In this episode of Ventures, my guests David Harding (https://www.linkedin.com/in/daveh003/), Solomon Cates (https://www.linkedin.com/in/solcates/), and I discuss all-things identity and data sovereignty leading up to - and within - the present Web3 era. We tee-up a framework to think about identity verification and data warehousing, cryptocurrencies vs. Central Bank Digital Currencies (CBDCs), Identity Assurance Levels (IALs), Presentation Attack Detection (PAD), and how to think about building Web3 applications with a realistic hybrid of both centralized and decentralized identity verification and control services.

You can watch this episode below or listen on Apple Podcasts, Spotify, Google Podcasts, or wherever you get your podcasts (search for “Ventures”).

1:58 - Tee-up for the conversation (background and motivation)

2:46 - Solomon intro / background

4:11 - David intro / background

5:16 - Sol introduction of self-sovereign identity and sovereign control of data

8:19 - David introduction of identity and technology… “Identity 101” based on David’s extensive background in the space.

11:49 - Username/password problem that birthed a whole industry of “password management”

12:32 - What does this conversation matter for humanity?

14:46 - SSI (self-sovereign identity opens up new opportunities for people

15:41 - Will’s business accounts getting closed, likely because of his involvement in Web3

18:24 - Where are we going? Are Solomon and David feeling optimistic or pessimistic? Why? (Getting to some conversation about Central Bank Digital Currencies - CBDCs)

25:02 - How is a CBDC different than traditional ways that Central Banks print currency? Coming back to trust, where data sits, and decentralization.

27:42 - Difference between “connect to wallet” in Web3 and showing up to, say, an airport.

28:36 - What is the state of the tech today for the TSAs of the world to prove that “you are you”. // Discussion about the merge between decentralized identity and centralized identity.

33:30 - For the TSA, the physical driver’s license or passport doesn’t - in theory - matter. What matters is the “thing” (QR code or whatnot) that can pull up a database.

35:30 - Is it a good thing to build a decentralized database of identity? When would you build on top of centralized vs. decentralized databases?

38:42 - Reality is a hybrid. Decentralized data on blockchains we trust AND data sitting in centralized datacenters we trust.

40:08 - Social media companies as “identity management companies” that provide social media services. They will sell it to anyone willing to pay.

43:30 - Multiple levels of identity verification (IAL levels) → https://ldapwiki.com/wiki/Identity%20Assurance%20Level 

46:15 - Is the common IAL level 2 mechanisms legit? Why is this important for venture building?

51:30 - Signing up for exchanges with a photo of my face and the date. A brief discussion about liveness technology. PAD Levels https://csrc.nist.gov/glossary/term/presentation_attack_detection

54:00 - Pay to x models. What can/should be used when building today to verify one account = one human? A discussion about onboarding vs. continual authorization. Best-in-class: multi-biometric.

1:00:31 - Create a one-account-per-human experience, and don’t create it yourself. Don’t try to reinvent the wheel of cryptography.

1:01:43 - Creation and verification and continual authentication of data, depending on use case and security requirements.

1:03:23 - What are Solomon/David working on now? Where can people follow up? https://www.linkedin.com/in/daveh003/ // https://www.linkedin.com/in/solcates/