So again, welcome, welcome. Today's presenters um are Heather Dahl, CEO of Indio and Kla Shatzkin myself from Shatkin Systems. We're gonna go ahead and get started and um hopefully, Heather will be able to jump in on uh her slides in just a minute here.So we wanted to talk a little bit about, first of all, our agenda, these were our key takeaways from our, our speech and, and we want to really talk about why data you can't trust is a costly risk that you may not be willing to take. And how the Cardia Open source project under the Linux Foundation Public Health can help provide a decentralized, easy to integrate, ready to be deployed open-source ecosystem for, for you to leverage to support those um privacy for preserving methods of implementation. Um And how open source projects using hyper ledger. Um Both Aries and Indie can help provide an underpinning to support the work that we're doing at Cardia and the future work that we're doing with Decentralized Identity. So we're gonna jump into things and get started first by just introducing ourselves again. Heather is working on her audio but Heather Dahl is CEO of in DC O. I describe her as some sort of pioneer of new tech frontiers and explainer of all things, uh decentralized identity and myself, Kla Shatzkin, I am a women owned health it consulting firm. I work in the space of health information exchange, data quality and process engineering.

Um And so that's, that's my take on this and angle for today's presentation. So jumping into things, we, we need to talk about a digital world without identity. And the challenge is that be behind a computer screen, do you really know who's, who's there? Um And that is really difficult when you talk about paper and you have to present that it could have been tampered. Um And so understanding what happens online is totally different because you, you will lose the ability to physically present that information to compare and contrast the person standing in front of you because they're not there, they're behind a screen. Um And so it can be anybody that really highlights why identity in a digital world is so important. So the challenge here is that digital identities are often controlled by large enterprises, right? We've seen tremendous consolidation in these platforms. You can use your Google account to sign in almost anywhere now. Um And those are private and centralized platforms and that means if something happens with one of them, they, that your trust and your identity potentially has been compromised, it's also challenging to build the um the ability to support and a way about um providing trust across the these various use cases.

And so by decentralizing it and um being able to identify the the person at the center and putting the person in the middle of the, the flow is really important in the idea of a Federated identity model. It's that it's offered through a single solution, right? And so that's the idea that a Google account logs you in anywhere decentralized identity allows the owner of their digital identi identity to control it and to be able to use that de depend in all of their different applications. The way that this is getting implemented is through verifiable credentials that's using uh WC three standards. These are tamper evident and they are controlling the author through cryptographic signing. And these components are all creating a trusted digital ecosystem that trusted digital ecosystem is highlighted here.

So you can see that in a centralized Federated identity model, everybody's going through the same through the same enterprise, right? That's a centralized, as I mentioned, privately owned, the trust is, is centralized to that singular domain, you're using Google to authenticate in all of the other places.

And if Google's got an issue, all those other places can have an issue as well. That also means that there's a million of you, right? You might have an account at each of these conglomerate sort of hubs. That means that there's duplicate identities, there may be descript um discrepancies between those and that they don't interplay with each other. You have a unique identity at Google, you have a unique identity at Twitter, for example, and they're not cross linked and cross compatible in saying that you are one individual in decentralized identity models. We're talking about putting you at the center of it where you can control who you're sharing your, your information with and managing that in a, in a privacy preserving way uh without, without allowing um your information to be owned or, or perpetuated, let's say, by a larger um organization, this, the ecosystem that engages in this model is one that includes three core components.

We have an issuer which is uh creating the digital credential or verifiable credential, the holder, who's the person there, you often managing that in a digital wallet and the verifier or the person who wants to verify the identity that might be a business. It might be a government and they're trying to um be able to, to verify the authenticity of that person again, in a digital world, knowing who's who is quite a challenge. And so by using these components across the digital ledger and distributed ledger, we're able to say that the authenticity of that person's identity in a trust framework um can be verified by, by an agency through those digital credentials. So why do we need digital health credentials?

And this is where we're gonna sort of shift the base framework of digital identity and digital verifiable credentials to the health care space specifically, the goals here are to include and um be able to implement uh an identity system that is interoperable. It has a low on ramp to support and interact with existing technologies and it's also doing that in a privacy preserving way that limits the risk and liability. Um So this is where we introduce how things used to work and how they work today. To be quite honest in uh the, the triangle of things that are happening today, we have an issuer, let's talk about this as a lab, for example. And so in today's world, as we're all very familiar, you might need a COVID test to prove that you're OK to do something that test result is being issued to you either on paper or um electronically in a PDF most likely. And it's coming to you, you're then taking that paper to your destination point where you're trying to do something, maybe you wanna go to a restaurant or a venue. Um And you're presenting that to a human who's looking at the paper and deciding whether or not you're OK to enter what may be sitting in the middle is your computer and Photoshop, right?

And so the challenge with today's workflow is that there's no way to verify that that result has not been tampered with the authenticity um of the initially issued credential. In this case, a piece of paper about your COVID test can't be authentic, um, can't be authenticated by the person who's looking at it in the cardia implementation. What we're talking about is having that health care provider issue a digital credential, a verifiable credential that is issued to the patient or person to their digital wallet. And what makes this tamper evident is that when they issue it, the uh, issuing agency is going to register themselves on the Ledger with a did. A did is sort of a unique identifier for that issuer. And they're gonna cryptographically, in other words, they're gonna, um, they're going to encrypt the credential that they're issuing what they're writing to the ledger is only metadata about the fact that they are the ones that issued this credential and the holder or the person actually has the sensitive information in their digital wallet.

There is no sensitive information written to the Ledger itself. That's a common um mm confusion point for how health care data can be used on the Blockchain. Once the person has their digital credential, they can then take that to a verifier and they agree to share their information, they consent to sharing their information with the verifier. And the verifier is only asking for the information. They need to be able to say yes, you can proceed or no, you cannot proceed when the verifier is doing that. They're also able to cross reference with what was written to the Ledger to verify the authenticity of who issued this credential and that it has not been tampered with. And that's really the value in, in what this ecosystem brings through cardia. If we look at the components that make up the Cardia ecosystem, we have a couple of features that are already in deployable states and available in our in our get repos, those include a, a health enterprise agent. So we're gonna use the word agent here. You can think about this just as a, a piece of software or a tool that's helping manage the cryptographic nature of verifiable credentials.

So we have a health enterprise agent which in this case may be the issuer of those credentials, uh a government enterprise agent and this one in, in the workflow of cardia that we've we've done and we'll talk about that in just a minute. The government agent can be both a verifier and an issuer because one thing here is that you can issue what are called derivative credentials. So if you, you don't need to know uh their COVID status and you just need to know. Yes, they're OK to proceed. You could do that by issuing a, a derivative credential and then a verifier mobile agent which is allowing for the checking of those credentials. And of course the holder mobile agent, which is how a person can manage these credentials in their digital wallet on their phone.

And what is that the information that's being exchanged here are defined through schemas. Schemas are considered to be like a template or a common agreed format for these digital credentials that allow this network to understand the credential and be able to apply rules and interpretations.

And of course, this is all supported on the Hyper lever or Indie network. So a couple of terms here for your reference, we've talked about these um and we're gonna get into one more uh which is machine readable governance in this underpinning. This is where the logic lives around how this ecosystem should be managed and governed. For example, in the cur excuse me, in the COVID pandemic, the rules have been changing so frequently. And if you think about having to retrain all of the staff about what is the latest and greatest rule of today, machine readable governance does that for you instantaneously? So it can be um it can be farmed out to all of the components so that everybody's on the same page about what the current set of rules are to be applying to those verifiable credentials. So if we look at Cardia at a glance, one item to talk about is this machine readable governance layer. It's enabling per um portable dynamic trust over this network role definitions of who's allowed to issue, for example, who's allowed to verify that's part of building that trust ecosystem.

We're talking about automated decision trees. Again, if they met the criteria, what should happen next and offline support, which is a really critical one in making something viable sort of in the real world where, where internet connectivity may not be options. It's also in ensuring user control and, and trust. And that's because instead of um instead of the holder carrying a, an identifier or a QR code as we may have experienced out there in the world. Uh In this case, the person with the credential is scanning the verifier barcode. So there agreeing to share their information with the verifier if they were to, they can't drop their credential on the floor and have it picked up by a stranger and used on their behalf? Um That's not something that can happen in this ecosystem and that's part of the privacy by design um and tamper evidence, which is really important to supporting the trust in this system. Additionally, of course, we're replacing paper cards with digital verifiable health information. And this is really important.

I mean, there's a lot of examples today where you have the little, the little pamphlet of your vaccination records from when you were a kid on a little card and you're supposed to keep that for your lifetime. Um So replacing that with digital digital information is really helpful.

I want to take a second and just talk about a successful trial that happened with Cardia framework implemented in Aruba. And this was led by sita who's a global leader in technology to airlines just to verify um C A is the donator of the Cardia code to the Linux Foundation. So this is um really, they've been a critical player in this space and have done a lot to help promote and progress this project and its ecosystem as a whole. So what we've done is we've put in the slides um a short video just walking through that youtube. Uh uh it's available on youtube and it walks through the components of that trust triangle and the flow we're gonna skip this, but it will be available for those of you who wanna watch it later. It's a great sort of entry level um explanation of how these verifiable credentials work. So I mentioned that C A donated this code to the Linux Foundation. I want to take a second and just talk about why open source and why it's been so important to this project. In particular one is that it's, it's encouraging the community we're talking about new technology, right? People are not quite familiar um with the idea that uh Blockchain and verifiable credentials are the new way to do things.

And so by encouraging a vast community that really is allowing more thought leaders to participate. Um And it's encouraging sort of exploration and en um engagement and that's really important as we start to break down some of the these barriers. Additionally, it's building interoperability.

And so I think this is a big one because we're talking about trying to enable data exchange across a variety of platforms. By making the code inter um open source. It's also supporting interoperability by unlocking the sort of secrets that might exist behind a commercial code system and also building community trust. We're talking about health care data healthcare is notorious um for being ransomware and and other sort of security risks.

And so making this open source allows for a well um established pattern of trust and good faith for managing security issues promptly in a in a larger community. And then of course, breaking down these silos, one of the things that I think is really important to talk about with Cardia is that the community used to think that health data belonged in a health industry. And for example, airline data belongs in an airline industry and education data belongs in its industry. And I think one thing for sure is that the pandemic has has broken down some of those barriers and has um started to show that there is information sharing across those industries that needs to happen. And this allows for more industry to engage as well by having it be open source. So let's talk about the cardia use cases while Cardia was seated both by C A but also in the COVID pandemic, it's not limited to those use cases. So while it does have a a sustained um need and travel, for example, you may be going somewhere where yellow fever vaccines are required, right. That that existed long before COVID and will continue after COVID. Similarly, hepatitis vaccines are sometimes required.

Um And we will continue to see what happens with the COVID pandemic. So those use cases aren't going anywhere and are um as I said, implement today, it's been implemented in Aruba. Um Additionally, sports and athlete management. So if you're in the industry, um there may be managing the specific uh metrics, for example of um any specific athlete and being able to authenticate that those are their, their times or their scores or whatever it may be um that help them get a new contract with their sports team.

For example, we have the clinical research use case which is of course, a person allowing their medical data to be shared for the use of research and that comes with additional rules and restrictions and that's certainly important to acknowledge through this, this use case. I think the there are also education health requirements and employee health requirements. There's provider credentialing um and consent, which is a growing challenge because consent is a, is a cross industry challenge around data sharing the a couple of use cases we're gonna dive into here just to explore them further is the employee credentialing use case. So in this one, let me just make sure an employee credentialing use case. So we have again, a healthcare institution on the left of our triangle, they would be the issuer of a verifiable credential. Those employee requirements may vary depending on what kind of employee we're talking about.

They could be drug tests. For example, if you're um, an Uber or Lyft driver or truck driver, you may have drug test requirements. Um If you're a healthcare employee, you may have a tuberculosis testing requirement. And across industry, you may have COVID testing requirements.

So those can be um issued securely and verifiably to the employee who can then share them with their employer, who can verify that they have not been tampered with. And that and their validity by the um by verifying the cryptographic signatures from that healthcare institution on the ledger, there are ways um in this ecosystem to be able to have through machine readable governance, to be able to have those results sort of forwarded, let's say to the employer at the discretion and approval of the employee.

Um but they would still prove not to be tampered with. And so that's really important to establishing that trust between the employer, their employee and their ability to, to manage their business requirements. Additionally, we have uh education use cases. And so in this case, again, I have on the left a healthcare institution um that could be a varying nature and in the in the holder position, we have a student or their guardian. I think it's really important to talk about the guardianship use case. A lot of solutions are saying, well, that's a little tricky. We're gonna tackle that later. And the reality is that we need to tackle that. Now, whether it's a parent, child guardianship relationship, sometimes it's a child helping their um their adult family member manage their health.

Uh So that guardianship part is really critical to be able to enable and support through this ecosystem. Um And then again, we have on the right hand side in the verifier position, a school district or a nurse. And so these credentials may include, for example, early intervention.

So if you're preschool, before school age, you may be getting um speech therapy services or other physical therapy services and being able to, to pass on that information to the school so that they can pick up where the early intervention team left off is critical. Additionally, school vaccine requirements. Um there's a a requirement in the US for meningitis vaccines if you're attending a camp, which would be a similar sort of education or, or school based function and also medications, right? If you think about sending kids to school with an EpiPen or other things, being able to verify the the nuances of that medication prescription and when it should and should not be given can be really important to ensuring the health and safety of those of those students. So I think these all are valid use cases and how the um the cardia ecosystem can help support the data exchange through verifiable credentials, not a piece of paper and also apply the rules through machine readable governance about whether or not somebody has met their criteria.

Did they have all the vaccinations that they needed uh for Children, especially what um is needed? Depends a little bit on their age. So that is also um able to be built into machine ridable governance for those considerations about, are they OK to proceed or not? OK, to proceed. So, moving on, I just want to talk about a little um of the women that are engaged in this project, right? We're at the women in tech conference. It's really important for us to highlight the network of women that are helping to build this community. So, uh Heather and I are both engaged. I am co-chair of the Cardia Working Group. Uh Heather is a steering committee member. We have Christy Gale who's an active participant in our, in our Cardia community and also a steering committee member. We have Megan Olson, who's a Cardia engineer at in DC O. Sha is also an engineer in N DC O and doing a presentation here at Women in Tech on digital identity. Helen is our marketing um lead at Cardia and also for N DC O and we have Suan, who's uh managing the network, the N DC O network and part of the N DC O community. So we're really proud of the women um that we have engaged and we hope that this helps highlight that this isn't just um you know, that you are welcome to participate in our cardiac community.

We're hoping to um highlight and, and help our women shine in the work and roles that they're doing. So, we're really proud to be able to present um a, a nice array here of engaged women moving on is how to participate. So I hope that you've been able to get at least an introduction to what it means to do digital identity, what the Cardia digital ecosystem can do, at least on its surface level. There's so many use cases it can be applied to. And we're hoping that you will participate. So you can go to Cardia dot app. We have meeting reporting is available to you. There's links to the github. So depending on, on where you are in your technical capabilities or skill set, there's, there's somewhere for you to start.

You can start just by, by learning and reading, you can jump into a github if you wanted to go there. Um There's also a groups IO there's a Linux Foundation Public Health Slack Channel as well as Twitter. And so I, I hope that uh this will encourage you to participate. There are similar um work groups and, and communities under the hyper ledger network, those are both Indie and Aries. Um And so they are sort of the underpinnings that we're building Cardia on. Um And they are also a great way to get involved in decentralized identity and verifiable credentials. A little bit about um how to participate in our, our work group we meet on Thursdays uh at 12 Eastern. The first Thursdays of the month are dedicated to um welcome to Cardia sort of low tech. Um good for newcomers and onboarding and understanding Cardia at its um at its base level, we dedicate the 2nd and 4th Thursdays to technical deep dives and the third is about communication and outreach to help grow this community and the this ecosystem. I do want to take a second to just plug that the card will be hosting its third Interop Paon on June 16th, which is just coming up in a little bit more than the week here.

Um The Interop Paon are designed to help facilitate um implementation of this code as well as interoperability between communities. And that is really important as we talk about trying to make these things uh implemented in the larger ecosystems. We encourage that you could come and just listen if you wanted to learn on a slightly more technical basis about what an interop aon is. The idea is that it is uh an opportunity to identify those friction points, whether it's in your system or in the Cardia system so that we can improve what we're doing around digital identity and verifiable credentials as a community. And so with that, I would like to thank you all. I clearly spoke a little bit fast today. Um And unfortunately, we didn't have Heather on audio. So I did my best heather impression which is nowhere near what she would have done. But I do want to take a second to thank you all and make sure that I can answer some questions. So I have seen some come in through the chat. So one question was about why Aruba for the trial of the Cardia implementation. Aruba is a small island. So that certainly plays a role. They have a very good relationship with C A who again is a core contributor to the Cardia um code base. And they often tend to be innovators in this space.

And so K card, excuse me, Aruba is eager to try new things to see how they can make their um tourism experience better for travelers. And if that means that it's uh a faster response on whether they're clear to travel there for their health reasons or not, then they thought that that was worth um worth the trial to test this out. And it was, it was a very great trial that it was both to enter Aruba. And also once you're on island as a trusted traveler um to be able to go to venues and casinos and, and other things like that. Um in terms of open source, absolutely, technical adoption is critical here and that's why we wanted to make sure that it was accessible and available to all sorts of people in the community, the more we can bring people into this space. Um The better we'll we'll see it advance and also more use of this, right? We seeing a lot of consolidation of healthcare data, whether it's Amazon or Google or others that are trying to get into this space. And the reality is that it's they, they now own that data. And where do you want your healthcare data to live? Um And, and how do you wanna have control um and sovereignty over it? Uh The other is what kind of proof protocols are in use?

And how does that work? So, and there's a couple of things here. First of all, the identity layer is um is sort of plug and play here. So depending on the requirements of your industry, you can fit that identity verification in ahead of the cardia um ecosystem, whether that's a level, you know, N level 23 et cetera, whether you need to do a selfie and uh an OCR of a document, um There's all sorts of options there.

It's then using um the hyper ledger A RFC as a base for doing its ba uh core verifiable information in exchange. There are um there are also things like predicate proofs, for example. So if you don't as a verifier, if you don't need to actually know the details and you just need to verify, do they meet the criteria or not? For example, that criteria might be, are they old enough to do something. Are you old enough to buy alcohol or to um gamble or whatever the case may be in those cases, uh that can be mathematically achieved. And the verifier doesn't actually even need to know your date of birth. They just need to know. Are you old enough? Yes or no. And so there are ways to do that um in existing and using predicate proofs. Are there any other questions if you have them happy to answer them through the chat? And otherwise, thank you very much for attending and we look forward to seeing you engaged in our cardia community moving forward. Ok. Thanks everybody. Have a great conference, looking forward to connecting with you all.