Harrison Tang, CEO at Spokeo
Emerging Tech
Digital identity is who you are in the digital world, and you should be able to control your own identity. In a world where Big Tech controls data on millions of its users, how do we claim our digital identities? Self-sovereign identity gives people the control over their identities by empowering them as intermediaries of identity-related transactions. People are the platform, not Big Tech or governments. Decentralized identity leverages technologies like blockchain and token-based economy to ensure that the identity infrastructure is not controlled by a few companies. Despite the decentralized infrastructure, federated identity enables identity information to be easily aggregated, processed, and available to use for good. Personalized identity individualizes the sharing of identity information (e.g. selective disclosure) based on different people's needs and sharing contexts. Secure identity makes sure that the access to identity information will be more secure, authenticated, and accountable. And lastly, intelligent identity helps streamline identity management.
2. CONFIDENTIAL
About Harrison, @theCEODad
• CEO & Co-Founder of Spokeo
• Co-Chair of W3C Credentials Community Group
• Dad of 3 sons
About Spokeo
• Spokeo is a people intelligence service that helps over
15M users a month to search and connect with others
• We are the only Data + UX company in our space,
organizing over 16 billion records into 600M entities
• We generate about $90M/year and have been
profitable without VC funding since 2008
About
4. CONFIDENTIAL
Identity is accessible data or characteristics that define a
distinct entity. It answers who we are
• People Data: Include name, contact info, personality,
behaviors, demo, credit, reputation, … Data sources
could be first-party, second-party, or third-party
• Entity Being: Entity is a thing with distinct and
independent existence. The constituent parts could
change over time but remain connected
• Access Control: Make sure that the right people can
access the right data or resources. Include
authentication, authorization, and audit processes
What is Identity?
5. CONFIDENTIAL
Identity today is the How to the What, or a means to an end.
Itʼs the much-needed fabric of the Web that empowers:
• People Search: Connect and verify people with trust
• Genealogy: Research ancestors and heritage
• Fraud Prevention: Identify and prevent fraud
• Financial Crime Compliance: KYC, AML, … etc
• Credit and Payments: Facilitate financial transactions
• Authentication: Secure account access
• ID Protection: Secure digital identities
• B2B Marketing: Find sales leads and customers
• Marketing Analytics: Optimize ad spend and reach
Identity Use Cases
6. CONFIDENTIAL
Identity market is huge and generates more than $70B/year
in the US alone (a non-exhaustive list of segments below):
• B2C People Search: ~$500M
• B2C ID Protection and Password Managers: ~$5B
• B2C Genealogy: ~$1.5B
• B2B Identity Verification & Fraud Prevention: ~$20B
• B2B Authentication & KYC: ~$10B
• B2B Identity & Access Management: ~$5B
• B2B Credit Bureau: ~$15B
• B2B FCRA Employment Screening: ~$2B
• B2B Marketing Tech: ~$75B
Identity Markets in the US
7. What is Identity in Web3?
Identity in Web3 is the Decentralized Identity
8. CONFIDENTIAL
Web3 is the decentralized web that heralds the concept of
digital ownership
• Decentralization: The distribution of control or power
to multiple entities rather than a single one
• Digital Ownership: The state or fact of legal
possession and control over digital, intangible
properties in the metaverse
• Tokenomics: The economics and factors around how
to value and price a token or cryptocurrency
If Web1 is Read and Web2 is Read & Write, then Web3 is
Read & Write & Own
What is Web3?
9. CONFIDENTIAL
The problem of decentralized identity can be broken down to decentralized entity, decentralized data
aggregation, and decentralized data access
Decentralized Identity
Entity Data Access
Centralized
SSN, Passport #, Twitter
Handle, Facebook ID,
URL, Vendor IDs
Big Tech, Government,
Credit Bureaus, Data
Aggregators
Social Login, Federated
ID, Big Tech, Govern.
Decentralized
Decentralized Identifier,
Soulbround NFT, Entity
Resolution, HD Keys
Verifiable Credentials,
Personal Data Store,
IPFS, De. Reputation
Self-Sovereign Identity,
Self-Issued OpenID
Provider
10. CONFIDENTIAL
Decentralized identity will overtake (but not kill) the
current centralized identity paradigm because:
• Data Regulations: CCPA, CPRA, and GDPR has created
data rights. FCRA, HIPAA, and other laws require user
consent. eIDAS in Europe requires SSI
• Data Quality: Multi-party (1st + 2nd + 3rd-party) data
validation and the incorporation of UGC ensures better
data quality than single-party approaches
• Network Effect: Identity as a multi-sided platform
enables virality and network effect
• Web3 Movement: New genʼs distrust for big tech will
lead to decentralization and the next ebb/flow in Social
Cycle Theory
Why Decentralized Identity?
12. CONFIDENTIAL
Identity can be modeled as a multi-sided network with 3
IAM (Identity and Access Management) roles:
• Searcher & Verifier: User or business who wants
access to Data Subjectʼs identity for ID verification,
authentication, investigation, … purposes
• Data Subject & Holder: User or business whose
identity is being accessed. Ex: User who wants access
to a service, person being investigated, …
• Issuer & Data Source: User or business who creates
identity info about the data subject. Ex: DMV (driver
license), Uber (driver profile), users (user ratings), …
• The same person can wear one or multiple roles
Identity Access Model
Identity’s Role-Based
Access Control Model
Data
Subject
Searcher
Issuer
13. CONFIDENTIAL
Centralized Trust Model
Holder /
Data
Subject
S
e
a
r
c
h
e
r
r
e
q
u
e
s
t
s
i
n
f
o
a
b
o
u
t
D
a
t
a
S
u
b
j
e
c
t
f
r
o
m
D
a
t
a
S
o
u
r
c
e
s
w
i
t
h
o
u
t
D
a
t
a
S
u
b
j
e
c
t
’
s
k
n
o
w
l
e
d
g
e
Verifier /
Searcher
Issuer /
Source /
ID Provider
1. Anonymous Search
Data Subject is unaware
of id transaction
The power over ID transactions lies
outside of Data Subjectʼs control
1. Anonymous Search: Data Subject is
unaware of ID transaction
2. ID Verification: Data Subject is
unaware of how it works
3. Social & Federated Login: ID
Provider (ex: Google Login)
intermediates ID transaction
4. FCRA Employment Screening:
Company intermediates between
Data Subject and Data Sources
Current ID Access Model
14. CONFIDENTIAL
Centralized Trust Model
Holder /
Data
Subject
V
e
r
i
fi
e
r
r
e
q
u
e
s
t
s
i
n
f
o
a
b
o
u
t
D
a
t
a
S
u
b
j
e
c
t
f
r
o
m
D
a
t
a
S
o
u
r
c
e
s
w
i
t
h
o
u
t
D
a
t
a
S
u
b
j
e
c
t
’
s
k
n
o
w
l
e
d
g
e
Verifier /
Searcher
Issuer /
Source /
ID Provider
2. ID Verification
Data Subject is unaware
of how it works. Ex:
ThreatMetrix, Ekata
The power over ID transactions lies
outside of Data Subjectʼs control
1. Anonymous Search: Data Subject is
unaware of ID transaction
2. ID Verification: Data Subject is
unaware of how it works
3. Social & Federated Login: ID
Provider (ex: Google Login)
intermediates ID transaction
4. FCRA Employment Screening:
Company intermediates between
Data Subject and Data Sources
Current ID Access Model
15. CONFIDENTIAL
Centralized Trust Model
Holder /
Data
Subject
S
e
r
v
i
c
e
P
r
o
v
i
d
e
r
r
e
d
i
r
e
c
t
s
U
s
e
r
/
H
o
l
d
e
r
t
o
I
d
e
n
t
i
t
y
P
r
o
v
i
d
e
r
(
e
.
g
.
G
o
o
g
l
e
/
F
a
c
e
b
o
o
k
L
o
g
i
n
)
f
o
r
a
u
t
h
e
n
t
i
c
a
t
i
o
n
Verifier /
Searcher
Issuer /
Source /
ID Provider
3. Social Login
ID Provider (ex: Google
Login) intermediates id
transaction
The power over ID transactions lies
outside of Data Subjectʼs control
1. Anonymous Search: Data Subject is
unaware of ID transaction
2. ID Verification: Data Subject is
unaware of how it works
3. Social & Federated Login: ID
Provider (ex: Google Login)
intermediates ID transaction
4. FCRA Employment Screening:
Company intermediates between
Data Subject and Data Sources
Current ID Access Model
U
s
e
r
/
H
o
l
d
e
r
l
o
g
i
n
s
a
n
d
a
u
t
h
e
n
t
i
c
a
t
e
s
w
i
t
h
I
d
e
n
t
i
t
y
P
r
o
v
i
d
e
r
.
I
d
e
n
t
i
t
y
P
r
o
v
i
d
e
r
t
h
e
n
i
s
s
u
e
s
a
u
t
h
o
r
i
z
a
t
i
o
n
t
o
k
e
n
16. CONFIDENTIAL
Centralized Trust Model
Holder /
Data
Subject
S
e
a
r
c
h
e
r
(
C
o
m
p
a
n
y
)
r
e
q
u
e
s
t
s
i
n
f
o
a
b
o
u
t
D
a
t
a
S
u
b
j
e
c
t
(
C
a
n
d
i
d
a
t
e
)
f
r
o
m
D
a
t
a
S
o
u
r
c
e
s
t
o
p
e
r
f
o
r
m
t
h
e
s
c
r
e
e
n
Verifier /
Searcher
Issuer /
Source /
ID Provider
4. FCRA Screening
Company intermediates
id transaction
The power over ID transactions lies
outside of Data Subjectʼs control
1. Anonymous Search: Data Subject is
unaware of ID transaction
2. ID Verification: Data Subject is
unaware of how it works
3. Social & Federated Login: ID
Provider (ex: Google Login)
intermediates ID transaction
4. FCRA Employment Screening:
Company intermediates between
Data Subject and Data Sources
Current ID Access Model
Searcher (Company) requests the permission of Data
Subject (Candidate) for employment screening
17. CONFIDENTIAL
(4) Data Subject sends verifiable data presentation about
them back to Searcher / Verifier
Holder /
Data
Subject
Issuer /
Source /
ID Provider
(
3
)
I
s
s
u
e
r
i
s
s
u
e
s
v
e
r
i
fi
e
d
d
a
t
a
a
b
o
u
t
D
a
t
a
S
u
b
j
e
c
t
t
o
D
a
t
a
S
u
b
j
e
c
t
The power over ID transactions lies
within User / Data Subjectʼs control
• Self-Sovereign Control: Data
Subject intermediates ID txn and
controls what to share to whom
• Ultimate Decentralization: If all ID
txn are self-sovereign, tens of
billions of Data Subjects gain full
control over their identities
• New Economy: The emergence of
identity ownership will empower
new economy / capitalism
Future SSI Model
Self-Sovereign Identity
User / Data Subject
intermediates id
transaction
Verifier /
Searcher
(
2
)
D
a
t
a
S
u
b
j
e
c
t
r
e
q
u
e
s
t
s
I
s
s
u
e
r
(
s
)
f
o
r
t
h
e
i
r
d
a
t
a
(1) Searcher / Verifier requests Data Subject for their info
19. CONFIDENTIAL
Verifiable Credentials empowers decentralized triangle of
trust via cryptographic proof
• Credential: A set of claims (attributes about Data
Subject) made by an Issuer. Like “record” or “row”
• Verifiable Credential: Credential that is digitally
signed by Issuer and can be cryptographically verified
• Cryptographic Proof: Issuer signs cred with its private
key. Verifier verifies cred with Issuerʼs public key
• Issuer vs. Holder Signatures: Holder/Presenter
aggregates creds into a presentation and signs it
• Transitive Trust: Verifier can trust a credential without
interacting with the Issuer. Decouple Data, Trust, Access
Verifiable Credentials
20. CONFIDENTIAL
Presentation is an aggregate of one or more credentials
that represents a persona or a facet of an identity
• Verifiable Presentation: A presentation doc digitally
signed and attested by the Holder (e.g. Presenter)
• Decentralized Aggregation: Localized data
aggregation by Data Subject / Userʼs identity wallet
• Selective Disclosure: The ability of Holder to make
fine-grained decisions about what information to share
• Zero-Knowledge Proof: Prove that something is true
without conveying any additional information
• Privacy Recommender: Recommend what to share to
whom, when, and where
Verifiable Presentation
21. CONFIDENTIAL
Identifier is the name of an entity. Unique identifier
uniquely identifies an entity and enables its existence
• Decentralized Identifiers (DIDs): A new unique
identifier that doesnʼt require a centralized registration
authority and is often generated cryptographically
• Self-Sovereign Control: Enable Controller or Subject
to prove control without requiring 3rd-party permission
• Cryptographic Proof: Signer signs DID with its private
key. Verifier verifies cred with Signerʼs public key
• Distributed Ledger: “Blockchain” tech often used as
verifiable data registries where the DIDs are recorded
• DIDComm: Communication protocol built atop of DIDs
Decentralized Identifier
22. CONFIDENTIAL
Entity Resolution creates a digital identity by connecting
records referring to the same entity across different sources
• Record Matching: Compare and decide whether two
records refer to the same entity
• Record Linking: Create and assign an unique identifier
to records and connect them together
• Horizontal Linking: Linking where all info required to
generate an identifier is within a row or record. Ex:
Phone IDs or Address IDs
• Vertical Linking: Linking where info required to
generate an identifier is not contained solely within its
own row. Ex: Person IDs
Entity Resolution
23. CONFIDENTIAL
Authentication creates and/or proves the linkage between a
physical identity and a digital identity
• Multi-Factor Authentication: Multiple evidences
across different dimensions ensure higher security
• Inherence Factors: Who you are. Ex: Facial biometrics,
fingerprint, voice authentication, typing behaviors, …
• Knowledge Factors: What you know. Ex: Password,
secret phrase, Knowledge-Based Authentication, …
• Possession Factors: What you have. Ex: SMS One-Time
Passcode, Email Verification, Hardware Security Key, …
• Location Factors: Where you are
• Proxy Factors: Trust authn. done by 3rd parties
Authentication
24. Learn More
Follow me @theCEODad or @Tang_Toks
Follow @Spokeo, and check out Spokeo.com/Careers