Hi, I'm Eric.
I’m an avid world traveler, photographer, software developer, and digital storyteller.
I help implement the Content Authenticity Initiative at Adobe.
Hi, I'm Eric.
I’m an avid world traveler, photographer, software developer, and digital storyteller.
I help implement the Content Authenticity Initiative at Adobe.
4 June 2024
This week I’m in Berlin, attending the European Identity Conference. When I attended the IIW earlier this spring, I wrote about it in real time as the conference was in progress. That format worked well for me and received a lot of compliments, so I’m attempting it again this week.
NOTE: Rather than trying to take comprehensive notes for each presentation, I’ll share my own photos and comments that aren’t immediately obvious from the slides. The slides for each presentation are generally available if you click the link on the section header.
I’m part of a team at Adobe that is dedicated to helping content creators and content consumers establish genuine connections with each other. We do this through three organizations that we’ve helped to create:
Content Authenticity Initiative: CAI is a community of media and tech companies, NGOs, academics, and others working to promote adoption of an open industry standard for content authenticity and provenance. The CAI does outreach, advocacy, and education around these open standards. Content Authenticity Initiative is also the name of the business unit of which I’m a part at Adobe through which we participate in all three of these organizations, develop open source and open standards, and guide implementation within Adobe’s product and service suite.
Coalition for Content Provenance and Authenticity: C2PA is a technical standards organization which addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content.
Creator Assertions Working Group: CAWG builds upon the work of the C2PA by defining additional assertions that allow content creators to express individual and organizational identity and intent about their content.
I recently published an article titled Content Authenticity 101, which explains these organizations and our motivations in more detail.
Interesting things not directly on slides:
VERY full room.
This session spoke to security and user control of credentials, but did not cover misinformation/disinformation as we think of it in the CAI/C2PA sense. (We think primarily about misrepresenting context, technique, or identity as a way to mislead.)
Content not directly on slides:
A quick view of the Berlin Congress Center as I was walking toward it:
Martin Kuppinger
(Title tl;dr: Finally solving the IAM puzzle.)
“Will decentrialized ID really be the thing that helps us solve the puzzle?” (Which puzzle.)
Interesting axes: Security/protection vs enablement, technology vs business
I like the term “identity silos.” (They won’t go away quietly.)
“The risk of siloed wallets.”
A friend who had observed last year’s conference was stunned by the sea change in this conference. Last year, decentralized identity and even eIDAS seemed like an afterthought; this year, in the keynote, we were told that it is the next big thing.
Related links:
Anil John, US Department of Homeland Security
“Just like the Trojans, you are going to be getting a lot of gifts.”
“The right to paper” as a way of saying digital is not a requirement.
Everybody who is arguing for their standards: “A swirling whirlpool of doom.” (Obligatory reference to the XKCD “competing standards” comic.)
Mistake: Don’t assume that issuers and verifiers will move in tandem.
Ivo van Bennekom, EMEA Impact Center Leader Digital Identity
Sweden saw rise in cyberattacks by 239% in the months prior to joining NATO.
Joni Brennan, Digital ID and Authentication Council of Canada
Canada building a digital identity platform starting late 2021. Wow … conspiracy theories killed this off.
I love her use of “super-spreaders” to describe misinformation … super-spreader.
“Authenticity is the new identity.”
(panel)
One panelist looking for a new term to fit somewhere on the spectrum between (human) unintentional misinformation, AI hallucination, and (human) intentional misinformation.
Pablo: “We’re still trying to find out how to label bad information (*); we should be thinking about how to label good information.” (Hello!)
“Standards are about making choices that don’t matter.” (Examples: 200 is the HTTP status code for a successful response.) … Except that they do. Everyone has to make the same choices for the same concepts for a standard to lead to meaningful interoperability.
Key point: Choices matter. Making them improves interoperability.
Gives W3C VCs a C rating.
Gives DIDs a D rating. “But it does get worse.”
Then gives Multiverse (an IETF proposal) an F rating. “It institutionalizes the failure to make a choice.” See Multiformats Considered Harmful. 😱
Markus Sabadello and Nat Sakimura
Like Kuppinger earlier today, Markus notes the shift in how much decentralized identity has become welcome here at EIC.
Interesting assertion: Data format can convey liberty. (Counterargument: The data format that supports liberty also adds complexity.)
Estonia saves 2-3% of GDP by using digital signatures.
Awareness of friction inherent in multiple wallet implementations (i.e. each country has its own national wallet app – is this really necessary?).
In Netherlands, there is a substantial cost (thousands of euros) to have a vetted business identity.
Talk of having wallets for businesses.
There is an eIDAS Expert Group which is advising member states on implementation details.
Audience question: Why isn’t there just one wallet for the entire EU? (Much laughter in the room.) Serious answer: Allow member states to continue using existing systems.
Andreas Freitag, Co-CEO, Procivis AG
Analogy of one standard for all to Esperanto. It didn’t work.
So be prepared to manage and embrace diversity. “You reach interoperability through flexibility.” Very much the opposite of Mike Jones’ keynote last night.
Write many, display as one, present what is required.
Ooh, Procivis has done many implementations in Rust. (!) Note that Procivis has a trust list implementation.
Paolo De Rosa, Policy Officer, European Commission
Key recent updates:
Ahhhh… relying parties need to be registered.
EC looking for active feedback now.
Eric Scouten
I gave a 15-minute talk about the Content Authenticity Initiative, identity, and the status of our investigation about how eIDAS-based identity might enable that technology.
But first … a tech check. I was a theatre geek back in high school. Had to make sure my slides (which the AV staff at BCC were driving) were ready to go!
Backstage, about ready to go on:
And a few photos during my presentation, captured by my friend Judith Fleenor, executive director of the Trust Over IP Foundation:
Slide deck (9MB PDF)
Next I was part of a 45-minute panel discussion on how digital wallets will enable new relationships between consumers and businesses and governments.
Fear of “decentralized silos.” Too many context-specific wallets.
Martin Kuppinger suggests that we shift our thinking from “levels of assurance” of credentials and start thinking about provenance of credentials.
Dr. Daniel Fett, Security and Standardization Expert, Authlete
No notes.
Why eIDAS? Need to ensure that identity data is handled properly and with sufficient protection to users.
“Germany isn’t a leader in digital identity.” (Audience murmur.)
As is so often the case for multi-day conferences, the last day of the conference is notably deflated compared to the other days as people start to make their journeys home. Such was the case on this Friday.
I made one more panel appearance to talk about how we anticipate decentralized identity fitting into the Content Authenticity ecosystem.
After the morning panel, I needed to leave to make my own travel logistics work out.
All in all, this was a very impressive conference. Very well produced. Hats off to Jörg Resch who shared that this was the last conference he would be organizing before his upcoming retirement. Whoever manages the agenda for EIC 2025 will have very big shoes to fill.
button to adjust the map’s position and zoom.)
Subscribe to my free and occasional (never more than weekly) e-mail newsletter with my latest travel and other stories:
Or follow me on one or more of the socials: