Subscribe to the Liminal Newsletter
Stay updated with the latest news, data and insights from Liminal
The reusable identity credential space contains a host of competing standards, applications, and different approaches to solving the fundamental challenges of digital identity at scale. In this week’s State of Identity podcast, host Cameron D’Ambrosi sits down with Nick Mason CEO of ProofSpace to discuss their unique go-to-market approach in solving these roadblocks.
Cameron D'Ambrosi, Senior Principal at Liminal
Nick Mason, Co-Founder & CEO at ProofSpace
Cameron D’Ambrosi [00:00:04] Welcome everyone to State of Identity. I’m your host, Cameron Ambrosi. Joining me this week is Nick Mason, co-founder and CEO at ProofSpace. Nick, welcome to State of Identity.
Nick Mason [00:00:14] Cameron Great to be here.
Cameron D’Ambrosi [00:00:16] Thank you so much for joining us. Really excited. You know, we’ve been we’ve been chatting for a while, you know, in various formats, emails, video calls, carrier pigeons in the lead up to the show. And I think this is going to be a great one for our audience. You know, I think it’s extremely, extremely topical with so many of the trends we’re seeing in the space. So let’s dove right into it. You know, proof space, you know, hit the plug right here, a no code platform for issuing, holding and verifying reusable identity credentials. You know, what was the brainchild you co-founded this company? I think everyone who’s in this space to some degree kind of has a light bulb moment or the moment where they realize, like, this isn’t working and I’ve got to do something about it, you know? What was that moment for you? Talk us through the birth of proof space.
Nick Mason [00:01:12] Cool. Yeah. It’s great to be here again. Thanks for. Thanks for having me on. Cameron and Prince Bass was was actually born from originally from a desire to solve a very particular problem relating to identity for consumers from lesser developed countries, where we were looking at onboarding people from rural communities into digital services. And the best way of doing that, we decided it was through decentralized identity. These communities are highly mobile and and they need a credential that they can carry with them without relying on another party. So decentralized identity was actually the the solution to the problem. And as we got further into that technology stack, we realized that there were a few other problems that we had to solve before we could come to to those communities, primarily centered around ease of use and ease of adoption, user experience and what we call futureproof ness. And I can explain this a little bit more and we got further into the details.
Cameron D’Ambrosi [00:02:18] Yeah. So it’s a crowded space in identity, right? There’s more than one way to skin a cat, of which I’m fond of saying. And then, you know, within the reusable identity credential space, we have kind of. A mishmash, if you will, of competing standards, of competing applications, of different approaches to this fundamental challenge. You know, in many ways, I think. There are a lot of valid approaches, but I think where some folks approaches have fallen down, for lack of a better word, is I don’t think they’ve thought enough about, you know, how are people actually going to use this? How are we going to have a functional, scalable ecosystem? You know, I think folks have put in some ways an ideological set of standards forward, like, you know, privacy, preservation and immutability of the ledger and things like that, and have not focused as much on, you know, what is it going to take? Governments and businesses and institutions and people to actually use this darn thing. And in some ways, it feels like proof space. You guys have kind of started from that perspective and worked backwards to some of the other elements, especially around the notion of. Interoperability and and the avoidance of, I guess, what you call vendor lock in. Right. Can you talk about that fundamental approach to your platform and where you think you’re kind of different from so many of the others who have maybe also been competing in this market?
Nick Mason [00:04:03] I mean, we we as a company have always been very use case driven. So we’ve always taken the approach of designing solutions so that they solve real world problems. And I think one of the. Differentiate is that that has always created for us is in a way we have a set of design principles that we apply to every single feature development, every single product development, every single implementation that we do, which is really centered around how. How easy is this to implement for the customer? How easy is it for them to integrate into their existing systems? How how compatible is it with their business, business processes and business requirements? And what is it like for the end user? And one of the are a couple of things that I suppose come into play with this. Firstly. The majority of identity interactions that we have online are unlikely to be binary exchanges of credentials between two parties. It’s unlikely that you achieve the goal that you have simply by interacting with one institution and calling it quits. You interact with one institution, get a credential back, and that credential is then sits passively in your wallet for, you know, for time immemorial. That’s not really how identity credentials work online. It’s more likely that, as you indicated with the word re-use, that the credentials need to be reusable and you have to approach that reusability from the question of how is it that an individual discovers the services that will accept those credentials and how do they perform goal oriented interactions with those services? And conversely, how is it that services discover those individuals and offer them interactions? That means that those individuals can achieve particular goals with their credentials. The result is that interoperability interoperability isn’t just about the, you know, the taxonomic and syntactical levels. It’s it goes down to levels of business interoperability, pragmatic decisions that people have to make in order to achieve a the transfer of a credential from the wallet to a given goal in a particular institution. And we call this the communication and discovery layer of of interoperability. And so in private spaces, design is not only interoperability across identity networks, from across different blockchains and non blockchain platforms, it’s also the interoperability that a user experiences by having a credential that is perhaps interoperability is not the pathway for it. Perhaps a better one would be extensibility, where a credential that’s received from one institution can actually be easily used across any number of other institutions in order to achieve that goal. So so that discovery and, and communications layer, that’s, that’s something that’s built into the present application. It’s not just a credential wallet. It’s a marketplace where you can discover and use the credentials that you have in your wallet. I mean, you get really to get kind of out of the abstract and into the real world. Let’s take an education employment ecosystem. So you have universities that are issuing issuing course and module credentials to individuals. And those individuals want to use those credentials to achieve goals in the employability landscape or to go up to the next level in their education. That is a perfect example of how the credentials can be extensible if presented in the right way, within the right, with the right user experience.
Cameron D’Ambrosi [00:07:40] From a go to market perspective. You know, and this is well-trodden ground to some degree on this podcast, but I think it’s a really critical question. And I think, you know, the different answers we’ve heard from folks in the space are are really illuminating. We’ve always faced this fundamental cold start problem, used to call it cold start chicken and the egg. How you get the flywheel spinning of consumers are loathe to adopt a platform that doesn’t really have anything for them to do in it. And at the same time, enterprises are obviously loath to commit the engineering resources and time and cost and effort it takes to, you know, join a new platform for identity if there isn’t a critical mass of users that you can point to to intercept them. So, you know, how how do we start? How do we solve this? It seems like you guys have approached from the institutional side. You know, you can offer a strong value proposition to those institutional stakeholders, to relying parties, and the consumers will come based on those use cases. You know, it’s an approach that I personally I think favor, but would love to hear your thoughts on, you know, why you chose that go to market approach and and how you came to that conclusion.
Nick Mason [00:08:54] Yeah. I mean, this is this is a really interesting question because where we all want to get to is this beautiful future where you have network effects across ecosystems, where credentials are powering new forms of interactions and new forms of customer engagement, business models and so on across different ecosystems. But, you know, it’s easy to solve problems. Let’s say once you have that consumer platform scale, acquiring the scale is where the hard work happens. And so as a starting point, I don’t think you can start anything. You can start in this market by saying network effects are a value proposition that we offer to our customers. You know, of course, that’s why we want to get to. But the the starting point has to be there is a value proposition straight out of the gate that means that this is differentiated and better than the alternatives that you currently have. Available to you. One wanting one one value proposition that is increasingly powerful is is one that’s actually signaled by some research that Liminal did recently. You guys wrote that 76% of consumers want more control of their digital identity. And Cisco released some research that said 33% of consumers are switching brands because of privacy concerns. You know, value proposition is becoming a is becoming privacy, rather, is becoming a value proposition. There is no there is no form of identity management stronger than self-sovereign identity when it comes to privacy. If you’re true to the principles of SSI and so on. So that’s one part is you got to hit a value proposition that really appeals to the enterprise out of the box. I think more, more concretely, if if privacy in and of itself doesn’t appeal to the bottom line mindset. The other one is that with with the right governance structures and the right and the right, for example, credential schemas defined within an ecosystem as part of a governance framework and so on, you know, you really can achieve incredible process optimization. And I again, to refer to the university example, if a student comes into a university and they present to you the learning outcomes credential portfolio, and you can tell them that they don’t need to take four or five or six different modules that they’ve already got or the learning outcomes for that saves on university time, it reduces class size, which increases overall academic attainment. These are real concrete outcomes. So there are some generic outcomes that are applied across all implementations, and there are also just some really clear vertical based value propositions that you can that you can make. And we know we like to we like to define those particular values to to the different audiences that we go to.
Cameron D’Ambrosi [00:11:54] And from that, you know, end user perspective, it has felt like. We’ve maybe had a breakthrough in the you know what I think has historically been referred to as the privacy paradox. Right there is this kind of academic question of why do consumers say one thing about what they desire from platforms but then seemingly do another? You know, consumers say they value their privacy, but then they’re willing to surrender it at will for, you know, browsing pictures on Instagram to kind of make a cheap example. But, you know, I for many years, I think, have pushed back against that because it felt like there was never actually a real choice to be had. There wasn’t a clear choice between, you know, do what you want on the Internet and surrender your data or do what you want on the Internet and don’t surrender your data. It was surrender your data or basically be that weird guy who, you know, doesn’t have email, doesn’t have a social media account, doesn’t use a smartphone. You know, as much as, you know, Ted Kaczynski is a lifestyle choice. Like most people aren’t going to do that. They need the Internet for many things, including their job, in addition to, you know, all of the fun things that the Internet can do that I would argue don’t need to be inexorably linked to the surrender of every iota of privacy that you ever had. And I think now we are starting to see that change because consumers are being presented with real choice, you know, whether in the form of Apple’s, you know, do not track options that, you know, upwards of 85, 90% of consumers now opt into or platforms like this that are actually giving them a real set of control or some control at all as compared to the none previously of their digital identities. So from that perspective, I think it is really exciting that consumers are kind of actually being given some real levers to pull, whereas before, you know, it was almost like. When you just give a kid a cardboard box and draw a bunch of buttons on it or like, you know, to some degree, people pressing the closed door button on an elevator, which I don’t know if you know this, but it’s one of my favorite stats, I guess. Apparently in in most elevators, the closed door button is not wired to anything on the panel. It’s just there for a placebo effect to make you feel better when you’re pressing it, the open door button will work that will actually hold the door open, but the closed door button just does nothing. The door is going to close whether you press it or not, and it just makes you feel feel good about yourself. So I’d like to think, you know, side to some degree is wiring that closed door button to the panel itself so that it actually closes the door on privacy.
Nick Mason [00:14:47] Mm hmm. Yeah, that’s like the analogy. I think. I mean. Yeah. I mean, I share the view. I like to think that that. SSI gives us. It gives us choice in how we. Conduct ourselves online. The famous thing is that the way that identity is, is is operated online in no way reflects how we manage our identities in the real world. If we walk down the high street and go into three, three different shops or bank or a post office, whatever it might be, that’s all. Those are all peer to peer interactions. And if we do that online, it’s likely that we’re being tracked across the federated identity model and that now that needs to change as our identities grow from the hundreds up to the thousands, which will happen over the next few years. Online Identities. What do people want? Do they want to have all of that data over to unknown third parties, or would they like to wrestle back some control of it and then experience greater privacy? And I think there are, you know, coming back to the point about. The you know, the. That’s strange. Misalignment between people’s values and the way that they conduct themselves online. You know, I say I want more privacy, but I still accept the cookies, all that kind of stuff. I think and I think part of it has been the optionality, like there’s just not the there’s just no alternative and that the consumers are offered in the majority of their online interactions. Part of it is the user experience may not necessarily match up until these, let’s call them very broadly speaking, web three decentralized ID technologies, match web two experiences, user experiences that it’s going to be hard for them to break into the mainstream. That’s something, by the way, that free space is really focused on, on resolving is that user experience problem, which I mentioned already. So, you know, we do we do need to give an update. And the final part is utility. Like the reason that the Google federated identity is useful is is so unpopular is because it’s so useful. You know, you can just get what you want to get done very quickly and easily. And we need to that’s that’s partly where the competition is between web three and went to identity models. And we as a company absolutely want to find the ways of doing that. I think I think the. The other. Another big part of it, though, is most when you think about how a customer discovers an online identity, particularly when it’s like a car model, a confederates identity, at some points they want to use a service and that service pushes them towards creating that identity. So the way that we move people from, you know, like the on ramp, as it were, for decentralized identity, are those moments where a service pushes a customer towards a particular model of identity management. And whether it’s in a particular vertical, there are always going to be those early adopters who make a bet. And the bet that they’re making, which I mentioned already, is that privacy is going to be a fundamental value proposition. It’s going to be a it’s going to be a reason for people choosing to go with one service or another. And if you convinced the early adopters that that’s the case and that this is the technology that they should adopt, eventually the market will follow. And that’s how you know, that’s how we’ll wrestle. That’s how we’ll wrestle away the market share. And there has to be incentives in place for those companies to, you know, to become the early issuers of credentials. So new revenue models, new engagement models that they can benefit from by offering decentralized identities to their customers. So, I mean, there are so many areas where this is why this is relevant. One interesting segment is with Nfts, like the first minting platform to offer a verifiable NFT is is setting the standard for the rest of the minting platforms. Likewise with Marketplace Spaces, the first marketplace to dox its artists and issue those artists with verifiable credentials. That sets the standard immediately the most trustworthy platform out there. So you’ve got to you’ve got to kind of push the industry by by also appealing to the competitive instincts of the other actors.
Cameron D’Ambrosi [00:19:17] So you know, the last area I kind of want to deep dove with you on is the notion of getting credentials, you know, into a wallet, so to speak, getting those attestations locked in and what relationship, you know, you feel should be forged with issuers. I think this has been a major divide in the Self-Sovereign identity space as well. You know, I think on on one side, you have the folks who fundamentally believe that true self sovereignty, again, almost from an ideological perspective, is is necessary. And then you have other folks, you know, the European Union approach under eidas 2.0, where you’re taking all of these core features of what I would consider to be self-sovereign identity platforms, user centricity and lack of a centralized authority and all of that good stuff. But you do have the ability to kind of be receiving credential attestations directly from a centralized source. So from your perspective, you know, what role do you think credential issuers at the government level should play? You know, where do you see the the interface layer with the sources of identity, which you know? Well, fortunately or unfortunately, the reality is it’s going to boil down to a government right in this day and age. The government are the ones who are able to kind of give you the only true ironclad attestation of like, am I? Nick Mason? Doesn’t Nick Mason exist as a, you know, whether it’s a citizen of this country or was actually born and has a birth certificate, you know, how do you see that interface layer happening and continuing to develop?
Nick Mason [00:21:06] I think. I always. Start from the point of of with a very I always start with a very broad interpretation of of identity. I think that’s that’s important. You know, but from a best practice perspective, an identity is is. Whatever the individual wants it to be in the moment that they need it. You know, it’s it’s incredibly versatile. It’s incredibly dynamic. And it’s and it’s incredibly broad ranging. We can’t distill an individual’s identity down to verifiable credentials, and we should never try to. But, you know, there are norms out there. And and you’re right that starting from a from a perspective of of of. User adoption and and growth in the utility of credentials, the foundational identity, the ones that are issued by governments are obviously going to be part of their part of the game. I. I from a government perspective, I see that Self-Sovereign identity can mirror the existing systems of trust that are present in government but enable. Peer to peer interactions off the back of those systems so they can have the same level of trust that’s held by the government identity issue or the business licensing entity or or so on. You know, it’s big that the architecture for Self-Sovereign identity can can still support those existing systems of trust, but the resulting identities that are then held by individuals or entities are then usable across a range of peer to peer interactions that previously those identities weren’t. So I think governments should. Feel a sense of empowerment through Self-Sovereign identity, because the function of a foundational identity is to enable the navigation of bureaucracy. You know, that’s that’s why big reason why we have identities is so that we can navigate bureaucracy easily. And we all know the problems resulting from a deficiency in an individual’s identity in a particular nation, it makes it impossible to do anything. Rent a house, open a bank account, all that stuff. So that’s that’s one part the government should feel that their existing systems of trust and merit by self-sovereign identity architectures and they should see the potential of SSI credentials and how that enables people to navigate bureaucracies that exist in those countries. I think the second part is that we need to interpret identity broadly and governments of course play an important role that identity on them. But the broader scope of identity is is down to the company level, down to the ecosystem level, and that’s where the massive volume of credentials will come from.
Cameron D’Ambrosi [00:24:06] I love it. Well, Nick, we are coming up on time here, but I would be remiss to not offer you up what I call the shameless plug moment for folks who are listening, who are interested in getting involved in the ecosystem, chatting with you. You know, whether it’s investing, whether it’s joining up for the platform as a user or getting online as, you know, relying party, what’s the best place for them to go and how should they reach out?
Nick Mason [00:24:33] I appreciate the opportunity. So if you’re looking at implementing Self-Sovereign identity. Stack is fully ready to go. We’re doing some very exciting work across web3, across education, across employment cases, finance, financial services, health services. So really a lot going on and we are very keen to get use cases to production and we believe that we can get you there between three and 12 months faster than your current approach for SSI, if you if you’re building on one of the native identity protocols, so get in touch with with us via Twitter, via our website, you can find weekly discovery webinars that happen I think happening at noon Eastern time every Tuesday. And we are going into a funding round in the coming months. So always happy to talk to investors who are very interested in this market.
Cameron D’Ambrosi [00:25:37] Amazing. Well, Nick, greatly appreciate your time. I know it’s always at a premium. This is obviously an area that’s super, super exciting for me. So always glad to have these conversations and looking forward to following up with you on progress and having you on again soon.
Nick Mason [00:25:53] Thanks so much, Cameron. It’s been a pleasure to be here.
Age verification is one of the hottest topics in digital identity today. Jurisdictions globally are cracking down on youth access to adult content and social media while limiting data collection from underage users. Join host Cameron D’Ambrosi and Executive Director of the Age Verification Providers Association, Iain Corby, to discuss how age verification vendors are helping platforms meet this growing challenge.
Despite growing cybersecurity vulnerabilities, the enterprise shift from on-prem to multi-cloud IT infrastructure has been fantastic for scale and flexibility. Valtix co-founder & CEO Vishal Jain joins host Cameron D’Ambrosi to discuss the current cloud security landscape and why a unified platform approach is critical for identifying and mitigating cyber threats.
Private fund investing has remained anchored to PDFs and wet-ink signatures in a world where a smartphone can open a bank account in minutes. Join host Cameron D’Ambrosi and Passthrough CEO & Co-Founder Tim Flannery as they explore how his team brings digital onboarding flows to emerging and established fund managers.
While consumer data breaches have continued to occur at a record pace, options for proactive identity data protection have remained limited until now. Join host Cameron D’Ambrosi and Hush Co-Founder & CEO Mykolas Rambus to discuss why previous solutions have remained inadequate and why artificial intelligence is the key to protecting consumers.
Security Information and Event Management(SIEM) solutions are only as effective as their coverage. Analytics and automation are mission-critical for eliminating hidden detection gaps and maximizing attack coverage. Join host Cameron D’Ambrosi and CardinalOps VP of Cyber Defense Strategy Phil Neray for a conversation on the latest cybersecurity threats and why orchestration is the key to a robust defense.
How can you protect a cybersecurity perimeter that you can’t define? Join host Cameron D’Ambrosi and JupiterOne Founder & CEO Erkang Zheng as they discuss the value of cyber asset attack surface management (CAASM) and the role identity must play in bolstering an organization’s cybersecurity posture.