at the beginning
it was more uh you know they were looking at you more as uh is this really needed or not uh you know
why would we do kyc what was kind of the challenges at the beginning so compliance is its own beast it's
not easy to create a system that is fairly decentralized that is fairly automatized and
deals with the regulations of 180 different countries with literally hundreds of thousands
different documents that you need to support so that definitely is not easy that's what we have been
building now for many years and what we already have but i would say that acceptance is also a
challenge like especially in web3 uh people don't like to identify themselves um and as i said before
i also don't like to do that myself it's just that sometimes you need to do it to access something
and uh a thing that i would like to to bring up since the beginning because i think it's a great
point for discussion is the difference between anonymous and private uh these are words that we
use in a interchangeable way but it's not exactly the same and i can use an example for for explaining
it so for instance when you are in the in in the i'm gonna call it the real world as in web3 is not
the real world but when you are in the physical world um and you go to to a shop and you want to
purchase uh something that is expensive or you want to purchase any goods like i don't know like
for instance uh alcohol or anything they might ask you for your id so the shopkeeper will tell you
i need to see your id otherwise i cannot sell this to you and usually people don't have a problem with
that and the reason is because they just show an identity card then they look at it and say okay it's
all good and that's it the person even forgets your name forgets everything the problem in the
digital world is that whenever you share your id it might be visible for everyone it might also be
indexable and it could be aggregated to other things and that's the real challenge in the in
the digital world um you are not anonymous when you are walking on the street like if someone comes to
you and ask for your name you're gonna give your name if you go to a specific shop and they want to
know anything about you you would like to share it the thing is that it's not public and something that
everyone can see so this difference between being anonymous and being private it's especially relevant
when it comes to the internet and i think that some services and some interactions can be anonymous
but if we want web3 and if we want the digital world to be as efficient and reaching to everyone
and having these great technologies that we have going to everyone we will also need to open up a little
bit and break from the anonymous to the privacy preserving um and i think that that's something
that that's very important here and that we should move as well otherwise we're just going to create
an echo box and we're always going to be the same people in web3 doing the same things that we do
rather than really finding good use cases for in the real world yeah i mean that that's a good example
with uh with the shop you know uh how you just basically flash your id to confirm something and
and uh it's not stored permanently there but that's confirmed that you're eligible to purchase that
uh and i have to i have to uh yeah echo what you said here uh about privacy anonymity because us being
you know the privacy oriented blockchain uh we have a similar problem you know when people uh at first you
know connect us to uh the coins uh like monero or zcash right uh but you know our chain is a lot more than
that uh you you you are you potentially can have privacy records around coins right but um it's more about
you know being able to have private smart contracts you know to execute certain things without you know
being completely anonymous and that way you can kind of stay compliant as well uh while transacting in private
right so that this distinction is very important i do agree with you that uh this needs to uh kind
of be brought be brought here in web3 in crypto as well so we can kind of mimic the processes that were
good in the in the more yeah traditional space already um and maybe this is a great yeah a great
uh topic to then move on to idos more uh and how you see this flashing of the id card uh being done
through let's say idos and and how are you thinking about the mechanics uh there um you can elaborate a
bit more yeah i think so the first thing maybe that we need to explain is that um when you say kyc or
when you say identity verification it's not just like one level like it always includes i don't know
your id a picture of you a proof of address of where you are a source of wealth it depends so there's
many different levels of verification and those change by the use case as well um i usually split
things in three use cases you might need to identify yourself for compliance and then you will have to
prove that you're a specific human with some specific attributes and characteristics like where you
live what's your age the second thing is that you might have to identify yourself for accountability
in this case you just need to show that you are a specific human so that you are who you say you are
for instance micro strategy announced today a protocol for email verification so you get like a red
check uh orange check uh like you would get a blue check in twitter for instance um and that shows
that the person that is sending the email is really the person that says who they are and this is also
something very relevant for the social applications uh etc etc the third level is personhood which is
where you simply need to prove that you are a human being and that you are unique that you are not an ai
but it doesn't matter which one you are so depending on what needs to be verified we need to make sure
that we onboard the right data first and second that we share selectively only the data that is needed to
be consumed by who needs to consume it when it comes to onboarding the data what i believe is that
you will always need humans to verify certain things because if you say that you are vegetarian
and you want to join vegetarian dow they will accept you nobody's going to check that you're actually
vegetarian but if you want to participate in a token sale and you say that you are not from the us
you need someone to be able to verify that so i always think that there will need to be a trusted
party involved in there and at some point maybe we can progressively allow ai to do this and to
decentralize it as much as possible what we need to do is to have as many providers as possible so that
we create that liquidity of different people issuing information about a specific human that is verified
but that's how how i see it at different levels as well not only ideas but also additional attributes
about the specific human being
yeah that's a curious interesting topic uh about the ai being the one that confirms no basically no
human interaction uh and that maybe is the future where you're you're going to be uh trying to not
trying to but proving your um your personhood your your personal data to an ai and keep it you know
potentially now and then a smart contract that's private similar to how how we do it uh on sapphire so
maybe there's something that we can discuss later on here as well uh but um can you walk us through some
of the use cases for these uh digital identifiers you mentioned already a few where it's uh either
either person could but maybe more specific in terms of where you see it uh being used in in crypto
web 3. yes so i think that there's two two more specific use cases here are two two sides um
everything that focus on taking uh the defy layer and making it go to the real world and this is what i
call or what we call no file non-custodial finance if you want that is self-custodial bank accounts
self-custodial debit cards fiat crypto payment rails etc etc that's something that's very exciting
because we can be much much more efficient if we leverage defy uh both from a operational cost point
of view because you don't have intermediaries but also from a capital expenditure point of view
because it is composable so we can take the composability of defy and create banks that are
just self-custodial and that's something that's super exciting it's something that we need identity
for uh mainly for compliance because we're touching the real world but that i think it's coming soon
other use cases is anything that needs to do with civil resistance so for instance it would be an
example would be for voting so now you can vote with a one person one vote type of mechanism for
instance you would also be able to use this for airdrops so people could basically have to prove
that they are a single human being and they are not just farming an airdrop big topic these last days
and in general you could even use it for other elements like for instance password recoverability
um you could have a place and that's by the way what you can do with ados where you verify yourself
then you connect your different wallets across web3 you connect your mobile number you connect your
email you connect everything and then you have a place where all that is connected but you are the
only one that has the the keys to unlock that but now from one you can prove the other so basically
you can prove that you uh have a specific wallet from an sms that you sent and this sort of stuff
is also very exciting i think that we should also look at the ability to identify ourselves digitally
as an abstraction layer that can improve so much uh ux for web3
definitely definitely um i'm curious to to maybe um understand better how is this when you say you know
users uh keep the data in their control like uh how how are these um let's say how is this person
information stored um is there like a network of validators or uh how do you keep it private and
ensure that all uh that even those validators don't have access to the data they they shouldn't have
what kind of the mechanic behind that if you can if you can share a bit more yes that that's a great
question so um there's a maximum in identity which is that you will not put people's private
identifying data in a public blockchain and the reason you don't do that is because even though some
well first of all you don't want to make it traceable the amount of money that someone has to
their name and where they live that's quite straightforward but even if you could encrypt some
parts of that we don't know uh what's going to happen in the future with with that encryption
with development for instance in quantum computing etc etc um what we have uh with ados is that we
work with with a system system that is creating uh created by quill which is a network of nodes so we
have several nodes this is a private network to become another operator uh at the beginning uh they
are selected and then there will be a dow that selects who can be another operator etc etc don't need
to go into details but the data is hosted in these nodes the data is also encrypted with the user
keys so what happens if you when you're working with the idos and you are an issuer in the idos
is that you would go to a user a user would come to you for instance for a kyc onboarding process
they will fulfill everything and at the end of that process um they will be prompted to add the result
of that verification into their ids profile so the user is the one that uh basically approves that
action it's something that they do with a wallet signature you can use any wallet that is active in
today almost all of them that can sign messages and from there the user then will have this data in their
profile to access that data you need a password or a passkey and only the user can do that and also only
the user can decrypt the contents of that unless they share that data so basically you have like a
private profile inside the idos uh where you can access uh your data you can share your data you can
see who has access to that data et cetera et cetera nobody else can so the the private nectar a private
network um of algorithms don't have uh access by default uh you need to the user needs to grant it uh
and the other sub question from my side would be um is fractal the uh as a kyc provider is also storing
that data when they're doing the kyc the initial kyc or is that just being passed on to do into idos and
they don't store it on their side this is the very reason why we created the idos because you can
decentralize everything but because especially for compliance purposes again for a proof of personhood
you wouldn't have to store anything but uh if it is for uh full kyc you need to store the data now
you need to store the data because if the regulator comes that data needs to be provided with the idos we
don't need to do that anymore because the data can be stored in the idos the access can be granted
and when it's granted it can also be time logged to the third party so then in that moment when it
is is well accepted the validator or sorry the the issuer doesn't need to store the data anymore
today yes we store the data it's in a very secure server but we are storing that data with everything
that needs to work with gdpr with a high level of security but it's not great because that is still
uh a data honeypot basically and this is how it works for absolutely any kyc or identity verification
provider that's what we want to change with the idos okay yeah i just wasn't sure there uh if uh the
data on the the initial kyc provider still stays uh but uh yeah this makes sense if uh you're then moving
the the whole operation to idos then you're just uh the entity that verifies the initial data that's
submitted and then i guess it's only stored there um and how is it with um then um let's say ongoing
verification right uh i guess there's a certain time limit on on the data that's being stored um is
there uh is there uh is there yeah any let's say expiration date on that and also if a user wants
to delete that data uh uh how is that performed um the user has the data in their profile in the form of
what is called a verifiable credential what we use is a standard that is well extended uh it's a w3c
standard in which basically you have uh what is called a schema which is a a list of attributes and
then each one of those attributes has um a layer so for instance attribute one would be wallet attribute
two would be email attribute three would be name attribute four would be uh a picture of the passport
etc etc and this is the data that it's only visible for the user managed by the user and when it
the access is shared then it's also seen by by other parties one of those fields as well and again
this is how we do that fractality but other issuers might choose to do it differently would be as well
the expiration date of that credential um you might say that you want to issue credentials that after two
years um they become uh non valid anymore then you can add that as one of the fields and then after
two years everyone that tries to consume that credential will basically see that it's expired
um for revocations it's similar so if you go to your ideas profile and you can check this today
you will see what credentials you have you can see the content of them you can see who they are shared
with as well so you can manage your access grant from there you can revoke access grants um from from
your profile as well and basically you can make sure that only the people that you want have access to the data
okay so it's on the issuer side to to determine how uh long the data is going to be uh kind of valid
uh and be consumed uh within idos uh and it's it's up to the user the thing is that the issuer can add
a field that says that after x time that credential is no valid and then the consumer of that data which
could be uh adapt um can decide to only trust uh data that is not expired or that inside the
credential the field is not expired which is usually how it would work in the case of kyc it has an
expiration date because your id expires or because your proof of address expires at some point and we
add those fields but at the end of the day it's the consumer of the data that needs to say i want
credentials that are not expired okay okay and um one more question maybe a bit uh spicy one but um
how to ensure so here everything's tied to uh to a wallet right uh what happens if you know somebody
sells that wallet uh uh to one another user um since the initial check was done then if there's no
expiration date you can basically uh use that wallet that was authenticated for for your own means uh
is that any way to mitigate that or is that a big problem within the kyc space this is a this is a very
good question uh this is not only a problem for uh for web3 or for kyc uh it's it's in general a problem
for the digital world you can also open a bank account digitally like with revolute or anything and then give
the uh the email and the password to someone else or simply give the email to someone else and allow
them to reset the password so it's actually very easy to do that unless you do recovering verification
and this is a feature that is possible as well so the moment that the data gets consumed um most of
the consumers will want to do some checks so they might not need to send someone through a full kyc
because they already can see that information and see that it's not expired but probably they want
to check again that this person all of a sudden didn't become a terrorist um what you can check
as well is through a proof of personhood is that that person is still the same one so you can use
different ways of verifying it some people use the face some people use the palm some people use the
eyeball there's different ways to to do that but that's something that can be added on top when data
gets consumed again and it's a good measure for protection
this is something that you cannot do in web 2. so it's actually a feature that improves the security
of those profiles yeah that's good to hear that we're uh improving on the uh traditional space and
in keeping uh you know data more private but at the same time uh a higher uh validity or
uh verifiability of it um and maybe um you can also speak a little bit you know uh about uh what's
the what's the future for idos you know where you're looking to expand i if i understand correctly
you're completely chain agnostic so uh how exactly does that work um uh is that is there like um
intermediate layer that serves this to all blockchains or how does this how does this basically uh yeah happen
happen yes so without getting too technical it's basically three components we have the node
network this is the that i mentioned the private network then you also have a public network and
then you have what we call the access management protocol which is smart contracts that we can
deploy across any blockchain um what uh basically the way it works is that you would have in each
one of the blockchain where the smart contract is deployed that acts as an access management protocol
so that determines and shows which data has been shared with whom so this wallet has shared some
data with this other wallet it doesn't say what data um the network the public network is basically
an l2 that network what it has is a global registry of all the access grants that are in the different
smart contracts across all the different protocols as well it has some features that can allow for
people to build dabs on top like let's say that you want to build that up that does analytics on top
of data so you could ask users to share access to their data to you then you would aggregate that and
only share some parts of it uh it's something that could also be be done and then you have the the
network of nodes which is the one that encrypts the uh the the store sorry the encrypted data um so
those are the components the way that we are going about it is we want to be everywhere which means we're
working now with many layer ones and layer tools to be deployed on those ecosystems and to have them
also support the development of the idos we don't see the idos as a competing solution with most of
the other decentralized identity solution because we are focusing on a layer that is a little bit lower
so it's like a layer zero if you want to call it this way we can still have any issuer of identities
issuing those credentials with idos we can also have anyone that focuses for instance on sharing
as credentials in a privacy preserving way building tools on top of the idos
so that's a little bit the approach that we're taking is being everywhere and become the default
solution for restoring and defining the access to digital credentials and then have other people in
web3 composably building applications on top and more applications to integrate the solution
yeah that that's the beauty of krypton web3 uh the composability that comes with it right
you don't have to do anything and you can just build on the legos
um one more thing uh i wanted to ask you so uh when you know touching on the future and um and
what the ways is you know and weird ways is where we were thinking about you know decentralized identity
and how it could be implemented with the help of sapphire you know and private smart contract storage
private compute uh capabilities that sapphire has uh so i'm curious to to know um do you maybe see
here an opportunity where you could further decentralize uh the protocol you know and make it a little bit
more permissionless you know by maybe implementing um uh certain parts of the solution or um you know
adding sapphire to to certain as a component that can help bring that permission system in in a more
permissionless space so just to be clear it's it's not a it's not a permission system it's a it's a
permissionless system uh it's open source everyone can build on top the only thing that is uh private is the
network of nodes that cause the data that's also something that will progressively fully
decentralize but we need to make sure that the people that have access to the data are not
bad actors or if that there are bad actors there's a way to um to stop that but it's something that is
managed by the doubt etc etc the system is permissionless so anyone can be an issuer anyone can
store data anyone can have an issue data against a user as a user you manage your data all of that is open
um where i see to that using something like sapphire or other solutions that you have in in you know
acz is especially on the sharing of the data we haven't focused specifically on this so we have uh in
the roadmap uh some very interesting solutions for uh zk as well for selective disclosure of the data
within a credential uh in which you don't share a full credential but you just prove that some of
the data in the credential uh is like that very useful for age for instance or to prove that you
are not from a specific country and that is what we want we want to attract other builders that focus
on this um we have and you're going to see it in the next three months or so um as well a couple of
infrastructure providers that are building with us so we are actually using other uh players in web3 to
actively use their solutions for defining how you access your data how you save your data how do you
share it as well um so that's something that uh it's coming very soon
yeah yeah sorry about that i mean maybe i wasn't clear enough uh i was speaking more about yeah
the validator set or how you call it now where uh those node operators are the ones that need to be
picked by the dow and potentially that can be more decentralized in a way that you know um um let's
say for instance uh with sapphire you can have compute nodes where you know uh the ones that validators
that run those compute nodes don't actually see any data because everything's ran uh in in a te
it's just a solution environment so uh i was just pointing more towards that but uh i do agree
yeah what you said that uh for selected disclosure uh tees with general compute um can be a very
helpful tool where it's fairly easy to uh kind of program the smart contracts to to have you know
a base based on some rules to share that specific data either as a bullying yes or no or or share the
specific data yeah uh so uh yeah no that definitely something to take a look into um i didn't know that
this actually was possible with sapphire but something that i'm going to check right after
this call because it's a big thing on the network right we want to make it as decentralized as possible
without compromising the security of it so yeah always for finding solutions to do that
that's great to get that's good to hear uh yeah i think we just passed our half hour mark uh and i
really don't want to uh make it too long for our listeners uh maybe some people that will listen later you
know uh having a too long of a space can be can be scary to even start listening to uh but um i wanted
to ask for yeah you mentioned you have some infrastructure uh uh infrastructure partners that
will be joining um in in the next few months uh what kind of you know the plan for fractal idos uh this
year next year is this a full transition from fractal id to idos um or how you see uh you know
these two products going forward yes um fractal id will continue to exist is an identity uh
verification provider and right now is an issuer in the idos and hopefully will continue to to be an
issuer in the idos um for the idos the goal now is uh to really open it up so we are very very close to
create what we call the v1 which is the really robust enough system that we're comfortable that
if we leave it there and we tell people now you can build whatever you want on top it's going to
work well um so that's something that is going to come soon and when that happens what we need apart
from the implementations that we're going to announce with with several ecosystems what we will
need is new issues to come in new applications to consume data as well through the idos and also other
infrastructure providers to come and build solutions where we are not focusing on like we what we know
how to do is to create the centralized identity systems our team we are not the best ones at
creating zk solutions so we want to work with people that are good at doing that and that you
said before that's the beauty of web3 is that is something that can be done very very easily um and
it's also something that is an advantage for growth definitely so this is going to be the focus for
the rest of uh of 2024 uh once everything is there um another thing is that what's very important is
to have use cases there's so many decentralized identity companies that raise tens of millions
that have been around for very long and that they have great systems but the problem is that they don't
have usage they are not systems that have usage that people are using every day because it's very
complicated or because they are built in a way where you need to build on top of the identity system
instead of the identity system coming to you and this is what we wanted to make sure that the ideas
was not so that's why when we picked the partners and ecosystems we prioritize use cases that are
relevant today that people are going to be using today as well and that already have usage that's why
i was talking before specifically about this real world defy or uh nofi to really have defy being usable
for real world use cases and empower those that already have well millions of users
yeah definitely that that can sometimes be a problem where uh you know we get excited about
the tech but then nobody's using it then uh yeah that's just not enough right we need to get the
adoption in so uh things really then get get moving uh and we get to we get to the adoption of the
products let's say crypto native products uh in a more concrete way um and yeah um exciting to hear
you know uh that you're you're open to uh to new solutions new partners uh you know working on the the
things that you're not focused on uh as you mentioned here uh you know uh the selected disclosure is one
thing so hopefully we managed to we managed to speak speak about that and and see where we can help out
uh make idos uh even better even more successful uh luis thank you very much for today for joining in
uh and thank you everybody for listening on the twitter space um yeah it's been it's been great uh any
last words uh no i think i think it was a tweet i would i would the space um i think that just to
uh summarize i think it's important to understand these uh difference between anonymous
and privacy preserving um i really like solutions like oasis that focus a lot on the privacy preserving
side because this is what will help the great technology that we have and the way of building
that we have in web3 to really go to the real world but still making sure that people on their data
that people can uh work in an environment where uh basically they their data is protected uh so really
looking forward for uh what you're doing in the future really looking forward to support that as
well and maybe we can even uh work together very soon uh into building a place for people to finally
own their own data on the internet
exactly exactly very well put have nothing to add here thank you very much everyone uh yeah thank you
for today and uh see you next time thank you everyone bye bye