We recently interviewed Ivan Basart, who is the co-founder and CTO of a Spanish based digital services company called Validated ID. Validated ID have been long standing Associate members of the Decentralized Identity Foundation (DIF) and we sat down to learn more about their company, their story and the service that they're offering. View the interview in it's entirety on YouTube
Limari Navarrete: I always like to start out my first question with getting a sense of the story of not just your company, but also you yourself, how you came to decentralized identity. I feel like everyone has a really great story that's very intriguing, so I'd like to hear yours. Maybe you can tell us a little bit about that.
Ivan: Actually, my story is quite connected with the wider history. I've been around digital identity and the digital signatures and cryptography space for almost 25 years. I feel old when I say that statement, but that's the reality. It's being a long time. I've been involved in different companies and different projects and that also was interesting, because I've seen the evolution of this space. I've been involved in many projects which were complete failures in terms of adoption, mainly working on digital certificates, many in Europe and in other countries so they can have digital certificates or national ids.
In that sense, most of the projects that were happening at the beginning of the century through 2010, most of them were very bad in terms of adoption, and that was also one of the reasons why we created Validated ID. I'd say that in my case, what I'm trying to do in this company is cleaning my karma. After working on a lot of projects that not many people were using, we were able to run a company with services that were secure and quite usable while thinking about the user experience.
When we created Validated ID, you think about the name, we had in mind mainly identity validation, things like the definitions and the problems that you are trying to solve with SSI. But at that time that was in 2012, so more than 11 years ago, the identity landscape was completely different, really the technology was not there. So that's why, when we started the company, the first thing we started was on digital signatures, which was very hot at that time. It's actually our main business.
So we started our journey with Validated ID working on digital signatures, digital certificates as a trust services provider. Then with the blockchain space, all these things about decentralized identity appear. It really completely took our attention because it was the initial goal of the company. We started working on that at the very beginning and we are founding members of the DIF. Even before the DIF we were part of the Rebooting Web of Trust, we were also part of the Sovrin foundation. We were part of many initiatives that were part of the beginning of the SSI space. When the DIF was created we were very interested in being part of it because it was one of the main think tanks that helped to settle down all these things.
So that’s briefly my story and Validated ID’s story. We really had this digital id idea the whole time, even before SSI existed. Sometimes things happen that way. You have an idea, but you need to wait till really the market and the masses are there in order to make it happen. So that’s how it was in our case.
Limari Navarrete: Maybe you can share an overview of Validated ID’s services. I went to the website and you are intersecting a lot of industries with your various products. Can you give us a sense of how you brought SSI to those various products and to some of those industries?
Ivan: Sure, so Validated ID as it’s called in Europe, is a trust service provider. We are offering services about trust. This is regulated here in Europe. We have a regulation which is called eIDAS (electronic identification and trust services) which regulates digital signature and digital identities which now is under revision. The new revision of eIDAS, as most people who are listening will know, is talking about wallets and things like that. But as I said, we were here before all that from 2012.
So in that sense, we are offering these kind of services to the market. Our main service is digital signatures but in different flavors, or with different technologies, from using biometrics, to user certificates, to remote signatures or face to face. These are our main services, which are also combined with issuance of certificates and things like that. However from 2017, we start working on SSI. (Self-Sovereign Identity) Those are services that are at a very different maturity level in Validated ID but also in general. But SSI is part of our portfolio of services as a trust service provider. It’s not something isolated, it’s connected with existing services about trust that we're already offering.
For instance, if you need to create a digital signature you may be able to use a wallet to prove your identity in the process of making a signature and proving who you are. If you go into a facility for a face to face validation, when you create a signature this process of face to face validation could be useful in order to create an attribute that goes into a wallet. So we are trying to connect the ecosystems or services so that SSI can be integrated into the portfolio of services about trust. We think that SSI and the wallet could be very disruptive to existing trust services. Take digital signature because this is our main service, with digital signatures what you need to do are two things:
· Prove that you are okay with providing the content of a specific document
· Prove your identity
The way that we are proving our identity nowadays is sometimes very complex using certificates or a very weak DocuSign style proof of identity which mainly only proves that you have access to an email account.
So when you’re able to have a wallet, in order to prove your identity and not just your identity, but an extended version of your identity, certain attributes that you work for a company, that you are over 18, these kind of things, this we think can be very disrupting in this space. So that's why we think that the SSI service will be part of the ecosystem of services that we have, and the evolution of the system and services that we are offering currently to the market.
Limari Navarrete: I think it's a good segue into my next question, which is about one of the projects that Validated ID has been a part of recently which was in collaboration with SEIDOR to bring Verifiable Credentials to five universities in Catalonia. I'd like to hear more about that and I'm sure our audience would be very interested to hear more about that project and where things are with that.
Ivan: It’s a very interesting project. It's called Camins, which is a Catalan word which means paths. So this project is about delivering an SSI platform ecosystem in order to let those universities issue credentials to students and teachers, to allow access to the university, the virtual campus or get a diploma. One important thing here is that this project is very connected with the EBSI project. EBSI is the European Commission Project about SSI. It’s a ledger but it’s more than that. It’s really specifications, definitions of credentials and so on. This project is very connected to that. Those universities have been working within the EBSI project for years and now they are taking their knowledge and experience and deploying a platform which is compliant with the EBSI and is able to deliver those use cases to citizens. SEIDOR is also our partner and they are doing more of the work of managing the project itself. As Validated ID, what we are providing is the technology and SSI expertise to be able to create this platform, to customize the platform and get it integrated with EBSI, and to put it in place for deployment.
Here the time frame is that soon, I think at the at the end of this year, beginning next year, there will be a first version deployed. With that they will first create internal use cases in order to test it, and so on, but the goal is really to use that for the deployment of all the citizens of those five universities in Catalonia. Also, the ability to exchange credentials from university to university. If I have a credential for a diploma from your university, I can exchange that information with another university. The good thing about using EBSI is that some of the credentials of the data structure are already defined. So there is an interoperability already defined at different levels, at the protocols, but also the semantics and so on. I think it's a very nice use case on a very nice project, because it's a way of proving that SSI is not just something theoretical We are really at the point that we we can deploy those kinds of projects as a real world use case.
Watch the video in it's entirety at https://youtu.be/kHylglExigM