How do you give developers the ability to build convenient and privacy-preserving authentication solutions into their products? Join this week’s State of Identity podcast with host Cameron D’Ambrosi and Dock CEO Nick Lambert to discuss their release of Web3 ID, a blockchain-based authentication and authorization system that puts user privacy first.
Cameron D'Ambrosi, Senior Principal at Liminal
Nick Lambert, CEO at Dock
Cameron D’Ambrosi [00:00:03] Welcome to State of Identity. I’m your host, Cameron D’Ambrosi. Joining me this week is Nick Lambert, CEO of Dock, Nick, welcome to the podcast. Really, really excited for this conversation, I must say.
Nick Lambert [00:00:14] Yeah, thanks for having me on, Cameron. It’s a real pleasure to be here.
Cameron D’Ambrosi [00:00:18] Well, you know, we were were getting on like old chums talking about footy prior to hitting record, but we’ll steer the ship back in the direction of identity. Dock is in a space that I think is again kind of at the heart of the major debates and these tectonic shifts in the world of identity, which is around, you know, verifiable credentials, you know, putting things in the hands of users and, you know, web3 to some degree more broadly, obviously still very much buzzy and top of mind for folks as we think about what fundamental structure the future, you know, of the Internet, for lack of a better word, is is going to take all that to say, you know, what have you built with Dock and what are those key problems that you’re looking to solve around identity in the 21st century?
Nick Lambert [00:01:07] Yes. So we built our own Dockk is our platform for the issuance of verifiable credentials. So we used lots of different tools to basically enable verifiers or people checking data to understand who issued when they issued it. And if they know that with certainty, they can then judge how much they want to trust that piece of data. So that’s really the kind of main problem that we’re solved we’re solving. And then in terms of all the things, different things that we’ve built, obviously to enable all that technology to work. And there’s a couple of different things that we have a play, we have things like mobile wallets and we have kind of a blockchain which we personally use for a decentralized data registry and things like that. But, um, but all of those tools are really trying to fulfill the promise of being able to verify data in a way that you can absolutely trust that, that piece of data. And to that end, one of the interesting things that we recently built in future is a kind of product or feature was Web3 ID.
Cameron D’Ambrosi [00:02:13] And Web3 means a lot of things to a lot of people. And I think some of the meaning of what we’re talking about when we talk about Web3 gets lost to some degree in the hype. Like when you say Web3, I’d kind of what are those main applications that you’re looking to deploy this against?
Nick Lambert [00:02:34] Of course, asking questions. So just to just take a slightly more long winded answer, Cameron, and please do jump benefits, it gets overly so, but for some brief background, I mean, so the way that we had a Web3 is basically about authentication and authorization. So basically how do I access a website or how to access a service? And John, to your question, the Bitcoin Web three, Web one was in this context was if I’m accessing a site, I would have a username and password that would be given to me by the website or the service, and they would manage all that for me. Web two brought along more of a federated approach where having the password and the the user ID is a bit of a clumsy user experience because inevitably, unless I’m using a password manager, I forget what they are. And so I have to go through that whole password reminder process, which is a bit of a pain sometimes. And so services tried to overcome that by saying if you have already have, let’s say a Google login, you can use log in with Google. So I can use my Google credentials to log into a third party service. And that’s called open open authorization or or got it shortened to the problem with is it fixed the terrible UX experience of passage of actual physical passwords and trying to remember them. But what it left is a trail of privacy leakage. So if I use my log in with Google to log in to another service, another website, then at that point, Google knows exactly where I’m going, when I’m going there, what I’m doing, etc. And so what we’re trying to do and what Web three embodies is putting that control over access into the hands of the user. So taking it away from the company or the corporation that are holding these large kind of lists of users and how they authenticate and basically putting that back on to the individual so that they become in control of that data. So that’s really for Web three, at least for me, as embodying, it’s really putting the control and privacy back into the hands of the user.
Cameron D’Ambrosi [00:04:52] From that perspective, you know, how were you looking to tackle the open needs? In that regard, I think we’ve seen go to market approaches, that center on kind of putting credentials in the hands of consumers, using that to kind of get the flywheel spinning and then using that to pick up relying parties. Or there’s other folks who really kind of come at it from almost a red hat Linux perspective, where they’re looking to embed themselves in the fabric of organizations. And the support for the Web three credential or the reusable ID is almost ancillary to that, and they’re looking to kind of embed themselves on the corporate side and and drive adoption in that more passive way. How are you thinking about this kind of cold start approach? That’s really a big challenge for everybody.
Nick Lambert [00:05:34] Yeah, that’s a very good question. It’s a tricky one as well. Our perspective is to really kind of go B2B, so focus on organizations and work with them to educate their user base. So our perspective would also be that if you’re trying to go after purely end users that we’ve seen with some of the identity offerings out there, just know some of the earliest ones. It’s, it’s, it’s definitely doable, but it’s tricky and it’s expensive. Like, so you’re trying to fight for each and every single user consumer level and they can be an expensive audience to tap into. Another approach of the one that we’re taking is you go to the organizations who have the users user base already and you effectively enable them to understand the benefits of decentralized identity, verifiable credentials. And then if you bring them on board, then they educate their users with you, which seems to be a much more efficient, effective and probably less expensive way. So that’s really our approach. And so the companies that we’re working with, one can be like even some of the marketplaces is one of the approaches that we’re taking. Cameron So as you’ll know, you get different marketplaces for different things. So some of these marketplaces will sell things like a login button to developers. So developers would use these services to manage access to their on site or service. And so that would be one partnership where we would enable like using Web3 ID in this example to enable developers to pick up that technology and use it, rather than obviously trying to educate each and every user about that technology. So that’s really the approach are running with much more kind of B2B and then help in working with our partners to educate their user base.
Cameron D’Ambrosi [00:07:30] That’s fantastic. And you know where? On the on the buying organization, have you found the most traction? I think this is one of the most interesting questions that we face as digital identity practitioners to some degree, is when you’re, you know, pitching something that’s almost a complete paradigm shift in terms of how you’re thinking about identities in your organization. It can be challenging to find like, who is that right key stakeholder, kind of who’s who’s the right arm to twist proverbially to get things over the line when you’re impacting ideally so many different stakeholders. Right. I think we’ve we’ve seen this siloed approach to digital identity historically. And I think you’re you’re seeing out of necessity, organizations adopting a more holistic perspective.
Nick Lambert [00:08:15] Yeah. For us. I mean, it there’s no obviously one answer to that. And it depends on the organization type and size, but. But the types of people that we would like to speak to, in some cases it’s that head of product and that can be maybe in a larger product because obviously a lot of smaller companies may not even have a product manager. Sometimes the developers can uncover a developer and be as well as a product manager role as well. But also then looking at certain C-suite people again in smaller companies, quite often you can find as the CEO, the still really driving a lot of the direction of the company and sometimes kind of chief strategy offer officer as well. But quite often we also find that it can be the technical people. So what we often find is that the people that are looking at the market. Looking for solutions are often developers who get it refreshingly so, don’t care about costs and things like that. They just purely care on what do you have today? What can I use? How will it salt my problem? And if those developers become satisfied, then you can, if they connect you up with the appropriate people in their team, whether that’s their kind of C-level team. And then you start to kind of work the security of of how is this partnership going to work? So it’s it’s not a one size fits all. It’s very much dependent upon the organization and its size and really how they’re structured. But probably those would be the kind of key areas that we would look for.
Cameron D’Ambrosi [00:09:52] Can you talk a little bit about some of your early successes? And I know you have a couple partnership announcements that have have hit the wire lately to your own heart a little bit, you know. Tell us about some of those customers. And and, you know, how they’re deploying this. I think tying identity to use cases is one of the most powerful forms of evangelism that we have. I think, you know, when I meet people and start talking about digital identity, it’s all very abstract until you say, well, okay, think about it this way. It’s how your bank knows that when you want to venmo your friend, that you are you and not a hacker who’s trying to train your account.
Nick Lambert [00:10:29] Yeah, we found that as well. Cameron, like we find, like people talk about density. They only think about a passport or a driver’s license. But of course, it can be your your identity on or on any service as well. So so that’s a good distinction to make. I mean, an interesting use case for us, like I mentioned at the top of the show was Web three ID. And so that is combining verifiable credentials on a decentralized identity that the user holds in their wallet and controls entirely to enable them to access other services. So instead of that signing with Google example I gave, someone might have a sign in with Dock, but instead of you saving in with Google and Google, knowing what you’re doing when you’re signing with Dock, Dock even don’t know what you’re doing. You’re basically using privately held information that only you know that exists in your wallet to access these services and nobody’s tracking you. So that’s a really kind of interesting use case, maybe not an obvious one for those not immersed in the identity space, but then. But but it just shows the breadth of use cases that this technology can cover. And so for that, we partnered with Off Zero, which is a kind of large up and coming player in the authorization and access space. So they’re actually owned by Okta, which is a kind of multibillion dollar corporation, I think, based in the US and also was one of their kind of offshoot. So, so they are really focused on that area. And so they’re, they’re working with, with companies like Dock and also starting with Etherium, which is a really interesting alternate solution from Cypress. I’d think that that one and so so that’s another way you can connect your your Etherium wallet through metamask to access and sites as well so so they’re trying to cover lots of existing technology, typical ways of accessing sites, but then also looking for these emerging solutions as well. So that’s certainly one of the really interesting partnerships that we had and that one just dropped in, I think last month in September.
Cameron D’Ambrosi [00:12:40] Where do you see the identity space headed next in terms of the market landscape? I think we are seeing kind of a global set of approaches emerge, you know, out of the EU. I think we’re we’re poised to have a much more involved, you know, government role in terms of the issuance of verifiable credentials under IDs 2.0 in the U.S., it seems, you know, surprise, surprise that we’re going to have kind of a much more fragmented landscape with a bunch of private sector initiatives and then some public private partnerships. And then maybe the DMVs throwing their hat into the ring with a fragmented landscape of kind of mobile driver’s licenses or other kind of watered down digital credentials, but again, accessible maybe only at a state level. Who knows what’s coming out of the House and Senate with this latest digital identity bill that’s winding through that maybe is going to give us a voluntary, more national approach. You know, where are your what are your predictions for like which way these these things are going to head? And, you know, what what role a Dock you see having in kind of each of those landscapes?
Nick Lambert [00:13:49] Yeah, I think I mean, Europe tends to try to move together, which maybe mix and move a little bit slower. But when they do move, it’s a bit maybe a bit more. What’s the right word? Yeah, everyone’s going to move in the same direction at the same time and be a bit more of an organized approach. I think probably in Europe you get to a point where I think the European Union will make it a legal requirement that people would have as an option the ability to use digital identity. So I think that’s something that is probably going to get pushed through. And so that’s going to be a big shot in the arm for all digital identity vendors, however you deliver your service. You know, basically having that legally mandated, I think will be quite a powerful thing. And in terms of how it deals with that, it’s we’ve typically focused on not necessarily going for government work initially. There’s a couple of things that we have looked at, but it’s extremely slow moving because they’ve got so many stakeholders, they’re typically more risk averse than maybe smaller, faster moving entities. So it’s going to be interesting to see how that one shakes out. Typically on large government contracts, it is the large vendors that that typically would be successful there. So whether that we’ll see that happen in Europe, where the larger identity players, the large technology companies that we know today and will be the ones that get in there. I think that could possibly be the case. I think the what you highlight in the US of a more fragmented approach is probably going to be correct, but I think that that can also offer opportunities, business opportunities for smaller players as well. So if you have much more fragmented market, you have a lot of and potentially quite a lot more innovation. And and yet people are doing things different ways. So at times it can be inefficient. But I think there’s going to be lots of opportunities for for deals for for smaller companies. And what we’re also seeing is that a lot of industries are trying to organize themselves. So not necessarily being relying on. Our governments to do this. Cameron Bit like there’s supply chain drip set up where they’re trying to try and understand a terminology and set in place standards around how do we communicate and how do we want to operate as an industry. Let’s get some agreed understandings and some terms that we’re all familiar with and try and move for is a space that probably is as is understandably slow to pick up new technology because it’s so fragmented. And how do we try and improve that together? So I do think that there’s that current running along as well. That will see those groups like W3C have various working groups that are driving these forward as well.
Cameron D’Ambrosi [00:16:55] Last question. Economics. I think this kind of ties into a lot of the things that we’re seeing, but I think we’ve seen differing approaches to kind of identity should be monetized, I guess, for lack of a better word, in and what the prevailing business models will be and in some ways what they should be. You know, how do you see this? You know, where do you think the value kind of should be created and if you will, extracted from the landscape?
Nick Lambert [00:17:23] And it’s hard as well. And I’ve been involved in companies for maybe a decade or so where you’re trying to most of the web3 technologies are open source. Whether they’re blockchain or something else. And that’s just the way of software typically. More recently is that, you know, people are open sourcing a lot more and being able to use other people’s developments and embody them into their or bring them into their own solutions. And so that is the hard question of how do you potentially monetize open source software. The answer historically has been through things like support. So, you know, you basically take an open source technology and you provide a higher level of support than someone else. But then you need to decide that’s the type of company I want to run or be a part of. And so when we are thinking about that, we’ve we open source the majority of what we do, but then there’s certain tools that we would take that would shorten the development time significantly. So we have an API which for the UN technical people is a way for developers to very quickly integrate their product on top of your service and do so in maybe a matter of days as opposed to a matter of months if that wasn’t the API didn’t exist. And so we charge like a monthly subscription for that API, so know almost treating it like a sustainable model. And so that’s the approach that we are taking. I see quite a few others in the industry also doing the same. The ones that are least focused on are going to be to be market. So so that’s going to be the approach. It’s going to be interesting to see how that all plays out. But yeah, it’s going to be interesting.
Cameron D’Ambrosi [00:19:09] Where should people go if they want to learn more about Dock, if they want to get in touch with you? What is the best place for them to? To learn more or to reach out.
Nick Lambert [00:19:19] The best places? Just Dr. IO. So Dock Keto IO is our main site and I think most of the links that you could find would be there. And we’ve got like Discord channels and Twitter to keep up with announcements on our website. You can also sign up to our can of, I think as biweekly as a bi monthly newsletter on that site as well. So that can be a nice way of just keeping up to date with information without needing to remember to continually check back.
Cameron D’Ambrosi [00:19:48] Fantastic. Well, Nick, thank you so much. Really, really appreciate it.
Nick Lambert [00:19:53] Oh, you’re welcome. Thanks for having me on again. I appreciate it.
In this episode of the State of Identity podcast, host Cameron D’Ambrosi talks with Eric Olden, the co-founder and CEO of Strata Identity. Join us as they discuss the challenges faced by today’s multi-vendor/multi-cloud enterprise technology landscape and how forward-looking executives view identity as an opportunity, not a cost center. They also delve into the importance of moving towards passwordless authentication and the role of identity orchestration in addressing these challenges.
In this episode of the State of Identity podcast, Liminal host Cameron D’Ambrosi and Justin McCarthy, the co-founder and CTO of StrongDM explore the dynamic landscape of digital identity and access management, addressing the challenges and trends that shape the industry. They talk about what it means to move towards a “credential-less” world and discuss the complexities of authentication, authorization, and the role of proxies in bridging old and new technologies. McCarthy highlights the imperative for convergence among various tools, including the essential role of AI, providing a unified approach to access control, governance, and policy enforcement.
Join Liminal in this podcast episode as we delve into the evolving landscape of fraud prevention and identity security. Our guest, Amelia Algren, Executive Vice President of Strategy and Operations at BioCatch, sheds light on how the intersection of behavioral biometrics and industry collaboration is shaping a new era of protection against scams and cyber threats. Discover how generative AI and deepfakes alter the game for fraudsters and understand the impending increase in fraud liability for financial institutions. Explore innovative biometric technology that captures subtle cues in user behavior to identify fraudsters and safeguard digital transactions. Learn how it’s paving the way for a safer digital world – from detecting account takeovers to uncovering advanced impersonation scams. Tune in to gain insights into the strategies revolutionizing the fight against fraud.
Join us as Trinsic’s Co-founder & CEO, Riley Hughes, shares insights into the process of establishing the infrastructure for deploying reusable identities across various industries and use cases. In this episode, we discuss Utah’s age verification mandate and explore the future of business models for monetizing verifiable credentials.
Trusona Founder & CEO Ori Eisen joins State of Identity for a deep dive into all things passwordless. Learn the most common mistakes platforms make when attempting to move beyond passwords, why stakeholders beyond the CISO must be involved in the conversation, and how platforms can have their cake and eat it when it comes to delighting customers without making cybersecurity risk sacrifices.
Domingo Guerra, EVP of Trust at Incode, joins State of Identity podcast host Cameron D’Ambrosi to discuss why trust underpins digital innovation, how Incode is seeking to differentiate its platform amidst increasing competition, and the most exciting new use cases and verticals for identity-proofing beyond regulated industries.