Moises Jaramillo is a veteran in the software development world with nearly three decades of experience. A Principal Engineer at Dentity, Moises is at the forefront of decentralized identity technology with expertise in Web3/Web5, Decentralized Web Nodes, distributed architectures, and in general a broad range of SSI tech. Moises is also a previous winner of the DID:Hack Contest and TBD’s Hackathon.
Moises’ work at Dentity is pushing the boundaries of digital identity, as evidenced by Dentity’s recent groundbreaking partnership with ENS Labs. Moises's expertise makes him an ideal guide to help us understand the future of digital identity in both Web2, Web3, and Web5 spaces.
Your career spans a broad range of software development. What specifically drew you to decentralized identity, and how has it shaped your professional journey?
I've been in software development for almost 30 years, mostly on the Microsoft stack. Around the mid-2010s, while working for a digital audience measurement company, I realized how data was being commoditized, often without people's awareness. This commoditization was rewarding the wrong parties - data brokers and middlemen.
Reading Jason Lanier's book "Who Owns the Future" cemented my thinking that this model was broken. Then in 2017, I discovered Ethereum and its programmable nature. I participated in a hackathon sponsored by Consensys, addressing the opioid epidemic. Our team won second place for a project tokenizing painkiller prescriptions on the blockchain.
The idea was to represent prescriptions as entries in a smart contract, allowing pharmacists to verify the authenticity of the prescription and the doctor's signature. This would prevent the abuse of paper prescriptions across state lines, which was a significant problem, especially in areas like D.C., Maryland, and Virginia.
This experience led me to explore blockchain in healthcare, which is how I discovered self-sovereign identity (SSI). I started working with Hyperledger Indy and eventually joined Lumedic, a pioneering SSI company. We worked on issuing COVID vaccine credentials during the pandemic.
After Lumedic was acquired, I continued with SSI, joining DIF as an independent contributor. I worked on the secure storage group, where I learned everything about decentralized web nodes, and I think they’re amazing. All these experiences ultimately led me to my current role at Dentity.
You were a winner in the DID:Hack contest and TBD’s Hackathon. Could you share a key insight from that experience, and perhaps offer advice for participants in DIF's upcoming hackathon?
For the DID:Hack contest, I focused on exploring Decentralized Web Nodes (DWNs), which were in their early stages. I saw the hackathon as an opportunity to prove whether this technology actually worked in a controlled environment. I learned that DWNs were more capable than many realized - they were pretty darn good, and almost ready for production. Winning the contest was exciting, but the real value was in the learning experience.
My advice for future hackathon participants:
- Go wild with your ideas! There's no fear of failure in a hackathon. Worst case is you learn a lot. So push yourself beyond your comfort zone.
- Treating deadlines as mission-critical helps maintain discipline and simulate real-life situations.
- Have fun! Hackathons are designed to be enjoyable learning experiences.
- Leverage the resources provided by the organizers – they're there to help you succeed.
What brought you to Dentity, and how does your role there align with your vision for decentralized identity?
I met Dentity through TBD contacts. What drew me was their approach to solving real-world problems, particularly in identity verification. During my time at Lumedic, I realized the critical need for identity verification services, especially in healthcare where compliance with regulations like HIPAA is crucial.
Throughout my SSI career, I consistently encountered the challenge of ensuring that the person we're dealing with is who they claim to be. Dentity offers a valuable service that addresses this problem directly, so joining was a no-brainer.
What I love about Dentity is the energy and pragmatism in bringing real solutions to market. Earlier in my SSI career, I was more dogmatic about fully decentralized technologies. Now, I've become more pragmatic, recognizing the need to balance ideals with practical implementation.
This perspective aligns perfectly with Dentity's approach. We focus on solving immediate problems while abstracting away the nuances and complexities of SSI and decentralized technologies. This strategy is especially effective when working with traditional Web2.0 businesses.
The Dentity-ENS Labs partnership aims to bring real-world identities on chain. Could you explain the significance of this for both everyday users and the broader decentralized ecosystem?
ENS offers an interesting service in the Web3 world. The Web3 community values privacy and anonymity, so a public profile that broadcasts information feels like it's against that ethos. At the same time, establishing trust in transactions is essential. By integrating Dentity's identity verification with ENS profiles, we're giving users a higher degree of certainty about who they're transacting with.
I’ll give you a practical example. There was a major crypto scam where hackers created a deep fake video of Elon Musk saying that he would send crypto to anyone that sent ether to an address. That scammed people out of millions of dollars in crypto.
On the other hand, if users had the ability to check addresses against a verified identity, they would have known it wasn't really Elon's address. In general, the idea is that this could reduce the number of similar scams in the future.
How does the Dentity-ENS integration empower users to control their digital identity? Could you walk us through a practical scenario that illustrates this?
Users need to own an ENS profile and authenticate with their wallet against ENS. They're then given the choice to verify their social accounts. A button routes them to our Dentity profile, where we've integrated several workflows.
One optional workflow is our full IDV process, which issues a proof of personhood credential to their public ENS profile. Currently, we only support full KYC, but we're planning to enable a biometric check without government documents in the future. This aligns with the Web3 ethos, as many users distrust sharing official documents.
Once the workflow is complete, the user chooses how much information to share with ENS. This creates a "long-lived token" that resides on-chain. The user pays for gas, and ENS has modified their code to leverage this token. When someone views the ENS profile, it invokes our API to retrieve only the information the user consented to share publicly.
Dentity utilizes self-sovereign identity standards like W3C Verifiable Credentials and DIDs. For our more technical readers, can you offer us a deep-dive into how the ENS integration works? And more generally, what tangible benefits does this offer to end-users?
Dentity adopts standards from W3C, DIF, and OpenID Foundation, including DIDs, verifiable credentials, and OpenID Connect for verifiable presentations. We approached ENS integration similarly to a typical relying party or verifier, modifying our protocol to enable integration.
We couldn't store the verifiable presentation on-chain due to PII concerns and gas prices. Instead, we store a small string on-chain as a reference. This approach offers the best of both worlds: users can disclose PII if they choose, while we guard that information from being stored directly on-chain.
The benefits to end users include enhanced trust and counterparty verification. For example, in transactions through ENS, we enable trust because users can verify who they're dealing with. It provides full consent and control over shared information, essentially creating counterparty trust.
This partnership has potential to expand blockchain use cases beyond cryptocurrency. What are some compelling non-financial applications of decentralized identity that you envision this enabling?
While DeFi is obviously a major beneficiary, we're seeing interesting applications emerge in other areas:
- DAO Governance: There's growing interest in using this technology for voting in Decentralized Autonomous Organizations. It can help ensure they're not dealing with Sybil attacks or bots trying to manipulate DAO governance.
- Content Authenticity and Provenance: This could be leveraged for verifying the authenticity and origin of content, particularly on social media platforms. If you're distributing content on Twitter, whether it's politically charged or aimed at combating scams, you can check for the provenance of these tweets. This helps ensure the content really belongs to a person and not a disinformation bot trying to skew elections or change opinions.
In your view, what are the most significant challenges in achieving widespread adoption of decentralized identity solutions, and how is Dentity positioning itself to address these?
To paraphrase Jeffrey [Schwartz, CEO of Dentity], we have the technology, sound protocols, and emerging trust registries. The challenge now is being pragmatic and choosing the right problems to solve. Not everything is solvable through SSI, so we must carefully assess whether this technology fits a particular problem.
Dentity addresses this by targeting traditional Web2.0 businesses, which hold the largest market share. We use familiar technologies like OpenID Connect for verifiable presentations, making it easier for these businesses to integrate our solutions. We abstract SSI's complexity to focus on practical solutions to real-world problems.
In my previous SSI experiences, convincing enterprises to adopt was difficult because it required understanding new protocols, mediators, and agents. It wasn't practical to address their problems with these technologies then. At Dentity, we've scaled back, allowing for gradual adoption. We don't lead with "we do SSI," but rather with solving problems without the SSI complexity.
Looking ahead, what emerging trends or technologies in decentralized identity do you find most promising, and why?
While there are exciting technological developments like proof of personhood, fully homomorphic encryption, and zero-knowledge proofs, I'm most excited about the regulatory landscape. Regulators are increasingly forcing companies to comply with data privacy acts, which is driving innovation in the SSI space.
For example, the European eIDAS (electronic IDentification, Authentication and trust Services) regulation is spurring competition among SSI companies to offer the best solutions. In the U.S., although moving at a slower pace, traditional big data companies are beginning to realize that the massive amounts of data they hold are a liability. This realization is pushing them to explore what the SSI community has to offer.
These regulatory pressures are the engine that's going to force us to create standards and companies to comply with those standards. It's about more than just technology - whether you love it or hate it, we need regulations to drive adoption and interoperability in the decentralized identity space.