January 10, 2024 • 34 mins
Credential sharing is complex and exciting. Take a listen to our guest, Dan Stemp from JNCTN, in this installment of Making Data Better. We discuss JNCTN's credential sharing platform and its major use cases.
Discover how managing digital identities supports the work of critical industries, from power generation to healthcare. We unpack the intricate relationships between those who rely on credentials, the individuals who hold them, and the authorities who issue them.
Dan tells us the story of his firm's evolution from card personalization bureau to today's digital credential management scheme. We discuss the firm's clients' transition from physical tokens to digital credential presentation. Of course, we discuss wallets because they are the natural containers to hold verifiable credentials and we address JNCTN's proprietary approaches, the W3C, and big players like Apple and Google.
Implementation of systemic systems is never easy. JNCTN has multiple stakeholders to convince. We examine enterprise adoption and the leverage points that resonate with the relyingn parties, the risk owners, who deploy these systems. It's not just about risk mitigation and operational efficiency.
So, take a listen as Dan, Steve, and George share their enthusiasm for verifiable credential sharing and the breadth of applications ahead.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
George Peabody (00:14):
Welcome to Making Data Better, a podcast
about data quality and impact ithas on how we protect, manage
and use the digital datacritical to our lives.
I'm George Peabody, partner atLockstep Consulting, and thanks
for joining us With me isLockstep founder, steve Wilson.
Hi, steve.
Steve Wilson (00:30):
Hello George, happy new year.
I hope it's some off to a goodstart for you and great to be
talking with you again.
George Peabody (00:38):
After a great start, we're actually expecting,
finally, our first snowfall inBoston over the weekend, so I'll
be getting into the hot tubafter I do all the snow
shoveling.
So, steve, today we're going totake a look at the power of
credential sharing, someexamples of what's possible when
we address safety and securityconcerns through the use of the
right credentials, presented atthe right time.
(00:59):
And to do that, we're fortunateenough to be looking at a
company that operates what we'recalling credential management
service and system that has towork with all the stakeholders
in its system.
What is really intriguing aboutthis model where you do
everything, where you are acredential management service
(01:21):
serving everybody?
You've got to work with all theparties, all the stakeholders,
in the identification process.
So you've got to get the partythat's taking the risk, what we
call the relying party on board,whether it's the physical or
digital worlds.
The provider has to make iteasy to grant access to a
service, speed the process, logeach of those accesses, trust
(01:42):
the validity of the credentialspresented.
In other words, the relyingparties want the ability to
control access, know what eachcredential presenter is, who
each one is, subject, referredto as what they're certified to
do, and again to log each ofthose interactions.
Then the service provider has toget the capability into the
hands of the subjects, theholders and presenters of the
(02:04):
credentials on board.
So they've got to answer thequestion of what's in it for the
subject easier to get into abuilding or is it easier to
access an online service?
Maybe it's putting a QR code infront of the guy at the gate
instead of a booklet full ofstamps that say that someone's
been certified to do a job?
(02:25):
And the third party, of course,is the issuer of the
credentials.
Think about a registry motorvehicles or an educational
institution or a trainingcompany that provides
certification.
Those credentials have to be inthe hands of the subject to be
presented to the relying partyin order to make a complete loop
(02:45):
of the transaction.
One of the beauties of theservice provider that does all
the work is that they got greatvisibility into what users are
doing on all hands, whether it'sthe relying party, the subjects
themselves, the folks who arepresenting the credential.
And given that visibility,given the fact that they're
seeing interactions everywhere,they can actually respond to new
(03:08):
changes, new requirementspretty quickly and push that
capability out.
Steve, let's illustrate this inthe context of identification
and credential sharing throughtalking with, I'm happy to say,
junction, a New Zealand companythat has assembled a solution
that addresses the needs of eachof those three parties the
(03:29):
relying party, the party takingthe risk, the subject and the
credential issuer itself.
So to do that, let me welcomeDan Stemp, who is Junction's
chief customer officer.
Dan, welcome.
Dan Stemp (03:42):
Thank you.
Hey, look, thanks for having me, guys.
I'm really excited to talktoday about the work that
Junction's doing and lookverifiable credentials as a
whole.
Look, it's such an excitingtopic and we kind of refer to it
as the you know and lots ofother people do is the new gold
rush.
You know this idea of owningyour own information and being
(04:04):
able to use it whenever you needto use it, knowing who has
access to it.
This is important stuff andwe're really excited to be in
this space.
Steve Wilson (04:14):
We're so excited to have you on the show, dan.
We met on the other side of theplanet for you and me at least,
is Antipodeans.
We had a great time atIdentiverse in Las Vegas with
George last year.
It's fantastic, isn't it?
You go to the other side of theplanet to meet people that are
almost next door we also.
(04:36):
When we were chatting, we foundthat we three have been in
adjacent areas of business nowfor decades, so I found the
history of Junction reallyfascinating.
Could you recap that for usright now?
Dan Stemp (04:48):
Yeah, yeah, look, I'd love to.
And, george, I'm going topinpoint a word that you just
used in your intro there withvisibility, and it's a key part
of Junction's learning.
And, again, the word I'm goingto use quite often during this
is journey.
Through Junction's journey, wehad a lot of learnings when we
(05:09):
owned a large scale cardproduction and personalization
bureau.
So we were in the business ofdelivering physical identity
tokens to individuals toshowcase who they were, whether
they had a particular skill orqualification or work authority.
So, having that visibility ofthe information that we were
(05:30):
producing for individuals andhaving that visibility of those
individuals themselves and whatthey did with those physical
tokens hold them in plastic cardwallets, information in the
vanilla folders we had thisinsight into how we could create
better user interactions forthese individuals by using
(05:52):
emerging technology likeverifiable credentials and
building software was not newfor Junction as an organization.
As part of our card bureauoffering, we had an online
ordering tool, so essentially anonline portal for our customers
to input data around theindividuals who were receiving
(06:12):
these physical tokens and theinformation that was going on
these tokens.
So think firearms license andwhat your authorities were under
your firearms license, whatclassification of firearms
you're allowed to hold on to.
This is all information that wewould print onto a physical
token for an individual to putin their wallet.
So we saw the opportunity tocreate these digital
(06:35):
interactions, of those physicaluser interactions that people
will be having out in the world.
And specifically, we've taken afocus on our high hazard
industries and really that'sjust out of need and necessity,
because we have heard that thereare problems and we've had
people approach us within thoseindustries that they have
(06:58):
problems and they think we cansolve them.
So yeah, coming from the cardbureau industry has given us a
massive amount of insight intothe amount of credentials that
people actually hold on to, andit's not just one to three.
Steve Wilson (07:14):
We see all those common areas which are really,
conceptually, it's an analog todigital conversion, isn't it?
You take information fromsources of truth, you have some
way of quality assuring thatinformation and then you package
it on behalf of subjects.
They then hold it in a plasticcard or a digital wallet.
(07:34):
I guess Can we dig into thissort of infrastructure and that
common ground, what you've hadto build and what you've had to
leverage.
And I guess we could alsoground this conversation
relative to COVID, because welove what you guys did relative
to COVID, so maybe you can usethat to illustrate and
underscore how yourinfrastructure works.
Dan Stemp (07:54):
Sure infrastructure.
Firstly, we've got to buildsomething that's scalable.
If it's not scalable, if it'snot secure, it's not something
that we want to have asinfrastructure behind us.
Because this needs to bescalable, it needs to be secure.
So at the core of all of thisreally is data.
(08:17):
It's important to understandagain the journey of what we've
built.
But kind of underneath it all,we have set of tools for people
to interact with us.
We have a digital wallet forholders to hold verifiable
credentials in.
We have an issuing platformthat allows issuers of
(08:39):
credentials to create acredential catalog and issue
those to individuals.
We have an admin portal forenterprises to use to consume
that data.
So, whether I employ 200 peopleand I want an overview of the
credentials that those 200people have, we have an admin
portal that allows you to accessthat information, all
(09:03):
permissioned by the individual.
So an enterprise can't alwaysbe looking for a request when
they need to access informationaround an individual and their
work authorities or skill setsand I want to caveat this all
the way all the time this isunder permission from the
individual.
(09:23):
So let's take that MIQ typescenario Managed isolation and
quarantine, a piece of work wedid for the government during
COVID here in New Zealand andspecifically around the border
workforce, the individuals whoare working in these highly
(09:43):
regulated environments,compliance high environments
where they needed to showcasethat they were the right people
with the right skill set to beworking in the environment.
So let's take a managedisolation and quarantine
facility where you've got hotelstaff, defense staff guarding
the gates, a health staff comingin and out and performing
(10:05):
health duties within theseenvironments.
You've got caterers, you've gotrepair people.
You've got this highlycompliant environment where,
under the New Zealand Health andSafety Act, the person who's
controlling that business unitneeds to make sure that they are
taking the best duty of carepossible to make sure the right
people are undertaking the rightjobs.
(10:26):
So, essentially, people arequalified, people are skilled,
people have the rightcredentials to be in that
environment.
We needed to provide a value tothis government department for
them to make sure that the rightpeople were coming in and out.
The right compliance ticks werebeing ticked and that was
(10:46):
relating to particularcredentials around that
individual.
It happened to be obviouslyidentity individual credentials
that needed to be healthcredentials.
They needed to be health andsafety training credentials, as
well as work authoritiessomething as simple as a site
induction All of thisinformation we were able to
provide to the government, orthe government to issue the
(11:09):
credentials to individuals.
They already had existingdatabases that held the truth
around this information.
So say, for instance, think theCOVID immunization register
there was already a point oftruth around COVID immunizations
.
We simply took that data andcreated a verified credential
out of it, issued it to theindividual, made the mechanism
(11:32):
to hold it in a digital walletand then, from a verification
point of view, the same digitalwallet tool has the capability
to check or validate credentials.
So the defense force at thegate was scanning QR codes of
individuals when they werecoming in.
Rulesets were created in thoseenvironments that ABCD
credentials needed to beshowcased.
(11:52):
Our tool allowed that to simplyreturn a result of you meet
requirements.
Where you don't meetrequirements based on the
verified credentials that youhad sitting within your wallet.
Steve Wilson (12:02):
Then got it.
There's a lot of partiesinvolved there.
What matters to the most and wethink I'd love to discuss this
further with you, but we thinkthat the relying party, or the
party that's on the hook formost of the risk in these
transactions and theseinteractions, is almost like the
silent partner in a lot ofdiscussions.
But what matters to all ofthose stakeholders, especially
(12:26):
the relying party, what are theytelling you matters?
Is it things like logging?
Is it visibility?
Is it performance?
What is it?
Dan Stemp (12:33):
It's all those things .
It's all the things that peopleare screaming out for
Efficiency, productivity.
Time is so important toindividuals and what our tool
and our solution allows peopleto do is essentially take a lot
of that time controlled back,particularly in this environment
(12:54):
that we just discussed aboutmanagerisation and quarantine.
What was important to them wastime.
These individuals, every timethey turned up at the front gate
, needed to showcase a set ofcredentials that took time to
validate and make sure they weretrue before that individual
came into that environment.
So A I needed to know when thatperson came in.
(13:15):
I needed to know, at the pointin time that they turned up,
that they had the rightcredentials to actually be in
this environment.
There's logging, there'svalidation that the right people
are undertaking the right tasks.
That audit trail is reallyimportant because if something
goes wrong, I need to showcase,from an audit trail point of
view, that I put everything inplace to make sure that I was
(13:37):
doing my job correctly as theessentially custodian of this
environment.
And that can be totallytranslatable to a construction
site.
If I'm the lead can a contractoron a construction site, it's my
responsibility that peoplecoming in that environment I
kept safe when they were there.
So what this tool allows peopleto do is give them peace of mind
(14:00):
that the right people areturning up with the right skills
and qualifications, andverified credentials is the
perfect way to do this, becauseit's not just me trusting that a
piece of paper, a plastic card,some sort of proof that I have
to validate whether it's true ornot, is really up to me.
So giving the technology andallowing the technology to make
(14:22):
those decisions for people andgive them that peace of mind is
really important and gives themso much control, validation, but
also, most importantly, itgives them time back because
they can get back to actuallydoing what they should be doing,
as opposed to spending timevalidating information.
And for my Q-workers, what wastaken the minutes before we were
(14:42):
able to come and give them thesolution we're literally able to
reduce to seconds.
So we're also able to reduce awhole bunch of admin staff and
behind the scenes.
Whose job was it to go andvalidate that this information
was true and real?
Steve Wilson (14:55):
So you've got the ability for holders of these
credentials to presentthemselves quickly and to get
approved quickly, and you've gotstrong audit trails to show
that the correct rules have beenfollowed and that the correct
data has been presented by thecorrect people at the right time
100%.
Now we've talked about walletsalready and you're obviously
(15:15):
using a wallet.
Is that a proprietary junctionwallet?
Is it part of your solution andhow do you feel about the
operating system wallets likeGoogle and Apple, the built-in
wallets?
Dan Stemp (15:25):
It is a proprietary piece of tech that we've created
ourselves.
We're kind of operating withtwo wallets at the moment.
One is a progressive webapplication, so essentially it's
a cloud wallet, but we alsohave a native wallet both on
Android and Apple.
Really important to kind of seewhy we have two.
A web wallet or a progressiveweb application allows us to
(15:49):
push updates, you know,instantaneously to that platform
for our users.
So when it comes to increasingfunctionality, it's not reliant
on that individual having to goand update it on the app store.
We're able to kind of push someof these updates straightaway
to it.
Obviously, it has somedownfalls to what a native app
would have and, for instance,offline capability.
(16:11):
Our progressive web applicationrelies on the internet, whereas
the native app doesn'tnecessarily rely on connectivity
to transfer credentials toindividuals, so that validation
can still be done inenvironments that are important
to junction.
You know, like sectors,forestry, etc.
They work in environments wherethere is no internet capability
(16:32):
, so that validation of acredential still needs to happen
.
So our native app allows us todo that via Bluetooth.
So there are some cool thingsin both and important.
But when it comes to theoperating system wallets, you
know your Google wallets andyour Apple wallets.
We're big fans of those.
We believe here at Junction inthe ecosystem where the user
(16:56):
should be able to choose wherethey store their credentials.
If I want to store it in myjunction wallet, because I have
all of this other coolfunctionality and great tools to
utilize, then I should be ableto do that.
But if I want to store thatcredential in my Apple wallet or
my Google wallet, I should beable to do it as well.
And that's what our journey iswith Junction is to help these
(17:18):
issuers of credentials and givethem a mechanism and a platform
to be able to do that.
So if you want to issue acredential to somebody, you can
issue it to them.
They can hold it however theywant to hold it.
And if that's within Junction,then fantastic, because we've
added value with the toolsetthat we've created within our
solution.
But if I want to hold it in myApple wallet and keep it in my
(17:39):
Apple wallet, I should be ableto do that as well, and that's
what we believe in and I supposethat comes back to well, how do
you do that?
And standards are a big part ofthis, and the W3C standards
around verifiable credentials isa big part of this and we're
big believers in that to driveadoption so that someone can
turn up somewhere and claim acredential and hold it in a
(18:05):
junction wallet or in an Applewallet, and we want that
capability for people.
George Peabody (18:11):
And, to be clear at this point, the ability to
put a credential into an Applewallet is not present.
Dan Stemp (18:18):
Not true.
We have done some experimentswhere we've proved this within
Junction.
Not in a valid market, though,so we haven't got it actively
being used within a marketplace,but I suppose, just like any
organization, there's a wholebunch of research and
development going on to makesure the stuff is entirely
possible.
Another example is pushing intoanother quasi-wallet, which
(18:42):
would be the MicrosoftAuthenticator app, proving that
there are multiple ways to issuethese credentials to people,
and it doesn't have to bethrough proprietary wallets like
a government wallet or aMastercard wallet.
These credentials should befollowing open standards where
they can be consumed by any typeof wallet, and I think that's
(19:03):
really important for peoplemoving forward that choice.
Steve Wilson (19:07):
We see the same pros and cons playing out in
Australia.
One of the world's preeminentstate government credential
wallets is the New South WalesDigital Drivers License a
project here that's close to myheart and that's been extended
for COVID credentials.
But a whole lot of other tradequalifications and building
permits and working withchildren's checks and so on.
(19:30):
The ability to update thatwallet quickly is something that
makes it very difficult for NewSouth Wales to move to Apple or
Google, because there's a wholelot of momentum and inertia
with those big projects.
And, of course, the ability forfiner-grained functionality in
the app.
When you've got a proprietarywallet integrated with the app,
(19:51):
it's a lot easier to be sharinginformation, to be streamlining
data sharing and so on.
So I think it's a really nicedesign problem about the choice
of wallet and I myself amprepared to think that we'll
have a choice of wallets goingforward for quite a long time.
Dan Stemp (20:06):
And I think a key thing here is all of this is
good.
The use of verified credentialsis good, no matter how it's done
, whether it's in a proprietarywallet.
I think we will get there andagain, there's a massive journey
for people to take on.
We've gone through a longhistory of showcasing who we are
and validating the skill setthat we have via paper and
(20:31):
physical plastic tokens, and ifI take the example of the work
we're doing within the energysector, for 40 years I've used a
green passbook.
It's called the Green Book andit literally is a green
paper-sized passbook that holdsonto information around.
You talk to our Vistar who youare and what you're entitled to
do.
So when you turn up to thegeothermal power station gate,
(20:53):
you hand over that green bookand inside is handwritten,
rubber stamped signatureinformation around site
inductions or working at theheights, training or
qualifications and skills.
We've got a long way to get toour utopia because we've had
this long history of thispaper-based roof and there's a
(21:17):
mindset that needs to changewithin industries and
organizations as well, and Ithink that's a big part of it
too is actually embracing thistechnology, and it's up to
people like me and ourorganization to convince people
the value of this type oftechnology and why we should
move to this.
(21:37):
So, again, that goes back tothe challenge of that
closed-loop environment whereyou are literally selling this
and educating people at alllevels at the issuer level, at
the holder level and at theverifier level.
George Peabody (21:52):
Let's get to the business piece.
So it's the relying party who'spaying, it's the enterprise
that's paying for this, it's theparty that has the risk
exposure, correct, correct.
What do you find to be theleverage points in your argument
for adoption?
Dan Stemp (22:08):
Look, there's a couple of important things here.
Traditionally, how these guys,or how these organizations and
enterprises, these relyingparties, have dealt with this
information is very manual.
So if they haven't done adatabase, that's maybe in a
spreadsheet somewhere, it's insome siloed database that has a
(22:28):
piece of the puzzle.
So being able to give them atoolset where we can access some
of that siloed information andbring it into a platform where
it's visible all at once ishugely important to them.
We're talking aboutorganizations, especially in the
energy sector, who have ahigh-value asset.
(22:49):
They have a highly hazardousenvironment in a power
generation site where they needto make sure that the right
people are undertaking the righttask.
So when that person turns up atthe gate, they need to make the
quickest decision possible toget that person on site to
undertake their work that theyare supposed to be there.
So that's validation of theiridentity, validation of their
(23:11):
skills and qualification andtheir work authorities.
If that takes time, there's atrickle-on effect and for six
weeks of the, every generationsite is shut down for cleaning
and maintenance.
Time is crucial through aperiod like that.
So they need to, ahead of time,make sure that the right people
are turning up or going to beturning up.
(23:33):
So that's where our platformcomes into play, where, as an
individual who contracts to youas a company, I can give you
access to particular credentialsfor a particular period of time
or to allow us to say stop.
That allows you to make thoseforward-planning decisions.
So in six months' time, if I'mstill sharing with you, you can
validate that I've got the rightskill set to hire me to come
(23:54):
and contract and do this work.
Now, as soon as I untie the boxand say I'm no longer sharing
with you, you no longer haveaccess to those verified
credentials that I was oncesharing with you.
Having that, from a privacypoint of view, none of these
organizations want to be holdingon to information they
shouldn't be holding on to.
(24:14):
So it takes so many boxes fromefficiency, productivity,
privacy and compliance that theseller isn't actually too hard
when you show the value and youshow the time saving To the
extent where these enterprisesare so happy to pay for the
(24:35):
people who are coming in andtrack with them because it
actually saves them so much moremoney than what it does at the
cost of it all.
I just want to expand on thatparticular example and use one
particular use case that theindustry the energy industry has
highlighted to us here in NewZealand Prior to us coming along
, an individual's informationwasn't managed that well.
(24:57):
So if I work for a largegeneration company and jump ship
and go and work for anotherlarge generation company when I
turn up, my new boss wants toknow what I'm skilled and
qualified in.
If that is too hard, or if Idon't bring everything with me
because I can't remembereverything, my previous
organization has paid for mytraining.
Maybe they feel like they ownmy training.
(25:19):
It's mine, by the way.
I did the training.
I should be able to own that.
But because there isn't thiseasy way now to give this
credential to the individual,they turn up to a new
environment, shrug theirshoulders.
A new boss says well, I needyou to have this skill, so I'm
going to send you on a trainingcourse tomorrow At the cost of
double training.
That individual already hadthat skill set.
(25:39):
They just didn't keep it withthem, didn't have it.
It wasn't easily accessible.
That cost to the energy industryis around $10 million a year
that double training costs.
So for spending $50 million ayear on training, $10 million of
that, 20% is wasted doubletraining individuals because
it's too hard to validate theirskills or training qualification
(26:01):
.
So automatically byimplementing this across an
industry and hats off to the NewZealand energy industry world
leading in the fact that, as anentire industry, they've said
hey look, there's no IP inhealth and safety, so we just
want to make sure that people gohome safe.
So what we want to do is wewant to give a solution for
everybody to be able to validatethat Now who they say they are
(26:25):
and have the right qualification.
We want them to be able to turnup to a training environment
and receive a verifiablecredential straight away.
So we're working with all ofthese separate parties to create
this efficiency and thisproductivity.
And it's working for thembecause automatically show off
the back, thus saving millionsof dollars because all of a
sudden, this information isvisible and the information for
(26:47):
the individual is transferableand they can take it with them.
That's so empowering.
George Peabody (26:52):
So let me be clear about that at the end.
If I'm working for PowerGeneration Company A and then I
decide I want to go move toSouth Island and work for a
company B, the junction walletthat I have that's containing my
credentials can that just bevalid as soon as I get to my new
place of employment?
Dan Stemp (27:11):
Oh, 100%.
Those are your credentials.
If they've been issued to bysomebody, you still hold them.
You can take them with you.
The fact that you've beensharing with your employer while
you've been working for them isjust so that they can utilize
those credentials.
They need to utilize thosecredentials.
You're their worker, you have aparticular skill set.
(27:31):
They need to know that that'svalid when they're sending you
on work.
So having access to when thosecredentials expire is hugely
important for them, Hugelyimportant for you as an
individual as well, especiallywhen you do want to take them
with you somewhere else andshowcase them to somebody else.
So, within the energy sector, Ican do that.
I can take all my credentialswith me to new employer and I
can showcase them.
George Peabody (27:53):
How do you assure the new employer that the
credentials are legitimate?
Dan Stemp (27:57):
Great question, george.
And within the energy sector inNew Zealand that's not an issue
because what they've done isthat this is a recognizable form
of currency within the sector.
So if someone is turning upwith junction wallet and there
are credentials in there, youcan be rest assured that those
credentials are true and valid.
Now I'm going to caveat thatwith we give the ability for
(28:20):
individuals to upload their owncredentials to claim a
credential.
But what we've done with thatis we've implemented a trust
matrix, so essentially it's ared, amber, green traffic light
system.
We know that we're not going toget absolutely every issuing
authority on board from day one,but it's important for these
(28:40):
individuals to carry credentialswith them that maybe haven't
been digitized yet, so theyhaven't got to the verifiable
credential status where they'reissuing a digital driver's
license.
We don't do a digital driver'slicense here in New Zealand yet,
so an individual working in theenergy sector needs to showcase
that they have a driver'slicense.
We can give them a mechanism toshowcase that as a verifiable
(29:02):
credential.
But it's caveated on this trustmatrix, a red, amber, green
traffic light system.
If it's been issued from thelicensing authority, it's a
green verifiable credential.
If I have self-claimed thiscredential.
Its flagged is red.
So anyone I'm showcasing it tocan clearly see this trust
(29:22):
matrix, clearly see the levelsof the trust matrix.
And what we've done there isagain, I'll go back to this
journey is we're building sothat when that licensing
authority comes on board theyhave the ability to turn all of
those red credentials.
And we do have an amber statuswhich has been endorsed by the
(29:43):
organization you work for.
So if I'm endorsed by a largegeneration company here in New
Zealand and I'm showcasing thatto somebody else, they can be
rest assured that it has beenvalidated by another authority.
And then again it's up to them,their own business decisions on
how much they trust that.
All of this comes down to trust.
At the end of the day, trust isthe underlying thing to
(30:04):
everything.
How much do you trust this thatI'm showing you?
And all we've done is give thema mechanism to be able to
validate that trust, but alsofor the issuing authority to be
able to come in and say actuallyI want to turn all of those
credentials that people areclaiming of mine green, because
we're now on board with thismovement of verifiable
(30:26):
credentials and we want peopleto be showcasing our credentials
out in the marketplace.
We want people to have peace ofmind that that is a true and
valid credential, because youlook across, you know, in New
Zealand we've got the citycouncils who have just been
through a bit of a scandal wherean engineer signed off on a
thousand pieces of work usinganother person's credential.
(30:47):
So those authorities wantpeople in the marketplace
showcasing verifiablecredentials to prove that it is
them who has that authority,because the triple on effect is
massive if someone'simpersonating or stealing
somebody else's credentials.
So yeah, this is good foreveryone.
The same story in healthcare, Iguess.
Steve Wilson (31:07):
professional licensing, maintenance, aircraft
, aviation, Generally speaking,what's next?
What are the most important usecases for this sort of
technology going forward?
Dan Stemp (31:20):
Look.
What's next is?
It's a big question, steve.
There's so many opportunitieshere.
As a commercial organization,our focus is Look as a laser
focus.
It's a laser focus on provingin the environments that we're
already in, that it works andthat there's value, because the
use cases are so great.
This could go absolutelyeverywhere, but we need to prove
(31:42):
it somewhere first, and it justso happens that we found the
industry that was screaming outfor a solution because they want
to send their people home safeand you know the the high hazard
industry, that environmentswhere people need to have skills
and qualifications in order forother people to stay alive, in
order for people to go home safe.
There's a great place to startwith this because there is an
(32:05):
immediate impact and it's notjust a top-down approach either.
I think this is something that'sreally important to understand
and I See just briefly beforeempowerment.
You know, like individualsholding on to their information
and being able to take that withthem.
It's hugely powerful, and wehave a use case within the
(32:26):
United States, where we haveparticular sector of workers who
are trying to push from theground up with this technology.
They care about their data,they care about their
information, they care abouttheir identity.
They don't want people to stealtheir identity.
They don't want people to beshowcasing their particular
(32:47):
skills and impersonating them.
So they want to use thistechnology in the environments
that they work in so that theorganization they're working for
is held accountable for thatdata and is not at the risk of
being hacked, not at risk ofleaking that data.
So it really is a ground-upapproach, for where we've found
(33:10):
success and drive has been fromindustries that have a
requirement, mainly aroundhealth and safety.
But, steve, yeah, thepossibilities are endless.
You know, george, you mentionedin your intro access to
solutions, access to systems.
You know a verified credentialcould be a key for you to access
(33:32):
a particular solution.
Or, you know, have access tosome digital tools.
Yeah, it might mean thatalignment, because of his
particular credential set, giveshim access to some maps that
allow him to see where, you knowa Power grid is is mapped out.
This is really important stuffand I think, with what we're
(33:56):
doing, we're just kind ofscratching the surface with this
use case of individualsshowcasing their credentials for
their work environments.
There's so many opportunitieswith verifiable credentials.
It really is the new internet.
It's um, yeah, it's veryexciting space.
George Peabody (34:14):
Well, dan, thank you very much.
We're gonna have to leave itthere.
Wish you all the luck in thisnew year, and you're speaking
our language.
We really appreciate your time.
Hey, look, thank you so much,guys.
Dan Stemp (34:26):
It's um.
Yeah, it's been a pleasure andlook forward to talk to you
again If I have the opportunity,and and thanks to all your
listeners as well.
Steve Wilson (34:33):
Let's do it.
Keep up the good work, Dan.
Cheers guys.
Welcome to Making Data Better, a podcast
about data quality and impact ithas on how we protect, manage
and use the digital datacritical to our lives.
I'm George Peabody, partner atLockstep Consulting, and thanks
for joining us With me isLockstep founder, steve Wilson.
Hi, steve.
Steve Wilson (00:30):
Hello George, happy new year.
I hope it's some off to a goodstart for you and great to be
talking with you again.
George Peabody (00:38):
After a great start, we're actually expecting,
finally, our first snowfall inBoston over the weekend, so I'll
be getting into the hot tubafter I do all the snow
shoveling.
So, steve, today we're going totake a look at the power of
credential sharing, someexamples of what's possible when
we address safety and securityconcerns through the use of the
right credentials, presented atthe right time.
(00:59):
And to do that, we're fortunateenough to be looking at a
company that operates what we'recalling credential management
service and system that has towork with all the stakeholders
in its system.
What is really intriguing aboutthis model where you do
everything, where you are acredential management service
(01:21):
serving everybody?
You've got to work with all theparties, all the stakeholders,
in the identification process.
So you've got to get the partythat's taking the risk, what we
call the relying party on board,whether it's the physical or
digital worlds.
The provider has to make iteasy to grant access to a
service, speed the process, logeach of those accesses, trust
(01:42):
the validity of the credentialspresented.
In other words, the relyingparties want the ability to
control access, know what eachcredential presenter is, who
each one is, subject, referredto as what they're certified to
do, and again to log each ofthose interactions.
Then the service provider has toget the capability into the
hands of the subjects, theholders and presenters of the
(02:04):
credentials on board.
So they've got to answer thequestion of what's in it for the
subject easier to get into abuilding or is it easier to
access an online service?
Maybe it's putting a QR code infront of the guy at the gate
instead of a booklet full ofstamps that say that someone's
been certified to do a job?
(02:25):
And the third party, of course,is the issuer of the
credentials.
Think about a registry motorvehicles or an educational
institution or a trainingcompany that provides
certification.
Those credentials have to be inthe hands of the subject to be
presented to the relying partyin order to make a complete loop
(02:45):
of the transaction.
One of the beauties of theservice provider that does all
the work is that they got greatvisibility into what users are
doing on all hands, whether it'sthe relying party, the subjects
themselves, the folks who arepresenting the credential.
And given that visibility,given the fact that they're
seeing interactions everywhere,they can actually respond to new
(03:08):
changes, new requirementspretty quickly and push that
capability out.
Steve, let's illustrate this inthe context of identification
and credential sharing throughtalking with, I'm happy to say,
junction, a New Zealand companythat has assembled a solution
that addresses the needs of eachof those three parties the
(03:29):
relying party, the party takingthe risk, the subject and the
credential issuer itself.
So to do that, let me welcomeDan Stemp, who is Junction's
chief customer officer.
Dan, welcome.
Dan Stemp (03:42):
Thank you.
Hey, look, thanks for having me, guys.
I'm really excited to talktoday about the work that
Junction's doing and lookverifiable credentials as a
whole.
Look, it's such an excitingtopic and we kind of refer to it
as the you know and lots ofother people do is the new gold
rush.
You know this idea of owningyour own information and being
(04:04):
able to use it whenever you needto use it, knowing who has
access to it.
This is important stuff andwe're really excited to be in
this space.
Steve Wilson (04:14):
We're so excited to have you on the show, dan.
We met on the other side of theplanet for you and me at least,
is Antipodeans.
We had a great time atIdentiverse in Las Vegas with
George last year.
It's fantastic, isn't it?
You go to the other side of theplanet to meet people that are
almost next door we also.
(04:36):
When we were chatting, we foundthat we three have been in
adjacent areas of business nowfor decades, so I found the
history of Junction reallyfascinating.
Could you recap that for usright now?
Dan Stemp (04:48):
Yeah, yeah, look, I'd love to.
And, george, I'm going topinpoint a word that you just
used in your intro there withvisibility, and it's a key part
of Junction's learning.
And, again, the word I'm goingto use quite often during this
is journey.
Through Junction's journey, wehad a lot of learnings when we
(05:09):
owned a large scale cardproduction and personalization
bureau.
So we were in the business ofdelivering physical identity
tokens to individuals toshowcase who they were, whether
they had a particular skill orqualification or work authority.
So, having that visibility ofthe information that we were
(05:30):
producing for individuals andhaving that visibility of those
individuals themselves and whatthey did with those physical
tokens hold them in plastic cardwallets, information in the
vanilla folders we had thisinsight into how we could create
better user interactions forthese individuals by using
(05:52):
emerging technology likeverifiable credentials and
building software was not newfor Junction as an organization.
As part of our card bureauoffering, we had an online
ordering tool, so essentially anonline portal for our customers
to input data around theindividuals who were receiving
(06:12):
these physical tokens and theinformation that was going on
these tokens.
So think firearms license andwhat your authorities were under
your firearms license, whatclassification of firearms
you're allowed to hold on to.
This is all information that wewould print onto a physical
token for an individual to putin their wallet.
So we saw the opportunity tocreate these digital
(06:35):
interactions, of those physicaluser interactions that people
will be having out in the world.
And specifically, we've taken afocus on our high hazard
industries and really that'sjust out of need and necessity,
because we have heard that thereare problems and we've had
people approach us within thoseindustries that they have
(06:58):
problems and they think we cansolve them.
So yeah, coming from the cardbureau industry has given us a
massive amount of insight intothe amount of credentials that
people actually hold on to, andit's not just one to three.
Steve Wilson (07:14):
We see all those common areas which are really,
conceptually, it's an analog todigital conversion, isn't it?
You take information fromsources of truth, you have some
way of quality assuring thatinformation and then you package
it on behalf of subjects.
They then hold it in a plasticcard or a digital wallet.
(07:34):
I guess Can we dig into thissort of infrastructure and that
common ground, what you've hadto build and what you've had to
leverage.
And I guess we could alsoground this conversation
relative to COVID, because welove what you guys did relative
to COVID, so maybe you can usethat to illustrate and
underscore how yourinfrastructure works.
Dan Stemp (07:54):
Sure infrastructure.
Firstly, we've got to buildsomething that's scalable.
If it's not scalable, if it'snot secure, it's not something
that we want to have asinfrastructure behind us.
Because this needs to bescalable, it needs to be secure.
So at the core of all of thisreally is data.
(08:17):
It's important to understandagain the journey of what we've
built.
But kind of underneath it all,we have set of tools for people
to interact with us.
We have a digital wallet forholders to hold verifiable
credentials in.
We have an issuing platformthat allows issuers of
(08:39):
credentials to create acredential catalog and issue
those to individuals.
We have an admin portal forenterprises to use to consume
that data.
So, whether I employ 200 peopleand I want an overview of the
credentials that those 200people have, we have an admin
portal that allows you to accessthat information, all
(09:03):
permissioned by the individual.
So an enterprise can't alwaysbe looking for a request when
they need to access informationaround an individual and their
work authorities or skill setsand I want to caveat this all
the way all the time this isunder permission from the
individual.
(09:23):
So let's take that MIQ typescenario Managed isolation and
quarantine, a piece of work wedid for the government during
COVID here in New Zealand andspecifically around the border
workforce, the individuals whoare working in these highly
(09:43):
regulated environments,compliance high environments
where they needed to showcasethat they were the right people
with the right skill set to beworking in the environment.
So let's take a managedisolation and quarantine
facility where you've got hotelstaff, defense staff guarding
the gates, a health staff comingin and out and performing
(10:05):
health duties within theseenvironments.
You've got caterers, you've gotrepair people.
You've got this highlycompliant environment where,
under the New Zealand Health andSafety Act, the person who's
controlling that business unitneeds to make sure that they are
taking the best duty of carepossible to make sure the right
people are undertaking the rightjobs.
(10:26):
So, essentially, people arequalified, people are skilled,
people have the rightcredentials to be in that
environment.
We needed to provide a value tothis government department for
them to make sure that the rightpeople were coming in and out.
The right compliance ticks werebeing ticked and that was
(10:46):
relating to particularcredentials around that
individual.
It happened to be obviouslyidentity individual credentials
that needed to be healthcredentials.
They needed to be health andsafety training credentials, as
well as work authoritiessomething as simple as a site
induction All of thisinformation we were able to
provide to the government, orthe government to issue the
(11:09):
credentials to individuals.
They already had existingdatabases that held the truth
around this information.
So say, for instance, think theCOVID immunization register
there was already a point oftruth around COVID immunizations
.
We simply took that data andcreated a verified credential
out of it, issued it to theindividual, made the mechanism
(11:32):
to hold it in a digital walletand then, from a verification
point of view, the same digitalwallet tool has the capability
to check or validate credentials.
So the defense force at thegate was scanning QR codes of
individuals when they werecoming in.
Rulesets were created in thoseenvironments that ABCD
credentials needed to beshowcased.
(11:52):
Our tool allowed that to simplyreturn a result of you meet
requirements.
Where you don't meetrequirements based on the
verified credentials that youhad sitting within your wallet.
Steve Wilson (12:02):
Then got it.
There's a lot of partiesinvolved there.
What matters to the most and wethink I'd love to discuss this
further with you, but we thinkthat the relying party, or the
party that's on the hook formost of the risk in these
transactions and theseinteractions, is almost like the
silent partner in a lot ofdiscussions.
But what matters to all ofthose stakeholders, especially
(12:26):
the relying party, what are theytelling you matters?
Is it things like logging?
Is it visibility?
Is it performance?
What is it?
Dan Stemp (12:33):
It's all those things .
It's all the things that peopleare screaming out for
Efficiency, productivity.
Time is so important toindividuals and what our tool
and our solution allows peopleto do is essentially take a lot
of that time controlled back,particularly in this environment
(12:54):
that we just discussed aboutmanagerisation and quarantine.
What was important to them wastime.
These individuals, every timethey turned up at the front gate
, needed to showcase a set ofcredentials that took time to
validate and make sure they weretrue before that individual
came into that environment.
So A I needed to know when thatperson came in.
(13:15):
I needed to know, at the pointin time that they turned up,
that they had the rightcredentials to actually be in
this environment.
There's logging, there'svalidation that the right people
are undertaking the right tasks.
That audit trail is reallyimportant because if something
goes wrong, I need to showcase,from an audit trail point of
view, that I put everything inplace to make sure that I was
(13:37):
doing my job correctly as theessentially custodian of this
environment.
And that can be totallytranslatable to a construction
site.
If I'm the lead can a contractoron a construction site, it's my
responsibility that peoplecoming in that environment I
kept safe when they were there.
So what this tool allows peopleto do is give them peace of mind
(14:00):
that the right people areturning up with the right skills
and qualifications, andverified credentials is the
perfect way to do this, becauseit's not just me trusting that a
piece of paper, a plastic card,some sort of proof that I have
to validate whether it's true ornot, is really up to me.
So giving the technology andallowing the technology to make
(14:22):
those decisions for people andgive them that peace of mind is
really important and gives themso much control, validation, but
also, most importantly, itgives them time back because
they can get back to actuallydoing what they should be doing,
as opposed to spending timevalidating information.
And for my Q-workers, what wastaken the minutes before we were
(14:42):
able to come and give them thesolution we're literally able to
reduce to seconds.
So we're also able to reduce awhole bunch of admin staff and
behind the scenes.
Whose job was it to go andvalidate that this information
was true and real?
Steve Wilson (14:55):
So you've got the ability for holders of these
credentials to presentthemselves quickly and to get
approved quickly, and you've gotstrong audit trails to show
that the correct rules have beenfollowed and that the correct
data has been presented by thecorrect people at the right time
100%.
Now we've talked about walletsalready and you're obviously
(15:15):
using a wallet.
Is that a proprietary junctionwallet?
Is it part of your solution andhow do you feel about the
operating system wallets likeGoogle and Apple, the built-in
wallets?
Dan Stemp (15:25):
It is a proprietary piece of tech that we've created
ourselves.
We're kind of operating withtwo wallets at the moment.
One is a progressive webapplication, so essentially it's
a cloud wallet, but we alsohave a native wallet both on
Android and Apple.
Really important to kind of seewhy we have two.
A web wallet or a progressiveweb application allows us to
(15:49):
push updates, you know,instantaneously to that platform
for our users.
So when it comes to increasingfunctionality, it's not reliant
on that individual having to goand update it on the app store.
We're able to kind of push someof these updates straightaway
to it.
Obviously, it has somedownfalls to what a native app
would have and, for instance,offline capability.
(16:11):
Our progressive web applicationrelies on the internet, whereas
the native app doesn'tnecessarily rely on connectivity
to transfer credentials toindividuals, so that validation
can still be done inenvironments that are important
to junction.
You know, like sectors,forestry, etc.
They work in environments wherethere is no internet capability
(16:32):
, so that validation of acredential still needs to happen
.
So our native app allows us todo that via Bluetooth.
So there are some cool thingsin both and important.
But when it comes to theoperating system wallets, you
know your Google wallets andyour Apple wallets.
We're big fans of those.
We believe here at Junction inthe ecosystem where the user
(16:56):
should be able to choose wherethey store their credentials.
If I want to store it in myjunction wallet, because I have
all of this other coolfunctionality and great tools to
utilize, then I should be ableto do that.
But if I want to store thatcredential in my Apple wallet or
my Google wallet, I should beable to do it as well.
And that's what our journey iswith Junction is to help these
(17:18):
issuers of credentials and givethem a mechanism and a platform
to be able to do that.
So if you want to issue acredential to somebody, you can
issue it to them.
They can hold it however theywant to hold it.
And if that's within Junction,then fantastic, because we've
added value with the toolsetthat we've created within our
solution.
But if I want to hold it in myApple wallet and keep it in my
(17:39):
Apple wallet, I should be ableto do that as well, and that's
what we believe in and I supposethat comes back to well, how do
you do that?
And standards are a big part ofthis, and the W3C standards
around verifiable credentials isa big part of this and we're
big believers in that to driveadoption so that someone can
turn up somewhere and claim acredential and hold it in a
(18:05):
junction wallet or in an Applewallet, and we want that
capability for people.
George Peabody (18:11):
And, to be clear at this point, the ability to
put a credential into an Applewallet is not present.
Dan Stemp (18:18):
Not true.
We have done some experimentswhere we've proved this within
Junction.
Not in a valid market, though,so we haven't got it actively
being used within a marketplace,but I suppose, just like any
organization, there's a wholebunch of research and
development going on to makesure the stuff is entirely
possible.
Another example is pushing intoanother quasi-wallet, which
(18:42):
would be the MicrosoftAuthenticator app, proving that
there are multiple ways to issuethese credentials to people,
and it doesn't have to bethrough proprietary wallets like
a government wallet or aMastercard wallet.
These credentials should befollowing open standards where
they can be consumed by any typeof wallet, and I think that's
(19:03):
really important for peoplemoving forward that choice.
Steve Wilson (19:07):
We see the same pros and cons playing out in
Australia.
One of the world's preeminentstate government credential
wallets is the New South WalesDigital Drivers License a
project here that's close to myheart and that's been extended
for COVID credentials.
But a whole lot of other tradequalifications and building
permits and working withchildren's checks and so on.
(19:30):
The ability to update thatwallet quickly is something that
makes it very difficult for NewSouth Wales to move to Apple or
Google, because there's a wholelot of momentum and inertia
with those big projects.
And, of course, the ability forfiner-grained functionality in
the app.
When you've got a proprietarywallet integrated with the app,
(19:51):
it's a lot easier to be sharinginformation, to be streamlining
data sharing and so on.
So I think it's a really nicedesign problem about the choice
of wallet and I myself amprepared to think that we'll
have a choice of wallets goingforward for quite a long time.
Dan Stemp (20:06):
And I think a key thing here is all of this is
good.
The use of verified credentialsis good, no matter how it's done
, whether it's in a proprietarywallet.
I think we will get there andagain, there's a massive journey
for people to take on.
We've gone through a longhistory of showcasing who we are
and validating the skill setthat we have via paper and
(20:31):
physical plastic tokens, and ifI take the example of the work
we're doing within the energysector, for 40 years I've used a
green passbook.
It's called the Green Book andit literally is a green
paper-sized passbook that holdsonto information around.
You talk to our Vistar who youare and what you're entitled to
do.
So when you turn up to thegeothermal power station gate,
(20:53):
you hand over that green bookand inside is handwritten,
rubber stamped signatureinformation around site
inductions or working at theheights, training or
qualifications and skills.
We've got a long way to get toour utopia because we've had
this long history of thispaper-based roof and there's a
(21:17):
mindset that needs to changewithin industries and
organizations as well, and Ithink that's a big part of it
too is actually embracing thistechnology, and it's up to
people like me and ourorganization to convince people
the value of this type oftechnology and why we should
move to this.
(21:37):
So, again, that goes back tothe challenge of that
closed-loop environment whereyou are literally selling this
and educating people at alllevels at the issuer level, at
the holder level and at theverifier level.
George Peabody (21:52):
Let's get to the business piece.
So it's the relying party who'spaying, it's the enterprise
that's paying for this, it's theparty that has the risk
exposure, correct, correct.
What do you find to be theleverage points in your argument
for adoption?
Dan Stemp (22:08):
Look, there's a couple of important things here.
Traditionally, how these guys,or how these organizations and
enterprises, these relyingparties, have dealt with this
information is very manual.
So if they haven't done adatabase, that's maybe in a
spreadsheet somewhere, it's insome siloed database that has a
(22:28):
piece of the puzzle.
So being able to give them atoolset where we can access some
of that siloed information andbring it into a platform where
it's visible all at once ishugely important to them.
We're talking aboutorganizations, especially in the
energy sector, who have ahigh-value asset.
(22:49):
They have a highly hazardousenvironment in a power
generation site where they needto make sure that the right
people are undertaking the righttask.
So when that person turns up atthe gate, they need to make the
quickest decision possible toget that person on site to
undertake their work that theyare supposed to be there.
So that's validation of theiridentity, validation of their
(23:11):
skills and qualification andtheir work authorities.
If that takes time, there's atrickle-on effect and for six
weeks of the, every generationsite is shut down for cleaning
and maintenance.
Time is crucial through aperiod like that.
So they need to, ahead of time,make sure that the right people
are turning up or going to beturning up.
(23:33):
So that's where our platformcomes into play, where, as an
individual who contracts to youas a company, I can give you
access to particular credentialsfor a particular period of time
or to allow us to say stop.
That allows you to make thoseforward-planning decisions.
So in six months' time, if I'mstill sharing with you, you can
validate that I've got the rightskill set to hire me to come
(23:54):
and contract and do this work.
Now, as soon as I untie the boxand say I'm no longer sharing
with you, you no longer haveaccess to those verified
credentials that I was oncesharing with you.
Having that, from a privacypoint of view, none of these
organizations want to be holdingon to information they
shouldn't be holding on to.
(24:14):
So it takes so many boxes fromefficiency, productivity,
privacy and compliance that theseller isn't actually too hard
when you show the value and youshow the time saving To the
extent where these enterprisesare so happy to pay for the
(24:35):
people who are coming in andtrack with them because it
actually saves them so much moremoney than what it does at the
cost of it all.
I just want to expand on thatparticular example and use one
particular use case that theindustry the energy industry has
highlighted to us here in NewZealand Prior to us coming along
, an individual's informationwasn't managed that well.
(24:57):
So if I work for a largegeneration company and jump ship
and go and work for anotherlarge generation company when I
turn up, my new boss wants toknow what I'm skilled and
qualified in.
If that is too hard, or if Idon't bring everything with me
because I can't remembereverything, my previous
organization has paid for mytraining.
Maybe they feel like they ownmy training.
(25:19):
It's mine, by the way.
I did the training.
I should be able to own that.
But because there isn't thiseasy way now to give this
credential to the individual,they turn up to a new
environment, shrug theirshoulders.
A new boss says well, I needyou to have this skill, so I'm
going to send you on a trainingcourse tomorrow At the cost of
double training.
That individual already hadthat skill set.
(25:39):
They just didn't keep it withthem, didn't have it.
It wasn't easily accessible.
That cost to the energy industryis around $10 million a year
that double training costs.
So for spending $50 million ayear on training, $10 million of
that, 20% is wasted doubletraining individuals because
it's too hard to validate theirskills or training qualification
(26:01):
.
So automatically byimplementing this across an
industry and hats off to the NewZealand energy industry world
leading in the fact that, as anentire industry, they've said
hey look, there's no IP inhealth and safety, so we just
want to make sure that people gohome safe.
So what we want to do is wewant to give a solution for
everybody to be able to validatethat Now who they say they are
(26:25):
and have the right qualification.
We want them to be able to turnup to a training environment
and receive a verifiablecredential straight away.
So we're working with all ofthese separate parties to create
this efficiency and thisproductivity.
And it's working for thembecause automatically show off
the back, thus saving millionsof dollars because all of a
sudden, this information isvisible and the information for
(26:47):
the individual is transferableand they can take it with them.
That's so empowering.
George Peabody (26:52):
So let me be clear about that at the end.
If I'm working for PowerGeneration Company A and then I
decide I want to go move toSouth Island and work for a
company B, the junction walletthat I have that's containing my
credentials can that just bevalid as soon as I get to my new
place of employment?
Dan Stemp (27:11):
Oh, 100%.
Those are your credentials.
If they've been issued to bysomebody, you still hold them.
You can take them with you.
The fact that you've beensharing with your employer while
you've been working for them isjust so that they can utilize
those credentials.
They need to utilize thosecredentials.
You're their worker, you have aparticular skill set.
(27:31):
They need to know that that'svalid when they're sending you
on work.
So having access to when thosecredentials expire is hugely
important for them, Hugelyimportant for you as an
individual as well, especiallywhen you do want to take them
with you somewhere else andshowcase them to somebody else.
So, within the energy sector, Ican do that.
I can take all my credentialswith me to new employer and I
can showcase them.
George Peabody (27:53):
How do you assure the new employer that the
credentials are legitimate?
Dan Stemp (27:57):
Great question, george.
And within the energy sector inNew Zealand that's not an issue
because what they've done isthat this is a recognizable form
of currency within the sector.
So if someone is turning upwith junction wallet and there
are credentials in there, youcan be rest assured that those
credentials are true and valid.
Now I'm going to caveat thatwith we give the ability for
(28:20):
individuals to upload their owncredentials to claim a
credential.
But what we've done with thatis we've implemented a trust
matrix, so essentially it's ared, amber, green traffic light
system.
We know that we're not going toget absolutely every issuing
authority on board from day one,but it's important for these
(28:40):
individuals to carry credentialswith them that maybe haven't
been digitized yet, so theyhaven't got to the verifiable
credential status where they'reissuing a digital driver's
license.
We don't do a digital driver'slicense here in New Zealand yet,
so an individual working in theenergy sector needs to showcase
that they have a driver'slicense.
We can give them a mechanism toshowcase that as a verifiable
(29:02):
credential.
But it's caveated on this trustmatrix, a red, amber, green
traffic light system.
If it's been issued from thelicensing authority, it's a
green verifiable credential.
If I have self-claimed thiscredential.
Its flagged is red.
So anyone I'm showcasing it tocan clearly see this trust
(29:22):
matrix, clearly see the levelsof the trust matrix.
And what we've done there isagain, I'll go back to this
journey is we're building sothat when that licensing
authority comes on board theyhave the ability to turn all of
those red credentials.
And we do have an amber statuswhich has been endorsed by the
(29:43):
organization you work for.
So if I'm endorsed by a largegeneration company here in New
Zealand and I'm showcasing thatto somebody else, they can be
rest assured that it has beenvalidated by another authority.
And then again it's up to them,their own business decisions on
how much they trust that.
All of this comes down to trust.
At the end of the day, trust isthe underlying thing to
(30:04):
everything.
How much do you trust this thatI'm showing you?
And all we've done is give thema mechanism to be able to
validate that trust, but alsofor the issuing authority to be
able to come in and say actuallyI want to turn all of those
credentials that people areclaiming of mine green, because
we're now on board with thismovement of verifiable
(30:26):
credentials and we want peopleto be showcasing our credentials
out in the marketplace.
We want people to have peace ofmind that that is a true and
valid credential, because youlook across, you know, in New
Zealand we've got the citycouncils who have just been
through a bit of a scandal wherean engineer signed off on a
thousand pieces of work usinganother person's credential.
(30:47):
So those authorities wantpeople in the marketplace
showcasing verifiablecredentials to prove that it is
them who has that authority,because the triple on effect is
massive if someone'simpersonating or stealing
somebody else's credentials.
So yeah, this is good foreveryone.
The same story in healthcare, Iguess.
Steve Wilson (31:07):
professional licensing, maintenance, aircraft
, aviation, Generally speaking,what's next?
What are the most important usecases for this sort of
technology going forward?
Dan Stemp (31:20):
Look.
What's next is?
It's a big question, steve.
There's so many opportunitieshere.
As a commercial organization,our focus is Look as a laser
focus.
It's a laser focus on provingin the environments that we're
already in, that it works andthat there's value, because the
use cases are so great.
This could go absolutelyeverywhere, but we need to prove
(31:42):
it somewhere first, and it justso happens that we found the
industry that was screaming outfor a solution because they want
to send their people home safeand you know the the high hazard
industry, that environmentswhere people need to have skills
and qualifications in order forother people to stay alive, in
order for people to go home safe.
There's a great place to startwith this because there is an
(32:05):
immediate impact and it's notjust a top-down approach either.
I think this is something that'sreally important to understand
and I See just briefly beforeempowerment.
You know, like individualsholding on to their information
and being able to take that withthem.
It's hugely powerful, and wehave a use case within the
(32:26):
United States, where we haveparticular sector of workers who
are trying to push from theground up with this technology.
They care about their data,they care about their
information, they care abouttheir identity.
They don't want people to stealtheir identity.
They don't want people to beshowcasing their particular
(32:47):
skills and impersonating them.
So they want to use thistechnology in the environments
that they work in so that theorganization they're working for
is held accountable for thatdata and is not at the risk of
being hacked, not at risk ofleaking that data.
So it really is a ground-upapproach, for where we've found
(33:10):
success and drive has been fromindustries that have a
requirement, mainly aroundhealth and safety.
But, steve, yeah, thepossibilities are endless.
You know, george, you mentionedin your intro access to
solutions, access to systems.
You know a verified credentialcould be a key for you to access
(33:32):
a particular solution.
Or, you know, have access tosome digital tools.
Yeah, it might mean thatalignment, because of his
particular credential set, giveshim access to some maps that
allow him to see where, you knowa Power grid is is mapped out.
This is really important stuffand I think, with what we're
(33:56):
doing, we're just kind ofscratching the surface with this
use case of individualsshowcasing their credentials for
their work environments.
There's so many opportunitieswith verifiable credentials.
It really is the new internet.
It's um, yeah, it's veryexciting space.
George Peabody (34:14):
Well, dan, thank you very much.
We're gonna have to leave itthere.
Wish you all the luck in thisnew year, and you're speaking
our language.
We really appreciate your time.
Hey, look, thank you so much,guys.
Dan Stemp (34:26):
It's um.
Yeah, it's been a pleasure andlook forward to talk to you
again If I have the opportunity,and and thanks to all your
listeners as well.
Steve Wilson (34:33):
Let's do it.
Keep up the good work, Dan.
Cheers guys.
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com