Douglas Barbin, Managing Principal & Chief Growth Officer @ Schellman
Avani Desai, CEO @ Schellman
Blockchain, Cryptocurrency, NFTs, DigitalID, etc. There are lots of topics out there that capture the public’s
attention and technology professionals at the same time. The goal of this presentation is to provide a basic
understanding of core web 3.0 technologies including blockchain(s) and the role of identity management in
a more decentralized computing environment. No buzzwords, no long-winded explanations, just real use-
cases and perspectives on where SaaS providers should focus their attention in this emerging space.
3. What is Web 3.0?
Transformation from today’s Web 2.0
came from the Web 1.0 of the late
90s and early 2000s
Heavy emphasis on distributed
processing and storage
“Defining features of Web 3.0 include
decentralization; trustlessness and
permissionlessness; artificial
intelligence (AI) and machine learning;
and connectivity and ubiquity.”
Source - Investopedia
3
4. What is Decentralization and Trustlessness and
what about “the Blockchain”
In Web 3.0 a “database” is not
a single or centralized store
Blockchain technology was
built on the premise of no
single storage location and
nodes are replicated for
redundancy
Cryptocurrencies leverage this
technology to be anywhere or
everywhere making it more
immutable
4
5. What are the Major Use Cases for Web 3.0 Beyond “Crypto”
NFT
Smart contracts
Identity verification
Gaming
Drone identification
Artificial Intelligence
5
6. Practicalities of Using Web 3.0 Applications
Distributed and permissionless systems does
not mean permissionless applications
Users still have to interact with applications which
communicate with each other on the Web 3.0 back-end
Mobile applications are the gateways to all
Web 3.0 including cryptocurrency trading
6
8. What About Cybersecurity – Five Key Security Implications
● Social engineering attacks are backend agnostic
(e.g. wallet attacks and enhanced spam)
● The front door is always the easy way in
(i.e. mobile applications)
● Compromised creditentials can be reused
like today or people impersonated
● Manipulation and disinformation of data including
configuration/security data
● Inability to trace/log activity creates challenges
for those responding to security incidents
8
9. Why Identity is Most Important
9
Identity forms and delivery:
● IDs and passwords
● Certificates
● Tokens and biometrics
● Federated credentials
Key Concepts
● Self Sovereign Identity (SSI)
with holders, issuers with
○ Verifiable Credentials
○ Verifiable Data Registries
11. What Regulatory/ Standards Bodies are
Working On Trust for Web 3.0
Legacy Programs
● AICPA/Canada CPA – WebTrust, SOC
● ISO 27001, 24760, 29003
Growth Programs
● Kantara (Identity/Authentication) US and UK
● Digital Identification and Authentication
Council of Canada (DIACC)
Emerging Programs
● Trust Over IP
● CIO Council Canada
11
12. What Now?
Always start with context
Do security and privacy by
design
Work with providers and
partners that are investing
in the space
12
13. THANK YOU
Doug Barbin
Managing Partner & Chief
Growth Officer
Schellman
@DougBarbin
doug.barbin@schellman.co
m
Avani Desai
CEO
Schellman
@AvaniDe
avani.desai@schellman.com
Notes de l'éditeur
Avani:
Web 3.0 is exactly what it sounds like – the next iteration of the Internet.
Avani:
Web 1.0 pioneers the language of the Internet, starting with simple private connections to public webpages using static HTML hosted on simple servers.
Web 2.0, our current iteration, moved us away from plain webpages to dynamic content and the whole advent the social networking and its impact on how people consume information. Over the last 15 or so years, Web 2.0 has seen its fair share of technology evolution with the increase use of cloud computing and moving to containers and other forms of more advanced cloud computing services. Still in all of these cases, computing assets were largely centrally located and managed, even when doing so was done across a global footprint.
Web 3.0 moves towards a more decentralized or distributed model. Applications do not require a central location for storage and processing but multiple ones. They also do not require a broker to manage permissions for access to these resources.
While AI, including machine learning, were present and operating under the Web 2.0 infrastructure, their benefits have only begun to be recognized.
Avani:
Distributed networks:
By nature exist everywhere
Think “old school” peer to peer networking
As “trusted” intermediary is not required, that creates risk
The first use case for distributed computing was crypto currency.
[Avani to highlight the additional benefits and her experience.]
Avani
There are many use cases for Web 3.0 technology, some of which we have yet to even think about.
[Avani to list off and speak to above]
Artificial intelligence never really reached its full potential in Web 2.0. It is not only empowered by more distributed computing (think SETI AI) but user will expect it.
Avani:
Regardless of how the data is distributed, users still require a means to interact (or to have a robot interact on their behalf).
While traditional Web 2.0 front-ends will continue to remain available, increase use of mobile applications will continue and the convergence between business and social application will continue.
Transition to Doug
Doug
Sadly, the types of security threats are not unique to Web 3.0 and we saw them very prevalent in Web 2.0.
There is some upside – in a distributed storage environment like blockchain, the ability to compromise and encrypt data everywhere by a ransomware attacker could become more difficult.
The human factor, social engineering will also be Achilles heel for compromise. Attackers go in through the people to get access to applications where data on distributed environments are stored. As a result, attackers can compromise credentials to access as well as the data itself.
While blockchain technology itself helps to reduce the ability to manipulate information, an authorized but compromised credential can be used to manipulate information shared around the world.
Last, the anonymity provided by Web 3.0 makes it more difficult for the incident responders and/or forensic professionals to identify who a particular threat actor was.
Doug:
The above forms of identity management are not new. Federated identity relies on Web 2.0 concepts to centrally manage and share credentials.
In Web 3.0, users need to have control over their own identity and credentials so they’re not just stored in a “database”
Your passport is on your phone controlled by you. It doesn’t sit elsewhere but its been issued by a trusted provider and verified by a trusted registry which validates the credential NOT stores it.
Doug
In the new Web 3.0 Economy, Trust is the Digital Currency.
As of today, legacy compliance frameworks are used but not necessarily specific enough to the technologies being looked at.
There are several growing and emerging programs, some self-certification that aim to address this issue. Some are government sponsored, while some are self certification.
Doug
What do you do now – continue to wait or plan ahead?
It starts with context. Think about your role in Web 3.0, are you a provider, leverage, or user of the technology.
Build security and privacy by design, not after the fact.
Work with providers that know what they are doing and investing in the space.
Avoid buzz words at all cost.