About Podcast Episode
We often think about our personal identities when we think of verifiable identifiers and verifiable credentials. We think of things like personal credentials, mobile driver’s licenses, or professional accreditations. But what about using the same tools and principles when it comes to managing the identity of an organization? How do the same tools and principles apply when managing the identity of an organization? Is it easier or more challenging to implement these concepts for organizational identities compared to personal ones? And importantly, what are the implications and impacts of effectively managing organizational identity?
In this podcast conversation with Lance Byrd, we delve into these questions, exploring the nuances and potential of organizational identity in the digital age.
Lance has been closely involved with the Global Legal Entity Identifier Foundation (GLEIF), an initiative born out of the 2008 financial crisis. GLEIF’s primary mission is to foster a transparent global system for identifying legal entities, known as the Legal Entity Identifier (LEI). This system is crucial for enhancing transparency in organizational identities, which is essential for effective regulation and risk assessment. More recently, GLEIF has focused on expanding the LEI’s utility by transforming it into a verifiable credential, termed the vLEI. This discussion with Lance taps into various use cases, frameworks, and insights from GLEIF, providing a deeper understanding of the complexities and significance of organisational identity.
In our conversation, I was particularly intrigued by Lance’s insights on the contrast between administrative and cryptographic trust. Administrative roots of trust, which are widespread in our daily lives, often lead to persistent cybersecurity challenges. Lance elaborated on how cryptographic roots of trust offer more secure and dependable methods for identity verification. We delved into real-world scenarios, including the recent MGM/Okta cyberattack, to illustrate these concepts.
This discussion was enlightening, and it felt like we could easily spend many more hours exploring this topic. There might be more on this in 2024! I hope you find this podcast episode as engaging and informative as I did.
The full list of topics discussed between Lance and I in this podcast include:
- Differences Between Personal and Organizational Identity: We explored the unique challenges and political concerns surrounding personal identity, contrasting them with the complexities yet seemingly smoother processes in organizational identity.
- Legal and Privacy Concerns in Identity Management: The discussion highlighted how legal structures and privacy concerns shape the management of both personal and organizational identities, with a special focus on GDPR and its implications.
- Governance and Trust in Organizational Identity: The conversation shifted to the role of governance and trust in shaping organizational identity, using examples like the EU Banking Authority to illustrate these concepts.
- Integrity of Signatures and Cybersecurity: We discussed the critical importance of signature integrity in preventing cybersecurity attacks, examining recent incidents like the MGM Okta attack.
- Security Mechanisms and Key Rotation: The podcast touched upon the importance of security mechanisms like key rotation in enhancing digital security, differentiating it from traditional password changes.
- The Interplay of Security Features and User Experience: We delved into how user experience and design play a crucial role in the adoption of security technologies, balancing ease of use with robust security measures.
- Differences in UX Between Consumer and Organizational Contexts: The discussion concluded with an examination of the varying approaches to user experience in consumer versus organizational settings, and the challenges in changing consumer behaviour regarding privacy and security.
Lance Byrd is a secure organizational identity developer at GLEIF and co-founder of RootsID. He has been working on secure global scale data systems for over 20 years. He is helping to build the verifiable Legal Entity Identifier (vLEI) ecosystem to facilitate trusted interactions between legal entities around the globe. He is the co-chair of the Trust over IP (ToIP) did:webs task force which is an effort to secure did:web and bridge the DID-based ecosystem with the vLEI ecosystem. He participates in many open source and specification efforts with Trust over IP, KERI, Decentralized Identity Foundation, Hyperledger, and W3C. And, has given public talks on SSI, KERI, the vLEI ecosystem, identity wallets, DIDComm, and more.
Where to find Lance?
➡️ LinkedIn: https://www.linkedin.com/in/2byrds/