▲▲▲

Paralelní Polis is a one-­of-­a-­kind nonprofit organization that brings together art, social sciences, and modern technologies. The ideas of liberty, independence, and innovative thinking and development of society are the main underlying foundations the whole project is built upon.

The project intends to remain state-free as it operates entirely without support from the government, and most of the funds come from voluntary contributions of our donors and partly from commercial activities such as running a unique co­working space and the world’s first bitcoin-­only cafe.

It was founded by members of a contemporary-­art group Ztohoven, and Slovak and Czech hacker­spaces. Its main goal is to promote economic, social, and digital freedom. We try to be a vocal voice of freedom in order to shape the public discourse, and ultimately work towards a freer future.

Yeah, hope you're enjoying the ETH product the same as I do.

And today I want to bring a bit of more excitement for you with the topic of digital identity, use cases, and Web3 solution.

A bit of introduction about myself, about Gamium company where I'm working currently.

What kind of problem statement we're bringing there?

Use cases, then how we solve it at Gamium with the Didit product.

So I want to show a bit of demo there as well, and we will have some time for Q&A session, I believe.

I'm a former software developer as well, PhD in business informatics, currently working as a web 3 product owner at Gamium.

Here are my contacts in case, guys, you will have some questions afterwards.

Feel free to reach me out, yeah, or anything else.

So let me talk also about Gamium, so our company.

We position ourselves as that we are building digital identity layer of internet.

And today I would like to focus more on the DDIT protocol, its identity and financial protocol, which we are building, which is pretty much the solution for digital identity cases.

To bring a bit of hype as well to the company, I wanna introduce our GMM token as well.

It hyped a bit up after we announced our collaboration with Meta.

We also have partnerships with Telefonica and then yeah, people got a bit of hype there.

So problem statement, What is digital identity?

When I was coming, heading back to Prague recently, I lost my passport with all my visas and stuff, and I was stuck in Emirates for like, I think, 3 weeks, which costed me around like $4, 000, but that's a different story.

But just imagine, so I lost my passport, I went to the airport, and I couldn't like verify my identity if everything would be in digital wallet You know, I just like come and show and say okay guys, this is me This is Racine and they say okay, you have all this stuff visa to Czech Republic.

So this is 1 problem another problem imagine how many times per day you actually log into different applications, like web applications, mobile applications, how many times you need to create an account, like put the personal data there, right?

And even if you're a business owner, like imagine how many users do you lose there?

According to some statistics, like if you are owner of eShop, only 5% of all the users are getting actually to the checkout point.

I think you all have all your like, as a followers, you probably have a lot of bots in your like Instagram or Twitter or whatever.

And those all actually create a bit of mess there, right?

And prevention of bot-generated activity is another case for the digital identities.

Another 1, again, fake identities, right?

Fraud prevention, scamming, all this stuff.

Who are your users, as if you are like application owner.

Digital identity, at the end of the day, it's kind of your digital twin in internet layer, which provides your personal data, financial data, assets, which also proves that you are human.

And it provides the interoperability of your data all over the platforms.

It's like digital password at the end, allowing to maintain your single identity all over the internet.

You can check for more use cases on our web pages.

You will see it later as well, the links.

For example, if you're owning, if you're building, I know, gambling, right?

And you want to say, okay, I want my users to be 18 years plus.

So, and if you're a user, you want to actually prove it by 1 click.

You don't want to go through the KYC processes maybe you want to do KYC process only once and just be you know going to all the platforms and just verify it with 1 click.

Oh, I don't know, like KYC, AML, FinTech, crypto, everywhere.

Also, the business owners, like, application owners, want to verify that they are working with real humans.

So, how we understand at Gamium, we came up with our own formula for digital identity.

And we said, okay, you know, It's pretty much about data and financial data.

So by data we understand documents like personal data, driving license, passport, national ID.

This is going back to the case maybe when I lost my passport.

Then we have also 3D, your 3D avatar for the metaverses.

And that's why we're also building, we have our own metaverse so you can check it out and play with that And financial assets, this is pretty much crypto assets tokens and NFTs and also 5 yet So here I show you a bit of demo.

So we came up with a product, which is called Didit.

And here, to bring a bit of excitement here, I can show you how it works.

So just imagine you, this is a profile Didit.me, 1 of our profile pages where you can generate the profile, the digital identity.

You just go there, and you log in with your wallet, where you store your private keys with a digital wallet.

But yeah, you probably see the claims there.

But yeah You sign the policies sign the claims if you want to share if you're not just reject Then you enter to your digital identity management tool, which is again profile did it mean?

This is by the way, very it's pretty difficult to see it, right?

Yeah, pretty much what you do here, you put your profile picture, you put your name, your surname, your email address.

Maybe later we're putting also some addresses to do one-click checkout.

Yeah, some, yeah, I was putting some address here, city, whatever.

And again, this is a very small subset of data.

Currently on the DDID protocol, We have way more data sets there.

So it's just V1, and then in V2, there's coming way, way more.

So yeah, what we are doing here, we created a digital identity with your wallet.

We sign it with the private keys, like with your wallet.

You implement a DDIT SDK with just 1 dependency.

And here you can see how you can manage already your users.

Again, your users can click Get In with just 1 click.

And you already know that this is the user.

With all this data which we have, we know that it's human.

We already see the data, like what address to ship, what's the email and stuff.

Here You can see we are sending some girlies Yeah to the e-commerce Online store takes a while as usual and then boom, it's done, right?

If you check it, we just logged in once, we signed the policy.

The third click was just adding to the card and fourth just paying and done.

So imagine how, and not only 1 application, imagine it's interoperable over the applications, also easy implementable for the business owners, for the application owners, just like implementing 1 dependency, did it SDK, and then everything is all right And it's all over the platforms.

So let's maybe also go a bit into technicalities, how it works.

The human, then we have, which is like us as users.

Then we have service provider, which might be like web application, mobile application, online store, for example.

And then we have DD protocol, which is our SDK with the services, with the protocol as well.

So user, he or she connects with the wallet address to the application, right?

Application calls the wallet authorization endpoint, which is using the wallet address, and to the DDID protocol, and we send a challenge, which is also like policy with the claims, to be signed by human, by the user.

If then the service provider sends it back to the human, for example to MetaMask, right, or some other wallet address, human signs the challenge, the policy.

Again, we are not storing the private keys here.

This also brings an extra layer of security.

We, as did it, you as a user is responsible for your private keys.

You select if you want to sign this or not you select what kind of?

Claims what kind of data you want to share with right and then So you send it you sign it and then send it back to the application applications Sees that send back to the did it protocol with a signature with a valid signature if we see that the Signature is valid.

We see we send back the valid access token as well So for that wallet address and boom you are done.

You're already in and yeah, it's working Again, imagine is just you know several clicks and for the business owners, application owners is just a matter of installing 1 dependency, 1 SDK at the end.

And you already have your login management, user management and even like checkout management, right?

We skipped 1 side, unfortunately, because of some technical reasons.

If you are excited, the same as we are, about digital identity, then join the wait list.

By the way, We did a release on 23rd of May, which is a couple weeks back only.

We have already now 3, 500 accounts already in unique digital identities.

What's the role of the service provider in terms of doing all of the challenges and requests, is that off-chain?

No, it's just an application, pretty much.

And you're implementing the dependency to manage your users' login experiences

Like, for example, my NFT is my identity but it's got nothing to do with me.

Well, not really around your NFT, but your NFT is owned by some wallet address, right?

So you can build your identity around wallet address.

Perfect, yeah, yeah, that's interesting, awesome.

Where do you actually store the data of the user?

Yeah, first of all, thank you, Jorg, for the question.

This is maybe to mention we don't store that.

We are not storing any private keys in our protocol.

In our protocol, we have databases where we store all that.

And everything is encrypted with the highest security standards.

Yeah, just pretty much standard databases with enhanced security best practices.

So in terms of the GDPR, will you be the data controller?

Because, you know, for example, if you're an institution and you need to, you need to actually keep the record of someone's KYC data for some years.

And in your case, you basically will be storing this information or the individual will be storing the information, him or herself.

So how will this work with the whole GDPR thing?

So regarding GDPR, since we're storing the personal data, we actually need to follow the GDPR, right?

And it heavily also depends on where we store our databases.

So yeah, we're not, for example, sharing that with the US.

KYC, if you wanna do the KYC, it's up to your choice, right?

So you can do that, and it's stored in the database in a secured way.

And nobody else except you will be in control of if you want to share the data or not.

Pretty much by signing this process, you yourself control if you want to share this data or not.

And the rest, I mean, according to the GDPR, yes, we are following that.

Plus there are like new 2 regulations upcoming, right?

The 1 is Mika, probably heard about that.

So Mika is, yeah, will be, I think, on from the next year.

And where it all plays in our favor, in favor of our protocol.

So with Mika, you will need to, whatever you use your log in, where you do some transactions, you will need to identify yourself.

And then with AIDAS, this is European regulation which starts in 2030.

And it's also playing in favor of digital identity.

So saying that whatever you go, whatever you do on mobile, web dimension, you need to be identified and then you need to have your digital identity.

Another question is more like, if you are integrating this into an app, And how do people selectively disclose, like in 1 of those examples is like you reveal, you know, my Instagram or my Twitter handle.

And so if I'm building an app, and my app has like 3000 users, and we use DID as your identity suit.

When people are sharing their contact addresses and their Instagrams and their telegrams between each other, the app provider is exposed to this knowledge, correct?

If I'm making an app and I'm using, like, I know when information's shared between my users, I get to see all that,

Imagine you're building your application, right?

So, first of all, you have this, we call it, like, did it console, where you configure which kind of data you want from your users.

But once you have all that users, for example, logged in, you don't really see the data unless you're requesting that.

And for that, we will review what's your case.

We as a digital identity, the ones who are storing all that data, we need to make sure who we are letting that personal data to be seen.

So that's why we cannot easily give it out.

Even if you're a business owner, application owner, we want to first make sure and maybe sign some GDPRs with you.

OK, if you want to use that, see that, then this is another extra layer of security.

Yeah, but user A reveals their personal information to user B.

And because it's my app, I'm rendering that information on my app, and I can keep track of all of my user's data, right?

Well, in that case, when you actually consent that data to the application, In most cases, you already consented the data to application and application can do whatever they want.

So it's a matter of the third party application.

We're still like thinking about that, how we can manage that.

But in general, for now, once you consent the data, you cannot actually control it anymore.

From our side, we are trying to make sure that everything is stored securely, encrypted, nobody can get the control, consent, then it's go away, it's up to you, you consented that.

We are still thinking how we can improve that but yeah, definitely this is

yeah, because what happened in the Facebook example was that people were making all these third-party Facebook apps and there's no more apps on Facebook anymore because people are taking advantage of that social graph and making bullshit apps.

I kept the database of everyone who used and all their likes and everything.

And so you can say that the service providers are in a very, very rich position to take advantage of this.

Sure, your protocol is saying, we did everything correct, but you're not actually protecting the users in that particular example.

But that's why you can actually, you are in full control of your own data, where you want to share, where you want to share, what you want to put into your digital identity or not.

I think we have run out of time, but I don't know if we have.

I think this is clearly an interesting topic.


Speaker 0: Hi, hello, good late afternoon. Yeah, hope you're enjoying the ETH product the same as I do. And today I want to bring a bit of more excitement for you with the topic of digital identity, use cases, and Web3 solution. So yeah. So what is to be expected?

A bit of introduction about myself, about Gamium company where I'm working currently. What is digital identity? What kind of problem statement we're bringing there? Use cases, then how we solve it at Gamium with the Didit product. So I want to show a bit of demo there as well, and we will have some time for Q&A session, I believe.

So let's move on. Yeah, so my name is Racim. I'm a former software developer as well, PhD in business informatics, currently working as a web 3 product owner at Gamium. Here are my contacts in case, guys, you will have some questions afterwards. Feel free to reach me out, yeah, or anything else.

So let me talk also about Gamium, so our company. We position ourselves as that we are building digital identity layer of internet. And currently we have 2 main products. 1 is Genesis on the bottom. You see it's a metaverse.

I will not speak much about that today. Yeah, but you can check it out yourself. And today I would like to focus more on the DDIT protocol, its identity and financial protocol, which we are building, which is pretty much the solution for digital identity cases. To bring a bit of hype as well to the company, I wanna introduce our GMM token as well. We are backed up with that.

It hyped a bit up after we announced our collaboration with Meta. We also have partnerships with Telefonica and then yeah, people got a bit of hype there. Yep. So problem statement, What is digital identity? And actually I'll tell you my story.

When I was coming, heading back to Prague recently, I lost my passport with all my visas and stuff, and I was stuck in Emirates for like, I think, 3 weeks, which costed me around like $4, 000, but that's a different story. But just imagine, so I lost my passport, I went to the airport, and I couldn't like verify my identity if everything would be in digital wallet You know, I just like come and show and say okay guys, this is me This is Racine and they say okay, you have all this stuff visa to Czech Republic. Just go on and fly, right? So this is 1 problem another problem imagine how many times per day you actually log into different applications, like web applications, mobile applications, how many times you need to create an account, like put the personal data there, right? And even if you're a business owner, like imagine how many users do you lose there?

According to some statistics, like if you are owner of eShop, only 5% of all the users are getting actually to the checkout point. So imagine how many you lose on the way. Fake accounts and social networks. I think you all have all your like, as a followers, you probably have a lot of bots in your like Instagram or Twitter or whatever. And those all actually create a bit of mess there, right?

And prevention of bot-generated activity is another case for the digital identities. Another 1, again, fake identities, right? Fraud prevention, scamming, all this stuff. Where are you sending money? Who are you operating with?

Who are your users, as if you are like application owner. And this is just a few cases. There are way, way, way more of those. And we will talk about it. So what is digital identity?

Digital identity, at the end of the day, it's kind of your digital twin in internet layer, which provides your personal data, financial data, assets, which also proves that you are human. And it provides the interoperability of your data all over the platforms. It's like digital password at the end, allowing to maintain your single identity all over the internet. And yeah, this is just some cases. You can check for more use cases on our web pages.

You will see it later as well, the links. For example, if you're owning, if you're building, I know, gambling, right? And you want to say, okay, I want my users to be 18 years plus. So, and if you're a user, you want to actually prove it by 1 click. You don't want to go through the KYC processes maybe you want to do KYC process only once and just be you know going to all the platforms and just verify it with 1 click.

Oh, I don't know, like KYC, AML, FinTech, crypto, everywhere. You want to, like, see. Also, the business owners, like, application owners, want to verify that they are working with real humans. So, how we understand at Gamium, we came up with our own formula for digital identity. What is digital identity?

And we said, okay, you know, It's pretty much about data and financial data. So by data we understand documents like personal data, driving license, passport, national ID. This is going back to the case maybe when I lost my passport. Then we have also 3D, your 3D avatar for the metaverses. And that's why we're also building, we have our own metaverse so you can check it out and play with that And financial assets, this is pretty much crypto assets tokens and NFTs and also 5 yet So here I show you a bit of demo.

So we came up with a product, which is called Didit. It's financial and data protocol. And here, to bring a bit of excitement here, I can show you how it works. So just imagine you, this is a profile Didit.me, 1 of our profile pages where you can generate the profile, the digital identity. You just go there, and you log in with your wallet, where you store your private keys with a digital wallet.

You sign the messages. Sorry, it's running a bit too fast. But yeah, you probably see the claims there. I couldn't stop it. But yeah You sign the policies sign the claims if you want to share if you're not just reject Then you enter to your digital identity management tool, which is again profile did it mean?

You populate your data. This is by the way, very it's pretty difficult to see it, right? Sorry for that. Yeah, pretty much what you do here, you put your profile picture, you put your name, your surname, your email address. Maybe later we're putting also some addresses to do one-click checkout.

Yeah, some, yeah, I was putting some address here, city, whatever. And again, this is a very small subset of data. Currently on the DDID protocol, We have way more data sets there. So it's just V1, and then in V2, there's coming way, way more. So yeah, what we are doing here, we created a digital identity with your wallet.

We sign it with the private keys, like with your wallet. And then, yeah, that's it. Now imagine the second case, right? This is already e-commerce web page. And you are a business owner.

You implement a DDIT SDK with just 1 dependency. And here you can see how you can manage already your users. Again, your users can click Get In with just 1 click. Again, some claims to sign there. And you already know that this is the user.

This is Racine. With all this data which we have, we know that it's human. We already see the data, like what address to ship, what's the email and stuff. And we can do one-click checkout. Here You can see we are sending some girlies Yeah to the e-commerce Online store takes a while as usual and then boom, it's done, right?

And you did a checkout in just 3 clicks. If you check it, we just logged in once, we signed the policy. Okay. The third click was just adding to the card and fourth just paying and done. So imagine how, and not only 1 application, imagine it's interoperable over the applications, also easy implementable for the business owners, for the application owners, just like implementing 1 dependency, did it SDK, and then everything is all right And it's all over the platforms.

So let's maybe also go a bit into technicalities, how it works. So we have 3 actors here, right? The human, then we have, which is like us as users. Then we have service provider, which might be like web application, mobile application, online store, for example. And then we have DD protocol, which is our SDK with the services, with the protocol as well.

So user, he or she connects with the wallet address to the application, right? Application calls the wallet authorization endpoint, which is using the wallet address, and to the DDID protocol, and we send a challenge, which is also like policy with the claims, to be signed by human, by the user. If then the service provider sends it back to the human, for example to MetaMask, right, or some other wallet address, human signs the challenge, the policy. Again, we are not storing the private keys here. This also brings an extra layer of security.

We, as did it, you as a user is responsible for your private keys. We don't store that 1. So it's up to you. And that means you can operate that. You select if you want to sign this or not you select what kind of?

Claims what kind of data you want to share with right and then So you send it you sign it and then send it back to the application applications Sees that send back to the did it protocol with a signature with a valid signature if we see that the Signature is valid. We see we send back the valid access token as well So for that wallet address and boom you are done. You're already in and yeah, it's working Again, imagine is just you know several clicks and for the business owners, application owners is just a matter of installing 1 dependency, 1 SDK at the end. And you already have your login management, user management and even like checkout management, right? So what economic services there.

And I think that was pretty much it. Yeah, I was pretty short. We skipped 1 side, unfortunately, because of some technical reasons. But in general, it is, yeah, that's it. If you are excited, the same as we are, about digital identity, then join the wait list.

Try out these web pages if you want. You can create your digital identity. By the way, We did a release on 23rd of May, which is a couple weeks back only. We have already now 3, 500 accounts already in unique digital identities. And it's only starting.

It's just coming. It's expanding. So we have way more to expect. Wonderful. Thank you very much.

Racine, round of applause, everyone.

Speaker 1: Any questions anyone would like to ask

Speaker 2: Racine? What's the role of the service provider in terms of doing all of the challenges and requests, is that off-chain? Or is it on-chain? Or is it just a smart contract?

Speaker 0: No, it's just an application, pretty much. Imagine you are building an application. It's not really a smart contract. It can be a website, right? And you're implementing the dependency to manage your users' login experiences

Speaker 2: and login, checkout, payments. And is it human-focused? Like, for example, my NFT is my identity but it's got nothing to do with me. Can I build an identity around my NFT?

Speaker 0: Well, not really around your NFT, but your NFT is owned by some wallet address, right? So you can build your identity around wallet address.

Speaker 2: Perfect, yeah, yeah, that's interesting, awesome.

Speaker 1: Cool, any other questions? Yes.

Speaker 0: Thanks for the talk, Asim. Where do you actually store the data of the user? Yeah, first of all, thank you, Jorg, for the question. Nice to see you here. Where do we store the data of the user?

Okay. Again, private keys. This is maybe to mention we don't store that. It's absolutely done by the users. It's their responsibility.

We are not storing any private keys in our protocol. In our protocol, we have databases where we store all that. And everything is encrypted with the highest security standards. Yeah, just pretty much standard databases with enhanced security best practices.

Speaker 1: Any other questions? We've got a little bit longer.

Speaker 3: Thank you. So in terms of the GDPR, will you be the data controller? Because, you know, for example, if you're an institution and you need to, you need to actually keep the record of someone's KYC data for some years. And in your case, you basically will be storing this information or the individual will be storing the information, him or herself. So how will this work with the whole GDPR thing?

Speaker 0: Sure, good question, by the way. So regarding GDPR, since we're storing the personal data, we actually need to follow the GDPR, right? And it heavily also depends on where we store our databases. Our databases are stored in the Europe. So yeah, we're not, for example, sharing that with the US.

KYC, if you wanna do the KYC, it's up to your choice, right? So you can do that, and it's stored in the database in a secured way. And nobody else except you will be in control of if you want to share the data or not. Pretty much by signing this process, you yourself control if you want to share this data or not. And the rest, I mean, according to the GDPR, yes, we are following that.

There is no other way. Plus there are like new 2 regulations upcoming, right? The 1 is Mika, probably heard about that. And second 1 is in AIDAS. So Mika is, yeah, will be, I think, on from the next year.

And where it all plays in our favor, in favor of our protocol. So with Mika, you will need to, whatever you use your log in, where you do some transactions, you will need to identify yourself. Who are you as a user, right? And then with AIDAS, this is European regulation which starts in 2030. And it's also playing in favor of digital identity.

So saying that whatever you go, whatever you do on mobile, web dimension, you need to be identified and then you need to have your digital identity.

Speaker 2: Another question is more like, if you are integrating this into an app, And how do people selectively disclose, like in 1 of those examples is like you reveal, you know, my Instagram or my Twitter handle. And so if I'm building an app, and my app has like 3000 users, and we use DID as your identity suit. When people are sharing their contact addresses and their Instagrams and their telegrams between each other, the app provider is exposed to this knowledge, correct? Well. If I'm making an app and I'm using, like, I know when information's shared between my users, I get to see all that,

Speaker 0: right? Yeah, yeah, I know what you mean. Let me maybe answer a bit from far away. Imagine you're building your application, right? So, you are the service provider.

So, first of all, you have this, we call it, like, did it console, where you configure which kind of data you want from your users. But once you have all that users, for example, logged in, you don't really see the data unless you're requesting that. And for that, we will review what's your case. We as a digital identity, the ones who are storing all that data, we need to make sure who we are letting that personal data to be seen. So that's why we cannot easily give it out.

Even if you're a business owner, application owner, we want to first make sure and maybe sign some GDPRs with you. OK, if you want to use that, see that, then this is another extra layer of security.

Speaker 2: Yeah, but user A reveals their personal information to user B. And because it's my app, I'm rendering that information on my app, and I can keep track of all of my user's data, right?

Speaker 0: Well, in that case, when you actually consent that data to the application, In most cases, you already consented the data to application and application can do whatever they want. So it's a matter of the third party application. But I think it's a good question. We're still like thinking about that, how we can manage that. But in general, for now, once you consent the data, you cannot actually control it anymore.

I mean, unless there's... Yeah, it's

Speaker 2: the curse of knowledge. Once it's out there, it's somewhere.

Speaker 0: From our side, we are trying to make sure that everything is stored securely, encrypted, nobody can get the control, consent, then it's go away, it's up to you, you consented that. We are still thinking how we can improve that but yeah, definitely this is

Speaker 2: yeah, because what happened in the Facebook example was that people were making all these third-party Facebook apps and there's no more apps on Facebook anymore because people are taking advantage of that social graph and making bullshit apps. And I'm a victim, I'm guilty as well. I kept the database of everyone who used and all their likes and everything. And so you can say that the service providers are in a very, very rich position to take advantage of this. Sure, your protocol is saying, we did everything correct, but you're not actually protecting the users in that particular example.

Speaker 0: But that's why you can actually, you are in full control of your own data, where you want to share, where you want to share, what you want to put into your digital identity or not. I think we have run out of time, but I don't know if we have.

Speaker 1: We have unfortunately run out of time. Very, very interesting talk. I think this is clearly an interesting topic. Talk to him afterwards. Round of applause everyone.

Thank you very much.

Speaker 0: Thank you

See all Parallel Polis transcripts on Youtube

Digital Identity - Use cases & Web3 Solution / Rasim Muftiev