Last Update 10:54 AM May 19, 2022 (UTC)

Company Feeds | Identosphere Blogcatcher

Brought to you by Identity Woman and Infominer.
Support this collaboration on Patreon!

Thursday, 19. May 2022

Infocert (IT)

“Internet governance: una questione di digital trust”, leggi il contributo di Igor Marcolongo, Lorenzo Piatti e Alessandra Bossi sulla Rivista italiana di Informatica e Diritto.

“Internet governance: una questione di digital trust” è il titolo dell’articolo a firma di tre professionisti InfoCert pubblicato nell’ultima edizione della Rivista italiana di informatica e diritto (RIID 2022, 4, 10) dello scorso 12 maggio, sul tema “La Internet governance e le sfide della trasformazione digitale”.  La Rivista italiana di informatica e diritto (RIID) è un periodico

“Internet governance: una questione di digital trust” è il titolo dell’articolo a firma di tre professionisti InfoCert pubblicato nell’ultima edizione della Rivista italiana di informatica e diritto (RIID 2022, 4, 10) dello scorso 12 maggio, sul tema “La Internet governance e le sfide della trasformazione digitale”. 

La Rivista italiana di informatica e diritto (RIID) è un periodico scientifico telematico ad accesso aperto edito dall’Istituto di Informatica Giuridica e Sistemi Giudiziari del Consiglio Nazionale delle Ricerche (IGSG-CNR), il quale si occupa di fare studi e analisi critiche sia sui problemi applicativi delle nuove tecnologie dell’informazione nel campo del diritto, sia sulla regolamentazione dello sviluppo dell’informatica e della telematica nelle moderne società. 

Un nuovo ecosistema digitale per bilanciare gli interessi di cittadini e mercato 

Una rete internet impostata su una governance affidabile e utilizzabile a livello globale ha sicuramente alla base due pilastri principali, capaci di renderla forte: regolamentazione e identità digitale. 

In un momento storico come questo, dove Internet ha creato una relazione molto intima con gli utenti è sempre più importante, infatti, che il regolatore prenda posizione. 

Nello scrivere il loro contributo “Internet governance: una questione di digital trust”, Igor Marcolongo – Head of Business & Solutions Compliance, Lorenzo Piatti – Head of Trust Specialists, Business & Solutions Compliance ed Alessandra Bossi Analyst, Business & Solutions Compliance, si soffermano sul tema del trust digitale, analizzando più aspetti di fondamentale importanza.  

L’analisi parte dal concetto di internet governance, cos’è e qual è l’impatto che essa ha avuto a livello teorico-filosofico, di conseguenza qual è il rapporto tra legge e codice, per arrivare alle evoluzioni portate avanti dai legislatori italiano ed europeo in ottica migliorativa, al fine di garantire un ecosistema in grado di bilanciare gli interessi dei cittadini e del mercato. 

Quale ruolo ha in questo contesto l’identità digitale? 

Nel corso del tempo sono stati numerosi i tentativi messi in atto da organizzazioni pubbliche e private per approcciare il tema dell’identità online, iniziali soluzioni centralizzate hanno lasciato spazio a proposte federate e le tendenze di democratizzazione e digital sovereignty hanno successivamente permesso il fiorire di un nuovo approccio, quello della Self Sovereign Identity. 

Un’ultima riflessione necessaria è poi relativa alla normativa europea in vigore e sugli strumenti tecnici organizzativi che possono essere più idonei affinché il mercato digitale sia reso sicuro e affidabile. in un momento storico come questo, dove Internet ha creato una relazione molto intima con gli utenti è sempre più importante, infatti, che il regolatore prenda posizione. 

Leggi l’articolo

The post “Internet governance: una questione di digital trust”, leggi il contributo di Igor Marcolongo, Lorenzo Piatti e Alessandra Bossi sulla Rivista italiana di Informatica e Diritto. appeared first on InfoCert.


Monetha

Reward Sites: 7 Great Options to Earn More and Spend Less

Have you ever dreamt of shopping where you can earn rewards and spend extra cash without doing anything? Fortunately for you, many rewards sites appeared on the market over the last few years that can save you money online when purchasing on Amazon or another favorite shopping site of yours. In this article, we will see what rewards sites are, how you can benefit from them, and the best ones

Have you ever dreamt of shopping where you can earn rewards and spend extra cash without doing anything? Fortunately for you, many rewards sites appeared on the market over the last few years that can save you money online when purchasing on Amazon or another favorite shopping site of yours.

In this article, we will see what rewards sites are, how you can benefit from them, and the best ones you can find today.

What are Rewards Sites?

Rewards sites are websites that allow their users to start earning points and win different gifts, such as free products, or take a massive discount on their next orders. In return, they should be referring friends or conducting some tasks — like filling out surveys or submitting some sort of content that can help the website.

But one question arises. If these sites give you freebies, how do they earn their money? Is there some gimmick? Are they scamming you? These are some of the questions we will answer below.

How do Reward Sites Work?

Rewards sites generate their revenue by partnering with companies on affiliate terms. To make it simple, these platforms operate as affiliate websites with one key difference — they are sharing the rewards with customers.

Major brands and ecommerce marketplaces are interested in co-operating with rewards sites, as the latter could drive more traffic and increase sales. As a result, such businesses have more lucrative terms.

The outcome also favors the end client — they can have a decent share of the commission earned by the websites.

Customers can earn a cash back for each dollar spent on rewards sites (learn more about how cash back works here). The good news is that users can also earn free points by taking surveys or watching videos — in other words, you’re earning money by sharing your data. It all depends on the campaigns that are being promoted.

The 7 Best Reward Sites

Аs with every single niche, we have a lot of choices but not every rewards site can be an industry leader. Let’s see some of the notable names that each customer should know.

1. Monetha

Monetha has hundreds of stores in 9 categories with rewards. Users earn Monetha Rewards for each euro that has been spent on the platform. If you find a good deal, you can get up to 800 Rewards per euro spent. You can convert the Rewards in crypto, gift cards, or donate to charity.

While the platform is considered a newer one, it holds a lot of value, considering its expansion and better offers popping up daily. Not only that, it also has a huge focus on privacy: user profiles are fully encrypted. It might be not important for majority of users now, but soon Monetha will allow users to share their profiles with stores for additional discounts and Rewards. It’s something not every rewards site can boast about.

2. Swagbucks

Swagbucks is a rewards site where you are able to earn points called SB. Users can use SB to purchase various gift cards and retail items, given as cash via PayPal, or donated to charities like the World Wildlife Fund. You can earn SB by taking surveys, shopping online and in-store, watching videos, downloading apps, playing games online and offline, and doing computer-related tasks.

You can get up to 10% cashback when It’s a rewards website worth checking out. According to Swagbucks, they’ve given over 530 million dollars to their website members, and they give 7,000 gift cards per day.

3. Rakuten (formerly known as Ebates)

Rakuten is most widely known as the kit sponsor for FC Barcelona. However, it owns Ebates (the previous name of the reward site) for around eight years now. It is an excellent cashback service that lets you earn while you shop.

It’s easy to establish and connect your accounts, and Rakuten gives you plenty of opportunities to accumulate points through the various offers available there.

You usually earn points — like 1% for the value of all Apple products, 2% of all Nikes, etc. However, there are times when you can save a lot of money with up to 35–40% of the value of the products. All you need to do is seek great deals.

4. BeFrugal

BeFrugal is a cashback site that gives you cash for every online purchase you make. When you shop at retailers from all over the web, BeFrugal makes sure you get outstanding offers from big stores like Macy’s, Walmart, Tesco, etc.

While you can get some of the best deals on the market (reaching up to 80% at times), you can earn cash back with each purchase. You can also qualify for a “Double Cash Back Event,” which can see you gain even better deals.

We have to mention that you have a $10 bonus for referring friends and $10 when signing up.

5. Checkout51

As the name indicates, Checkout51 is targeted at those who hit the road more often. Every time you visit gas stations supported by Checkout51, you can receive up to 25 cents per gallon when purchasing fuel and around 20 when buying goods.

What you need to do is download and install the app for iOS or Android, upload the receipts, and withdraw when you have at least $20 in savings in a check.

There are over 5,000 stores supported, and you can print your receipt in English, Spanish, and French. Check out for great offers, too. Every week they change.

6. Groupon

Groupon provides access to thousands of things to do, places to eat, and services that improve your daily life. With deals available for any meal of the day, any occasion in your home, and planned activities for you and your whole family, it’s easy to find something you’ll love.

Their app for Android and iOS is quite intuitive, and you can get some fantastic deals out there.

There are special offers like “Beauty Week,” where you can save up to 81% on cosmetic procedures or massages. It’s a place worth checking out, as there are new things to do and buy regularly.

7. PINCHme

If you want to test a sample for free, then PINCHme is the right choice. PINCHme works with hundreds of reputable brands and manufacturers, including Unilever, Nestle, Kraft, Mars, Pepsico, etc.

All you need to do is be active and provide feedback on the sample you have been given. It’s worth it, as you receive the product for free. But that’s not all. You also earn points that you can use to purchase other goods for a better price.

Conclusion

People have always valued different discounts. And while they are used to getting some cashback rewards via their credit cards, rewards sites take the mobile shopping experience to the next level. Customers who love product hunting are satisfied with the added flexibility of outstanding offers and coupon codes!

Originally published at https://www.monetha.io.


Okta

Secure and Deploy Micro Frontends with Angular

Micro frontends continue to gain interest and traction in front-end development. The architecture models the same concept as micro services - as a way to decompose monolithic front-end applications. And just like with micro services, micro frontends have complexities to manage. This post is part two in a series about building an e-commerce site with Angular using micro frontends. We use Webpack

Micro frontends continue to gain interest and traction in front-end development. The architecture models the same concept as micro services - as a way to decompose monolithic front-end applications. And just like with micro services, micro frontends have complexities to manage.

This post is part two in a series about building an e-commerce site with Angular using micro frontends. We use Webpack 5 with Module Federation to wire the micro frontends together, demonstrate sharing authenticated state between the different front ends, prepare for deployment using dynamic module loading, and deploy it all to Vercel’s free hosting plan.

In this second post, we’re building on the site we created in part one, How to Build Micro Frontends Using Module Federation in Angular. Let’s add dynamic module loading to our cupcake e-commerce site, secure unprotected routes, and set up the site for deployment in Vercel, a service designed to improve the front-end development workflow. 🎉

In the end, you’ll have an app that looks like this publicly available through Vercel:

Prerequisites

Node This project was developed using Node v16.14 with npm v8.5 Angular CLI GitHub Account Vercel Account connected through your GitHub credentials for automating deployment.

Table of Contents

Review the Angular micro-frontends project using Webpack and Module Federation Dynamic loading of micro-frontend remotes Deploy your micro-frontend project using Vercel Update the routes to support micro-frontend paths for production Add your deployment URL to Okta Secure your micro frontends Build the micro frontend on a relevant change Beyond this post Learn about Angular, microservices, OpenIDConnect, managing multiple deployment environments, and more Review the Angular micro-frontends project using Webpack and Module Federation

Let’s start by refreshing our memories—dust off your project from the first post. Just like last time, we’ll need both IDE and the terminal.

We have the host application, shell, and two micro-frontend remotes, mfe-basket and mfe-profile. We’re using @angular-architects/module-federation to help facilitate the Module Federation plugin configuration. The cupcake basket functionality code resides in the shared library, and we share authenticated state using Okta’s SDKs.

Serve all of the Angular applications in the project by running:

npm run run:all

When you run the project, you should see all the beautiful cupcakes this store sells. You’ll be able to sign in, view your profile, add items to your basket, view your cupcake basket, and sign out. All the basics for handling your sweet treat needs!

Note: If you want to skip the first post and follow along with this tutorial, you can clone the code sample repo to get going. You will be missing quite a bit of context, though. Use the following commands in this case:

git clone --branch local https://github.com/oktadev/okta-angular-microfrontend-example.git npm ci npm run run:all

You’ll need to follow the instructions on creating the Okta application and updating the code with your Okta domain and client ID.

Dynamic loading of micro-frontend remotes

So far, we’ve been serving the cupcake micro-frontend website using the npm script run:all, which serves all three applications at once. Let’s see what happens if we only try serving the host application. Stop serving the site, run ng serve shell to serve the default application, shell, and open the browser.

When you navigate to http://localhost:4200, you see a blank screen and a couple of console errors. The console errors happen because shell can’t find the micro-frontend remotes at ports 4201 and 4202. 👀

These errors mean the host is loading the micro frontends upon initialization of the host, not upon route change like you might think based on configuring a lazy-loaded route in the routing module. Doh!

With the @angular-architects/module-federation library’s loadRemoteModule() method, we can dynamically load the micro-frontend remotes upon route change with a few quick changes.

Open projects/shell/src/app/app-routing.module.ts.

The function we pass into the loadChildren property for the lazy-loaded routes changes to using loadRemoteModule(). Update your routes array to match the code below.

import { loadRemoteModule } from '@angular-architects/module-federation'; const routes: Routes = [ { path: '', component: ProductsComponent }, { path: 'basket', loadChildren: () => loadRemoteModule({ type: 'module', remoteEntry: `http://localhost:4201/remoteEntry.js`, exposedModule: './Module' }).then(m => m.BasketModule) }, { path: 'profile', loadChildren: () => loadRemoteModule({ type: 'module', remoteEntry: `http://localhost:4202/remoteEntry.js`, exposedModule: './Module' }).then(m => m.ProfileModule) }, { path: 'login/callback', component: OktaCallbackComponent } ];

Now that you’re loading the remotes within the route definitions, you no longer need to define the remote URI in the projects/shell/webpack.config.js. Go ahead and remove or comment out the remotes in the webpack.config.js file. Another benefit of dynamic remote loading is that we no longer need to declare the modules to help TypeScript. Feel free to delete the projects/shell/decl.d.ts file. 🪄

Double-check everything still works by running npm run run:all.

Then stop serving the project and try running only the shell application by running the following command:

ng serve shell

You should now see the shell application and only see a console error when navigating to a route served by a micro-frontend remote. Success!

Deploy your micro-frontend project using Vercel

Now that the cupcakes site is working locally let’s deploy this beautiful website using Vercel. Ensure you’ve authorized Vercel access to GitHub because we’ll take advantage of the built-in integration to deploy changes from the main branch automatically.

First, push your project up to a GitHub repo. If you wish to obscure your Okta configuration, you can make the repo private. The Okta configuration code is not confidential information, as single-page applications are public clients. If you don’t like committing the configuration values into code, you can load the configuration values at runtime or use environment variables as part of your build step. I won’t get into the details of how to handle that here, but I will include some links at the end. Make sure to leave the checkbox for Intialize this repository with a README unchecked.

In the Vercel dashboard, press the + New Project button to import a Git repository. Depending on what permissions you granted to Vercel, you might see your newly created GitHub repo immediately. If not, follow the instructions to adjust GitHub app permissions and allow Vercel access to the repo. Press the Import button for the repo to continue. You’ll see a form to configure the project within Vercel.

The idea behind micro frontends is to be able to deploy each application independently. We can do this in Vercel by creating a separate project for each application. Vercel limits the number of projects for a single repo to three in the free plan. What an extraordinary coincidence!

First, we’ll configure the project for the micro-frontend host, the shell application. To keep the projects organized, incorporate the application name into the Vercel project name, such as okta-angular-mfe-shell. You’ll also need to update the build command and output directory for the shell application. Update your configuration to look like the screenshot below.

Press the Deploy button to kick off a build and deploy the application.

You’ll see a screenshot of the application and a button to return to the dashboard when finished. On the dashboard, you’ll see the deployed URI for the application and a screenshot of the cupcakes storefront. If you visit the URI, the routes won’t work yet if you try navigating to the remotes. We need to deploy the remote projects and update the URI to the remotes in the route definition. Keep that URI for the shell application handy; we’ll use it soon.

Return to the Vercel dashboard, create a new project, and select the same repo to import. This time we’ll configure the remote application mfe-basket. Update your configuration to look like the screenshot below.

Take note of the deployed URI for the mfe-basket application.

Return to the Vercel dashboard to repeat the process for the final remote application, mfe-profile. Update your configuration to look like the screenshot below.

Take note of the deployed URI for the mfe-profile application.

Update the routes to support micro-frontend paths for production

We need to update the route definition to include the URI for the deployed application. Now that you have the URI for the two micro-frontend remotes, you can edit projects/shell/app/app-routing.module.ts. The values in the remoteEntry configuration option in the loadRemoteModule() method are where you’d define the path. But if we update this value to use the deployed URI, then you’ll no longer be able to run the application remotely.

We’ll use the environments configuration built into Angular to support both local and deployed environments and define a configuration for serving locally versus production build.

We’ll configure serving locally first. Open projects/shell/src/environments/environment.ts and add a new property for the micro-frontend remotes.

export const environment = { production: false, mfe: { "mfeBasket": "http://localhost:4201", "mfeProfile": "http://localhost:4202" } };

Next, we’ll use the values in the route definition. Open projects/shell/src/app/app-routing.module.ts and update the remoteEntry properties to use the new properties in the environment.ts file below.

import { environment } from '../environments/environment'; const routes: Routes = [ { path: '', component: ProductsComponent }, { path: 'basket', loadChildren: () => loadRemoteModule({ type: 'module', remoteEntry: `${environment.mfe.mfeBasket}/remoteEntry.js`, exposedModule: './Module' }).then(m => m.BasketModule) }, { path: 'profile', loadChildren: () => loadRemoteModule({ type: 'module', remoteEntry: `${environment.mfe.mfeProfile}/remoteEntry.js`, exposedModule: './Module' }).then(m => m.ProfileModule) }, { path: 'login/callback', component: OktaCallbackComponent } ];

Feel free to serve the project using npm run run:all to double-check everything still works.

Now we’ll add the configuration for the deployed applications. Open projects/shell/src/environments/environment.prod.ts and add the same property for the micro-frontend remotes. Replace the URI with the deployed location.

export const environment = { production: true, mfe: { "mfeBasket": "https://{yourVercelDeployPath}.vercel.app", "mfeProfile": "https://{yourVercelDeployPath}.vercel.app" } };

Angular automatically replaces the environment.ts file to match when you build the project. So if you’re serving locally, you’ll use the contents from environment.ts, and if you run ng build to create the release, you’ll use the contents from environment.prod.ts.

Note: Vercel has a release promotion mechanism where you first release to a staging environment to conduct release verification, then promote the verified application to prod. With this flow, we’d need to add more complexity to the way we access the URIs. This tutorial will simplify things to only use one environment, but if you need to handle a multi-step release environment configuration, check out the links to blog posts at the end for handling per-environment configuration.

Add your deployment URL to Okta

You’ll need to update the Okta application with the new deploy location so that you can sign in. Open the Okta dashboard. Navigate to Applications > Applications and select the Okta application you created for this project. On the General tab, press the Edit button on the General Settings section and add the new deploy URI for the shell application.

Next, add the deploy URI as a Trusted Origin in Okta. Navigate to Security > API and then navigate to the Trusted Origins tab. Press + Add Origin. Add the deploy location and select CORS for the type.

Commit your changes and push to your main branch. After the build succeeds, you should be able to use the deployed site from end to end!

Secure your micro frontends

Right now, you can access what should be protected routes by manually typing in the full URI to the profile route. Even though you don’t see any profile information, we aren’t guarding the route. Let’s make the site a little more secure by protecting the route.

Open projects/shell/src/app/app-routing.module.ts. We’ll add a route guard that comes out of the box with Okta’s Angular SDK. Update the route definition for the profile route as shown below.

import { OktaCallbackComponent, OktaAuthGuard} from '@okta/okta-angular'; { path: 'profile', loadChildren: () => loadRemoteModule({ type: 'module', remoteEntry: `${environment.mfe.mfeProfile}/remoteEntry.js`, exposedModule: './Module' }).then(m => m.ProfileModule), canActivate: [OktaAuthGuard] },

Now if you navigate directly to the profile route, you’ll first redirect to Okta’s sign-in page, then redirect back to the profile route.

Route protection works well from within the micro-frontend shell. But what if you navigate directly to the URI where the profile micro frontend resides? You will still be able to navigate to the profile route within the micro frontend because there isn’t a guard within the profile application.

This brings us to an interesting concept. In order to fully secure your micro frontends, you should protect routes defined within your micro frontend as well. To add the Okta route guard, you’ll need to import the OktaAuthModule into the mfe-profile application’s AppModule, and add the same configuration as you did for the shell application. The Module Federation configuration shares the Okta library between the applications when accessed via the host application. In contrast, mfe-profile will need its own instance of authenticated state when accessed in isolation from the shell application. Having its own instance of authenticated state means you should add sign-in and sign-out capability in the AppComponent of the mfe-profile application too. This will also allow you to test each micro-frontend application independently.

Security + testing = winning!

Build the micro frontend on a relevant change

As mentioned in this post, the value of micro frontends is the ability to deploy each application independently. In production systems, you may need to handle multiple build steps and build out an entire workflow of CI/CD, but for this tutorial, we can cheat a little and still get the benefits of separate deployments. We will add a configuration in Vercel only to kick off a build when there’s changes in the relevant application code.

From the Vercel dashboard, open the Vercel project for the mfe-basket application. Navigate to the Settings tab and select Git. In the Ignored Build Step, we can add a Git command to ignore all changes except those in the projects/mfe-basket directory.

Add the following command:

git diff --quiet HEAD^ HEAD ./projects/mfe-basket

Next, open the Vercel project for the mfe-profile application to update the Ignored Build Step command. Now add this command:

git diff --quiet HEAD^ HEAD ./projects/mfe-profile

Lastly, open the Vercel project for the shell application to update the Ignored Build Step command. This command is a little different because we want to pick up any changes to the project excluding this changes to mfe-basket and mfe-profile. Add the following command:

git diff --quiet HEAD^ HEAD -- ':!projects/mfe-basket' ':!projects/mfe-profile'

Now, if you make a change in a micro-frontend application, only that micro-frontend application will build and deploy. All three projects will notice the change and start building but will immediately cancel the build if the build step should be ignored for the project.

Beyond this post

I hope you’ve enjoyed creating and deploying this micro-frontend e-commerce site with beautiful pictures of tasty cupcakes. In this post, we used dynamic module loading to load micro frontends lazily within the host application, deployed the project to Vercel, added in multi-environment route configuration, and leveraged a micro-frontend benefit by enabling deployment upon relevant changes. You can check out the completed code for this project in the deploy branch of the code repo by using the following command:

git clone --branch deploy https://github.com/oktadev/okta-angular-microfrontend-example.git Learn about Angular, microservices, OpenIDConnect, managing multiple deployment environments, and more

Want to learn more? If you liked this post, check out the following.

Three Ways to Configure Modules in Your Angular App Managing Multiple .NET Microservices with API Federation How to Build and Deploy a Serverless React App on Azure Loading Components Dynamically in an Angular App Add OpenID Connect to Angular Apps Quickly

Don’t forget to follow us on Twitter and subscribe to our YouTube channel for more exciting content. We also want to hear from you about what tutorials you want to see. Leave us a comment below.

Wednesday, 18. May 2022

IdRamp

Orchestrate your identity management strategy

While identity management is supposed to be a solution, it’s increasingly turned into its own, special kind of headache: It’s often difficult to deploy and operate, is too rigid to encompass the diversity of essential business applications and is underpowered to meet emerging security approaches like zero trust and integrate with new services. The post Orchestrate your identity management strateg

While identity management is supposed to be a solution, it’s increasingly turned into its own, special kind of headache: It’s often difficult to deploy and operate, is too rigid to encompass the diversity of essential business applications and is underpowered to meet emerging security approaches like zero trust and integrate with new services.

The post Orchestrate your identity management strategy first appeared on IdRamp | Decentralized Identity Evolution.

Coinfirm

Jobs: Fraud Investigation Specialist

Want to take the fight to the fraudsters? Fancy yourself a bit of an investigator? Up for a special challenge? Welcome to Coinfirm. Coinfirm is a global leader in AML & RegTech for blockchain & cryptocurrencies. Coinfirm is full of professionals with experience in litigation, finance and IT powering the mass adoption of blockchain. Offering the industry’s largest blockch
Want to take the fight to the fraudsters? Fancy yourself a bit of an investigator? Up for a special challenge? Welcome to Coinfirm. Coinfirm is a global leader in AML & RegTech for blockchain & cryptocurrencies. Coinfirm is full of professionals with experience in litigation, finance and IT powering the mass adoption of blockchain. Offering the industry’s largest blockchain coverage...

FindBiometrics

American Green Consolidates Business With Acquisition of Biometric Vending Machines Maker

American Green will be handling vending machine production in-house after completing its acquisition of Vendweb. Vendweb has been building the biometric American Green Xpress (AGX) vending machines for the past […] The post American Green Consolidates Business With Acquisition of Biometric Vending Machines Maker appeared first on FindBiometrics.
American Green will be handling vending machine production in-house after completing its acquisition of Vendweb. Vendweb has been building the biometric American Green Xpress (AGX) vending machines for the past five years, delivering machines that use face and finger vein recognition to verify the identities of registered consumers. The AGX (more…)

The post American Green Consolidates Business With Acquisition of Biometric Vending Machines Maker appeared first on FindBiometrics.


Anonym

Part 4: 7 Benefits to Enterprises from Proactively Adopting Decentralized Identity

As you’d be aware, two of the most widely discussed software/service requirements are security and interoperability. Whether it be for user-level data protection or government-mandated legislative compliance, enterprises require innovative security solutions that help them meet emerging threats.  Decentralized security solutions are built on security and privacy-focused paradig

As you’d be aware, two of the most widely discussed software/service requirements are security and interoperability. Whether it be for user-level data protection or government-mandated legislative compliance, enterprises require innovative security solutions that help them meet emerging threats. 

Decentralized security solutions are built on security and privacy-focused paradigms, such as Ann Cavoukian’s Privacy By Design, which emphasize end-to-end encryption, least privileges (for data access), etc. 

Interoperability has also become a business necessity. While email is a ubiquitous interoperable standard, the more recent secure encrypted messaging systems have emerged as single company controlled “walled gardens” that create vendor lock-in rather than introducing new types of interoperable service offerings. 

The standardized decentralized identity service offerings will enable business to attain both strong security and cross-platform interoperability. 

We’ve previously noted on this blog that businesses that seize the opportunity to implement emerging standardized decentralized Identity technologies will create a long-term competitive advantage that will enable them to get ahead of the competition and maintain these advantages far into the future.

For proactive organizations, decentralized identity technologies will:  
reduce the need for centralized databases (and the data items they contain) to the absolute minimum (e.g. for regulatory purposes) and thus give customers complete control and ownership over their personal data   reduce vulnerability to data misuse by those charged with managing it, and to cyberattacks, fraud and other financial crimes  make customers’ lives easier by eliminating passwords for login and ongoing authentication  generate unprecedented levels of human trust between the organization and its customers and partners   reduce the compliance burden of managing customers’ personal data in services  allow participation in an open, trustworthy, interoperable, and standards-based identity management ecosystem   enable exciting new business alliances within which partners can communicate and exchange information securely to deliver services (e.g. in medical or education). 

As we said at the start of this article series, Big Tech is scooping up users’ digital exhaust like candy and using it to generate massive profits. Big Data analytics technology is being used to commercialize knowledge of user behavior and influence their digital activities. The privacy crisis is real. 

Consumers want a solution – and businesses, largely due to regulatory requirements, also want to increase user privacy and protect data entrusted to them by their customers. As businesses provide customers with innovative privacy-preserving solutions, customers will reward them with their loyalty. 

We believe the solution lies in returning control over personal information back to users through digital identities and decentralized identity technologies – the future of privacy and identity management on the internet.

Building on the Sudo digital identity and the Sudo Platform privacy and cyber safety capabilities – which contain integrated decentralized identity enhancements – enterprises can rapidly develop and deploy branded privacy and cyber safety solutions to their customers and create a significant competitive advantage. 

Talk to us about how we can help you.

Next week, in the final part of this series, we’ll explain how we are actively contributing to decentralized identity development.

The post Part 4: 7 Benefits to Enterprises from Proactively Adopting Decentralized Identity appeared first on Anonyome Labs.


FindBiometrics

Police and Industry Lobbyists Push Back Against Facial Recognition Bans

Law enforcement agencies and industry lobbyists are starting to push back against some of the facial recognition bans that were put in place across the United States. A little more […] The post Police and Industry Lobbyists Push Back Against Facial Recognition Bans appeared first on FindBiometrics.
Law enforcement agencies and industry lobbyists are starting to push back against some of the facial recognition bans that were put in place across the United States. A little more than two dozen state and local governments have implemented facial recognition laws in the past few years, beginning in 2019 (more…)

The post Police and Industry Lobbyists Push Back Against Facial Recognition Bans appeared first on FindBiometrics.


Civic

Crypto Industry Leaders Champion Free Multi-Chain Scam Reporting Tool, Chainabuse, to Empower Users Against Crypto Fraud

Community-driven platform powered by blockchain intelligence firm TRM Labs  San Francisco, CA — May 18, 2022 – TRM Labs, the leader in blockchain intelligence solutions, along with crypto industry leaders including Circle, Solana Foundation, The Aave Companies, Hedera, Binance.US and Civic, have today announced the launch of a new community-powered scam reporting platform, Chainabuse, which [

Community-driven platform powered by blockchain intelligence firm TRM Labs 

San Francisco, CA — May 18, 2022 – TRM Labs, the leader in blockchain intelligence solutions, along with crypto industry leaders including Circle, Solana Foundation, The Aave Companies, Hedera, Binance.US and Civic, have today announced the launch of a new community-powered scam reporting platform, Chainabuse, which empowers anyone in the crypto economy to warn others about scams, hacks or other fraudulent activity as they encounter it. The free tool enables crypto users, victims of financial crimes, and crypto businesses to take an active role in making the crypto ecosystem a safer place to operate.

Despite current volatility, the cryptocurrency industry has grown considerably over the last few years, peaking at a $3 trillion market cap in 2021. But as adoption has increased, so too has the rate of hacks and scams targeting crypto users. Warnings of scams are often reported on social media sites such as Twitter or Discord, but these posts can be difficult to validate, consolidate or track over time.

Chainabuse is the first purpose-built platform of its kind – a multi-chain reporting tool that allows crypto users to report illicit activity to a public forum where others can upvote, downvote or leave comments to contribute additional information. Reports on the same addresses or entities are consolidated and housed in a searchable database, which anyone can use to proactively check addresses or projects before engaging with them. 

“In numerous recent attacks and instances of malicious activity, we have already seen the crypto community’s potential to come together to root out bad actors and help protect each other, “ said Joe McGill, former U.S. Secret Service and Postal Investigator, now part of the global investigations team at TRM and one of Chainabuse’s chief architects. “Chainabuse was designed to make it easier for more people to play an active role in advancing that culture and ensure that the spirit of community remains one of crypto’s most powerful attributes.”

The platform is powered by the crypto community and supported by leading crypto businesses, protocols, and foundations committed to making the crypto ecosystem a safe and trusted environment. Chainabuse provides partner crypto platform operators with a consolidated view of illicit activity reports from users, allowing them to identify prevalent, legitimate complaints and launch investigations more quickly.

“Chainabuse significantly enhances the depth and effectiveness of our compliance monitoring program by leveraging an aggregated view of the distributed efforts of the entire crypto community,”  said Mandeep Walia, Chief Compliance and Risk Officer at Circle. 

“The safety and security of web3 users is our top priority. Working with TRM Labs will enable us to reduce scams and hacks, which have cost people millions of dollars. Chainabuse will allow us to work together with industry partners to promote a better environment for the next million participants of DeFi and web3,” said Stani Kulechov, CEO of Aave. 

“TRM Labs is the industry go-to for blockchain investigations, and Chainabuse fills a missing part of a more trusted ecosystem with much-needed resources for scam victims,” said Chris Hart, CEO of Civic. “We’re proud to forge a partnership with TRM Labs and build more intelligence into the investigative process together.”

“DLT and crypto requires a higher level of trust for more mainstream adoption, and tangible safety measures to protect consumers and users,” said Sam Brylski, Regulatory Counsel and Chief Compliance Officer for Hedera. “We are pleased to work with other industry leaders to deliver a multi-chain, community-driven, and freely available platform that lets users report and be warned about hacks, scams, and fraudulent activity, raising transparency for all.”

The platform launches publicly today with hundreds of reports available to search across eight blockchains – including over 100 scams related to Ukraine crypto fundraising campaigns and over 20 phishing domains and Twitter profiles targeting investors in a popular new gamified metaverse project.

“The latent fear of inadvertently investing in a rugpull – or being hacked – hampers mainstream crypto adoption and reinforces the call for industry-led solutions to consumer and investor protections,” said Esteban Castano, Co-founder and CEO of TRM Labs. “Chainabuse is the latest extension of TRM’s mission to build a safer and more trusted financial system for billions of people and we are proud to partner with leaders in the crypto industry to expand its impact and reach.”

How to support Chainabuse

Chainabuse is the first multi-chain, community-powered crypto scam reporting tool and is available for anyone to use for free. Organizations who are interested in becoming an official Chainabuse partner or want to learn more about scams reported on their platforms can contact the Chainabuse team at TRM Labs: chainabuse@trmlabs.com.

###

About TRM Labs

TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses and public agencies detect, investigate and manage crypto-related fraud and financial crime. TRM’s risk management platform includes solutions for cryptocurrency anti-money laundering (AML), transaction monitoring and wallet screening, entity risk scoring including Know-Your-VASP, and transaction tracing for investigations. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships. TRM is based in San Francisco, CA and is hiring across engineering, product, sales, and data science. To learn more, visit www.trmlabs.com.

About Civic Technologies

Civic is a leading provider of identity management tools for Web3, empowering people to easily and privately manage their identities across chains with an on-chain representation of their reusable identity. The company’s flagship product, Civic Pass, is an integrated permissioning tool that helps business customers enable secure access to their on-chain assets. Users may also manage their Web3 identity, presence and reputation with a dashboard. Civic aims to be the most trusted on-chain Web3 identity tool in the world, used by billions every day. Civic was co-founded in 2015 by Vinny Lingham and Jonathan Smith

The post Crypto Industry Leaders Champion Free Multi-Chain Scam Reporting Tool, Chainabuse, to Empower Users Against Crypto Fraud appeared first on Civic Technologies, Inc..


Shyft Network

Blockchain Veteran and Core Developer Bryan Bishop Teams Up With Shyft Network To Lead Global…

Blockchain Veteran and Core Developer Bryan Bishop Teams Up With Shyft Network To Lead Global Security Efforts The industry veteran will team up with Shyft Network’s core developers to strengthen security, scalability and interoperability. BRIDGETOWN, Barbados, May 18, 2022 — Shyft Network (“Shyft”), a public protocol designed to validate identity and power compliance directly into blockcha
Blockchain Veteran and Core Developer Bryan Bishop Teams Up With Shyft Network To Lead Global Security Efforts The industry veteran will team up with Shyft Network’s core developers to strengthen security, scalability and interoperability.

BRIDGETOWN, Barbados, May 18, 2022 — Shyft Network (“Shyft”), a public protocol designed to validate identity and power compliance directly into blockchain data, today announced that Bryan Bishop, a renowned Bitcoin core developer, technologist, and veteran of the blockchain industry, is teaming up with Shyft’s core development team to collaborate on strengthening the global network security, scalability, and interoperability.

Mr. Bishop’s decision follows the launch last month of Veriscope, Shyft’s open-source, decentralized solution for the Financial Action Task Force’s Travel Rule, which requires the collection and exchange of customer data to ensure adherence to international rules against money laundering, sanctions evasion and other malicious activities. Veriscope enables digital asset exchanges to comply with the Travel Rule seamlessly and efficiently and solves for the corresponding “Sunrise Issue,” whereby exchanges in varying jurisdictions come into compliance with the rule at different times than their counterparties.

Thomas Borrel, Chief Operating Officer of Shyft, said, “Bryan is a brilliant engineer whose significant experience as a developer and blockchain consultant will be extremely additive to our talented team of technologists and compliance professionals. We are excited to have Bryan help us strengthen our counterparty data transmission infrastructure, solve other complex security challenges, and continue to bridge the gap between permissionless and permissioned systems.”
Mr. Bishop said, “Veriscope is a necessary step towards continuing to bring crypto into the existing financial system. Travel Rule has presented an enormous regulatory challenge to the crypto industry, and it’s through open-source projects like Veriscope that I believe the industry will be able to come together and coordinate to solve the Travel Rule problem. It’s critical that we get this right, without increasing risk or harming users. Shyft has built out a platform to do just that, and I look forward to helping bolster the platform with more security for a variety of assets.”

Prior to Shyft, Mr. Bishop served as co-founder and Chief Technology Officer of Custodia Bank (previously Avanti Bank & Trust), a Wyoming bank specializing in digital asset payment and custody solutions for US businesses. Previously, he was an early technical hire and Senior Blockchain Engineer at LedgerX (now FTX US Derivatives), where he helped build the first federally regulated bitcoin derivatives exchange. He continues to serve on the Board of FTX US Derivatives. Mr. Bishop is a longtime software engineering consultant and contractor and has worked on behalf of companies including Blockstream and Genomic Prediction. Recently, he launched Webcash.org, a Proof-of-Work cryptocurrency without a blockchain. He was one of the first to receive the original Bitcoin email from Satoshi Nakamoto in 2009 and currently advises and consults companies in need of his expertise.

About Shyft Network

Shyft Network is a public blockchain protocol designed to aggregate, embed, and leverage trust, validation, and discoverability to facilitate public and private data transfer between permissioned and permissionless networks. By encouraging individuals and enterprises to collaborate, Shyft Network successfully adds a layer of context on top of data, ultimately turning raw data into meaningful information. For more information on Shyft, please visit www.shyft.network.

Website / Telegram / Twitter / MediumDiscord

Contacts
Carissa Felger/Sam Fisher
Gasthalter & Co.(212) 257–4170


Matterium

ADVERSARIAL CERTIFICATION — How Mattereum Asset Passports Express Doubt and Disagreement

ADVERSARIAL CERTIFICATION — How Mattereum Asset Passports Express Doubt and Disagreement By Dr JAMES HESTER FRSA, Head of Ontology, Mattereum Alleged Cast of a Chupacabra Footprint Mattereum recently had the opportunity to launch an Asset Passport and NFT for a rather extraordinary object: a plaster cast of a footprint, in the possession of Mattereum team member Ian Simmons, which was allegedly m
ADVERSARIAL CERTIFICATION — How Mattereum Asset Passports Express Doubt and Disagreement

By Dr JAMES HESTER FRSA, Head of Ontology, Mattereum

Alleged Cast of a Chupacabra Footprint

Mattereum recently had the opportunity to launch an Asset Passport and NFT for a rather extraordinary object: a plaster cast of a footprint, in the possession of Mattereum team member Ian Simmons, which was allegedly made by a chupacabra. This renowned cryptid is famed for preying upon goats throughout Central and South America, and its existence has long been a matter of debate.

Of course, this particular footprint, though by tradition left by this elusive creature, is also well understood as being more likely that of a Florida Puma. So while it may not be definitive proof of the chupacabra’s existence, it is a fascinating piece of cryptozoological memorabilia that speaks to how stories about such creatures continue to stir the imagination.

The project also presented a unique opportunity for Mattereum. Normally, Certifiers adding information about objects to our Asset Passports focus on what that object is. For the first time, we had the chance to showcase the usefulness of an Asset Passport highlighting what an object likely is not. In many circumstances, this latter type of information can be just as important as the former.

Mattereum has for a long time considered the usefulness of what we call ‘adversarial certifications’ in Asset Passports. These are pieces of information which, while contributing to a clearer understanding of the object, are not always entirely positive in nature. In some cases these could be added to an Asset Passport by the object owner themselves at the point of launch. However, these could also be added later by independent Certifiers who want this additional, sometimes unflattering, information to be a matter of record. These certifications would be backed by the same warranties as other certifications to ensure their accuracy, and to provide recourse if there was a dispute about that accuracy (which is particularly important to reduce the risk of baseless mud-slinging).

I want to speak briefly about two forms that these adversarial warranties might take.

The first could be termed a certification of ‘negation’. In this case, a certification is created stating that the object is not something. Our Asset Passport for the chupacabra footprint accomplished exactly this by stating that it was very likely (our certifier was pretty certain, but you never know) not that of a chupacabra. The presence of this assertion in the Asset Passport will make it very difficult later for someone to attempt to sell the footprint as being genuine unless they are able to produce a greater degree of verifiable proof to back up their claim.

A similar practice could be very valuable for passported items from asset classes prone to high levels of fraud and forgery, such as the art or luxury goods markets. Being able to flag an object as a known forgery doesn’t necessarily mean that nobody will ever want it (there’s actually a fairly decent market for artworks by famous forgers), but it does make it far more of a challenge for later unscrupulous sellers to try to fleece potential buyers by passing something off as something that it is not.

The second possible form of adversarial certification is more affirmational, but the information being affirmed might not necessarily be terribly flattering. At the moment, there is no requirement for those onboarding assets to disclose absolutely everything about them (although we do encourage them to do so, since the more info is known about an object, the more its value is affirmed and the more willing buyers are to pay for it). So it would be very easy for asset owners to omit information that they felt could impact the likelihood of a sale. In these cases, independent Certifiers could act as whistleblowers of a sort, providing information about objects which shines a light into dark corners to make sure that buyers have the ability to make more informed decisions about their purchases. Examples of this information could include associated carbon outputs from production, poor labour practices, or even evidence that the object had been trafficked or had otherwise concerning provenance.

Although the Mattereum Asset Passport can greatly assist in making an object more desirable on the market, it is, at its core, not solely a marketing tool. Rather, the Asset Passport is a faithful record of all information relating to an object, and at times that means ‘warts and all’.

Whether the warts are provided by those onboarding the assets, or by independent actors using their knowledge and expertise to ensure that the truth is made available, they are an essential part of ensuring that Mattereum’s mission of promoting truth in trade is carried on.

ADVERSARIAL CERTIFICATION — How Mattereum Asset Passports Express Doubt and Disagreement was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.


KuppingerCole

Ransomware in 2022

by Nitish Deshpande Cybercriminals continue to cause disruption for organizations in 2022. Depending on the cyberattack type, those disruptions lead to various consequences, such as reputational/brand damage, financial losses, and monetary penalties. One of the most prevalent types of cyberattacks is ransomware, accounting for approximately 10% of all cyberattacks in 2021. Ransomware is a form

by Nitish Deshpande

Cybercriminals continue to cause disruption for organizations in 2022. Depending on the cyberattack type, those disruptions lead to various consequences, such as reputational/brand damage, financial losses, and monetary penalties.

One of the most prevalent types of cyberattacks is ransomware, accounting for approximately 10% of all cyberattacks in 2021. Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption keys.

Palo Alto Networks states that the average ransom demand increased 144% to $2.2 million, while the average payment rose 78% to $541,010 from 2021 to 2022. According to a survey conducted by SonicWall in January 2022, 73% of respondents said they were concerned or extremely concerned about ransomware attacks. This was second only to targeted phishing attacks, which 77% of respondents said they were concerned or extremely concerned about.

SonicWall’s report also indicates that ransomware attacks grew by 105% in 2021 compared with the previous year, with 623.3 million attacks in total between January and December 2021. Since the annual numbers of ransomware attacks were a total of 187.9 million in 2019 and 304 million in 2020, we can say that organizations have a solid reason to be concerned about ransomware and the challenges arising from it.

Aside from 2022 trends below, the political and economic impact of the war in Ukraine, state-sponsored cyber-attacks, and the functioning “business model” of ransomware are likely to result in further increases in the number of ransomware attacks in the next few years. We do not expect ransomware attacks to slow down.


Trends in 2022 

A recent Deloitte report states that the increase in cyber threats is directly related to digital transformation. The risk of getting exposed to malicious actors is increasing as businesses accelerate their dependency on digital services. This is contributing to the willingness of organizations to pay ransoms to keep the business running. An IC3 2021 report forecasts that ransomware attacks in 2022 will focus on critical infrastructure, as governments accelerate their interests in digital transformation of the public health sector, the food and agriculture sector, commercial facilities, and the manufacturing sector.  

Ransomware-as-a-service (RaaS): There has been an increase in demand for ransomware as a service in the past 18 months, and it is predicted to double its growth in 2022. RaaS is operated as a business model by the cyber-attack groups, where malicious solutions are made easily available to criminals. It is a subscription-based approach that makes ransomware accessible to criminals who have no expertise in this field. Moreover, the subscription includes attractive features such as customer support, licensing, subscription offers, customer reviews, and other research material to assist interested criminals in making their purchase decision. The subscription also includes access to analytics such as the status of the attack. RaaS is also offered as a profit-sharing solution, where the ransom is split between the RaaS operators and their customers.

Evolution of tactics, techniques and procedures (TTPs): As reported by Symantec, evolving tactics, techniques, and procedures will be the constant new threat from attackers in 2022. Ransomware operators have been using a combination of malware and OEM software features to generate new toolsets to launch attacks. PsExec and Cobalt strike ranked as the top two most frequently deployed TTPs for ransomware in 2021. Attackers in 2022 are focusing more on multi-extortion techniques by leaking the data of the victims and threatening to launch a DDoS attack as a follow up if ransom demands are not met. Palo Alto Networks reported an increase of 85% in 2021 compared with 2020 in the number of victims of multi-extortion techniques.

Exploiting new software vulnerabilities: Vulnerabilities in software will continue to surface as long as there are attackers motivated to use it as a tool for ransomware. Recent examples include the Log4j vulnerability and evolution of ZLoader for deploying ransomware. For example, Microsoft reported a group of attackers from China exploited the Log4j vulnerability as a back door for infecting organizations with Nightsky ransomware. In 2022, ransomware operators will continue to take advantage of unpatched systems to launch attacks on vulnerable systems.

Recommendations

Believe in Zero Trust: Zero Trust is a security paradigm based on the principle of “Don’t trust. Verify!”. According to the Zero Trust concept, no device, user, workload, or system should be trusted by default. For further information, check out our Comprehensive Guide to Zero Trust Implementation insight.   

Create a Backup Strategy: Get prepared for the worst-case scenario. Plan and implement a backup strategy prior to experiencing an attack.

Do Planning: Create an incident response plan and allocate the tasks among security teams. Develop company-wide cybersecurity policies against ransomware.

Control Authentication and Authorization Methods: Manage your authentication and authorization methods, check privileged users, and if needed, separate duties and departments.

Deploy Endpoint Security Tools: Make sure that your devices are secured by an endpoint security product or service. Keep an eye on personal devices to eliminate Shadow IT risks.

Stay Updated: Patch and update your applications continuously. Keep your security leaders and other stakeholders well informed of the current state of ransomware attacks and cybersecurity trends.

Do not Click on Unknown Links: Avoid clicking on links and attachments from unknown websites and emails.

  Related research 


Blog post: When will ransomware strike? Should you hope for the best or plan for the worst 

Leadership Brief: Prepare and protect against software vulnerabilities 

Leadership Brief: Responding to critical software vulnerabilities 

Leadership Brief: Defending Against Ransomware


bankless

Alpha Leak | The Bull Case for Lyra

Mike Spain is the Co-Founder of Lyra, an options trading protocol accessing the scalability of Layer 2 Ethereum to provide a robust, lightning-fast, and reliable trading experience. David and Mike chat about how Lyra got started, the impact of on-chain options, Lyra’s newest launch—Avalon—and so much more. Avalon is available now to a select group of users and will be available to the public o

Mike Spain is the Co-Founder of Lyra, an options trading protocol accessing the scalability of Layer 2 Ethereum to provide a robust, lightning-fast, and reliable trading experience.

David and Mike chat about how Lyra got started, the impact of on-chain options, Lyra’s newest launch—Avalon—and so much more.

Avalon is available now to a select group of users and will be available to the public on May 30th!

------ 📣 ALCHEMIX | Get a self-repaying loan today! https://bankless.cc/Alchemix 

------ 🚀 SUBSCRIBE TO NEWSLETTER: https://newsletter.banklesshq.com/  🎙️ SUBSCRIBE TO PODCAST: http://podcast.banklesshq.com/ 

------ BANKLESS SPONSOR TOOLS:

⚖️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum 

❎ ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across 

🏦 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA 

👻 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave 

⚡️ LIDO | LIQUID ETH STAKING https://bankless.cc/lido 

🔐 LEDGER | NANO S PLUS WALLET https://bankless.cc/Ledger 

------ Timestamps:

0:00 Intro 3:38 The Genesis of Lyra 6:20 On-Chain Options 11:36 How Lyra Wins 14:46 Pros & Cons of On-Chain Options 16:42 Lyra Limitations & Roadmap 21:47 Composibilty & Avalon 28:39 The Lyra Vision 30:19 Yield & Options 32:00 Lyra $OP Distribution 33:33 Closing

------ Resources:

Mike Spain https://twitter.com/0xmjs 

Lyra https://twitter.com/lyrafinance 

Avalon https://blog.lyra.finance/avalon-upgrade-primer/ 

Discord https://discord.com/invite/Lyra 

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 


Elliptic

The OCC’s Crypto Consent Order: What it Means For Banks and Bitcoin

The Office of the Comptroller of the Currency (OCC) – the main US federal banking supervisor – issued its first-ever consent order involving a cryptoasset bank on April 21st. The order was issued for anti-money laundering (AML) control deficiencies against Anchorage Digital Bank, which in January 2021 became the first crypto business to receive a national trust bank charter from the OCC

The Office of the Comptroller of the Currency (OCC) – the main US federal banking supervisor – issued its first-ever consent order involving a cryptoasset bank on April 21st. The order was issued for anti-money laundering (AML) control deficiencies against Anchorage Digital Bank, which in January 2021 became the first crypto business to receive a national trust bank charter from the OCC. 


Coinfirm

EU’s Crypto Proposals, Reports and Fifth Sanctions Package

Last month, the EU Parliament and the EU Commission issued a number of reports and proposals on crypto assets – the EU Transfer of Funds Regulation, impact on taxation, consultation on digital Euro, plus imposing further sanctions and restrictive measures against Russian entities. Here, Coinfirm’s Regulatory Affairs department summarises those key moves in the bloc....
Last month, the EU Parliament and the EU Commission issued a number of reports and proposals on crypto assets – the EU Transfer of Funds Regulation, impact on taxation, consultation on digital Euro, plus imposing further sanctions and restrictive measures against Russian entities. Here, Coinfirm’s Regulatory Affairs department summarises those key moves in the bloc....

Monetha

6 Types of Online Shoppers and How to Convert Them

Around 79% of the US population, or 263 million consumers, are online buyers. The number will climb to 291.2 million in three years, making online stores a dominant way to purchase. Despite these promising numbers, not every person that visits your online store is ready to convert. While potential customers may only browse something, compare products, or kill time on your website, you spend money

Around 79% of the US population, or 263 million consumers, are online buyers. The number will climb to 291.2 million in three years, making online stores a dominant way to purchase.

Despite these promising numbers, not every person that visits your online store is ready to convert. While potential customers may only browse something, compare products, or kill time on your website, you spend money on nurturing them.

So how to know which online shopper is worth the effort and which is not?

You should segment your target audience into types of online shoppers. Categorization will allow you to understand who you deal with, how to convert them, and whether it’s worth it at all.

This article covers the main groups of online customers to guide you.

Since there are no two identical customers, you need a custom approach for every person. Learn the most common types of online shoppers, what makes them drop off, and ways to convert them.

1. Discount shoppers

Discount seekers (or best deal seekers) are not truly loyal to your brand and easily switch from one online store to another. It’s one of the most common types of shoppers. 97% of surveyed shoppers look for a deal when shopping, while 92% always seek the best deal. When these people find the product they need, they don’t usually purchase it right away. They google the necessary item to find it on multiple websites and compare the price.

Competing for this category is challenging since you won’t be able to offer the best price for everything. Regular discounts also aren’t an option since they will devalue your products.

Why they don’t purchase

Discount shoppers won’t convert if your benefits are not much better than the competitors’ ones. If they see that another store sells the same product cheaper (even a one-dollar difference), they will go there. These consumers may even have price comparison extensions in their browsers that automatically detect the website with the lowest price. A bargain-hunter may also delay the purchase if they believe that you will lower the price or provide a higher discount after some time.

How to make them convert

One of the simplest ways to convert a bargain-hunter is by giving them what they want. In a recent survey, most shoppers (52%) named percentage off as the best kind of discount. Flat dollar amount off, free shipping, and free products are also popular alternatives.

What kind of discount is the best for shoppers

Yet, you cannot live on occasional discounts only. Hence, apart from sales, you must also keep discount shoppers by building your brand. Use marketing to explain to consumers the benefits of buying from you, implement a loyalty program (following our best practices) to make them stick around, or offer unique products they cannot find elsewhere. It’s a more far-reaching approach than sales, coupon codes, or discounts.

2. Wandering customers

Wandering buyers is another category of online shoppers that takes too much effort to make money. These guys spend a minimum amount to buy anything just for fun. They use quick Google Search or go from website to website, browsing pages and clicking on ads, to spend their free time. Maybe their work is too boring, or they don’t have what to do in the evening. These are also teenagers who love online shopping but cannot afford to buy. Anyway, wandering buyers are unlikely to stay loyal to one brand or make large, frequent purchases.

Unfortunately, this category of buyers has a high cart abandonment rate and often returns the purchased products. It means you will need to consider whether it’s worth targeting them carefully.

Why they don’t purchase

They don’t come to your website with a clear intent and perceive shopping as an experience, not a necessity. Even if they buy something, the purchase is insignificant for a seller and doesn’t generate much revenue.

How to make them convert

Even though you shouldn’t focus on this target group, online stores have a smart way to convert them. Quick checkout is the secret weapon. When wanderers can purchase on your website in several clicks, they are the most likely to place an order.

You should make your checkout processes as smooth as possible and eliminate lengthy registration. Request only an email address and enable login through Gmail or social media websites.

3. Need-based shoppers

These online buyers come to your website with a specific goal. They have a problem and need a particular product to solve it. That’s why need-based shoppers pay a lot of attention to detailed descriptions and often compare products on different websites. They rarely make emotional purchases or get something they haven’t planned to. Hence, instead of luring them into a purchase with a low price, you should stress quality.

Besides the product quality, need-based shoppers value relationships and flawless online customer experience. If they like what you offer and how you treat them, they will return to your brand and become repeat customers.

Why they don’t purchase

Need-based shoppers don’t convert because they are unsure whether your product meets the requirements. They either don’t have enough details about the product or doubt its quality. Overall, these buyers need the most time to make a purchase decision and don’t rush.

How to make them convert

There are many ways to nurture need-based leads to grow them into repeat customers. First, you have to create comprehensive product descriptions on your website. Indicate all valuable details (e.g., materials, size chart, colors, technical characteristics, etc.), add professional photos, and enable reviews.

Apart from that, create reliable support on your website. These may be a combination of web chat, phone, and email. Thanks to this, need-based consumers will be able to find answers to their questions to dispel doubts. They will perceive your website as more reliable.

Finally, invest in building a seamless customer journey and solid relationships. It’s essential to use multiple channels to connect with these customers and nurture them with quality content.

4. Impulse buyers

86% of Americans have made impulse purchases online. It’s another large group of consumers to target. Like wandering customers, impulse shoppers don’t have a specific product in mind before placing an order. They are just navigating the web when the perfect match strikes them, and they realize they cannot live without it. Seconds after, they complete the purchase driven by emotions.

These customers are easy to upsell and open to recommendations. They are also ready to spend a lot on shopping and are generally quite profitable.

Why they don’t purchase

Impulse shoppers may change their minds and refuse to purchase if the checkout process is too time-consuming. As they fill out all details, emotions subside, and they take another look at the chosen product. They might notice it’s not as great as it seemed at first sight. Additional charges at the checkout, like expensive shipping, may also discourage this buyer group from completing purchases.

How to make them convert

When marketing and selling to impulse buyers, the main rule is to focus on emotions. Advertise your products as something super stylish and innovative every person should have. You may also consider running time-sensitive promotions to nudge website visitors into instant purchases. When a person realizes they have limited time to use a special offer, it triggers an emotional response.

Besides the listed approaches, you need to make the checkout quick and convenient. The faster instant buyers can place an order, the less likely they are to leave at the last moment.

5. Loyal customers

Loyal customers are the favorite type of consumers across all businesses, no matter online or offline. These are brand ambassadors that frequently buy from you and invite friends. They make up 65% of a company’s business. They generate more revenue than other buyers but constitute a relatively small group since turning a lead into a loyal customer is a long process. It may take years.

Loyal customers also willingly leave positive reviews and comments if you ask them to. They spread a good word about your brand, convincing other people that you are an excellent choice. It’s good to attract new customers and convenience those who hesitate to buy a particular product.

Why they don’t purchase

Loyal customers stop purchasing when you neglect them. They come across other brands as time goes by and may gradually switch to your competitors. They may also abandon you if one of their latest experiences was too disappointing. For example, they ordered an item, but it was never delivered. Such issues undermine loyalty and dispurt relationships.

How to make them convert

Loyalty campaigns are a standard yet still an effective way to generate and nurture loyal customers. 66% of consumers admit that rewards change their spending behavior (learn more about reward sites here). Hence, by implementing such a program, you achieve two significant benefits. First, you create a roadmap to turn buyers into loyal customers step-by-step. Second, you provide existing loyals with bonuses to encourage repeat purchases.

In addition to loyalty programs, you may also show your special attitude to your brand ambassadors with custom messages. For example, send them a thank you postcard to express gratitude for staying with your brand for X years. A one-time discount or gift is also an option.

6. Latest-product seekers

This category of buyers mainly resides in fashion and technology niches where novelty matters the most. These are the people who stand in queues outside Apple stores on the first day of product launch. They are obsessed with the latest products and readily pay several dollars more for something their peers don’t have.

For them, the price of the products you sell is less important than trends. Apart from novelty, they also value the brand story and image. You will need to put a lot of effort into brand marketing to make latest-product seekers convert.

Why they don’t purchase

These consumers won’t buy if you don’t sell trendy products or start selling them later than competitors. A poor image of your brand is an additional reason, among other factors, since latest-product seekers prefer renowned companies.

How to make them convert

You should be the first to distribute products that have just been released. It’s necessary to closely communicate with manufacturers to have such a privilege. Also, don’t forget to indicate the early access benefit on your website and your marketing materials.

You can also create online and print newsletters to inform buyers about new arrivals in advance. This way, fans of novelties will be waiting to purchase from you as soon as the new collection arrives.

Additional Tips on Converting Different Types of Online Shoppers

Besides the conversion tactics listed for each type of buyer, some universal approaches can also help. Check out these extra tips to consider in your marketing strategy:

Remember that customers can change, and so should you. Even if someone was a discount seeker for years, they might become a need-based or loyal customer. The behavior also changes under the impact of external factors. For example, during holidays, 1 in 3 purchases is impulse, which means other types of customers can act like impulse purchasers. Hence, you must continuously track your customer activity to adapt your sales approaches accordingly. Calculate customer lifetime value before deciding whether you need to target a specific group. Different groups can bring different revenue and stay with your brand for several seconds to years. You’d better know what to expect before investing in reaching these consumers. Implement marketing automation software for optimized and personalized marketing. Since you won’t be able to tailor messages to every customer without automation, advanced software is life-critical. You need tools that support triggered-based marketing and respond to customers based on their previous activity. They may, for example, email consumers tailored product selections based on what they’ve purchased, viewed, or added to favorites. Why Not All Buyers Are Worth Nurturing

Before talking about the types of shoppers, we must say that not all leads deserve your attention. Customization is not only about tailoring your marketing and communication but also about channeling your efforts.

To engage a customer, online stores spend a lot of money. They invest in digital ads, remarketing, SEO optimization, content, and other elements of marketing and sales campaigns. If just another customer comes and leaves without placing an order, the investment on this lead never pays off. And the more leads fail to convert, the more money you put down the drain.

Therefore, you must understand what customers are the most profitable and what are unlikely to purchase. It’s valuable information to redistribute the marketing budget and choose the most effective customer acquisition and retention approaches.

We hope this information will help you segment your target audience and create an accurate customer persona. The types of customers you focus on should considerably impact your marketing and sales strategy.

Originally published at https://www.monetha.io.


Ontology

Ontology Weekly Report (May 10–16, 2022)

Highlights Ontology Explorer’s further upgrade has been completed. Global developers can submit the contract source code to make it open source, this allows users to check the source code and understand the specific features of the contract. Latest Developments Development Progress We are 94% done with the Rollup VM design. We are 65% done with the RISCV instruction set contract impleme
Highlights

Ontology Explorer’s further upgrade has been completed. Global developers can submit the contract source code to make it open source, this allows users to check the source code and understand the specific features of the contract.

Latest Developments

Development Progress

We are 94% done with the Rollup VM design. We are 65% done with the RISCV instruction set contract implementation. We are 55% done with the Rollup RISCV EVM actuator. We are 45% done with the Rollup L1<->L2 cross-layer communication design. We are 50% done with the Ontology EVM that supports the filter function. We are 100% done with the Ontology Explorer that supports the contract verification function.

Product Development

ONTO has published the April monthly report, summarizing a series of functional optimizations, such as the token and NFT address scan feature and synced all tokens and token info on CoinMarketCap. ONTO hosted various online activities with Ivy Market, ANONSHIB, HEZI, Caduceus, DarkShield, MyTrade, BetaMars, Melaxy and DRIFT. Earn rewards by participating with ONTO. Follow the @ONTO Wallet Official Announcement on Telegram for more details.

On-Chain Activity

136 total dApps on MainNet as of May 16th, 2022. 6,997,937 total dApp-related transactions on MainNet, an increase of 8,243 from last week. 17,441,401 total transactions on MainNet, an increase of 41,139 from last week.

Community Growth

We held our weekly Discord Community Call, with the theme “Web3 Reputation Value”. In addition to “the identity value and encryption security that reputation can bring to users”, user reputation can also provide convenience in Web3 financial activities such as DeFi and GameFi, and can also help projects attract more traffic and achieve a win-win situation. We held our Telegram weekly Community Discussion led by Benny, an Asian community Harbinger. He shared several decentralized applications incubated by Ontology based on DID technology, including ONT ID, ONTO and Wing Finance. Community members also discussed “how DID can empower the whole industry”. As always, we’re active on Twitter and Telegram, where you can keep up with our latest developments and community updates.

Global News

Ontology’s $10 million development fund is available for all global Web3 developers to deploy on the Ontology EVM. We also have a $100,000 Hackathon fund for the best projects presented on DoraHacks. At present, many global teams are building their applications and we are calling all to build for Web3, especially around user DID and Data security. Ontology in the Media

Forbes — “The Metaverse Is Our Chance To Play Cybersecurity Catch-Up

“While the metaverse presents a huge new frontier for companies and consumers to engage in, this will absolutely provide yet another space for cybercrime to thrive. Despite having the protections in place, particularly with cryptocurrency and blockchain, regulation in the metaverse is still non-existent, and as we’ve seen with ransomware and extortion tactics, the legal recourse for attacks is also low, which will make it an extremely attractive — and potentially lucrative — space for cybercriminals.”

The root cause of a large number of data security problems is that users have little control over how data is stored and utilized. Therefore, the Metaverse needs a set of targeted solutions, such as ONT ID of Ontology, through the autonomous and sovereign system that provides data authorization and ownership confirmation, all rights can be returned to the user, and the user’s identity and data security are guaranteed through technologies such as decentralized ledgers, public-private key pairs, and encryption.

Learn more about our decentralized data and identity solutions on our website and official Twitter account. You can also chat with us on Telegram and keep up-to-date with the latest news via our Telegram Announcement account.

Ontology Weekly Report (May 10–16, 2022) was originally published in OntologyNetwork on Medium, where people are continuing the conversation by highlighting and responding to this story.


Monetha

Incentive Marketing: How to Use It to Increase Sales

Everybody wants an incentive to do something. Even when doing everyday things, people need external motivation. Why should you exercise? Because you want to look good. Why should you eat at that particular restaurant? Because there’s a new menu item to try. Why do you buy groceries at this chain? Because you have a loyalty card and you get discounts. This mindset is why incentive marketing works

Everybody wants an incentive to do something. Even when doing everyday things, people need external motivation.

Why should you exercise? Because you want to look good. Why should you eat at that particular restaurant? Because there’s a new menu item to try. Why do you buy groceries at this chain? Because you have a loyalty card and you get discounts.

This mindset is why incentive marketing works.

What Is Incentive Marketing?

Incentive marketing uses rewards and prizes for marketing a brand, product, or service. It is a highly effective marketing strategy that encourages consumers to spend money.

The Incentive Marketing Association explained the marketing strategy using an equation popular in psychology:

Ability x Motivation = Performance

This equation is primarily used in employment. People are hired for their ability. And when you add motivation or incentives, you can expect the person’s performance to improve.

This can easily be applied to marketing. For example, a customer is inclined to buy something from a specific brand because it manufactures high-quality products-or its ability to deliver. When you add motivation or incentive, such as a discount, you can increase sales.

Examples

Incentive marketing centers on consumer rewards to increase revenue and encourage customer loyalty. Some examples are offering cash back, having a loyalty program or joining reward websites. Here are a few more examples:

Buy One Get One

This is one of the most popular types of incentive marketing-the customer gets another unit of the same product for free.

A similar incentive can be an opportunity to buy a similar product at a discounted price. The central goal is to generate as many sales as possible.

Loyalty Programs

Existing customers are asked to sign up for a customer loyalty program for free, and they are given a card that is stamped every time they visit the store. Once they reach a certain number of stamps, they are rewarded with a free item or a discount.

In the digital age, many loyalty programs are now integrated into brand-specific mobile apps.

This is a very effective marketing tool because it instantly creates loyal customers. They have the motivation to keep coming back to get that prize after a certain number of visits or purchases.

Membership Rewards

Getting customers to sign up for a brand newsletter, mailing list, or membership can be challenging. These days, few consumers want to receive promotional emails from the brands they support.

But when you throw in a reward for signing up, your customers will be more than happy to do so. Rewards can come in the form of a discount every time they buy from the brand-another way to create customer loyalty. You can also give members a chance to purchase exclusive items that aren’t available to average customers.

Brands often require a membership fee for customers to enjoy premium items. In this case, the incentive should go beyond a simple member discount-a welcome basket with product samples, discount coupons, and exclusive offers can do wonders.

Another perk of membership is getting exclusive or first access to special brand promotions. They will also be among the first to be informed about sales and new product launches.

Raffle Draws

This is a popular incentive marketing tactic where customers that spend a certain amount of money will have a chance to win exciting prizes. For example, a grocery store can offer one raffle ticket for every $20 purchase. If they have a lot of enticing prizes, customers will spend more money to get as many raffle tickets as possible.

This simple yet effective strategy will increase sales and even encourage repeat and even impulsive sales. Because customers want more chances to win prizes, they will spend more money to get more raffle tickets.

Reward Points

A point program is another way to increase customer loyalty and encourage more sales. This is a financial reward that piles up whenever they purchase something from your brand.

Reward points are given with each purchase. The points accumulate over time, and when enough points are collected, they can be converted to store credit. For example, for every $5 a customer spends, they get one reward point, and every 10 points are equivalent to $1 worth of credit. The customer can then use their store credits to purchase yet another product.

In this system, the customer is rewarded for their loyalty, and the brand benefits from yet another sale.

Exclusive Incentives

Some brands provide loyal customers or members with exclusive items and services. In some cases, chosen clientele will get early access to newly launched products or services. This is like having a chance to go to a premiere of a new movie a week before everybody else gets to watch it.

The incentive could also be the chance to own exclusive brand merchandise. It’s always exciting for a loyal customer to get something exclusive from a brand they support.

Why Is Incentive Marketing Important?

Almost everything we do in life is driven by motivation. Adults are motivated to work because we need food to eat and have a roof over our heads. Students are motivated to study because they want to get good grades and secure their futures.

What is important in one’s personal life is also important in business: motivation.

There are many incentive marketing strategies because they work. When offered these incentives, customers immediately get excited, which engages their attention and motivates them to purchase from brands.

When you integrate incentives into your marketing strategies, you can expect the following benefits:

Increase Profit

The exciting rewards offered by your incentive marketing programs will surely encourage customers to spend more and more money on your products or services. Loyalty programs, memberships, and discounts are meant to entice customers to open their wallets and bring in revenue.

To ensure continuous profits and long-term growth, you must structure your incentives to your brand’s advantage. Even when you give away something to your loyal customers for free, you must receive something in return, and exponentially so. Crunch the numbers and ensure that no matter how many attractive incentives you offer, you are still getting more from your customers than you are giving away.

Expand Clientele

When people hear about a particular brand’s attractive incentive program, they are much more inclined to check out their products and become a customer themselves. Even a loyal customer of a competing brand would be tempted to switch if the reward is especially enticing.

Aside from planning and building your own incentive marketing strategies, you should also study what your competitors offer. Try to construct ways to offer better and more attractive rewards than other related brands so you can bring more of your target audience into the fold.

When you gain more customers, you boost your profits, and you can enjoy business success for a long time to come.

Develop Relationships

When you offer fantastic marketing incentives, you will continuously expand your base of loyal customers. When your customers feel well taken care of by your brand, and you give them something in return for your loyalty, they will not shop from any of your competitors.

This creates an emotional bond that benefits both parties. The customer will become more and more attached to your brand, support every new product release, and even become an unwitting brand ambassador in their social circle. A simple word-of-mouth recommendation or social media post from an enthusiastic, loyal customer can do wonders for brand awareness.

When other people see a customer’s loyalty, they would be curious about it. And this simple curiosity may lead them to try something from your brand, too. One purchase can lead to another, and loyalty can be built as well. The chain continues and expands even further to create more connections and beneficial relationships.

This type of support cannot be bought or created in any other way, so it must be treasured and cultivated as much as possible by keeping customers happy.

5 Ways to Use Marketing Incentives to Grow Your Business

Incentive marketing breeds customer loyalty. It can also help you grow your business. Here are the ways it could help your brand:

1. Brand Awareness

Incentive marketing is a great way to introduce the brand to the public. Many new businesses offer free product samples when they start out; it’s one of the easiest ways to spread the word about a new entity in the industry.

For new restaurants or food products, the brand may offer free tasting during its launch. Companies offering new services may offer discounts during their first few days of operations.

Despite giving away products and services for free, brands must ensure they are of excellent quality for customers to want to come back and spend money.

2. Lead Generation

Incentive marketing is also a great way to generate leads. You can offer customers or potential clientele ebooks, digital coupons, and other digital products in exchange for their names and email addresses. They will then be enrolled on your email marketing list, and you can send them more brand content that they can engage with.

An incentive will make marketing emails more tolerable to the recipient. Without an incentive, people might just consider your email as spam.

3. Referral Programs

A referral program is another way to leverage marketing incentives to grow your business. You can offer something to your existing customers, and in return, they will give you a friend’s name and contact details for customer acquisition.

For example, you can offer a coupon for a 10% discount on a product or service for every person referred by your customers. There are endless variations of marketing incentives for referrals to increase customer acquisition.

4. Encourage More Purchases

There are plenty of promotions you can carry out to encourage people to keep buying. There are loyalty programs through which customers can get free products or services once they rack up enough points. The more they spend on the brand, the more free stuff they get. Raffle draws also encourage sales-the more they spend, the more chances they have to win.

The more promotions you offer, the more the business will grow as loyal customers keep coming back and supporting the brand.

5. Increase Retention Rate

Attracting new customers is essential, but one of the hallmarks of a successful business is its ability to retain them and create a vast loyal following.

Loyalty programs, exclusive marketing incentives, and membership programs are crucial strategies to retain customers and eventually turn them into loyal allies of the brand. This is easier said than done-you must give customers a reason to keep supporting your brand instead of opting for the competition.

These loyal customers will not just keep bringing in revenue. They are also crucial in converting their social network into supporting your brand and buying from you as well.

Best Practices for Marketing Incentives

Why do some incentive programs work and others don’t? How do you ensure that you aren’t wasting your time and money creating campaigns that will fall flat?

Here are some of the best practices that will help you build effective and profitable incentive marketing programs:

1. Keep It Simple

The design principle KISS (keep it simple, stupid!) works for just about every aspect of marketing. It’s important to keep your incentive marketing strategies and procedures easy to understand and implement.

This is why loyalty cards and membership programs work-brands have been using them for decades, and they are incredibly easy to understand. All you need to do is provide customers with loyalty cards that cashiers will stamp whenever they go in for a purchase. As soon as the number of stamps has been achieved, the customer gets an incentive, usually a free product.

Starbucks runs one of the most famous and effective loyalty programs-their loyalty card has now become a rewards app. As the brand loves to say, “free coffee is a tap away.” Starbucks rewards purchases with a certain number of stars. And when customers get 50 stars, they get a free coffee, tea, or bakery item.

2. Send Updates and Reminders

It’s always a good strategy to let customers know that you care. Sending them updates about special promotions or incentives will make them feel like their participation in these activities is essential.

Often, when the rewards expire, so does the customer’s loyalty. This is why brands must do everything they can to remind customers of the incentives they’re missing. So if the customer is unable to enjoy their reward for any reason, the brand is not to blame.

One of the best examples of this type of customer service is Tarte Cosmetics. Those who register for the brand’s perkswill immediately earn 100 points by signing up for a membership. They earn points when they shop from the brand and redeem them for exclusive rewards. Each month, the brand sends monthly roundup emails that summarize the customer’s rewards points and loyalty status.

3. Make Sure Incentives Go Back to the Brand

It’s not an effective incentive marketing strategy if your business loses money when you implement it. The structure and implementation of your marketing efforts must benefit your brand and no one else. You must encourage as many sales as possible and continuously generate revenue as you entice more and more customers to opt in.

Customer rewards and incentives should not cost your brand too much. You must plan and execute these marketing campaigns to ensure that centering customer experience will not compromise your bottom line.

4. Personalized Customer Relationship

Offering rewards for a loyal customer’s birthday and giving them something special is one of the best incentive marketing practices you can implement.

For example, birthday celebrants can enjoy a scoop of ice cream from Baskin Robbins or a $10 to $15 birthday gift from Victoria’s Secret.

5. Know Your Customer

Market research is one of the most critical elements of an effective marketing campaign. If you don’t know your audience and your customers, you will not be able to target and calibrate your strategies to engage them.

When you know your customers, you know what incentives and offers they will be excited about. A great example is 7-Eleven giving away free Slurpees on June 11, which is now known as National Free Slurpee Day. After all, Slurpees are their signature product, and customers all over the world love them!

Conclusion

According to the Incentive Theory, a person’s behavior is dictated by the desire for external rewards. This is human nature, and it is the reason why incentive marketing works.

Some people think of incentive marketing programs as a fad or a cheap ploy to gain more customers. However, their resiliency and widespread use by the biggest brands in the world is proof that they still work. Incentives will always attract interested customers, who have the potential to become loyal brand ambassadors when the rewards programs give them something in return.

Creating clever and effective incentive marketing techniques will make your customers very happy and benefit your brand for years to come!

Originally published at https://www.monetha.io.


Radiant Logic

Complying With the Executive Order on Cybersecurity

Complying with recent EOs requires implementing a Zero Trust approach. The post Complying With the Executive Order on Cybersecurity appeared first on Radiant Logic.

Tuesday, 17. May 2022

FindBiometrics

New FAST Survey Will Measure Compensation of Security Industry Professionals

The Foundation for Advancing Security Talent (FAST) is kicking off a research study that is intended to improve hiring practices in the security industry. The study is being carried out […] The post New FAST Survey Will Measure Compensation of Security Industry Professionals appeared first on FindBiometrics.
The Foundation for Advancing Security Talent (FAST) is kicking off a research study that is intended to improve hiring practices in the security industry. The study is being carried out in collaboration with the Electronic Security Association (ESA), the PSA Security Network (PSA), the Security Industry Association (SIA), and Security Sales & Integration (SSI), though FAST is the primary (more…)

The post New FAST Survey Will Measure Compensation of Security Industry Professionals appeared first on FindBiometrics.


French Senators Put Forward New Facial Recognition Guidelines

A group of senators is trying to advance facial recognition legislation in France. To that end, the senators have filed a report that advocates for the creation of strict facial […] The post French Senators Put Forward New Facial Recognition Guidelines appeared first on FindBiometrics.
A group of senators is trying to advance facial recognition legislation in France. To that end, the senators have filed a report that advocates for the creation of strict facial recognition guidelines, and calls for a three-year trial to help determine how well different facial recognition technologies work when applied (more…)

The post French Senators Put Forward New Facial Recognition Guidelines appeared first on FindBiometrics.


Miami Airport to See US’s Largest-ever Biometric Boarding Deployment

The Miami International Airport will soon be the site of the largest-ever deployment of biometric boarding gates in the US, according to new reports. The biometric boarding system is expected […] The post Miami Airport to See US’s Largest-ever Biometric Boarding Deployment appeared first on FindBiometrics.
The Miami International Airport will soon be the site of the largest-ever deployment of biometric boarding gates in the US, according to new reports. The biometric boarding system is expected to be fully deployed in 2023, allowing travelers to confirm their identity before boarding through a contactless face scan. The (more…)

The post Miami Airport to See US’s Largest-ever Biometric Boarding Deployment appeared first on FindBiometrics.


Former SITA Exec Returns to Lead Americas Division

SITA is welcoming back a former executive as its new Americas President. Matthys Serfontein first joined the airport IT specialist in 2007, as SITA’s Regional Vice President for the Application […] The post Former SITA Exec Returns to Lead Americas Division appeared first on FindBiometrics.
SITA is welcoming back a former executive as its new Americas President. Matthys Serfontein first joined the airport IT specialist in 2007, as SITA’s Regional Vice President for the Application Services Business Unit in Africa. The next year, he became SITA’s VP of Airport Solution Portfolios, a position he held (more…)

The post Former SITA Exec Returns to Lead Americas Division appeared first on FindBiometrics.


Mastercard Launches Biometric Checkout Program

Mastercard is officially throwing its weight behind biometric payments. The company has announced a new program, global in scope, that will see partner retailers deploy technologies allowing customers to verify […] The post Mastercard Launches Biometric Checkout Program appeared first on FindBiometrics.
(image via Mastercard) Mastercard is officially throwing its weight behind biometric payments. The company has announced a new program, global in scope, that will see partner retailers deploy technologies allowing customers to verify purchases through a contactless biometric scan, without the need to present a payment card, cash, mobile app, (more…)

The post Mastercard Launches Biometric Checkout Program appeared first on FindBiometrics.


[*MORE* SPEAKERS ANNOUNCED] Join KLM Royal Dutch Airlines and the Cleveland Browns at the May 18 Virtual Identity Summit

Speakers have been announced for the FindBiometrics Travel & Hospitality Virtual Identity Summit, sponsored by Thales, FaceTec, NEC, Iris ID, and IDEMIA. Travel is back! On May 18, 2022, starting at […] The post [*MORE* SPEAKERS ANNOUNCED] Join KLM Royal Dutch Airlines and the Cleveland Browns at the May 18 Virtual Identity Summit appeared first on FindBiometrics.
Speakers have been announced for the FindBiometrics Travel & Hospitality Virtual Identity Summit, sponsored by Thales, FaceTec, NEC, Iris ID, and IDEMIA. Travel is back! On May 18, 2022, starting at 11AM EDT, join FindBiometrics, Mobile ID World, and a cavalcade of identity industry experts for a full day of virtual (more…)

The post [*MORE* SPEAKERS ANNOUNCED] Join KLM Royal Dutch Airlines and the Cleveland Browns at the May 18 Virtual Identity Summit appeared first on FindBiometrics.


Continuum Loop Inc.

Inclusion in Digital Identity Products

The post Inclusion in Digital Identity Products appeared first on Continuum Loop Inc..

Continuum Loop Inclusion in Digital Identity Products

By Christine Martin

​Over 1 Billion People Worldwide Lack Legal ID

 

I’m currently a member of the Trust Over IP Foundation SSI harms task force, where we’re working to produce a white paper examining the design features of digital ID systems. This short post aims to identify some of the harms and disadvantages that SSI introduces and ways to mitigate those harms. 

Today about 50% of the world’s population uses the internet, and according to the World Bank, over one billion (10%) people worldwide lack some form of legal ID, and even more, they don’t have a digital trail, excluding them from participating in the digital economy. Furthermore, there are divides within; 60% of those people live in lower and middle-income countries, 50% are in sub-Saharan Africa, and about 40% of the women in lower-income countries don’t have access to Identity. Inclusion in identity product and process design is necessary to enable economic growth and financial inclusion for excluded demographics. We need to prioritize inclusion to avoid exacerbating some of the existing divides. 

I joined this task force because I wanted to learn more about how SSI and identity products can be harmful to people. I didn’t realize how much damage these products can do, but now I am more aware of the dangers. I am committed to doing what I can to help mitigate these harms, but I also recognize that I still have a lot to learn and work to do. Hopefully, the SSI harms task force can create a meaningful white paper that will be applied by organizations and governments building frameworks worldwide.

 

What Does Digital Identity Mean? 

 

Digital ID can provide an electronic version of trusted government identification. It offers better security and more robust privacy and can be stored securely on smartphones and other digital devices. Governments and organizations worldwide are developing digital identity frameworks enabling people and businesses to prove their identities online and in person, offering more effortless ways to access online services.

These frameworks are built on the idea that each person has unique, verifiable credentials used to sign up for programs, file taxes, and more, allowing people to control their data and share it with organizations as they see fit. It will also help protect people’s personal information by reducing the risk of fraud and identity theft.

Good digital identity is based on convenience, security, and privacy. Convenient because it allows people to access government services and information online without visiting a physical office. It is secure because it is based on distributed ledger technology and private because it shares only the information that people want to share.

 

Why do Frameworks Need to be Inclusive?

 

Digital identity frameworks aim to create a standard for verification and authenticating identities in a digital space. Frameworks must be inclusive to be effective. Inclusion is key to creating an identity system that allows people to prove their identities without having to reveal too much personal information. An inclusive digital identity framework will also help combat fraud and identity theft while making it easier for people to access services and goods online safely and securely.

Many frameworks are being developed worldwide, but the most notable is the European Union’s eIDAS and Canada’s DIACC. These frameworks are essential for online interactions. However, most current digital identity frameworks are not entirely inclusive, leading to many negative consequences.

One of the key benefits of the digital identity ecosystem is that it can help reduce online fraud. However, if the framework is not inclusive, it can increase fraud and even discrimination. For example, if identifying documents include a strict gender (or “sex”) marker, it can prevent transgender people from accessing essential services. More importantly, this categorization creates a basis for discrimination and inequality.

In addition, exclusionary digital identity frameworks can limit social and economic opportunities. For example, suppose a digital identity framework does not allow for the use of alternative identities (i.e. passport from another country). In that case, it can prevent marginalized groups from participating in the online economy. 

Ultimately, inclusive digital identity frameworks are essential for enabling secure and efficient online interactions for all members of society.

 

When Frameworks Fail

 

Even though digital IDs offer many benefits, they can also create exclusionary effects if not implemented properly. In India, the Aadhaar program, despite its success, is still plagued with technical failures and exclusions. Evidence shows that compulsory biometric authentication for the public food distribution system leads to exclusion problems and increased transaction costs. Many residents have been unable to access their IDs once issued; widowed mothers with children and the elderly who couldn’t pass authentication tests could not access social services or the public food distribution system. These failures can stem from anything by not being able to input your fingerprint or misplacing the ID number. All situations leave residents, especially vulnerable groups, unable to access essential social services. Consider that Aadhaar was initially created to increase inclusion, and things become a bit more confusing. 

Biometric authentication has also raised privacy and data misuse concerns. India has faced significant pushback against biometric national ID systems due to concerns regarding safety and misuse of collected data. Children below the age of 5 were issued Aadhar numbers with their parents’ biometric data. This caused cases where different residents were given Aadhaar numbers with the same biometric data, exposing flaws in the process and issuance of Aadhaars on faulty biometrics and documents. In light of this, it is crucial to ensure that solid data privacy and security frameworks and systems are in place.

There are pros and cons to implementing digital ID requirements. It can help reduce corruption and ensure that only those meant to benefit from a program do. Yet, it can also create exclusion problems for vulnerable groups and increase transaction costs. Below are a few great stories highlighting the importance of inclusive identity frameworks.

How Can We Ensure Inclusiveness? 

 

Ensuring inclusiveness in identity products means taking a human-centred design approach. When designing a new product, it’s essential to think about the people using it, and they should be your focus when creating the product. Too often, designers focus on the technology or the business case without considering the people using the product.

Dr. Usha Ramanathan points out in CoinDesk’s Money Reimagined that in India, the well-off tech guys wanted to produce technology for the poor. However, the tech guys don’t know what it’s like to live in poverty. In the name of providing identity to people, the tech guys wanted to create technology for the poor that would, in turn, control their lives. There were claims that the poor lacked access to identity documents and couldn’t get welfare, but this was untrue. Dr. Ramanathan notes that less than 1% of the population lacked identity documents, so these claims were just an excuse for the project.

It’s about designing for people from different cultures and with different needs by people in those same groups. This includes people with different economic backgrounds, gender identities and sexual orientations. Digital Identity inclusiveness is about creating a product that everyone can use, regardless of their background or abilities. We all need to work together. 

 

Conclusion

 

Inclusion is important in all aspects of life, including digital identity products. By ensuring that everyone is included in the development process, we can create products that meet the needs of everyone. This article discussed the importance of inclusion and outlined some ways we can make sure everyone is included in the development of digital identity products. Ensuring that the most vulnerable are included in the systems that the privileged take for granted every day is vital.  

Input from many people from diverse backgrounds is essential to our work on the SSI Harm’s Task Force. I hope you’ll consider joining us – whether you want to contribute or just observe, everyone is welcome!

Visit our blog, follow us on social media, and subscribe to our newsletter to stay up-to-date on the latest within the digital identity ecosystem.

 

IDs are taken for granted by those who have them. But lack of identification creates barriers for each individual affected and for the countries they live in. Makhtar Diop

Vice President for Infrastructure, World Bank

Join the SSI Crew!

The first step on your journey to understanding Decentralized Identity and taking control of your own digital world.

You're in the Crew!

Name

Email

Subscribe

Follow Follow Follow

The post Inclusion in Digital Identity Products appeared first on Continuum Loop Inc..


bankless

Instagram Bringing NFTs to 2.9B People | Sandeep & Mihailo, Polygon

Sandeep Nailwal and Mihailo Bjelic are the Co-Founders of Polygon. They’ve been on Bankless in the past, but not during a time like the one we currently find ourselves in. However, the bear market is not stopping Polygon from building. Polygon is enabling Instagram to bring NFTs to 2.9B people. And that's not all! They're also working with Stripe to allow USDC payments via Polygon. Hear how ex

Sandeep Nailwal and Mihailo Bjelic are the Co-Founders of Polygon. They’ve been on Bankless in the past, but not during a time like the one we currently find ourselves in.

However, the bear market is not stopping Polygon from building. Polygon is enabling Instagram to bring NFTs to 2.9B people. And that's not all! They're also working with Stripe to allow USDC payments via Polygon.

Hear how exactly they plan on doing this, what they plan on building next, how they're thinking about the bear market, and so much more!

------ 📣 ALCHEMIX | Get a self-repaying loan today! https://bankless.cc/Alchemix 

------ 🚀 SUBSCRIBE TO NEWSLETTER: https://newsletter.banklesshq.com/  🎙️ SUBSCRIBE TO PODCAST: http://podcast.banklesshq.com/ 

------ BANKLESS SPONSOR TOOLS:

⚖️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum 

❎ ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across 

🏦 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA 

👻 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave 

⚡️ LIDO | LIQUID ETH STAKING https://bankless.cc/lido 

🔐 LEDGER | NANO S PLUS WALLET https://bankless.cc/Ledger 

------ Topics Covered:

0:00 Intro 8:41 Instagram is Adding NFTs 15:01 Meta’s Crypto Team 17:40 What Instagram NFTs Look Like 21:30 The Potential of NFTs on Instagram 26:31 Is Polygon Ready to Support New Users? 29:58 Stripe to Allow USDC Payments via Polygon 35:35 Addresses, Stripe Wallet & Gas Fees? 41:12 Polygon’s Strategy Going Forward 49:04 Polygon Supernets 53:38 Weathering the Bear Market Storm 58:55 Thoughts on the Market Crash 1:02:24 Closing & Disclaimers

------ Resources:

Sandeep & Mihailo's Previous Bankless Episodes https://youtu.be/Gf2aalPt8-k  https://youtu.be/rCJUBUTFElE 

Sandeep Nailwal https://twitter.com/sandeepnailwal 

Mihailo Bjelic https://twitter.com/MihailoBjelic 

Instagram NFTs https://imgur.com/a/c1vBnM2 

Stripe to Allow USDC Payments via Polygon https://www.coindesk.com/business/2022/04/21/stripe-taps-polygon-to-allow-customers-to-make-payments-in-usdc/ 

Polygon Supernets https://twitter.com/0xPolygon/status/1517502692670640129 

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 


Elliptic

TerraUSD: the Regulatory and Compliance Implications

Last week saw the collapse of TerraUSD (UST), the algorithmic "stablecoin" created by Terraform Labs. Intended to maintain a peg to the US dollar, the value of 1 UST plummeted from $1 to a low of just 9 cents – leading to billions of dollars in losses for UST holders.

Last week saw the collapse of TerraUSD (UST), the algorithmic "stablecoin" created by Terraform Labs. Intended to maintain a peg to the US dollar, the value of 1 UST plummeted from $1 to a low of just 9 cents – leading to billions of dollars in losses for UST holders.


KILT

On-chain DID Deposits on KILT: Why They Exist

Upgrading your DID currently requires a deposit of 2 KILT. Let’s dive into why this deposit exists and how it works. First it’s important to understand how DIDs (decentralized identifiers) form the core of your digital identity on KILT. After generating your DID in the Sporran wallet for free, you can start building your digital identity by adding credentials such as your social media h

Upgrading your DID currently requires a deposit of 2 KILT. Let’s dive into why this deposit exists and how it works.

First it’s important to understand how DIDs (decentralized identifiers) form the core of your digital identity on KILT. After generating your DID in the Sporran wallet for free, you can start building your digital identity by adding credentials such as your social media handles.

Upgrading your free DID to an on-chain DID and anchoring it on the KILT blockchain enables applications “built on KILT” that make Web3 more accessible. For instance, you can add a unique, easily readable web3name to represent the DID’s string of numbers and letters. You can also link some of your credentials publicly, adding an extra layer of verification to your identity. You can also use your on-chain DID to sign any digital files — PDFs, audio, video, software — privately and securely using DIDsign.

In simple terms, a blockchain is a digital, decentralized database, or record of transactions. Each digital bookkeeper in the system (in this case, collators on the KILT blockchain), has a copy of all the transactions on the chain. Since this amounts to a lot of data that is continually being replicated and must be accessible, it’s important that unnecessary data be deleted.

As a Kusama parachain in the Polkadot ecosystem, KILT uses an energy-efficient system in which the fee required to write and store this data on the blockchain is calculated based on the size of the transaction.

A simple token transfer or writing a hash (a number to represent data) on the KILT blockchain doesn’t use much computing or storage power, allowing low fees for transactions and credentials — as little as a few cents. In contrast, an on-chain DID requires a lot more storage power, as a DID can hold many different keys and endpoints in order to facilitate its functions. All this data needs to be stored on the KILT blockchain for permanent accessibility. Using a formula based on these storage needs, the sum of 2 KILT was calculated to meet these costs.

Deposits vs. Fees

Instead of charging a 2 KILT fee for an on-chain DID, deposits encourage users to delete DIDs they no longer need, and deters spamming.

The deposit stays on the balance of the account that paid, but is locked and can’t be used for transfers, staking or voting. If the DID owner later chooses to delete their on-chain DID, the collators (who run the KILT servers) will delete this DID from their database so that it is just recorded in the history but no longer occupies storage. The 2 KILT Coins are then unlocked and added to the payee’s free balance (minus a small transaction fee). This creates an incentive to delete unused DIDs rather than leaving them sitting on the blockchain and wasting storage space.

Scalability

However, since the total supply of pre-minted KILT Coins was around 150 million KILT Coins at genesis, isn’t this limiting the potential of the KILT blockchain to hold more than 75 million DIDs? Especially considering other factors such as the need for KILT Coins to pay transaction fees, for staking, for Treasury funding, and for future projects on the roadmap?

This is where the flexibility of the KILT blockchain comes into play, allowing governance on KILT to change the deposit as circumstances change. As the number of on-chain DIDs increases and more KILT Coins are locked as deposits, KILT Coin holders can propose and vote in an on-chain referendum to lower the deposit for future DIDs. A vote may also be initiated by any KILT Coin holder if the price of the KILT Coin should change in a way that makes the deposit unreasonably expensive.

Transferring Deposit Fees

While a change in the cost of a deposit for an on-chain DID may not be a major issue for individuals, even a small change could be significant for companies who have paid the deposit for a large number of employees. In this case, rather than being locked into the original deposit, they have the option of unlocking the difference. In that case, if the deposit was initially 2 KILT and was then reduced to 0.5, for example, then the company could unlock 1.5 KILT Coins for each deposit paid, while still covering the 0.5 deposit on the individual employee’s account for their DID.

Enabling Web3

KILT’s mission is to return control over personal data to its owner, restoring privacy to the individual. On-chain DIDs and DIDsign are one step towards achieving this, using the KILT blockchain to create a decentralized digital identity and to sign digital documents privately and safely without unnecessary sharing of data.

Discover more about KILT on its website and blog, brainstorm KILT use cases in Discord, or follow KILT on Twitter to keep up with the latest news. Join our growing community to be part of the unfolding internet revolution.

On-chain DID Deposits on KILT: Why They Exist was originally published in kilt-protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


51 Nodes

Improving Scalability and Privacy of Blockchains: 2022 Update on Zero-Knowledge Proofs

This article serves as an overview of current Zero-Knowledge Proof (ZKP) implementations in the crypto space and discusses what to expect from ZKP as an exciting cryptographic method in the upcoming months and years. Specifically, we provide a snapshot of some of the most interesting projects and how ZKP improves important properties of today’s blockchains’ infrastructure, tooling, and application

This article serves as an overview of current Zero-Knowledge Proof (ZKP) implementations in the crypto space and discusses what to expect from ZKP as an exciting cryptographic method in the upcoming months and years. Specifically, we provide a snapshot of some of the most interesting projects and how ZKP improves important properties of today’s blockchains’ infrastructure, tooling, and applications. In an earlier article on ZKPs written at the end of 2020, we have taken a closer look at the core principles of Zero-Knowledge Proofs, their usage in Verifiable Credentials, and the state of available implementations back then. Now, in 2022 ZKPs are increasingly used as a solution for some of the blockchains’ scalability issues. We have also started to see improvements in its usage for privacy enhancements, though the topic of privacy seems to be in an earlier stage than scalability.

Primer on ZKPs

Essentially, a ZKP is all about trust between multiple parties. In simpler terms, this means one party is able to prove to a second party that it holds a certain piece of information without disclosing the relevant information to the receiving party. For instance, proving to the cashier that you are older than 21 without revealing your actual age. To get a better idea of ZKPs core principles, please refer to this ELI5 video.

ZKP Infrastructure and Tooling

ZKP solutions discussed in this section focus on improving whole blockchain networks or on providing specialized tools for those. For blockchain networks, ZKPs can help with keeping the ledger size consistent or with providing an overall more efficient approach to Distributed Ledger Technology (DLT). SDKs and tools can in return be used for writing ZKP logic and for compiling this logic into ZKP circuits.

Mina Protocol

Mina Protocol is a layer 1 protocol that takes blockchain infrastructure to a new level by basing blockchain interactions on ZKPs. While other scaling solutions aim to decrease transaction size and cost, Mina has a more holistic approach. Mina is a succinct blockchain, with a constant size of about 22KB.

With Mina, ZKPs are directly integrated into smart contracts and so-called zkApps that can be built using those ZKP-enabled smart contracts. zkApps manage their state off-chain (mostly synchronously) and then store a proof of their state on-chain once the computation is finished. Thus, Mina and zkApps allow the building of highly efficient applications. Fortunately, zkApps are built using Typescript not requiring learning a special-purpose programming language like Solidity with Ethereum.

zkApp Architecture [2] StarkNet/StarkEx

StarkNet is a layer 2 network for Ethereum using the “StarkEx Protocol” for providing faster and more cost-effective transactions and increased privacy. Instead of directly sending transactions to layer 1 Ethereum, StarkEx uses zkRollups for creating proofs for the transaction on layer 2 and then stores those proofs in batches on layer 1.

The StarkEx Protocol is defined in five different components, i.e., Application, StarkEx Service, SHARP, Stark Verifier, and StarkEx Contracts of which some are acting on-chain and others off-chain.

StarkEx (high-level) architecture

The high-level architecture above shows how users will use an Ethereum-based application that sends transactions to the StarkEx Service. This service uses StarkWare’s Cairo language for creating zero-knowledge programs that prove the application-relevant state. After a proof has been computed off-chain it is stored on-chain using StarkEx Contracts. The Stark Verifier can then be used to verify the proofs by either checking the state of the StarkEx Contract or by using the SHARP service in case one needs to prove the states of multiple different applications at once.

DuskNet

DuskNet is a business-oriented ZKP-based blockchain with fast transactions for building privacy-preserving smart contracts and confidential tokens for the financial sector that respect confidentiality agreements. Driving factors for DuskNet are mostly privacy concerns and compliance with GDPR rules and the essential need of companies to keep information secure.

To provide these properties in a blockchain network, DuskNet uses PLONKs that are in general faster than bulletproofs but in need of a trusted setup. For more information on PLONKs, I can recommend this blog from Vitalik.

One interesting use case of DuskNet is the XSC Security Token Standard, which provides permission management for an asset's lifecycle. The ledger records all transactions, but the access rights of token holders are not lost once a token holder fails on a transaction or the access keys are lost. This property is an important requirement of securities law.

Nightfall 3

EY’s Nightfall 3 provides a secure and privacy-preserving solution for transacting ERC-20 tokens as well as ERC-721 tokens at low cost. The successor of EY’s Nightfall called Nightfall 3 aims to improve the performance of such transactions even more while simplifying the developer experience. In addition, Nightfall 3 provides the ability to transfer ERC-1155 tokens.

Nightfall’s performance improvements are achieved by combining the existing ZK solution with optimistic rollups, creating a ZK-optimistic rollup hybrid. In this scheme, ZK transactions are grouped and then sent to the ledger as an optimistic rollup.

Aleo

Aleo promises to be the “first decentralized, open source platform to enable both private and programmable applications”. To further encourage the benefits Aleo uses the example of DEXs like Uniswap. A DEX on Aleo would keep the number of tokens you own disclosed or hide from where you got those tokens in the first place. Furthermore, all of this privacy is enabled without removing the ability to integrate with data from public blockchains.

Aleo comes with a variety of tools that should help new developers to build applications using Aleo.

Leo — Aleos programming language inspired by JavaScript, Rust, and Scala for writing ZKP applications.

Aleo Studio — Aleos IDE for writing applications with Leo.

Aleo Package Manager — For publishing the packages and applications written with Aleo Studio.

snarkOS — A decentralized OS for running Aleo. SnarkOS contains important logical components for writing ZKP applications and for proving states publicly.

ZKP Applications

Once you have decided on a certain infrastructure, may it be a ZKP-based blockchain network or a non-ZKP network you can build your own application. This is where ZKPs get interesting for the common user as the benefits are becoming more and more obvious at this level.

Hyperledger Aries

Aries describes itself as “a shared, reusable, interoperable tool kit designed for initiatives and solutions focused on creating, transmitting, and storing verifiable digital credentials.” We discussed Hyperledger Aries and their use of Hyperledger Indy’s “Anoncreds” in our earlier article. Interesting to note at this point is that we can see the first integrations of BBS+ signatures (signature-based ZKPs) that enable selective disclosure.

Combined with the W3Cs JSON-LD credentials, Hyperledger Aries could be one of the first movers in providing the ability to use ZKP-enabled W3C credentials in messaging, resulting in a more private and secure exchange of information between users or even devices.

Iden3

Iden3 is an open-source project aiming to provide a new and decentralized solution for digital identities. Based on ZKPs, Iden3 powers really neat use cases like anonymous logins and reputation proofs while not requiring users to disclose their actual identity. Although it is in the early stages of development, the use cases of an open-sourced and community-driven digital identity solution for end users seem manifold.

Iden3 developed its own Circom language and the Circom 2.0 compiler that allows creating ZK-Snarks (another type of ZKPs) on a more abstract and not mathematical level. This way, Circom allows for easy creation and integration of ZKPs. The figure below shows how Circom and SnarkJS can be used in combination.

Circom & SnarkJS Loopring

Loopring is an open-sourced decentralized exchange using an Automated-Market-Maker(AMM) and zkRollups to provide a fast and cheap method for token exchanges and payments. Loopring and similar applications could very well introduce a significant improvement for multiple fields in the crypto industry like Decentralized Finance (DeFi) and NFT trading.

One of Loopring’s latest announcements includes the hosting of GameStop’s upcoming NFT marketplace. This might introduce the advantages of ZKPs to a broader audience.

dydx

dydx is another decentralized exchange mostly focusing on perpetual trading. While dydx was initially launched on Ethereum’s layer 1 it introduced trading as a layer 2 solution for Ethereum in mid-2021 through zkRollups. The solution used for enabling zkRollups is StarkWare’s StarkEx (described above). Using the layer 2 solution instead of the layer 1 solution provides various improvements to trading like instant off-chain settlement. For a more detailed comparison of the benefits of the layer 2 approach please see this blog.

Sorare

Sorare uses ZKPs in an app for building your own soccer teams and trading your player cards. Like dydx, Sorare introduced its scaling solution of choice in the middle of 2021 by integrating the StarkEx Protocol. While there's nothing too special about Sorare, I think it is a great example of where the crypto (consumer) space is heading.

In a blog entry, Pierre Duperrin explained the reasoning behind Sorare’s decision to use Ethereum layer 2 scaling solutions that use ZKPs instead of other scaling solutions. The key argument for ZKPs seems to be the scalability trilemma. While there are other scaling solutions out there, ZKP-based solutions provide the advantage of not compromising on security or decentralization while increasing scalability.

Conclusion

ZKPs help to improve the scalability and privacy of a lot of existing solutions in the crypto space — for instance decentralized exchanges. Furthermore, ZKP can be a key enabler for the Web3.0 by improving privacy — not just on a transaction level but also on a network level. Users will be able to interact almost anonymously while still being able to provide the necessary information to participate in networks and applications.

Tools like Hyperledger Aries and networks like DuskNet will further enable businesses to utilize ZKP technology in privacy-preserving solutions. I can also think of scenarios where businesses will be able to integrate private solutions with public solutions. For example, using ZKP-enabled digital identities to participate in open markets privately. Personally, I am confident to say that crypto’s public sector (especially DeFi) will experience a lot of growth in 2022 and early 2023 through ZKP-based scalability improvements. This can already be seen by examples like Sorare or Loopring but will only accelerate once more applications integrate ZKPs.

51nodes GmbH is a provider of crypto-economy solutions based in Stuttgart, Germany.

51nodes supports companies and other organizations in realizing their Blockchain projects. 51nodes offers technical consulting and implementation with a focus on smart contracts, decentralized apps (DApps), integration of blockchain with industry applications, and tokenization of assets.

Improving Scalability and Privacy of Blockchains: 2022 Update on Zero-Knowledge Proofs was originally published in 51nodes on Medium, where people are continuing the conversation by highlighting and responding to this story.


KuppingerCole

Jun 23, 2022: Secure DevOps: Key to Software Supply Chain Security

In the modern world of flexible and remote working, it is useful for software engineers to be able to access and update source code from anywhere using any device, but the SolarWinds supply chain attack showed that it is essential to track every change for security and compliance reasons.
In the modern world of flexible and remote working, it is useful for software engineers to be able to access and update source code from anywhere using any device, but the SolarWinds supply chain attack showed that it is essential to track every change for security and compliance reasons.

Infocert (IT)

Daniele Citterio – CTO di InfoCert parlerà di Identità digitale al TRUSTED 2022

Il prossimo mercoledì 18 maggio, InfoCert parteciperà alla 3a edizione del TRUSTED, l’unico evento italiano dedicato alle evoluzioni dell’Information Technology sui temi relativi al Trust, alla Digital Identity, alla Biometria e alla Sicurezza Informatica. Parleremo di Identità Digitale nell’intervento curato dal CTO di InfoCert, Daniele Citterio. Nel suo speech: “L’era dell’Identità digitale: l’E

Il prossimo mercoledì 18 maggio, InfoCert parteciperà alla 3a edizione del TRUSTED, l’unico evento italiano dedicato alle evoluzioni dell’Information Technology sui temi relativi al Trust, alla Digital Identity, alla Biometria e alla Sicurezza Informatica.

Parleremo di Identità Digitale nell’intervento curato dal CTO di InfoCert, Daniele Citterio. Nel suo speech: “L’era dell’Identità digitale: l’European digital identity wallet come catalizzatore della transizione verso la self sovereign identity”, analizzeremo le strategie di lungo periodo elaborate dalla Commissione Europea in tema di Identità Digitale (EIDAS Toolbox  e Digital Europe Programme call for proposal); per poi concentrarci su l’iniziativa privata e gli use case abilitanti, come i  consorzi europei e DizmeID , una soluzione di digital wallet che vede InfoCert come soggetto promotore. Concluderemo poi con una vista dedicata alle evoluzioni che stanno portando il mercato da soluzioni di corporate wallet al progetto pilota “shared KYC” con Associazione Prestatori Servizi di Pagamento.

Infine, a partire dalle 12:30 Igor Marcolongo – Head of the Business Compliance di InfoCert, modererà un’intervista a Giuseppe Era – Product Manager Mobile Payment di Intesa Sanpaolo dal titolo “Il futuro dei digital payment fra PSD2 e antiriciclaggio: come contenere frodi, truffe o fenomeni di phishing?“
Verranno analizzate le ultime novità per un online banking sicuro, competitivo e in grado di poter rendere la UX protetta da minacce, rapportate con le difficoltà riguardanti agli aspetti di conformità normativa, la governance e la regolamentazione dei pagamenti digitali rispetto alle norme sulla PSD2.

Incontra InfoCert al Trusted 2022

Durante la manifestazione verranno presentati numerosi case study relativi alle evoluzioni tecnologiche in merito a temi come Strong Authentication, strumenti di Privileged Access Management per la prevenzione di frodi e gestione dei rischi legati all’utilizzo dell’Identità Digitale.

L’evento dà la possibilità a decision makers come CIO, COO, Digital e General Manager di Banche, Assicurazioni, Retail & Marketplace, Utilities & TLC, Aziende Sanitarie, Aziende Farmaceutiche, Automotive, Travel Services di confrontarsi sulle evoluzioni relative al Trust nel mondo dell’information technology. Durante la giornata sarà infatti possibile partecipare a tavole rotonde, momenti di approfondimento e confronto con diversi player del mercato che operano in ambito nazionale ed internazionale come InfoCert. 

Ecco gli ambiti che verranno approfonditi durante il Trusted & Digital Identity: 

prevenzione di frodi, furti identitari o falsificazione di informazioni sui canali digitali grazie a Robotica, AI e Biometria; sviluppo di nuovi driver a tutela delle minacce cyber e sviluppo di processi di autenticazione sicuri; tracciamento di flussi monetari sui canali digitali, contenimento dell’evasione fiscale, mitigazione delle frodi fiscali nelle relazioni fra istituti bancari e marketplace.

Vieni ad incontrarci al TRUSTED!

The post Daniele Citterio – CTO di InfoCert parlerà di Identità digitale al TRUSTED 2022 appeared first on InfoCert.


InfoCert – Tinexta Group presenta Legalmail Personal, la Posta Elettronica Certificata dedicata ai cittadini

Da oggi la PEC di Infocert – già scelta da oltre 2,9 milioni di imprese e professionisti -è disponibile anche per usi non professionali Roma, 17 maggio 2022 – InfoCert (Tinexta Group), la più grande Autorità di Certificazione europea, presenta Legalmail Personal, la casella di Posta Elettronica Certificata (PEC) Legalmail dedicata esclusivamente agli utenti non […] The post InfoCert – Tinexta Gr

Da oggi la PEC di Infocert – già scelta da oltre 2,9 milioni di imprese e professionisti -è disponibile anche per usi non professionali

Roma, 17 maggio 2022 – InfoCert (Tinexta Group), la più grande Autorità di Certificazione europea, presenta Legalmail Personal, la casella di Posta Elettronica Certificata (PEC) Legalmail dedicata esclusivamente agli utenti non professionali, per tutte le comunicazioni che necessitano di valore legale. Alternativa alla tradizionale raccomandata e più conveniente di una PEC dedicata ad imprese e professionisti, Legalmail personal è la nuova offerta InfoCert a supporto della digitalizzazione dei cittadini, in continuità con il successo di SPID che la società ha contribuito ad ottenere.

Con dominio @pecprivato.it, le caselle Legalmail Personal di InfoCert offrono – nella versione base – 1 gigabyte di spazio, la ricezione illimitata delle comunicazioni di terzi e un pacchetto di 5 invii inclusi.

Qualora si dovesse esaurire il plafond di GB a disposizione o di invii prima della scadenza, sarà possibile richiedere comodamente pacchetti addizionali. Viceversa, in caso di mancato utilizzo, giga e invii non andranno perduti ma saranno disponibili al rinnovo.

I servizi base Legalmail Personal possono essere arricchiti con tool extra di cybersecurity per phishing e password protection, per una difesa ancora più efficace dalle minacce informatiche.

“L’Italia sta progressivamente guadagnando posizioni in Europa in termini di digitalizzazione: lo testimonia il fatto che, nel giro di soli 5 anni, il nostro Paese è passato dalla venticinquesima alla ventesima posizione nel DESI Index. A raggiungere questo risultato hanno indubbiamente contribuito gli sforzi di professionisti, imprese e pubbliche amministrazioni in termini di trasformazione digitale, ma – parimenti – è stato fondamentale il cambio di passo compiuto dai cittadini, sempre più propensi a preferire i canali e gli strumenti digitali a quelli fisici e tradizionali.” Commenta Giuseppe Tusa, responsabile marketing di Legalmail, InfoCert – Tinexta Group “Per questo abbiamo realizzato la versione Personal della nostra storica PEC Legalmail: per offrire uno strumento semplice ed economico a tutti gli utenti privati che potranno inviare via PEC disdette di abbonamenti, iscriversi ad un concorso, gestire comunicazioni all’interno di associazioni o condomini e scambiare messaggi certificati alla PA.”

Come tutte le altre versioni di Legalmail, anche la casella Personal – disponibile in promozione da 4,90 euro fino al 31 luglio, IVA inclusa – è utilizzabile via WEB, tramite App mobile ed è anche integrabile nel client di posta già in uso dall’utente per l’invio e la ricezione dei messaggi e-mail “tradizionali.

InfoCert SpA

InfoCert, Tinexta Group, è la più grande Certification Authority europea, attiva in oltre venti Paesi. La società eroga servizi di digitalizzazione, eDelivery, Firma Digitale e conservazione digitale dei documenti ed è gestore accreditato AgID dell’identità digitale nell’ambito di SPID (Sistema Pubblico per la gestione dell’Identità Digitale). InfoCert investe in modo significativo nella ricerca e sviluppo e nella qualità: detiene un significativo numero di brevetti mentre le certificazioni di qualità ISO 9001, 27001 e 20000 testimoniano l’impegno ai massimi livelli nell’erogazione dei servizi e nella gestione della sicurezza. Il Sistema di Gestione della Sicurezza delle Informazioni InfoCert è certificato ISO/IEC 27001:2013 per le attività EA:33-35. InfoCert è leader europeo nell’offerta di servizi di Digital Trust pienamente conformi ai requisiti del Regolamento eIDAS (regolamento UE 910/2014) e agli standard ETSI EN 319 401, e punta a crescere sempre di più a livello internazionale anche mediante acquisizioni: detiene il 60% di CertEurope, la più grande Certification Authority di Francia, il 51% di Camerfirma, una delle principali autorità di certificazione spagnole, il 16,7% di Authada, Identity Provider tedesco all’avanguardia. InfoCert, infine, è proprietaria dell’80% delle azioni di Sixtema SpA, il partner tecnologico del mondo CNA, che fornisce soluzioni tecnologiche e servizi di consulenza a PMI, associazioni di categoria, intermediari finanziari, studi professionali ed enti.

Tinexta Group

Tinexta, Tinexta, quotata al segmento Euronext STAR, ha riportato i seguenti Risultati consolidati al 31 dicembre 2021: Ricavi pari a Euro 375,4 milioni, EBITDA pari a Euro 98,7 milioni e Utile netto pari a Euro 39,6 milioni. Tinexta Group è tra gli operatori leader in Italia nelle quattro aree di business: Digital Trust, Cybersecurity, Credit Information & Management e Innovation & Marketing Services. La Business Unit Digital Trust eroga, attraverso le società InfoCert S.p.A., Visura S.p.A., Sixtema S.p.A. e la società spagnola Camerfirma S.A., prodotti e soluzioni per la digitalizzazione: firma digitale, identità digitale, onboarding di clientela, fatturazione elettronica e posta elettronica certificata (PEC) per grandi aziende, banche, società di assicurazione e finanziarie, PMI, associazioni e professionisti. La Business Unit Cybersecurity opera attraverso le società Yoroi, Swascan e Corvallis e costituisce uno dei poli nazionali nella ricerca ed erogazione delle soluzioni più avanzate per la protezione e la sicurezza dei dati. Nella Business Unit Credit Information & Management, Innolva S.p.A. e le sue controllate offrono servizi a supporto dei processi decisionali (informazioni camerali e immobiliari, report aggregati, rating sintetici, modelli decisionali, valutazione e recupero del credito) e RE Valuta S.p.A. offre servizi immobiliari (perizie e valutazioni). Nella Business Unit Innovation & Marketing Services, Warrant Hub S.p.A. è leader nella consulenza in finanza agevolata e innovazione industriale, mentre Co.Mark S.p.A. fornisce consulenze di Temporary Export Management alle PMI per supportarle nell’espansione commerciale.  Al 31 dicembre 2021 il personale del Gruppo ammontava a 2.393 dipendenti.

Per maggiori informazioni:

InfoCertPress Relations AdvisorBMP Comunicazione per InfoCertteam.infocert@bmpcomunicazione.itPietro Barrile +393207008732 – Michela Mantegazza +393281225838 – Francesco Petrella +393452731667www.infocert.itTinexta S.p.A.Chief Investor Relations OfficerJosef Mastragostino investor@tinexta.comChief External Relations & Communication Officer Alessandra Ruzzu+39 331 622 4168alessandra.ruzzu@tinexta.comPress Office ManagerCarla Piro ManderTel. +39 06 42 01 26 31carla.piro@tinexta.comMedia AdvisorBarabino & Partners S.p.A.Foro Buonaparte, 22 – 20121 MilanoTel.: +39 02 7202 3535Stefania Bassi: +39 335 6282 667s.bassi@barabino.itSpecialistIntermonte SIM S.p.A.Corso V. Emanuele II, 9 – 20122 MilanoTel.: +39 02 771151

The post InfoCert – Tinexta Group presenta Legalmail Personal, la Posta Elettronica Certificata dedicata ai cittadini appeared first on InfoCert.


Identosphere Identity Highlights

Identosphere 82 • OpenID & VC Paper released • Chain Agnostic Standards Alliance • SoulBound Tokens for Decentralized Society?

Weekly review of news surrounding decentralized identity: policy, standardization, data privacy, events and other updates.
✨Identosphere Ships: thanks to readers like you!✨ Support Identosphere on Patreon …or reach out to Kaliya directly.

Read previous issues and Subscribe : newsletter.identosphere.net

Contact \ Content Submissions: newsletter [at] identosphere [dot] net

Upcoming

Conversation with Kaliya Young "Identity Woman" at Newspeak House 5/17 (with Kaliya Tonight in London!)

Complex harms reduction through co-design of socio-technical systems in FinTech HXWG 5/18 TOIP

AGENCY - Complex harms reduction through co-design of socio-technical systems 5/19

Travel & Hospitality Biometrics Online Summit FindBiometrics 5/28 (register)

ID4Africa Marrakesh 6/15-16 (Kaliya will be there in advance)

IAM and SSI: A Combined Approach to Digital Identity 6/15 TOIP

Kaliya hosting a meetup in the Netherlands on 6/18 (details TBD) reach out if interested

Identiverse in Denver 6/21-24 (Kaliya is talking there)

Thoughtful Biometrics Workshop - Mid July virtual

Decentralized Web Camp 8/24-28 in Northern California (Kaliya’s attending & encouraging SSI folks to participate)

Internet Identity Workshop #35 11/14-16, Mountain View California

Explainers Compare and Contrast — Federated Identity vs Self-sovereign Identity Affinidi What is Self-Sovereign Identity? Tangle Labs Self-sovereign identity system: Blockchain-based tech for identity verification Economic Times

Relative to the Indian context

Professor Manindra Agrawal, Department of CSE, IIT Kanpur, explains how the self-sovereign identity system can ease issues like certification, verification and eliminate forgery of identity using blockchain technology.

Digital sovereignty: Reclaiming your private data in Web3 Cointelegraph

this is a collaborative effort — one bigger than a single individual or organization — and the whole Web3 space should work together.

SteveWilson Considering SSI critics

I reckon most cases of over-identification stem either from bad habits (e.g. RPs gathering circumstantial AuthN signals) or from Surveillance Capitalism. Either way, better deals for users will come from better design, not by weaponising Digital Identity (SSI, DIDs).

Digital Identity Convenience Christine Martin, Continuum Loop

You will take back control of your identity and hold it. Not Facebook, not Google, and you will decide what credentials to share on a need-to-know basis. We don’t have to be scared of the shift; we have to ensure the architecture is built ethically for all

Policy Crypto Regulatory Affairs: Governor of California Signs Blockchain Executive Order Elliptic

On May 4th, California Governor Gavin Newsom signed into effect a “Blockchain Executive Order”
“[to] assess how to deploy blockchain technology for state and public institutions, and build research and workforce development pathways to prepare Californians for success in this industry”. 

We Applaud the Confirmation of New FTC Commissioner, Alvaro Bedoya Me2Ba

Bedoya’s research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the Center on Privacy & Technology at Georgetown Law to focus on the importance of consumer privacy rights. 

Response to FinCEN RFI Centre

In this letter, we focus on two questions relevant to identifying Bank Secrecy Act (“BSA”) regulations and  guidance that may be outdated, redundant, or do not promote a risk-based AML/CFT regulatory regime  for financial institutions. 

Trust in the digital space Lissi ID

Would we rather have a high level of security or self-sovereignty? Unfortunately, the two aspects are at different ends of the spectrum. If we only allow pre-verified and approved parties to retrieve identity data, as currently envisaged by the eIDAS regulation, this severely restricts usage

Standardization OpenID for Verifiable Credentials OpenID (Whitepaper)

to inform and educate the readers about the work on the OpenID for Verifiable Credentials (OpenID4VC) specifications family. It addresses use-cases referred to as Self-Sovereign Identity, Decentralized Identity, or User-Centric Identity.

Indicio completes Hyperledger Indy DID Method—A Milestone in the Evolution of DID Interop

The Indy DID Method paves the way for Hyperledger Indy credentials to scale globally by allowing Indy networks to seamlessly interoperate and create a “network-of-networks” effect.

Chain Agnostic Standards Alliance

The Chain Agnostic Standards Alliance (CASA) is a collection of working groups dedicated blockchain protocol-agnostic standards. CASA also publishes Chain Agnostic Improvement Proposals which describe standards created by the different working groups.

Company News Video: #MARK Studio - Create tamper-proof, secure and globally verifiable digital credentials instantly Dhiway Networks  Web 3 & Identity Decentralized Society: Finding Web3's Soul

New paper by Glen Wheyl 

Key to this sociality is decomposable property rights and enhanced governance mechanisms—such as quadratic funding discounted by correlation scores—that reward trust and cooperation while protecting networks from capture, extraction, and domination. With such augmented sociality, web3 can eschew today’s hyper-financialization in favor of a more transformative, pluralist future of increasing returns across social distance.

Presentation: Extending Sign-In with Ethereum SpruceID @ CASA Gathering 2022

a number of breakout sessions took place, including a session on how Sign-In with Ethereum, CACAOs, and UCANs interoperate, and even one on a unified standard for wallet authentication (sign in with 'x').  

Cautionary Tales from Cryptoland Molly White, HBR

The ideological argument for Web3 is very compelling, and I personally hold many of the same ideals. I strongly believe in working toward a more equitable and accessible financial system, creating a fairer distribution of wealth in society

WEB2 VS WEB3 Ethereum.org
SSI “Neighbors”  Soulbound tokens - Otters for DAOs? Otterspace

Our vision is to give DAOs the tools to better represent the varying nature of membership, improve member engagement, coordination and distribution of power and permission. By doing so, we also aim to progressively improve their autonomy and permissionlessness, while surfacing clear paths and incentives for individual members to deepen their participation. 💪

Trust Graph with video Harlan Wood

REPUTATION FOR DECENTRALIZED ECOSYSTEMS

Trust Graph is an open protocol for sourcing & rendering Trust relationships

It is a toolkit for building and reading distributed Trust Graphs

An ambitious plan to create interoperability between existing and future Trust Networks

Compatible with existing rating schemes (scores, percentages, star ratings, etc)

Open Source (Apache licensed)

Identity not SSI Will users and organizations have trust in keys roaming via the cloud?

the FIDO Alliance, a set of open, scalable, and interoperable specifications has been developed to replace passwords as a secure authentication method for online services. The alliance has also worked with companies such as Microsoft, Google, and Apple  to integrate and adopt FIDO standards across their operating systems.

What does it take to develop human-centric solutions for the built environment? MyData (Video)

Building better, more human-centric solutions in smart cities starts by realising that citizens and their digital footprints are not merely aspects to monitor and evaluate. They are active participants in the cities we live and work together and need to be engaged in designing better cities and managing the data about themselves. This is not important only for respecting citizens’ rights, but it is crucial to building sustainable services and humane cities.

Steve asks a very good question

Is there a body of knowledge out there about false intuitions (like ancient Greek intuitive physics) and the way poor metaphors can hold back progress? I'm thinking of how digital identity has been misconceived and badly framed.

Interesting Visualizing Everyone that has Ever Lived

Max Roser with Our World in Data had the idea to turn us all into grains of sand within an hourglass, and to equate the passing of people to the passing of time. 

✨Thanks for Reading!✨

Read More \ Subscribe: newsletter.identosphere.net

Support this publication: patreon.com/identosphere

Contact \ Submissions: newsletter [at] identosphere [dot] net


Infocert (IT)

ARRIVA LEGALMAIL PERSONAL, LA NUOVA PEC PER PRIVATI INFOCERT.

Legalmail Personal, la nuova casella di posta certificata, nasce per soddisfare le esigenze dei cittadini che utilizzano la PEC non a scopo lavorativo. Con dominio @pecprivato.it, le caselle Legalmail Personal offrono 1 gigabyte di spazio, la ricezione illimitata delle comunicazioni di terzi e un pacchetto di 5 invii inclusi al prezzo promozionale per il primo […] The post ARRIVA LEGALMAIL PERSO

Legalmail Personal, la nuova casella di posta certificata, nasce per soddisfare le esigenze dei cittadini che utilizzano la PEC non a scopo lavorativo. Con dominio @pecprivato.it, le caselle Legalmail Personal offrono 1 gigabyte di spazio, la ricezione illimitata delle comunicazioni di terzi e un pacchetto di 5 invii inclusi al prezzo promozionale per il primo anno di 4,90€ IVA inclusa.

Scopri Legalmail Personal

Una volta terminato il plafond di GB a disposizione o il numero di invii disponibili prima della scadenza prevista,  ci sarà sempre la possibilità di richiedere pacchetti addizionali. Inoltre, i servizi base Legalmail Personal possono essere ulteriormente arricchiti con toolextra di cybersecurity come Legalmail phishing protection e Legalmail password protection, per difendere la propria casella dagli attacchi informatici sempre più diffusi sul web.

Con Legalmail Personal, InfoCert è ancora una volta in prima linea nel favorire un processo già avviato da qualche anno in Italia: quello di digitalizzazione,  un processo che va a incontro alle esigenze dei cittadini sempre più propensi ai canali e strumenti digitali.

Acquista Legalmail Personal

The post ARRIVA LEGALMAIL PERSONAL, LA NUOVA PEC PER PRIVATI INFOCERT. appeared first on InfoCert.


Elliptic

Yellen Calls For Greater Stablecoin Regulation after UST Crash

US Secretary of the Treasury Janet Yellen has called for far greater regulation of the stablecoin market amid last week’s unprecedented volatility of TerraUSD (UST). The popular algorithmically-backed stablecoin was supposed to maintain a value of one dollar, but it fell to as low as 9 cents on May 16th. Previously, Janet Yellen had spoken quite positively and optimistically in regard t

US Secretary of the Treasury Janet Yellen has called for far greater regulation of the stablecoin market amid last week’s unprecedented volatility of TerraUSD (UST). The popular algorithmically-backed stablecoin was supposed to maintain a value of one dollar, but it fell to as low as 9 cents on May 16th. Previously, Janet Yellen had spoken quite positively and optimistically in regard to the stablecoin market and its potential for financial innovation and inclusion. Her remarks towards stablecoins were particularly hopeful considering her longstanding criticism of cryptoassets for reasons of volatility and overwhelming risk to the market. 


bankless

The Astrological Crypto Maven with Maren Altman | Layer Zero

Crypto is a multidisciplinary field. Whether it’s finance, sociology, history, or philosophy—the list goes on. However, what about astrology? Can crypto be predicted using it? Maren makes the case for why. And she's got the track record to prove it. In this episode, we dive into Maren’s astrological crypto trading methods, her responses to the main critiques, what lies ahead in the coming months

Crypto is a multidisciplinary field. Whether it’s finance, sociology, history, or philosophy—the list goes on. However, what about astrology? Can crypto be predicted using it? Maren makes the case for why. And she's got the track record to prove it.

In this episode, we dive into Maren’s astrological crypto trading methods, her responses to the main critiques, what lies ahead in the coming months and remaining decade, and so much more.

------ 📣 ALCHEMIX | Get a self-repaying loan today! https://bankless.cc/Alchemix 

------ 🚀 SUBSCRIBE TO NEWSLETTER: https://newsletter.banklesshq.com/  🎙️ SUBSCRIBE TO PODCAST: http://podcast.banklesshq.com/ 

------ BANKLESS SPONSOR TOOLS:

⚖️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum 

❎ ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across 

🏦 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA 

👻 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave 

⚡️ LIDO | LIQUID ETH STAKING https://bankless.cc/lido 

🔐 LEDGER | NANO S PLUS WALLET https://bankless.cc/Ledger 

------ Topics Covered:

0:00 Intro 4:20 Who is Maren & Astrology? 8:00 The Method to Predicting 10:06 Critiques of the Method 15:20 Predicting the Collapse of UST 17:34 Maren’s Track Record & Reading 22:21 Gravitating Towards Crypto 27:41 The Maren Community 35:46 Prediction Timeframes & Cycles 37:54 What’s Coming in May, June & Beyond? 46:10 Multidisciplinary Alignment 47:53 Astrace & Other Things Maren’s Working On 57:37 David & Maren’s Signs

------ Resources:

Maren https://www.youtube.com/c/MarenAltman/videos  https://twitter.com/marenaltman  https://www.tiktok.com/@marenaltman 

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 


Okta

How to Build Micro Frontends Using Module Federation in Angular

The demands placed on front-end web applications continue to grow. As consumers, we expect our web applications to be feature-rich and highly performant. As developers, we worry about how to provide quality features and performance while keeping good development practices and architecture in mind. Enter micro-frontend architecture. Micro frontends are modeled after the same concept as microser

The demands placed on front-end web applications continue to grow. As consumers, we expect our web applications to be feature-rich and highly performant. As developers, we worry about how to provide quality features and performance while keeping good development practices and architecture in mind.

Enter micro-frontend architecture. Micro frontends are modeled after the same concept as microservices, as a way to decompose monolithic frontends. You can combine micro-sized frontends to form a fully-featured web app. Since each micro frontend can be developed and deployed independently, you have a powerful way of scaling out frontend applications.

So what does the micro-frontend architecture look like? Let’s say you have an e-commerce site that looks as stunning as this one:

You might have a shopping cart, account information for registered users, past orders, payment options, etc. You might be able to further categorize these features into domains, each of which could be a separate micro frontend, also known as a remote. The collection of micro-frontend remotes is housed inside another website, the host of the web application.

So, your e-commerce site using micro frontends to decompose different functionality might look like this diagram, where the shopping cart and account features are in their separate routes within your Single Page Application (SPA):

You might be saying, “Micro frontends sound cool, but managing the different frontends and orchestrating state across the micro frontends also sounds complicated.” You’re right. The concept of a micro frontend has been around for a few years and rolling your own micro-frontend implementation, shared state, and tools to support it was quite an undertaking. However, micro frontends are now well supported with Webpack 5 and Module Federation. Not all web apps require a micro-frontend architecture, but for those large, feature-rich web apps that have started to get unwieldy, the first-class support of micro frontends in our web tooling is definitely a plus.

This post is part one in a series where we’ll build an e-commerce site using Angular and micro frontends. We’ll use Webpack 5 with Module Federation to support wiring the micro frontends together. Then we’ll demonstrate sharing authenticated state between the different frontends, and deploy it all to a free cloud hosting provider.

In this first post, we’ll explore a starter project and understand how the different apps connect, add authentication using Okta, and add the wiring for sharing authenticated state. In the end, you’ll have an app that looks like this:

Prerequisites

Node This project was developed using Node v16.14 with npm v8.5 Angular CLI Okta CLI

Table of Contents

Micro-frontend starter using Webpack 5 and Module Federation Add authentication using OpenID Connect Create a new Angular application Module Federation for your Angular application Micro-frontend state management Next steps Learn about Angular, OpenID Connect, micro frontends, and more Micro-frontend starter using Webpack 5 and Module Federation

There’s a lot in this web app! We’ll use a starter code to make sure we focus on the code that’s specific to the micro frontend. If you’re dismayed that you’re using a starter and not starting from scratch, don’t worry. I’ll provide the Angular CLI commands to recreate the structure of this starter app on the repository’s README.md so you have all the instructions.

Clone the Angular Micro Frontend Example GitHub repo by following the steps below and open the repo in your favorite IDE.

git clone https://github.com/oktadev/okta-angular-microfrontend-example.git cd okta-angular-microfrontend-example npm ci

Let’s dive into the code! 🎉

We have an Angular project with two applications and one library inside the src/projects directory. The two applications are named shell and mfe-basket, and the library is named shared. The shell application is the micro-frontend host, and the mfe-basket is a micro-frontend remote application. The shared library contains code and application state we want to share across the site. When you apply the same sort of diagram shown above for this app, it looks like this:

In this project, we use the @angular-architects/module-federation dependency to help encapsulate some of the intricacies of configuring Webpack and the Module Federation plugin. The shell and mfe-basket application have their own separate webpack.config.js. Open the projects/shell/webpack.config.js file for either the shell or mfe-basket application to see the overall structure. This file is where we add in the wiring for the hosts, remotes, shared code, and shared dependencies in the Module Federation plugin. The structure will be different if you aren’t using the @angular-architects/module-federation dependency, but the basic idea for configuration remains the same.

Let’s explore the sections of this config file.

// ...imports here const sharedMappings = new mf.SharedMappings(); sharedMappings.register( path.join(__dirname, '../../tsconfig.json'), [ '@shared' ]); module.exports = { // ...other very important config properties plugins: [ new ModuleFederationPlugin({ library: { type: "module" }, // For remotes (please adjust) // name: "shell", // filename: "remoteEntry.js", // exposes: { // './Component': './projects/shell/src/app/app.component.ts', // }, // For hosts (please adjust) remotes: { "mfeBasket": "http://localhost:4201/remoteEntry.js", }, shared: share({ // ...important external libraries to share ...sharedMappings.getDescriptors() }) }), sharedMappings.getPlugin() ], };

In the webpack.config.js for mfe-basket, you’ll see the path for @shared at the top of the file and the configuration to identify what to expose in the remote application.

The shell application serves on port 4200, and the mfe-basket application serves on port 4201. We can open up two terminals to run each application, or we can use the following npm script created for us by the schematic to add @angular-architects/module-federation:

npm run run:all

When you do so, you’ll see both applications open in your browser and how they fit together in the shell application running on port 4200. Click the Basket button to navigate to a new route that displays the BasketModule in the mfe-basket application. The sign-in button doesn’t work quite yet, but we’ll get it going here next.

Note - Another option I could have used for the starter is a Nx workspace. Nx has great tooling and built-in support for building micro frontends with Webpack and Module Federation. But I wanted to go minimalistic on the project tooling so you’d have a chance to dip your toes into some of the configuration requirements.

The @shared syntax might look a little unusual to you. You may have expected to see a relative path to the library. The @shared syntax is an alias for the library’s path, which is defined in the project’s tsconfig.json file. You don’t have to do this. You can leave libraries using the relative path, but adding aliases makes your code look cleaner and helps ensure best practices for code architecture.

Because the host application doesn’t know about the remote applications except in the webpack.config.js, we help out the TypeScript compiler by declaring the remote application in decl.d.ts. You can see all the configuration changes and source code made for the starter in this commit.

Add authentication using OpenID Connect

One of the most useful features of Module Federation is managing shared code and state. Let’s see how this all works by adding authentication to the project. We’ll use the authenticated state in the existing application and with a new micro frontend.

Before you begin, you’ll need a free Okta developer account. Install the Okta CLI and run okta register to sign up for a new account. If you already have an account, run okta login. Then, run okta apps create. Select the default app name, or change it as you see fit. Choose Single-Page App and press Enter.

Use http://localhost:4200/login/callback for the Redirect URI and set the Logout Redirect URI to http://localhost:4200.

What does the Okta CLI do?

The Okta CLI will create an OIDC Single-Page App in your Okta Org. It will add the redirect URIs you specified and grant access to the Everyone group. It will also add a trusted origin for http://localhost:4200. You will see output like the following when it’s finished:

Okta application configuration: Issuer: https://dev-133337.okta.com/oauth2/default Client ID: 0oab8eb55Kb9jdMIr5d6

NOTE: You can also use the Okta Admin Console to create your app. See Create an Angular App for more information.

Make a note of the Issuer and the Client ID. You’ll need those values here soon.

We’ll use the Okta Angular and Okta Auth JS libraries to connect our Angular application with Okta authentication. Add them to your project by running the following command.

npm install @okta/okta-angular@5.2 @okta/okta-auth-js@6.4

Next, we need to import the OktaAuthModule into the AppModule of the shell project and add the Okta configuration. Replace the placeholders in the code below with the Issuer and Client ID from earlier.

import { OKTA_CONFIG, OktaAuthModule } from '@okta/okta-angular'; import { OktaAuth } from '@okta/okta-auth-js'; const oktaAuth = new OktaAuth({ issuer: '/oauth2/default', clientId: '{yourClientID}', redirectUri: window.location.origin + '/login/callback', scopes: ['openid', 'profile', 'email'] }); @NgModule({ ... imports: [ ..., OktaAuthModule ], providers: [ { provide: OKTA_CONFIG, useValue: { oktaAuth } } ], ... })

After authenticating with Okta, we need to set up the login callback to finalize the sign-in process. Open app-routing.module.ts in the shell project and update the routes array as shown below.

import { OktaCallbackComponent } from '@okta/okta-angular'; const routes: Routes = [ { path: '', component: ProductsComponent }, { path: 'basket', loadChildren: () => import('mfeBasket/Module').then(m => m.BasketModule) }, { path: 'login/callback', component: OktaCallbackComponent } ];

Now that we’ve configured Okta in the application, we can add the code to sign in and sign out. Open app.component.ts in the shell project. We will add the methods to sign in and sign out using the Okta libraries. We’ll also update the two public variables to use the actual authenticated state. Update your code to match the code below.

import { Component, Inject } from '@angular/core'; import { filter, map, Observable, shareReplay } from 'rxjs'; import { OKTA_AUTH, OktaAuthStateService } from '@okta/okta-angular'; import { OktaAuth } from '@okta/okta-auth-js'; @Component({ selector: 'app-root', templateUrl: './app.component.html', styles: [] }) export class AppComponent { public isAuthenticated$: Observable<boolean> = this.oktaStateService.authState$ .pipe( filter(authState => !!authState), map(authState => authState.isAuthenticated ?? false), shareReplay() ); public name$: Observable<string> = this.oktaStateService.authState$ .pipe( filter(authState => !!authState && !!authState.isAuthenticated), map(authState => authState.idToken?.claims.name ?? '') ); constructor(private oktaStateService: OktaAuthStateService, @Inject(OKTA_AUTH) private oktaAuth: OktaAuth) { } public async signIn(): Promise<void> { await this.oktaAuth.signInWithRedirect(); } public async signOut(): Promise<void> { await this.oktaAuth.signOut(); } }

We need to add the click handlers for the sign-in and sign-out buttons. Open app.component.html in the shell project. Update the code for Sign In and Sign Out buttons as shown.

<li> <button *ngIf="(isAuthenticated$ | async) === false; else logout" class="flex items-center transition ease-in delay-150 duration-300 h-10 px-4 rounded-lg hover:border hover:border-sky-400" (click)="signIn()" > <span class="material-icons-outlined text-gray-500">login</span> <span>&nbsp;Sign In</span> </button> <ng-template #logout> <button class="flex items-center transition ease-in delay-150 duration-300 h-10 px-4 rounded-lg hover:border hover:border-sky-400" (click)="signOut()" > <span class="material-icons-outlined text-gray-500">logout</span> <span>&nbsp;Sign Out</span> </button> </ng-template> </li>

Try running the project using npm run run:all. Now you’ll be able to sign in and sign out. And when you sign in, a new button for Profile shows up. Nothing happens when you click it, but we’re going to create a new remote, connect it to the host, and share the authenticated state here next!

Create a new Angular application

Now you’ll have a chance to see how a micro-frontend remote connects to the host by creating a micro-frontend app that shows the authenticated user’s profile information. Stop serving the project and run the following command in the terminal to create a new Angular application in the project:

ng generate application mfe-profile --routing --style css --inline-style --skip-tests

With this Angular CLI command you

Generated a new application named mfe-profile, which includes a module and a component Added a separate routing module to the application Defined the CSS styles to be inline in the components Skipped creating associated test files for the initial component

You’ll now create a component for the default route, HomeComponent, and a module to house the micro frontend. We could wire up the micro frontend to only use a component instead of a module. In fact, a component will cover our needs for a profile view, but we’ll use a module so you can see how each micro frontend can grow as the project evolves. Run the following two commands in the terminal:

ng generate component home --project mfe-profile ng generate module profile --project mfe-profile --module app --routing --route profile

With these two Angular CLI commands you:

Created a new component, HomeComponent, in the mfe-profile application Created a new module, ProfileModule, with routing and a default component, ProfileComponent. You also added the ProfileModule as a lazy-loaded route using the ‘/profile’ path to the AppModule.

Let’s update the code. First, we’ll add the default route. Open projects/mfe-profile/src/app/app-routing.module.ts and add a new route for HomeComponent. Your route array should match the code below.

const routes: Routes = [ { path: '', component: HomeComponent }, { path: 'profile', loadChildren: () => import('./profile/profile.module').then(m => m.ProfileModule) } ];

Next, we’ll update the AppComponent and HomeComponent templates. Open projects/mfe-profile/src/app/app.component.html and delete all the code in there. Replace it with the following:

<h1>Hey there! You're viewing the Profile MFE project! 🎉</h1> <router-outlet></router-outlet>

Open projects/mfe-profile/src/app/home/home.component.html and replace all the code in the file with:

<p> There's nothing to see here. 👀 <br/> The MFE is this way ➡️ <a routerLink="/profile">Profile</a> </p>

Finally, we can update the code for the profile. Luckily, Angular CLI took care of a lot of the scaffolding for us. So we just need to update the component’s TypeScript file and the template.

Open projects/mfe-profile/src/app/profile/profile.component.ts and edit the component to add the two public properties and include the OktaAuthStateService in the constructor:

import { Component, OnInit } from '@angular/core'; import { OktaAuthStateService } from '@okta/okta-angular'; import { filter, map } from 'rxjs'; @Component({ selector: 'app-profile', templateUrl: './profile.component.html', styles: [] }) export class ProfileComponent { public profile$ = this.oktaStateService.authState$.pipe( filter(state => !!state && !!state.isAuthenticated), map(state => state.idToken?.claims) ); public date$ = this.oktaStateService.authState$.pipe( filter(state => !!state && !!state.isAuthenticated), map(state => (state.idToken?.claims.auth_time as number) * 1000), map(epochTime => new Date(epochTime)), ); constructor(private oktaStateService: OktaAuthStateService) { } }

Next, open the corresponding template file and replace the existing code with the following:

<h3 class="text-xl mb-6">Your Profile</h3> <div *ngIf="profile$ | async as profile"> <p>Name: <span class="font-semibold">{{profile.name}}</span></p> <p class="my-3">Email: <span class="font-semibold">{{profile.email}}</span></p> <p>Last signed in at <span class="font-semibold">{{date$ | async | date:'full'}}</span></p> </div>

Try running the mfe-profile app by itself by running ng serve mfe-profile --open in the terminal. Notice when we navigate to the /profile route, we see a console error. We added Okta into the shell application, but now we need to turn the mfe-profile application into a micro frontend and share the authenticated state. Stop serving the application so we’re ready for the next step.

Module Federation for your Angular application

We want to use the schematic from @angular-architects/module-federation to turn the mfe-profile application into a micro frontend and add the necessary configuration. We’ll use port 4202 for this application. Add the schematic by running the following command in the terminal:

ng add @angular-architects/module-federation --project mfe-profile --port 4202

This schematic does the following:

Updates the project’s angular.json config file to add the port for the application and updates the builder to use a custom Webpack builder Creates the webpack.config.js files and scaffolds out default configuration for Module Federation

First, let’s add the new micro frontend to the shell application by updating the configuration in projects/mfe-profile/webpack.config.js. In the middle of the file, there’s a property for plugins with commented-out code. We need to finish configuring that. Since this application is a remote, we’ll update the snippet of code under the comment:

// For remotes (please adjust)

The defaults are mostly correct, except we have a module, not a component that we want to expose. If you want to expose a component instead, all you’d do is update which component to expose. Update the configuration snippet to expose the ProfileModule by matching the following code snippet:

// For remotes (please adjust) name: "mfeProfile", filename: "remoteEntry.js", exposes: { './Module': './projects/mfe-profile/src/app/profile/profile.module.ts', },

Now we can incorporate the micro frontend in the shell application. Open projects/shell/webpack.config.js. Here is where you’ll add the new micro frontend so that the shell application knows how to access it. In the middle of the file, inside the plugins array, there’s a property for remotes. The micro frontend in the starter code, mfeBasket, is already added to the remotes object. You’ll also add the remote for mfeProfile there, following the same pattern but replacing the port to 4202. Update your configuration to look like this.

// For hosts (please adjust) remotes: { "mfeBasket": "http://localhost:4201/remoteEntry.js", "mfeProfile": "http://localhost:4202/remoteEntry.js" },

We can update the code to incorporate the profile’s micro frontend. Open projects/shell/src/app/app-routing.module.ts. Add a path to the profile micro frontend in the routes array using the path ‘profile’. Your routes array should look like this.

const routes: Routes = [ { path: '', component: ProductsComponent }, { path: 'basket', loadChildren: () => import('mfeBasket/Module').then(m => m.BasketModule) }, { path: 'profile', loadChildren: () => import('mfeProfile/Module').then(m => m.ProfileModule)}, { path: 'login/callback', component: OktaCallbackComponent } ];

What’s this!? The IDE flags the import path as an error! The shell application code doesn’t know about the Profile module, and TypeScript needs a little help. Open projects/shell/src/decl.d.ts and add the following line of code.

declare module 'mfeProfile/Module';

The IDE should be happier now. 😀

Next, update the navigation button for Profile in the shell application to route to the correct path. Open projects/shell/src/app/app.component.html and find the routerLink for the Profile button. It should be approximately on line 38. Currently the routerLink configuration is routerLink="/", but it should now be

<a routerLink="/profile">

This is everything we need to do to connect the micro-frontend remote to the host application, but we also want to share authenticated state. Module Federation makes sharing state a piece of (cup)cake.

Micro-frontend state management

To share a library, you need to configure the library in the webpack.config.js. Let’s start with shell. Open projects/shell/src/webpack.config.js.

There are two places to add shared code. One place is for code implementation within the project, and one is for shared external libraries. In this case, we can share the Okta external libraries as we didn’t implement a service that wraps Okta’s auth libraries, but I will point out both places.

First, we’ll add the Okta libraries. Scroll down towards the bottom of the file to the shared property. You’ll follow the same pattern as the @angular libraries already in the list and add the singleton instances of the two Okta libraries as shown in this snippet:

shared: share({ // other Angular libraries remain in the config. This is just a snippet "@angular/router": { singleton: true, strictVersion: true, requiredVersion: 'auto' }, "@okta/okta-angular": { singleton: true, strictVersion: true, requiredVersion: 'auto' }, "@okta/okta-auth-js": { singleton: true, strictVersion: true, requiredVersion: 'auto' }, ...sharedMappings.getDescriptors() })

When you create a library within this project, like the basket service and project service in the starter code, you add the library to the sharedMappings array at the top of the webpack.config.js file. If you create a new library to wrap Okta’s libraries, this is where you’d add it.

Now that you’ve added the Okta libraries to the micro-frontend host, you need to also add them to the remotes that consume the dependencies. In our case, only the mfe-profile application uses Okta authenticated state information. Open projects/mfe-profile/webpack.config.js. Add the two Okta libraries to the shared property as you did for the shell application.

Now, you should be able to run the project using npm run run:all, and the cupcake storefront should allow you to log in, see your profile, log out, and add items to your cupcake basket!

Next steps

I hope you enjoyed this first post on creating an Angular micro-frontend site. We explored the capabilities of micro frontends and shared state between micro frontends using Webpack’s Module Federation in Angular. You can check out the completed code for this post in the local branch in the @oktadev/okta-angular-microfrontend-example GitHub repo by using the following command:

git clone --branch local https://github.com/oktadev/okta-angular-microfrontend-example.git

Stay tuned for part two. I’ll show how to prepare for deployment by transitioning to dynamic module loading and deploying the site to a free cloud provider.

Learn about Angular, OpenID Connect, micro frontends, and more

Can’t wait to learn more? If you liked this post, check out the following.

Three Ways to Configure Modules in Your Angular App Add OpenID Connect to Angular Apps Quickly Loading Components Dynamically in an Angular App How to Win at UI Development in the World of Microservices Micro Frontends with Angular, Module Federation, and Auth0

Don’t forget to follow us on Twitter and subscribe to our YouTube channel for more exciting content. We also want to hear from you about what tutorials you want to see. Leave us a comment below.

Monday, 16. May 2022

KuppingerCole

Analyst Chat #124: Market Compass "Policy-Based Access Management"

Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native use cases. They hint at several sessions on policy-based and cloud-native access control at EIC as well, so f

Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native use cases. They hint at several sessions on policy-based and cloud-native access control at EIC as well, so for those interested in learning even more on modern authorization, either the Market Compass itself or the EIC recordings are perfect starting points after listening to/watching this episode.




Attendees at the European Identity and Cloud Conference 2022




Impressions from the European Identity and Cloud Conference 2022




FindBiometrics

Domino’s Stranger Things App Gives Customers ‘Telekinetic Powers’ Using Biometrics

Domino’s and Netflix are trying to use mobile biometric technology to give people a taste of telekinetic power. The technology is being rolled out in the form of an Android […] The post Domino’s Stranger Things App Gives Customers ‘Telekinetic Powers’ Using Biometrics appeared first on FindBiometrics.
Domino’s and Netflix are trying to use mobile biometric technology to give people a taste of telekinetic power. The technology is being rolled out in the form of an Android and iOS app that is intended to promote the new season of Netflix’s Stranger Things. The popular TV show pits (more…)

The post Domino’s Stranger Things App Gives Customers ‘Telekinetic Powers’ Using Biometrics appeared first on FindBiometrics.


Innovatrics and Blaize Bring Facial Recognition to the Edge

Innovatrics and Blaize are joining forces to improve facial recognition at the edge. To that end, the two companies will pair Innovatrics’ SmartFace Embedded facial recognition algorithm with Blaize’s Pathfinder […] The post Innovatrics and Blaize Bring Facial Recognition to the Edge appeared first on FindBiometrics.
Innovatrics and Blaize are joining forces to improve facial recognition at the edge. To that end, the two companies will pair Innovatrics’ SmartFace Embedded facial recognition algorithm with Blaize’s Pathfinder P1600 Embedded System on Module (SoM) for edge devices. The joint solution turns a regular security camera into a smart (more…)

The post Innovatrics and Blaize Bring Facial Recognition to the Edge appeared first on FindBiometrics.


Coinfirm

Coinfirm Analyses Top Hydra Darknet Market Fund Flows

The following is taken from the Crypto Compliance: Unique Cases and State of Regulatory Landscape in 2022 guide. Coinfirm was founded in 2016 with the mission to make the blockchain economy a safer space and to prove that the technology promises an improvement to the traditional financial system. For instance, some material benefits due to...
The following is taken from the Crypto Compliance: Unique Cases and State of Regulatory Landscape in 2022 guide. Coinfirm was founded in 2016 with the mission to make the blockchain economy a safer space and to prove that the technology promises an improvement to the traditional financial system. For instance, some material benefits due to...

Monetha

How Does Cash Back Work? All You Need to Know

Nobody likes spending excessive amounts of money. Be it Elon Musk, or your neighbor down the street. Fortunately, banks have stimulated spending money with credit cards at grocery stores, movie theaters, sports events, etc. over the years, with one very swift move — cash back. Well, what’s the trick? Where does this money come from? In this article, we will review what cash back is, how it w

Nobody likes spending excessive amounts of money. Be it Elon Musk, or your neighbor down the street. Fortunately, banks have stimulated spending money with credit cards at grocery stores, movie theaters, sports events, etc. over the years, with one very swift move — cash back.

Well, what’s the trick? Where does this money come from? In this article, we will review what cash back is, how it works, use cases, and 4 ways to earn cash back.

What is Cash Back?

Cashback is a way of getting money back when you’re buying something, and it’s a feature that some credit cards have. Instead of paying the full price for things you buy with your credit card, you get a percentage of that cash back.

Credit cards with cash back rewards offer a certain percentage of every qualifying purchase back. For example, if you buy a pair of shoes with your credit card that offers one percent cash back, you’ll receive one percent of the amount you spent on the boots back into your account.

While not every credit card and bank works with the same percentage, typically it’s between 1–2% on average, with some unique campaigns in which you can earn even a more considerable rate.

This is not an enormous amount of money, but the bigger your credit card bill, the more significant the saving you can potentially make. If you make $2 per 100 spent, imagine what will happen if you spend $10,000. That’s $200 out of nowhere.

However, you should pay attention to the condition set by credit card issuers, before you go on a shopping spree. Some of them have limits (for example, up to $5,000 or $6,000 are eligible for earning cash back).

How Does Cash Back Work?

As the name indicates, cash back is money you receive in some way — be it via cash back rewards, money back into your account, or any other means.

Cash back credit cards are just one of many rewards credit cards out there, but this type of card is so popular because it can pay out at a high rate. For example, you can earn 5% cash back on your first $1500 in purchases every month. These rewards can also help you avoid paying interest charges or come close to them since they pay out money you would have otherwise spent.

All you need to do is find out if the grocery stores, gas stations, or other businesses that you regularly shop from are eligible for cash back, as banks don’t redeem cash from every place out there.

What About Cash Back Credit Cards?

There should be something for the bank, as cash back doesn’t come for free. You know the old saying:

Money doesn’t grow on trees.

That’s also valid here. Each credit card company (like VISA, Mastercard, and Amex) makes its money by applying a transaction fee on card payments (it’s floating, but let’s assume it’s around 3%).

Since these companies are interested in you paying with a card rather than cash, they incentivize banks as mediators to offer you something in return. But banks also have another benefit — to promote their credit cards.

As we stated in the last point, not every place you shop from is eligible for cash back rewards. There is a criterion that should be met. Let’s see some of the common rules that apply:

Unapproved stores — if you’re shopping from your local cafeteria, you might not receive a cash back, as the store is not recognized as a trusted seller. Money exchange — if you use your money to exchange for another fiat currency, you won’t receive a cash back, as you are not spending money. Gambling — gambling or anything associated with betting is among the spending categories that won’t qualify as eligible. 4 Ways to earn cash back 1. Cash back credit cards

I have already mentioned credit cards as the main way to receive cash back, but I’ll repeat myself again. If you’re not using cash back cards, you’re literally wasting cash. It’s the most straightforward way to get a percentage of almost everything you purchase. You can usually get 2–3% if you have good credit scores.

2. Rewards sites

Another trend is rewards sites. They make things easier. Instead of getting a new credit card issued in your name and thinking of potential issues with interest and overspending, you can use rewards sites such as Monetha, where you receive awards for every purchase you make. You can then spend the cash rewards on gift cards from major shops and services, donate to charity, and even convert to crypto (visit Monetha now).

3. Coupon websites

You can find fantastic promotional codes and offers on sites like Groupon, Livingsocial, and Rakuten. Not only will you receive a great deal on your purchases, but you can also earn money back in the form of discounts or cash back rewards.

4. Post-purchase cash back

Post-purchase services provide cash back on purchases. The most common scenario is to get a percentage back after shopping, but you can also receive an extended warranty or join the lottery for free tickets to Paris or a new car. Some of these services are run by the stores you buy from.

How to Use Cash Back?

Once you have generated enough cashback balance, then it is probably time for the sweetest part — to spend it somewhere. But where can you spend it?

As a statement credit

If you have a mortgage or some credit card debt, you can cover some of it with the cash back. The way it works is simple: it funds your available balance.

For example, you owe your bank $200 each month for a small housing decoration loan. When you generate $50 in cash back, in your statement credit report you will find the number -$150 instead of -$200, as a small portion, is absorbed by the cash back.

As an available balance

That’s certainly better than having a debt. Instead of financing your debt, you earn money that goes straight to your bank account, thus increasing your available balance.

Let’s say you have $1,000 available in your bank and have $100 redeem rewards. Once you receive them, you’ll have $1,100 to spend.

As a Gift Card

One common way to use your cash back is via a free credit for online shopping on Amazon, eBay, or other places. The gift card is a fixed amount that you can use either once or multiple times until the credit runs out.

There is one condition, though. The only way to pay the difference is by card.

As a Donation

It’s always a good idea to donate money to charity, and cash back is a good option to spend some money on good deeds without breaking the bank. In fact, you will pay a grand total of $0 of your own funds, but you will help people in a need.

When is a Good Idea to Have a Cash Back Credit Card?

Before we talk about the best cash back credit cards on the market, you need to decide for yourself if you’re up for it. Let’s see the ideal situation in which it’s worth having a go:

You have good credit health — if you have an acceptable credit history, you will be able to access more cash back opportunities and grab better deals. This means you’ll have lower interest rates and much better paybacks. You are disciplined — credit cards are a big gamble in the wrong hands. Failing to meet the deadline means you will pay brutal APRs which will often overshadow any perks of having cash back options. You have shopping patterns — in order to get the best value out of your cash back provider, you have to shop from the same places to keep collecting points. What are the Best Cash Back Credit Cards Out There?

Which are the hot offers if you would like to open a cash back credit card? Let’s find out.

1. Discover it® Cash Back

This is the best option for huge spenders. You can get up to a 5% reward rate which is quarterly rotating spending categories. It comes with an impressive 0% annual fee and no minimum cashback redemption. It requires you to have a Credit Score of at least 700, and has a standard APR starting from 12.24%.

2. Capital One® Walmart Rewards® Card

There is a sweet 5% cash back bonus for the first 12 months of using the credit card. On top of that, there is a great 2% cash back that you can use for hotel stays and restaurants, which make it a very good option for Walmart shopping and traveling. You can apply with a Credit Score of 650+ points, making more people eligible. However, the APR is extremely high, often reaching up to 30%.

3. Chase Freedom Flex

Chase Freedom Flex is one of the best options for travelers, as it can rival even travel cards. There’s a generous welcome bonus of $200 and you pay $0 in annual fees. However, the APR is about 16–20% on average, and you should have an outstanding Credit Score of 700+ points to apply for it.

4. Ink Business Unlimited® Credit Card

This credit card is one of the most generous, as you earn a $750 bonus cash back as a welcome bonus + 0% APR for the first year. You also don’t have an annual fee but you do have about 17%-20% APR on it. However, one of the main perks is the unlimited 1.5% cash back rewards on all purchases. This is great for businesses, but the Credit Score requirements are also high — 700+ points.

5. Amazon Business Prime American Express Card

If you’re constantly using Amazon for your online shopping, this card is the right choice. You can receive up to $100 cash back, there’s no annual fee, and you can earn up to 5% back from Amazon’s orders. You can also swap the 5% for 90-day 0% APR financing, which is the main benefit of the card. Bear in mind you should be an Amazon Prime member with a good Credit Score (700+ points), and the penalty APR is huge.

6. U.S. Bank Business Triple Cash Rewards World Elite™ Mastercard®

One of the most generous welcome offers is the one promoted by the U.S. Bank. Up to $500 cash back as a welcome bonus, paired with a 0% annual fee, is a fantastic boost. It also has a promotional 0% APR + 3% cash back on different bonus categories. However, there’s one catch — there is a huge standard APR (it can easily exceed 25%), and there’s a balance transfer fee that can eat up you savings.

7. American Express® Business Gold Card

Unlike other cards on the list, the AMEX Business Gold card works with points that you can collect. It is a superb value for money if you’re traveling a lot with up to 20–25% cash back on travel flights. You receive up to 60–70 thousand points and 4 points per dollar for the first $150,000. However, there’s a $295 annual fee which is steep. On top of that, the APR rate is not low, starting from 15% and going well beyond the 20s.

8. The Hilton Honors American Express Business Card

If you travel to luxurious destinations or prefer quality for your business trip, this is the right credit card. You get an excellent value for the annual fee of $95, and on top of that, you’ll get more than 100,000 points. There are no foreign transaction fees, which is a great added bonus, and it’s a great option if you are a Hilton hotel fan. However, you should bear in mind this card has no real value if you’re not a Hilton user. On top of that, there is a high APR fee of up to 25%.

What Stores Give You Most Cash Back?

Of course, when we talk about generous offers from credit card issuers, we need to mention the stores that give the best credit card rewards.

1. Kroger

Kroger is quite generous with its offer. You can get up to $120 cash back at the store with Discovery card, and you also have to up to $300 for debit cards. There are some things to consider, though: there is a $0.50 fee for cash back amounts of up to $100 and $1.50 for amounts between $100.01 and $300.

2. Whole Foods

Whole Foods is pretty standard in its offering. They include all spending categories but can redeem $100 back which is not a bad amount.

3. Walmart

Walmart limits you to $20 up to $100 cash back, and it depends on the bonus category you’ve chosen. However, you cannot redeem more than $20 at once.

4. Target

Target lets you cash back up to $40 and just like Walmart, you cannot redeem more than $20 at once.

Final Thoughts

If you already have a credit card, you can benefit from a lot of bonus cash via cash back. It’s money that you can use for so many purposes — you can pay less, cover your debts, and even donate.

But in case you don’t have a credit card yet, you should consider the benefits against the disadvantages. If you’re not disciplined enough and cannot take control of your spending, you might end up in massive debt, as APR on credit cards is much higher than standard loans and mortgages.

And if you don’t have a credit card and have no intention to get one, we have to say that there are many options to get a lot of cash back. All you need to do is sign up with a rewards site like Monetha, and you can save as you spend!

If you like this article, check out our blog post about how to earn money from your data!

*Disclaimer: All the information is based on Monetha’s research. We advise you to open any account before consulting with a credit card expert.

Originally published at https://www.monetha.io.


ValidatedID

SportChain: a Decentralized Trust and Reputation Service for the Sports Industry

SportChain is an immutable sports ledger that allows to track all data regarding sports events — from player movements and scores to injury reports —with full transparency.
SportChain is an immutable sports ledger that allows to track all data regarding sports events — from player movements and scores to injury reports —with full transparency.

SportChain - Explaining the Business Applicability

SportChain aims to digitalize not only data but also processes with the objectives of making these data more secure and verifiable. Additionally, SportChain elevates the trust in the sports data due to a notarization mechanism.
SportChain aims to digitalize not only data but also processes with the objectives of making these data more secure and verifiable. Additionally, SportChain elevates the trust in the sports data due to a notarization mechanism.

auth0

A Technical Primer of Auth0’s New Private Cloud Platform

Delivering on a multi-cloud, Kubernetes based platform with one-click provisioning for customers
Delivering on a multi-cloud, Kubernetes based platform with one-click provisioning for customers

Tokeny Solutions

Jewel Chooses ERC-3643 And Tokeny To Issue Bank-Grade Stablecoins On Polygon

The post Jewel Chooses ERC-3643 And Tokeny To Issue Bank-Grade Stablecoins On Polygon appeared first on Tokeny.

16th May, Luxembourg – Jewel, a Bermuda-based digital asset banking platform that has applied for a combined full-service bank and digital-asset license in Bermuda, seeks to offer a full range of digital asset services to institutional clients including payments, banking, custody and lending. In partnership with digital asset compliance infrastructure provider Tokeny, Jewel will power real time settlement for digital asset institutions via its own bank issued USD stablecoin on the Polygon, the leading blockchain development platform, offering scalable and sustainable Web3 infrastructure.

Longer term, Jewel aims to offer a stablecoin-as-a-service solution to other digital asset and financial institutions B2B, allowing those businesses to provide cheaper, easier and near real time payments with stablecoins issued and redeemable directly at the bank level at Jewel.

As digital transformation flourishes across all industries and aspects of finance, banking, and payments, businesses are demanding payment solutions that are fast, inexpensive and programmable. Conventional payment systems are often fragmented and inefficient, creating a challenge for customers who trade and transact globally 24/7/365.

Jewel was an early driver for the use and acceptance of distributed ledger technology and stablecoins within banks tied to bank deposits. Today, Jewel’s bank direct approach is becoming an intelligent and appropriate risk-based approach that US and other regulators are now touting for the structure of stablecoins and their issuance and administration, as reflected in the Biden Administration’s recent Report on Stablecoins from the US President’s Working Group (stating their opinion that stablecoin should be issued by banks and other regulated deposit-taking institutions). This was then further defined under the Executive Order on Ensuring Responsible Development of Digital Assets. Jewel’s stablecoin, Jewel USD (JUSD) will eliminate the need for reconciliation and enable instant payments and transfers to members of its settlement network, “Jewel Settle”.

Our proposed banking license will allow us to service global firms from Bermuda as we issue fiat-backed stablecoins, first with USD and then a growing number of other proposed single fiat currency stablecoins globally. Through our partnership with Tokeny, we’re able to ensure compliant stablecoin issuance and management in a scalable and easy-to-integrate manner. As a result, we can devote most of our time and resources to further developing our business opportunities. We are already in discussions with exchanges, bank and non-bank financial institutions, and governments, and there is a considerable amount of interest in our offerings. Chancellor BarnettJewel Founder and Chairman

Jewel has chosen Tokeny, the leader in the tokenization field, as its technology partner to assist them with the issuance, transfer, and management of fiat-backed stablecoins on the Polygon Network. Through Tokeny’s API-based solutions, Jewel can issue ERC-3643 permissioned tokens, ensuring the necessary controls and compliance that are required by regulators.

We are pleased to provide our partner Jewel with a tailored technology solution, so they can focus on their core businesses without having to worry about technology. Together, we can transform the global payment system and accelerate the growth of the digital asset ecosystem. Luc FalempinCEO at Tokeny About Tokeny Solutions

Tokeny provides an enterprise-grade infrastructure to allow companies and financial actors to compliantly issue, transfer, and manage digital assets on blockchains, enabling them to apply control and compliance on the decentralized infrastructure without technical hurdles. Tokeny is recognized by CB Insights and KPMG as a Top 50 Blockchain and Top 100 Global Fintech company. The company is backed by Euronext Group, Inveniam, Apex Group, and K20 Funds.

About Jewel

Jewel is a proposed bank serving digital asset businesses globally with banking and payments infrastructure on both traditional and distributed ledger rails including: settlement, core banking, lending, custody, and fiat/stablecoin payments over a single API. Jewel’s leadership team brings a depth of banking and digital asset sector experience from firms including Visa, IBM, Silicon Valley Bank, R3, Wells Fargo, and Square 1 Bank. For more information click here, or contact press@dltjewel.com.

About Polygon

Polygon is the leading platform for Ethereum scaling and infrastructure development. Its growing suite of products offers developers easy access to all major scaling and infrastructure solutions: L2 solutions (ZK Rollups and Optimistic Rollups), sidechains, hybrid solutions, stand-alone and enterprise chains, data availability solutions, and more. Polygon’s scaling solutions have seen widespread adoption with 19,000+ decentralized applications hosted, 1.6B+ total transactions processed, ~142M+ unique user addresses, and $5B+ in assets secured.

Website | Twitter | Ecosystem Twitter | Developer Twitter | Enterprise Twitter | Studios Twitter | Telegram | Reddit | Discord | Instagram | Facebook | LinkedIn

The post Jewel Chooses ERC-3643 And Tokeny To Issue Bank-Grade Stablecoins On Polygon appeared first on Tokeny.


bankless

118 - Raoul Pal | Should We Be Scared Right Now?

The current outlook in the markets is... shaky at best. War in Europe. Inflation and political instability in the USA. On top of that, Terra (UST)  began its historic plummet—right in the middle of recording this episode. Raoul Pal of RealVision returns to Bankless to synthesize the widespread chaos in the markets, and helps us figure out how to position ourselves for these wild times.

The current outlook in the markets is... shaky at best.

War in Europe. Inflation and political instability in the USA. On top of that, Terra (UST)  began its historic plummet—right in the middle of recording this episode.

Raoul Pal of RealVision returns to Bankless to synthesize the widespread chaos in the markets, and helps us figure out how to position ourselves for these wild times.

------ 📣 ALCHEMIX | Get a Loan that Repays Itself! https://bankless.cc/Alchemix

------ 🚀 SUBSCRIBE TO NEWSLETTER:          https://newsletter.banklesshq.com/  🎙️ SUBSCRIBE TO PODCAST:                 http://podcast.banklesshq.com/ 

------ BANKLESS SPONSOR TOOLS: 

⚖️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum 

❎ ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across 

🏦 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA 

👻 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave 

⚡️ LIDO | LIQUID ETH STAKING  https://bankless.cc/lido 

🔐 LEDGER | NANO S PLUS WALLET https://bankless.cc/Ledger 

------ Topics Covered:

0:00 Intro 6:30 Not Looking Good Out There 14:00 What Goes Up… 19:49 The Macro Fundamentals 25:09 The Debt Bubble 31:29 Tech Stocks 37:30 No Safety Net 42:34 Global Concerns 47:45 UST Collapses 52:30 A Massive Meltdown 55:15 Regulation 59:30 Maturing Crypto Markets 1:05:45 What can save us? 1:12:38 More Stimulus Checks? 1:19:22 Hedging Against Inflation 1:22:00 Raoul’s Portfolio 1:26:10 Culture as an Asset Class 1:28:53 Advice for First-Timers 1:31:40 Should We Be Scared?

------ Resources:

Raoul Pal: https://twitter.com/RaoulGMI?s=20&t=fcZpeyDaMB3GKo8aC1i4Gw 

RealVision: https://www.realvision.com/ 

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 

Saturday, 14. May 2022

bankless

Anthony Sassano & Eric Conner | Luna Demise, Bear Survival, Bullish ETH Merge

Anthony, Eric, and David dive into the downfall of Luna, takeaways from this week, bear market survival, and why they're bullish on the ETH merge. ------ 📣 OPOLIS | Sign Up to Get 1000 $WORK and 1000 $BANK https://bankless.cc/Opolis  ------ 🚀 SUBSCRIBE TO NEWSLETTER: https://newsletter.banklesshq.com/  🎙️ SUBSCRIBE TO PODCAST: http://podcast.banklesshq.com/  ------ BANKL

Anthony, Eric, and David dive into the downfall of Luna, takeaways from this week, bear market survival, and why they're bullish on the ETH merge.

------ 📣 OPOLIS | Sign Up to Get 1000 $WORK and 1000 $BANK https://bankless.cc/Opolis 

------ 🚀 SUBSCRIBE TO NEWSLETTER: https://newsletter.banklesshq.com/  🎙️ SUBSCRIBE TO PODCAST: http://podcast.banklesshq.com/ 

------ BANKLESS SPONSOR TOOLS:

⚖️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum 

❎ ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across 

🏦 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA 

👻 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave 

⚡️ MAKER DAO | THE DAI STABLECOIN https://bankless.cc/MakerDAO 

🦁 BRAVE | THE BROWSER NATIVE WALLET https://bankless.cc/Brave 

------ Resources:

Anthony Sassano https://twitter.com/sassal0x  https://twitter.com/thedailygwei  https://www.youtube.com/c/TheDailyGwei 

Eric Conner https://twitter.com/econoar  https://podcast.ethhub.io/ 

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 

Friday, 13. May 2022

Elliptic

What Happened to the $3.5 Billion Terra Reserve? Elliptic Follows the Bitcoin

UPDATE (May 16th):  Terra now claims that the movement of the $3.5 billion in Bitcoin reserves – as described below – was conducted in order to sell the majority of it, in an unsuccessful attempt to support the UST stablecoin. Holders of the LUNA token and UST stablecoin collectively lost around $42 billion over the past week. However, $85 million in cryptoassets remains in the Ter

UPDATE (May 16th):  Terra now claims that the movement of the $3.5 billion in Bitcoin reserves – as described below – was conducted in order to sell the majority of it, in an unsuccessful attempt to support the UST stablecoin. Holders of the LUNA token and UST stablecoin collectively lost around $42 billion over the past week. However, $85 million in cryptoassets remains in the Terra reserve to compensate them. 


bankless

ROLLUP: Crypto Bear Market? UST Luna Collapse. Instagram NFTs. Coinbase Bankruptcy? Bankless Youtube Ban.

2nd Week of May, 2022 ------ 📣 OPOLIS | Sign Up to Get 1000 $WORK and 1000 $BANK https://bankless.cc/Opolis  ------ 🚀 SUBSCRIBE TO NEWSLETTER:          https://newsletter.banklesshq.com/    🎙️ SUBSCRIBE TO PODCAST:                 http://podcast.banklesshq.com/    ------ BANKLESS SPONSOR TOOLS: 
2nd Week of May, 2022

------ 📣 OPOLIS | Sign Up to Get 1000 $WORK and 1000 $BANK https://bankless.cc/Opolis 

------ 🚀 SUBSCRIBE TO NEWSLETTER:          https://newsletter.banklesshq.com/    🎙️ SUBSCRIBE TO PODCAST:                 http://podcast.banklesshq.com/   

------ BANKLESS SPONSOR TOOLS: 

⚖️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum 

❎ ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across 

🏦 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA 

👻 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave 

⚡️ MAKER DAO | THE DAI STABLECOIN  https://bankless.cc/MakerDAO  

🦁 BRAVE | THE BROWSER NATIVE WALLET https://bankless.cc/Brave 

------ Topics Covered:

0:00 Intro

3:30 MARKETS 4:00 BTC Price 5:14 ETH Price 6:20 BTC Ratio 7:30 Down Bad 8:20 The Fed 11:30 Alt L1s https://twitter.com/RyanSAdams/status/1524530815534780418?s=20&t=vizZmVoPrcVxbam1fHBrDw  18:41 Coinbase Earnings https://twitter.com/fintechfrank/status/1524128481537400832 

22:30 NEWS 23:00 UST Luna Collapse https://twitter.com/terra_money/status/1524785058296778752?s=21&t=E7dei4OsxkNXTk1l9K0kaQ  36:06 Tether Loses Peg https://www.coindesk.com/markets/2022/05/12/tether-loses-1-peg-bitcoin-drops-to-2020-levels-of-near-24k/  38:05 Coinbase Bankruptcy https://www.wsj.com/articles/coinbase-says-users-crypto-assets-lack-bankruptcy-protections-11652294103  41:27 Bankless Banned from Youtube https://twitter.com/BanklessHQ/status/1523317593947353089  48:58 Optimism Records https://twitter.com/kelvinfichter/status/1523826091961597953 

51:00 NFTs 51:24 Instagram NFTs https://twitter.com/BanklessHQ/status/1523404729715359745  53:49 Doodles Billboard CEO https://decrypt.co/99660/ethereum-nft-collective-doodles-names-billboard-executive-new-ceo  54:14 PopeNFT https://www.entrepreneur.com/article/426931  54:54 Poolsuite Manor DAO https://twitter.com/Poolsuite/status/1522311339116539906 

55:15 REGULATION 55:44 BitMEX Fine https://www.coindesk.com/policy/2022/05/05/us-court-orders-bitmex-founders-to-pay-30m-for-illegal-trading-2/  56:51 Germany Tax https://decrypt.co/100086/germany-wont-tax-bitcoin-ethereum-sold-after-one-year-of-possession  57:43 JUNO Oops https://twitter.com/CoinDesk/status/1522290377713192962 

58:30 RELEASES 58:40 Hop Drop https://twitter.com/HopProtocol/status/1522284534598967300  1:00:45 Compound Treasury Credit Rating https://twitter.com/compoundfinance/status/1523655146898661376  1:01:35 Zapper iOS App https://twitter.com/zapper_fi/status/1517155336070696961  1:02:25 Zora $50m Raise https://twitter.com/stevejang/status/1522287336209362944  1:03:18 Decrypt Raise https://www.coindesk.com/business/2022/05/03/decrypt-spins-out-from-consensys-mesh-raises-10m-at-50m-valuation/ 

1:03:40 JOBS https://pallet.xyz/list/bankless/jobs 

1:08:15 Community Questions https://twitter.com/ChristopherSc15/status/1524539103412379650?s=20&t=C0zGfY_hr437Uh3oamnkuw  https://twitter.com/Jasper_ETH/status/1524492344317419520?s=20&t=C0zGfY_hr437Uh3oamnkuw  https://twitter.com/daniserra/status/1524570148257947648?s=20&t=C0zGfY_hr437Uh3oamnkuw 

1:15:45 TAKES 1:16:10 DAO Culture https://twitter.com/owocki/status/1524069606855303168  1:18:35 The Best Investments https://twitter.com/RyanSAdams/status/1524703484884488192?s=20&t=HrwnaTnEh4GfX6mk8q5Ybg  

1:20:15 What David’s Excited About 1:22:00 What Ryan’s Excited About

1:24:05 MEME of the Week

1:25:00 Moment of Zen

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 


Monetha

Brand Loyalty Measurement: What is It and How to Measure It

Brand loyalty measurement is more challenging to measure than you think. Consumers are smart and savvy. They change their habits when they are presented with other options that better meet their needs and desires. There is an ultimate cost-benefit analysis happening in the mind of consumers on a constant basis. Each time you recommend, highlight, or show off your brand, however, you are addi

Brand loyalty measurement is more challenging to measure than you think. Consumers are smart and savvy. They change their habits when they are presented with other options that better meet their needs and desires.

There is an ultimate cost-benefit analysis happening in the mind of consumers on a constant basis. Each time you recommend, highlight, or show off your brand, however, you are adding value. That value must exceed your competitors for it to be effective and build brand loyalty.

What is Brand Loyalty?

What is brand loyalty? It’s the tendency for consumers to remain loyal to specific brands. A consumer who exhibits brand loyalty will remain loyal even when alternatives are less expensive or offer more features. When a consumer demonstrates brand loyalty, they develop personal feelings toward the brand and its products that influence their choice of brands in a category. Some reasons why consumers exhibit brand loyalty can include:

An emotional attachment to the brand and its identity A belief in the company’s mission statement and its products/services A belief in the company’s quality and reliability

Some businesses use loyalty programs to reward frequent customers for returning (learn more about loyalty programs best practices here), while others attempt to build customer loyalty through marketing campaigns or social media interactions.

Why is Brand Loyalty Important?

Brand loyalty can be important for several reasons. For example, it helps to build a positive reputation for a company and its products. If a customer is satisfied with their experience with a brand, they are likely to tell other people about their positive experience. Word of mouth is an extremely powerful tool that can bring in new customers.

A loyal customer base can also be extremely helpful to any business, because they are more likely to remain loyal to the company’s products even if they encounter other products that may be comparable or better, as long as they have had a positive experience with the brand. This is especially helpful in the case of businesses that sell very specific products or services where it is unlikely that there will be many comparable products on the market.

Another major advantage of brand loyalty is that it can help companies save money by reducing marketing costs and increasing sales. Loyal customers are more likely to purchase items from the same brand over and over again, so businesses don’t have to keep investing in advertising campaigns to promote their products.

What is the Difference Between Brand Loyalty and Customer Loyalty?

Brand loyalty and customer loyalty are two terms that are often used interchangeably; however, there is an important difference between the two.

Customer loyalty refers to customers’ feelings of commitment or dedication to a company, brand, or product. Brand loyalty refers to customers’ feelings of commitment or dedication to a particular product within a company’s line of products.

This can be confusing because many companies use the term “loyalty” when speaking about both brand loyalty and customer loyalty. To avoid confusion, it is important to recognize the difference between these terms.

The main differences between brand and customer loyalty are:

Brand loyalty means that customers will buy anything that comes from a particular company/brand, while customer loyalty means that customers will only buy a specific product. Brand loyalty usually refers to brands in the same industry, while customer loyalty usually refers to related products within the same industry. Brand loyalty can be measured over time, while customer loyalty can be measured once the sale is made. Brand loyalty is not as strong as customer loyalty because of potential changes in the company/brand’s image.

Another significant difference between brand and customer loyalty is that brands tend to be valued by consumers for their symbolic meaning in a way that companies themselves can’t control, whereas customer-company relationships are mostly based on subjective evaluations of a company’s products and services.

For example, Coca-Cola has been associated with Christmas for many years now, and people just associate it with this holiday — that’s what makes it a brand. However, Coca-Cola can’t control these associations in the same way it can determine how its products or services are perceived by customers.

How to Measure Brand Loyalty: The 6 Key Metrics

Brand loyalty is an important thing to measure because it will tell you how customers feel about your brand. If you have high brand loyalty, that means that you’re gaining customers who will purchase your products again in the future.

High brand loyalty can also mean that you have a high customer satisfaction level, which is always a good sign for any business.

To determine brand loyalty, you’ll want to measure the following metrics:

Customer churn rate (CCR) Net Promoter Score (NPS) Customer Lifetime Value (CLV) Customer Retention Rate (CRR) Repeat Purchase Rate (RPR) Purchase Frequency (PF)

Once your target market feels connected with your company, they’ll be more likely to show brand loyalty towards it.

1. Customer Churn Rate (CCR)

Customer churn rate (CCR) is a ratio of customer losses to total customers. It is calculated by dividing the number of customers lost during a period by the total number of customers at the beginning of that period. It is often expressed as a percentage value.

When calculating CCR, only leave-of-absence cancellations should be included in the numerator, and future expected cancellations should be excluded from both the numerator and denominator.

The resulting value represents an estimation of how many customers will cancel service during a given period, whether because they are not satisfied with the service or because they are leaving the region where the service is provided.

Counting and excluding cancellations correctly is important for assessing both how well your company retains its existing customers and how much future revenue will be generated by current services.

2. Net Promoter Score (NPS)

There are a number of metrics that can be used to measure brand loyalty. The most common is called the Net Promoter Score (NPS), which measures how willing customers are to recommend your business to other people. NPS is calculated by having your customers rank their likelihood of recommending your business on a scale from 1 to 10.

Customers that answer with a 9 or 10 are considered “promoters” of your brand, and customers that answer with a 6 or lower are considered “detractors.” The percentage of detractors is subtracted from the percentage of promoters and provides you with your NPS score. This score can go from -100 (all detractors) to 100 (all promoters). The higher your NPS score, the more loyal customers you have.

NPS consists of a survey that asks one question: “How likely is it that you would recommend this company/product/service to a friend or colleague?” The answers range from zero (not likely at all) to ten (extremely likely). Customers who answer with a nine or ten are called “Promoters.” Customers who answer with seven or eight are called “Passives.” And finally, customers who answer with six or below are called “Detractors.”

To calculate NPS, subtract the percentage of customers who are Detractors from the percentage of customers who are Promoters. Passives count toward the total number of respondents, but they don’t count toward the score itself. So if 50% of your customers are Promoters, 40% are Passives, and 10% are Detractors, your NPS is 40%.

3. Customer Lifetime Value (CLV)

Customer Lifetime Value (CLV) is one of the most commonly used metrics to assess brand loyalty. It predicts your customer’s worth to your company, so it’s a great way to show how much the customer values you and your brand. The higher the CLV, the more loyal the customer is likely to be.

Once you have an idea of the monetary value of your customers, you can use that data to determine the cost of customer retention.The Customer Lifetime Value (CLV) gives you an idea of how much revenue a single customer can bring to your business over their lifetime as a customer. It is basically a measure of the value of each individual customer to your business.

When calculating CLV, you’ll need to estimate the average amount of time that a customer remains loyal to your company. This is fairly simple: just divide the total number of months you’ve been in business by the number of customers you have lost since then.

4. Customer retention rate (CRR)

Customer retention rate (CRR) is a term used by businesses to describe the percentage of customers that return to purchase additional products or services. A company usually measures its CRR as a ratio, showing how many returning customers there are for every 100 new customers that are acquired. The higher this ratio, the more confident management is that the company will be able to make future sales and keep growth steady.

The purpose of calculating CRR is to figure out how effectively a business is retaining customers: if it can retain more customers than it loses, management knows that it is not going to lose money in the long run. It’s also a way of evaluating how well a business communicates with its existing clientele and what type of loyalty program would be best at encouraging them to stay. One thing important to note here: CRR only measures the number of current customers who purchase again from the business, not those who switch over to another brand or company.

In most cases, managers will calculate CRR by dividing the total number of returning customers by the total number of new customers acquired in one year. There are other ways to measure this ratio-like dividing the number of returning customers by the number of active accounts-and they will yield very different results.

5. Repeat Purchase Rate (RPR)

Repeat Purchase Rate, also known as Customer Loyalty Index (CLI), is a business metric that measures how much customers come back to buy from a brand again and again. Repeat Purchase Rate is a strong indicator of your customers’ loyalty to your brand. To calculate Repeat Purchase Rate, add up all the sales you had in one period and divide that number by the number of customers who purchased at least once during that period.

For example, an RPR that is calculated for a month can be thought of as the proportion of customers who made a purchase at some point in that month and then went on to make another purchase during that same month.

RPR can be divided by industry because customer behavior can vary dramatically between industries. For example, Amazon has an impressive RPR due to their expansive product offerings and low prices. A local hardware store may have a lower RPR because their product offerings are more limited.

In general, a high RPR indicates that your customers are happy with your products and services, and are therefore likely to make repeat purchases from you. A low RPR may indicate that your customers have had negative experiences with your brand, or that they were not able to find what they were looking for in earlier purchases. This could be due to many factors including poor product quality, unfavorable pricing, or poor shopping experience on your site.

6. Purchase frequency (PF)

In order to measure and increase brand loyalty, companies can use purchase frequency (PF). Brand loyalty is a consumer’s inclination to remain committed to one product in the long term.

Product loyalty is most often measured by customer purchases of the same brand(s) over an extended period of time. Loyal customers are far more likely to repurchase, more likely to purchase more products, and less likely to switch brands.

To understand why consumers become loyal, researchers have studied consumer loyalty from all angles: demographic, psychological, and behavioral, among others. Demographic factors include age and income level. Psychological factors include product beliefs and attitudes toward the brand. Behavioral factors include frequency of purchase and product involvement.

How to Build Brand Loyalty in 4 Easy Steps

Building brand loyalty is a process of identifying, anticipating, and meeting the needs of customers. It is important to know when and how to best reach potential new customers.

Here are some tips on how to build brand loyalty:

1. Create an exceptional customer experience

All companies should strive to create an exceptional customer experience that makes customers feel as though they are getting more value than what they paid for. When a company creates an exceptional experience, customers feel like they have been treated extraordinarily well, which causes them to return and buy again.

2. Reward customers for their loyalty

Companies should reward customers for their loyalty in order to encourage repeat purchases and increase sales revenue. If a company does not reward loyal customers, then the loyal customers may stop returning because there is no incentive for them to keep coming back.

PS: if you’re looking for ways to get customers to buy from you more often, don’t miss our article about incentive marketing.

3. Encourage referrals and word-of-mouth

Advertising through social media platforms such as Facebook or Twitter where customers can share with friends about how great their experience was with your company.

4. Offer discounts on future purchases

If they refer someone new who makes a purchase within 24 hours of being referred by one of these loyal customers who already has an account with you.

Creating brand loyalty begins with the customer. The customer needs to feel a sense of trust and engagement toward your company, which requires that you build a relationship with them. Building this relationship includes knowing what your customers want, being able to get it to them at the right time, and offering them incentives for doing business with or continuing business with you.

Keep in mind that when attempting to build brand loyalty, as well as other types of marketing strategies, you should always consider the long-term effects. You want to make sure that you are having a positive impact on your customers’ lives and that they will continue to do business with you over the years.

Give Your Brand Loyalty a Boost

How do you make sure your customers aren’t just content with your product, but in love with your brand?

Create an emotional connection between them and your products and vice versa. Learn more about the psychology of loyalty and make use of these important insights.

It’s all about getting to the root of what makes someone feel connected to a company. Find out what makes them tick, why they buy the things they buy, and how to make their experience feel like more than just a transaction, but an experience.

And don’t forget about surprise and delight tactics. Even if you have a lot of repeat customers and people who are completely loyal to you, keep them on their toes. Make sure there are always new reasons to come back for more from your brand.

Conclusion

Brand loyalty is one of the most important metrics in marketing, and yet it is poorly studied. Most brand loyalty studies focus on repeat purchases. Socially conscious consumers are more likely to purchase from brands that align with their values. Brand alignment is a commonality between the social consumer and the brand that creates additional loyalty beyond repeated purchases.

Originally published at https://www.monetha.io.


Customer Commitment: What is It, Types and Examples

Commitment is a bold word, and we can all agree on that. And while in some situations, it’s a positive word bringing a lot of vibes-for example, a marriage, in another context, it might have a negative connotation-if you’re into debt, paying it is a commitment. It isn’t necessarily beneficial for you. But we will discuss one other type of commitment in this article-customer commitment. In th

Commitment is a bold word, and we can all agree on that. And while in some situations, it’s a positive word bringing a lot of vibes-for example, a marriage, in another context, it might have a negative connotation-if you’re into debt, paying it is a commitment. It isn’t necessarily beneficial for you.

But we will discuss one other type of commitment in this article-customer commitment. In this article, we will see what customer commitment is, review its importance, mention the types, and give you some tips and tricks on how to improve it.

What is Customer Commitment?

You can find one of the best descriptions of customer commitment in the book Explaining Customer Loyalty to Retail Stores: A Moderated Explanation Chain of the Process. According to Arturo Vasquez-Parraga and Miguel Sahagun,

Customer’s engagement or continuous obligation to buy the same product or use the same company.

In simpler terms, companies are making their services so influential for customers that the latter willingly (or not) keep coming back.

Why is It Important?

It’s essential to give your customers a reason to come back after you have converted them for the first time (see more about types of online shoppers and how to convert them here). Offering your customers discounts, loyalty programs, and social share programs are all ways to build lifetime value with them. Innovative e-commerce features such as an app store, in-app payments, rewards, and one-click purchasing keep your clients returning again and again. People want to feel like a part of something bigger than themselves.

Going the extra mile will be rewarding for your business and your customers. Let’s see why.

1. Better relationships with your customers

If you invest in the relationship between you and your clients, you will make them more satisfied with your products. Customers value the personal approach and will always highly regard companies that use it in their marketing strategy.

2. More sales over the long term

Every company that invests in its customers will get more committed visitors. Instead of looking for products, they will try to find ways to add more items to their cart, even if they don’t have much money left in their banks, because they like you and your business!

3. Growth potential

Customer commitment makes company growth possible. Repeat purchasers can help you invest more in adding extra personnel and investing in new customers, as you will have the available funds.

4. Reduced marketing cost

Running an e-commerce store is a challenging endeavor, as advertising on Google, Facebook, and all the other platforms out there is not cheap anymore. However, if you have enough committed customers to your brand, you will drive revenue without spending excessive money and reducing your profit. According to Forbes, converting leads into customers is 5 times more expensive than investing in your current clients.

What are the Types of Customer Commitment?

Okay, we already told you about customers’ commitment and why it’s crucial to have more customers coming back to you. But what are the three main types, and how is each one different from the other ones? Let’s find out.

1. Affective Commitment

Affective commitment is the emotional attachment to a brand. If a customer’s emotions are wrapped up in a brand, they’ll become more likely to keep coming back. This means that businesses should be sure to create genuine connections with their audience and make consumers feel like they’re part of the family.

But to generate affective commitment, it’s not enough to achieve high customer satisfaction. There should be more offered on the table, something exclusive. Affective commitment is like creating a “cult” toward a brand and its product.

Affective commitment is what each company should be fighting for, and it creates brand advocates who are a great asset for future success.

Affective Commitment Examples

Apple

Apple is a common example of a brand that drives customer loyalty because of a “cult” around its name. There are plenty of people who choose the company and buy the latest products. Whenever a new iPhone is released, there are massive queues for people who desire to have the latest model, no matter the cost. Typically, Apple’s products are more expensive than the competition, yet they drive more interest than their rivals.

A lot of customers’ devotion to Apple is explained by the psychology of loyalty, which we have talked about on a previous article.

Ferrari

It’s a dream come true for customers who can afford to drive the “Red Horse” badge. And while the cheapest model from their product range (Ferrari Roma) starts with a base price of over $200,000, successful people would love to join the list of people who have access to this masterpiece. Sadly, you can’t go full-throttle in town, but still — it’s better to wait in traffic with a “Red Horse”, rather than in a Fiat, right?

Nike

Nike is one of the brands with the most brand advocates among sports fans. Being promoted by some of the most notable sports names — like Cristiano Ronaldo, Michael Jordan, and Rafael Nadal- attracts clients who wear a jersey of their favorite sports clubs and buy the iconic Air Jordans or Air Max series.

2. Continuance Commitment

Continuance commitment occurs when customers are not that highly impressed by the company. They choose to stay because they give it more value than other choices, and they pick it for logical reasons.

Although continuance commitment is an important factor of loyalty, it doesn’t bring the “buzz” effect. There is a thin line between affective commitment and continuance commitment.

Affective commitment focuses on customers choosing a service provider because they feel attached to the brand, while continuance commitment happens when customers choose because it is reasonable.

Continuance Commitment Examples

Microsoft

Microsoft is a typical example of a company that customers find reliable and trustworthy. Nobody is proud of using Microsoft Office or Windows. However, most users engage with the company because they know what to expect: consistency, predictability, and good value for money.

Walmart

While Walmart doesn’t attract such devoted fans as Apple or Tesla, it has become a synonym of great deals. While some people love the company, most customers shop there because they can find various brands and purchase goods at outstanding prices. The company slogan “Save Money. Live better.” perfectly fits the customer base.

IKEA

Just like Walmart, people know what to expect when they buy from IKEA. Reasonable prices and a variety of products. But that’s not all. IKEA has built a name for Swedish quality and minimalistic design, often attracting customers. While luxurious furniture fans cannot usually be seen there, IKEA is a go-to place for millions of customers worldwide.

3. Normative Commitment

Instead of customers remaining committed to a brand because they enjoy doing business with it, the term normative commitment refers to when a customer remains committed to a brand because they feel they have to keep using the service, despite their will.

However, normative commitments are the worst of the three types, as customers who experience them are not happy. While we still have customer retention, this is the last stage before customers abandon your brand.

Normative commitment is also found in the relationship between employers and employees where the latter want to leave but have no better options at the moment.

Normative Commitment Examples

Adobe

Adobe is known for its excessive charges. You cannot buy any of Adobe’s products. Instead, you should subscribe to a single software or get access to all of them. $52.99 per month on an annual basis is what you should pay for one license. It’s definitely a steep price no one wants to pay, but since it’s an industry-standard software, you can’t really settle with a cheaper alternative, as they are not good enough.

SAP

If you ask employees, 90% of them probably do not like working with SAP. It’s a monolith platform, has a very outdated UI, costs a fortune, and is very heavy. But why do most Fortune 500 keep using it? Because it is proven to work with large batches of data, and it’s one of the legacy companies of its kind, so migrating to a competitor might be a disaster for clients; thus, they stay despite the shortcomings.

T-Mobile

Mobile service providers are often topping charts of unpleased customers simply because there isn’t much competition. T-Mobile is a leading provider, yet it receives very poor feedback for lack of mobile signal, unstable 5G connection, and poor customer service. However, customers keep using it, as loyal customers can still get better plans. Otherwise, if they change their carrier, they risk losing the perks that were stacked over the years.

How to Increase Customer Commitment

There are many ways to increase customer commitment, and fortunately, it isn’t hard to achieve better results. Let’s see some of them:

1. Offer discounts

One of the most popular ways to create a more committed customer base is to offer occasional discounts. Of course, it’s not a good practice to have discounts 24/7 available on all products. But coming up with different offers makes people maintain their interest in your e-commerce platform and check out the website/app more frequently.

2. Reward frequent purchases

Loyalty programs are a superb way to reward repeat purchasers. It is an opportunity for you to connect with your customers personally and build your relationship with them. A rewards program gives your customers a unique feeling of gratitude, regardless of the order value or the amounts of orders they make.

3. Set up subscription services

Many subscription-based programs offer incentives to customers that other e-commerce sites don’t. For example, a customer can pay $50 per year and in return receive free shipping and a 10% flat discount on all orders. It is a strong reason for customers to keep coming back.

4. Ask for feedback and reply to it

Users can feel more involved with your brand if you offer the option to write a review for your product or service. This way, you show them that their opinions matter to your business. But do not forget to respond. It may take no more than 1–2 minutes to come up with a reply, but the effect can be huge. You can thank them for each positive review and provide an apology and explanation for negative reviews.

5. Offer a “Thank you” email

A “Thank You” email isn’t much effort to create, and it has become a common practice among companies. All you need to have is email automation software and some original ideas. Your effort ends with no more than a couple of hours of work until you write a good one.

6. Personalize your message

Countless advertisements can work against your brand, especially when you oversaturate the market with web banners and newsletter pop-ups. However, by adding personal touches to every campaign and interacting directly with an audience, you can stand out from the competition by giving something that clients want.

7. Focus on delivering a great customer service experience

To improve your store’s performance, you need to make yourself available to your customers. Adding customer care agents will significantly improve your performance. Try to add as many channels as possible: email, live chat, phone. Having quick-to-react customer service might make the difference between affective commitment and customers quitting your brand.

Conclusion

Customer commitment is vital for your business, and it can help your brand generate more money by capitalizing on existing customers and converting leads into new clients. But if you fail to offer something any short of the best, your clients can quickly abandon your brand.

Did you like this article? Then you will likely love the one we’ve published about brand loyalty measurement! Watch out, keep those metrics in check and make sure your customers don’t go away.

Originally published at https://www.monetha.io.


Loyalty Programs Best Practices: 8 Ways to Improve Loyalty

3.8 billion — that’s the number of memberships US customers hold in loyalty programs. There’s no question that loyalty programs are popular with consumers. That loyalty programs are a staple of consumer marketing is therefore no surprise. These programs can be a powerful tool for businesses looking to keep their customers happy (learn more about the psychology of loyalty here). Let’s explor

3.8 billion — that’s the number of memberships US customers hold in loyalty programs. There’s no question that loyalty programs are popular with consumers.

That loyalty programs are a staple of consumer marketing is therefore no surprise. These programs can be a powerful tool for businesses looking to keep their customers happy (learn more about the psychology of loyalty here).

Let’s explore the basics of loyalty programs and learn loyalty programs best practices that will keep your customers coming back for more.

What’s a Loyalty Program?

A loyalty program is a marketing strategy used by companies to reward customers for their continued patronage. Programs can be as simple as a punch card that gets the customer a free item after a certain number of visits, or as complex as a points-based system that allows customers to redeem rewards for products or services.

Loyalty programs are popular because they offer customers an incentive (read more about incentive marketing here) to keep coming back to brands and businesses of their choice. They also help businesses build customer loyalty, which ultimately manifests itself in increased sales and profits.

12 Loyalty Program Best Practices

There are a number of factors that go into creating an effective loyalty program. Here are some best practices that businesses like you can follow:

1. Make it easy to join and use

Your loyalty program strategy should make it easy for your customers to join the program and use it. Customers should be able to sign up and start earning rewards points quickly. The program should also be easy to navigate, with a clear rewards chart and easy-to-use redemption process.

This best practices suggestion encourages your customers to quickly join and engage in a loyalty program. Make it easy to participate as well, allowing transactions from any point of sale system and a hassle-free billing cycle.

2. Evolve and upgrade

Loyalty rewards programs should constantly evolve in order to keep up with the latest consumer trends. For example, if you notice that many of your customers are using their loyalty program to collect points for free products, then consider adding a new tier of rewards that allows them to redeem their points for a discount on a future purchase, or freely exchange points for another set of products.

You could also change the way you reward your long-term customers. If you use a points system for every purchase, why not explore rewarding social media subscriptions, likes and shares?

This best practices standard rule will help your brand stay in touch with current trends and the changing expectations of your consumers.

3. Explore company partnerships

One best practice rule that many businesses are hesitant to try is to open up their loyalty programs to company partnerships. You may worry that doing so will reduce the effectiveness of your program, or that customers will be confused about how the program works.

However, research shows that a coalition loyalty program strategy can lead to an increase in engagement from customers. This is because customers appreciate being able to earn points from more than one source. Additionally, partnering with other businesses can help introduce your customers to new products and services.

Consumers appreciate the flexibility a partnership-based loyalty program offers. Making points and rewards transferable attracts more customers and gives you a better understanding of what your target market is buying.

4. Personalize

Personalize your loyalty program to stand out from the crowd. This can be as simple as sending customers special offers or birthday messages, or it can be more complex, such as tailoring the program to each customer’s preferences. Your rewards program could be used to suit their shopping habits.

Personalization is a best practices rule that shows customers that you appreciate their faith in you. It also keeps customers engaged with your brand, and encourages them to continue participating in your loyalty program.

Some companies structure their loyalty programs into modules, so customers themselves customize the offerings of the rewards program to suit their preferences. It is a customer-driven personalization and could take form in several ways, such as levels of membership, and the option of selecting and using the program through multiple channels, such as mobile apps, online e-commerce sites, and physical stores.

5. Track and reward loyal customers

Customer Relationship Management (CRM software) is a great way to keep track of and reward your loyal customers. CRM makes it easy to identify and track your most loyal customers using customer data through their transaction history and behavior. It also allows you to automate the process of rewarding customers for their loyalty.

When a customer is loyal, your CRM could immediately track their purchases and transactions and quickly reward them. Your customers don’t have to go to customer service or call anyone to receive their rewards; your management groups your loyal customers and identifies them for you.

Using this is not only a best practices rule for your business strategies but also for your brand as a whole. It will make your customers feel appreciated, and such customers are more likely to return and/or recommend your business to others.

6. Offer Excellent Rewards

A loyalty program should offer excellent rewards that appeal and interest your current and existing customers. There are a number of different types of rewards that you can offer as part of a loyalty program. Some of the most popular include loyalty points, free and discounted products or services.

But don’t forget to experiment with different rewards to find out what works best for your loyalty program members.

So, what makes a good reward? Rewards should be relevant to the customer. If they’re not interested in the reward, they’re not going to redeem it. Review customer demands and searches, and see what you could offer to meet them. The rewards should not be expensive, but they should be valuable and be something that the customer would want.

7. Create Emotional Connection

Customers tend to remain loyal to a brand because of an emotional connection to a company or brand. This connection could stem from familiarity or tradition. Smart brands often use this connection as part of their loyalty marketing strategy.

Customers often prefer brands that show the brand cares for their consumers, the environment and have a deeper understanding of their target audience. If your customers consider you to be empathetic and sharing the same values as them, you’d become an integral part of their purchase decisions.

8. Optimize Your Loyalty Programs

Optimizing a customer loyalty program to make it accessible to digital users makes it all the more utilitarian, especially at this time when most people are online using social media and e-commerce sites. Making a loyalty program accessible across several channels increases the chances of a customer buying a product or brand. A seamless omnichannel experience would help you score brownie points with your customer.

Digital optimization makes it easier for your back office systems to track customer engagement and interaction, making the calculation of CLI, CLV and customer engagement scores easier. You could improve your customer service and listen to incoming customer requests through digital media.

9. Offer Rewards and Incentives Beyond Transactions

Most brands focus on rewards when customers do actual purchase transactions, but good customer loyalty programs reward customers for any engagement. Explore what your loyal customer base does on social media and give them additional rewards for reviews, likes, shares or even subscriptions to social media handles.

Also, if you give program benefits to existing customers when they complete surveys and download your apps, then it would encourage customers to participate in your rewards program.

10. Have a comprehensible reward and incentive structure

The incentive and rewards system of your loyalty program should be simple for the customer to understand. They should know what rewards they could receive from you.

If your customer knows what they will earn and when they will receive the reward, they are more likely to repeat a purchas. A frequent flyer point may seem attractive enough, but sometimes when a customer reaches the frequent flyer miles they’ve been targeting, the airline just blocks them with the unavailability of flights or seats.

For some companies, the customers affected simply did not understand the requirements of the reward. But for customers it is another example of a useless reward program and will not likely renew their membership.

11. Stay in touch with members

Your most valued customers value your proactiveness more, since they are the ones who continue to buy your products for a longer time. They are the ones who need regular updates on discounts, sales and offers, and are more likely to respond and avail of these special offers.

Additionally, communicating with them gives this exchange an air of exclusivity, and makes the membership to the loyalty program something coveted.

12. Be profitable

The goal of a loyalty program is not only to incentivize repeat and most profitable customers, but also to increase your profit. Repeat customers are valuable because they do not require new marketing techniques to improve awareness and engagement. You do not need a new campaign to attract repeat customers, but enhance the existing customer-brand relationships to keep your brand loyalists satisfied.

Track customer spending and product margins when designing your loyalty programs. Ensure that the loyalty program is profitable for the company but also satisfying for the customer.

Also, don’t forget to measure your brand loyalty and keep those metrics in check! This might help you to better direct your efforts in marketing and sales.

How Can You Measure Customer Loyalty?

There are a variety of ways to measure customer loyalty. One way is to survey individual customers and ask them how likely they are to recommend your company to others, and to rate factors such as quality of products/services, price, customer service, etc.

Another way is to analyze customer retention rates and see how many customers are returning or have returned to your business. You can also look at the amount of money customers are spending currently, and compare that to how much they’ve spent in the past. All of these require measurable customer data, and the following are the most common metrics used to measure customer loyalty.

1. Net Promoter Score

The net promoter score (NPS) is a way to measure customer experience. You could calculate it using this question: how likely are you to recommend the product to a friend or colleague?

The NPS uses a scale from 0 to 10 and rates answers into three groups: promoters (9–10), passives (7–8), and detractors (0–6).

The percentage of detractors subtracted from the percentage of promoters produces your NPS. The higher the NPS, the more your customers are likely to buy and recommend your brand.

2. Repurchase Ratio

The number of customers who come back to buy your brand divided by the number of one-time buyers is called the repurchase ratio. Most of a company’s revenue comes from repeat or returning purchasers, though they may be fewer than the total number of their customers.

The repurchase ratio also depends on the business model. Subscription-based retail models calculate the repurchase ratio by dividing the number of people who continue the subscription by the number of people who cancel after the first contract.

For retail businesses using a transaction-based model, the number of repeat customers must be calculated first. You can do this by finding the average time between the first and second buys of a repeat customer. The repurchase ratio can then be calculated by dividing the number of repeat customers by the number of non-repeat buyers.

3. Upsell Ratio

The upsell ratio is the number of customers who have bought more than one type of product from you compared to the customers who buy only one. The upsell ratio only tracks customers who buy new products, and does not include repeat customers who buy the same thing.

4. Customer Lifetime Value

The customer lifetime value (CLV) is the dollar value of a customer’s total purchases over the entire course of their relationship with a company. This metric is used to measure the profitability of a customer, and to help businesses like you determine how much they should spend to acquire new customers.

There are a few ways to calculate the CLV. The most simple way is to multiply the average purchase amount by the number of purchases made. You can also take into account customer retention rates and calculate how much each customer is worth over time. This gives you a more accurate picture of the value of a customer.

5. Customer Loyalty Index

The customer loyalty index (CLI) is a tool that tracks customer loyalty. It uses a set of questions addressing three vital points:

How likely are you to try the brand’s new products? How likely are you to recommend the brand to your friends and family? How likely are you to buy from the brand again in the future?

The average for these responses is the CLI of a customer, which they rate from 1 to 6, with 1 for “Definitely Yes” and 6 for “Definitely No”. The customer data and customer insights taken from these surveys help in measuring CLI.

6. Customer Engagement Score

Another way to measure customer loyalty is to use the customer engagement score. This is based on individual customers’ activity with your business. You can group your customers using demographics, transactions, and customer behavior. Using these customer segments could help you identify which customers are likely to become repeat purchasers and predict which ones will repurchase or try other new products.

The customer engagement score is calculated by measuring frequency of use ( click here to learn more about purchase frequency), level of use, actions by customer, time spent on activities, and other performance indicators and metrics that represent engagement success.

Give Your Loyal Customers What They Deserve

A loyalty program marketing strategy is a great way to reward your best customers for their continued business and retain them for a long time. However, simply having a loyalty program is not enough.

Loyalty is more than a transaction to your customers; it is a shared value they share with you. Your loyalty program should reflect that too.

PS: if you’d like to know about your potential customers and how to convert them in the first place, we highly recommend you to read our article about types of online shoppers. We’re sure you’re going to love it.

Originally published at https://www.monetha.io.


8 Ways to Increase Purchase Frequency

Based on recent statistics, 41% of US consumers make an online purchase once or twice per week. 24% buy something every other week. Your task as a business is to ensure you are among those they buy from and do it often. Purchase frequency is one of the core metrics every business should track. It directly affects your profitability and revenue since you are 6X times more likely to sell to ex

Based on recent statistics, 41% of US consumers make an online purchase once or twice per week. 24% buy something every other week. Your task as a business is to ensure you are among those they buy from and do it often.

Purchase frequency is one of the core metrics every business should track. It directly affects your profitability and revenue since you are 6X times more likely to sell to existing customers than new ones. High or average purchase frequency means customer loyalty, while low rates show that people rarely return after the first purchase.

Find out how to calculate and increase your purchase frequency below. Our tips will help you boost your customer retention metrics.

What is Purchase Frequency?

The purchase frequency (also PF) is the number of times an average customer places an order within a time period. By measuring PF during the limited time frame you get more accurate results and can compare customer behavior changes.

The higher the purchase frequency, the more likely your is brand to turn repeat customers into loyal ones. For example, people buy low-cost consumables more often than luxury cars or accessories with a significantly higher average order value. The purchase frequency for these product categories cannot be compared. Hence, you should track average customer purchases within your company or use industry benchmarks for estimates.

Why is Purchase Frequency Important?

Purchase frequency over a given period is one of the critical indicators for any eCommerce store. But why is it so important? Here are the main reasons for calculating purchase frequency:

Calculating purchase frequency rates allows you to track customer retention. When a customer buys from you repeatedly, you work in the right direction. Without the purchase frequency KPI, you won’t be able to measure this. It boosts the customer lifetime value. When you increase purchase frequency, the customer lifetime value also grows since an average buyer generates more revenue and stays for a longer time frame. Repeat purchases are cheaper than customer acquisition. The cost of activating existing customers is much lower than attracting unique customers, which may considerably cut your expenses. 82% of companies agree that customer retention is cheaper than acquisition. Loyal customers with a large average number of orders are more likely to recommend your brand. People that have completed multiple purchases favor your brand and are ready to invite a friend or join a loyalty program. Purchase frequency provides reliable data for marketing campaigns. If you are unsure whether your marketing is fruitful, purchase frequency rates help evaluate this.

As you can see, you get more loyal customers, boost sales, and grow revenue when you increase purchase frequency. It’s a must-watch metric for any retailer.

How do You Calculate Purchase Frequency?

Now, we reach the logical question: How to calculate purchase frequency? All data you need for calculations is in your transactional data. The purchase frequency formula is also pretty easy to use.

You will need to follow these steps:

Learn the number of orders customers placed with your company during the selected time frame (usually 12 months). Learn the number of unique customers your business served during the same time frame. Use the gathered information in the purchase frequency formula for calculation.

Purchase Frequency = Number of Orders / Number of Unique Customers

Example

Suppose you run a business that sells clothes and want to check the purchase frequency. Based on the previously collected statistics, you know that your company had 2500 unique customers and 3300 orders for the same period.

Then, the purchase frequency is 3300/2500 = 1.32.

Difference Between Purchase Frequency (PF) and Repeat Purchase Rates (RPR)

Many people use the terms purchase frequency and repeat purchase rate interchangeably. Yet these metrics have some significant differences, so it’s necessary to differentiate them for the clarity of this article.

The purchase frequency rate shows how often an average customer buys something from a single merchant within the specified time frame. On the other hand, the repeat purchase rate is a share of customers who have purchased at least a second time. To calculate repeat purchase rate, you need to divide the number of customers who’ve purchased more than once by the total number of customers.

While purchase frequency allows you to understand how often consumers buy something, the repeat purchase rate focuses on the share of repeat customers. Both these metrics are helpful to evaluate customer retention and loyalty.

8 Ways to Increase Purchase Frequency

If you want to have a flourishing business, you should engage new customers and continuously nurture existing ones. Repeat customers generate more revenue than occasional purchasers. Hence, you must put more focus on them if you expect to grow sales.

This section includes several most effective ways to increase your purchase frequency by building better customer relationships and more relevant offers.

1. Know your customer before planning marketing campaigns

Before you take steps to promote or sell something, you need to know who you target. This information will allow you to choose the best ways to encourage customers to repeat purchases. You will also be able to focus on people who are more likely to convert than others.

Advanced software is an optimum way to collect details about your target audience (including demographics, purchase history, average order value, preferences, favorite communication channels, etc.). Modern CRM systems integrated with email marketing tools, social media, data analytics, and other solutions automatically record priceless information about customers. They process this raw data to generate insights about what people want and whether they are ready to pay.

Once you have these details, it’s possible to segment your customers based on their characteristics. This way, you will tailor your marketing and increase frequent purchases.

2. Launch personalized email marketing campaigns

Email marketing is the cornerstone of a marketing strategy focused on increasing the number of customers who make repeat purchases. Emails are the most convenient and standard way to communicate with customers about their purchases, special offers, or sales. These communications remind people about your brand to encourage customers to buy something again.

Yet to boost the efficiency of email marketing campaigns, you’d better make them personalized. Using the person’s name in an email subject line can increase open rates by 26%. When more customers open your message, customer activity grows, increasing purchase frequency.

Besides the person’s name, you can customize the content and style of emails based on the recipient’s characteristics, previous responses, purchases, and other details. For example, you can send a custom selection of similar products based on the purchase history.

3. Make limited-time special offers

Limited-time offers are steroids for any marketing campaign that considerably affect customers’ behavior. When the person hears that the chance to get something at a lower price will disappear after the set time frame, they rush to take action. As a result, the customer buys a product or service they haven’t planned to purchase before as the offer seems too good to miss it. Such customer behavior increases the purchase frequency and revenue.

Yet you should be careful and avoid overusing limited-time offers. Consumers will get used to such a customer experience and stop buying without discount codes or sales. It may be counterproductive for the overall purchase rate.

4. Communicate with existing customers through multiple channels

Over 50% of modern brands use at least 8 channels to interact with customers. You should be ready to serve consumers through emails, social media, messengers, phone calls, online chats, etc. The ability to stay in touch through top popular communication channels directly affects the quality of customer service and satisfaction rates.

Imagine users find your new product and are ready to place an order, but you don’t reply to their emails for several days. Guess what? The chances they will leave to a competitor are very high.

You should avoid such issues and provide continuous support via the main communication channels. To make things clear from the start, indicate what channels consumers should use for help on your website.

5. Implement a loyalty program

The best customers are loyal customers. They already love your brand, trust you, and make frequent purchases even without you asking them about this. 60% of loyal customers say they are ready to purchase from their favorite companies more often.

That’s why you should think about having a customer loyalty program. Offer buyers points for every purchase, give them discounts or make special offers, or find any other incentive that can inspire people to join your loyalty program.

Not sure how to implement loyalty programs? Join Monetha to get a ready solution for eCommerce loyalty campaigns.

6. Use software to automate manual sales and support tasks

Apart from nudging your customers to convert, you must be ready for increased purchase frequency on your side. As the purchase frequency rate grows, the volume of orders you need to process also skyrockets. It may turn out that your sales and support teams are not ready to meet the demand.

Therefore, to increase the productivity of your sales and support teams, you need automation software. Modern tools can automatically respond to standard emails, implement online website chats, track order fulfillment, update order statuses, and complete many other actions you would otherwise do manually.

It reduces the load on sales and support departments allowing them to enhance customer service and focus on strategic tasks.

7. Introduce gamification elements

When a customer purchases a product, it should be a fun and pleasant experience. Therefore, gamification elements in your sales strategy are a great way to stir buyers’ interest and increase purchase frequency.

Gamification is the most relevant in loyalty campaigns where users can win points, move from one level to another, or even compete with peers. When people get engaged and want to reach the highest level, they willingly do what you ask them to do. For example, when a buyer needs ten orders to move from the starter level and enjoy additional benefits, they are more likely to place ten orders than without incentives.

8. Fight cart abandonment

Abandoned carts are among the most upsetting types of customer behavior for businesses. People browse your website, select products, add them to the cart, and leave at the last moment without paying. Given that the average customer abandonment rate is 69.57%, the impact on the purchase rates and overall revenue is enormous.

Even though you won’t be able to make all customers complete the order, you can take steps to remarket them. Try sending them a reminder email, offer a discount on the products added to the cart, etc. Remarketing can convince a part of abandoners to come back and restore the purchase frequency.

Originally published at https://www.monetha.io.


The Psychology of Loyalty and How It Impacts Your Business

Have you wondered why you keep buying lattes from your local cafeteria, even though Starbucks charges you $1.50 less than that? Is it because of the smile you receive from the merchants every time you order or the reward proposition of 1 free coffee every ten orders? Or because of the habit? In this article, we will review one of the critical components for every successful company-regardles

Have you wondered why you keep buying lattes from your local cafeteria, even though Starbucks charges you $1.50 less than that? Is it because of the smile you receive from the merchants every time you order or the reward proposition of 1 free coffee every ten orders? Or because of the habit?

In this article, we will review one of the critical components for every successful company-regardless of size, location, and staff number-loyal customers.

What is a Loyalty Program?

A loyalty program, also known as a reward program, is an initiative by a brand to offer its customers special incentives based on their past purchases. These objectives can vary from brand to brand; one company might want to tempt people with discounts or by giving customers cash back, while another might reward people for completing repeat orders.

Regardless of the goal, all loyalty programs seek to keep customers interested in the brand by building and strengthening brand loyalty — and keeping them close. An interesting stat from SmallBizGenius indicates that 72% of adult US citizens are part of at least one loyalty program.

Why Are Loyalty Programs Important?

Customer loyalty has become a cornerstone topic for businesses, and brands are constantly coming up with new rewards programs to attract more clients. But for both parties-brands and consumers, loyalty points are more than just numbers. And it means so much more! Let’s see some of the crucial benefits of incorporating points programs.

1. Improve the relationship between brands and clients

To emotionally engage customers and encourage them to come back, brands must provide more than just the possibility of a free bottle or free glasses-they must create an experience. Giving customers a chance to meet with other dedicated fans of a personality or brand, for example, can inspire a feeling of community and belong among new shoppers.

2. Attract new customers

A happy customer is a repeat customer. According to a study conducted by Nielsen, 83% of new customers will trust a personal recommendation from friends and family members. That’s a lot more than any other type of marketing. So, the importance of your loyal customers can not only bring you increased value from them-your efforts can actually bring you business from new customers!

3. Repeat customers have better ROI

A loyalty strategy in place is well worth it. If you put more effort into keeping your current clients happy, you will have up to a 300% revenue increase. That’s right-300%. According to RJMetrics, you can get three times the business volume. Of course, you need to get real; these numbers are optimistic.

4. Reduced marketing costs

As the digital economy grows and evolves, brands need to adapt their strategies accordingly lest they be left in the dust.

But why splash tons of money acquiring new customers (considering that marketing does not guarantee you a sale) when you can spend five times less to reward customers and keep them loyal to your business? That’s right, a new customer “costs” about 5X more than a current one.

5. Loyal customers are easier to upsell and cross-sell

Loyalty programs aren’t just a tool to increase customer retention; they also boost your business profit. Because upselling and cross-selling use AI to predict customer behavior, you can offer your clients better-suited offers that reward them for the bigger purchase.

Since your loyal consumers are aware of your brand, they can take advantage of a good deal and be happy. You will be astounded by the way how most people embrace deals!

6. Free marketing

Instead of spending 1000’s of dollars trying to figure out the market and swearing Facebook and Google about their ever-changing algorithms, you can sit comfortably and watch how word of mouth marketing can benefit your business passively.

7. Access to precious customer data

Brands can implement a loyalty program that collects critical data and leverages customer behavior with machine learning to improve the customer journey across the board.

Clients are more willing to share data with businesses they know which can be your key to success. You can personalize their experience, building an even more solid emotional foundation.

The Psychology Behind Loyalty Programs

Loyalty programs and all the tools that calculate progress and track results are based on real-world research made by leading psychologists. There are several pivotal principles when it comes to the psychology of loyalty.

First impression matters more than anything else

The first impression of your ecommerce store proceeds even the first purchase by your customer.

According to research, 94% of first impressions are design-related, so you should invest in looks just as much as giving your clients different freebies and discounts.

A good loyalty program lies on the foundation of an attractive proposal that is “dressed” well. The color theory plays a huge role-branded colors can give an additional boost to any loyalty program.

Positive reinforcement for forming a habit

Positive reinforcement is a reward that gives a positive outcome after completing an action. Giving your customers a positive stimulus makes them more likely to respond to it. The greatest loyalty programs are fueled by positive reinforcement. Rewarding users for their loyalty and interaction with your brand encourages them to keep participating in that behavior.

While using this technique can make driving permanent, consistent behavior patterns easier, it’s essential to be thoughtful about approaching your rewards system. But if you do, purchasing from your store might become as light as buying goods from the local grocery store -a habit.

Applying the “Rule of The Boxes”

Typically, if users choose between two products, they pick the cheaper one. If Product A costs $50 but offers 2–3 key functions while Product B costs $100 but offers 10–15 key features, people will choose the cheaper option.

However, if we add something in between-Product C, which costs $80 but has 8–12 options, people will find it the best deal. That’s the rule of the boxes.

The goal gradient effect

The goal gradient theory proves that consumers are motivated to make more purchases when closer to achieving their goals. The goal gradient theory focuses on the relationship between effort and the level of motivation that goes into attaining specific goals.

The goal gradient effect is easily accessible. For example, many cafeterias offer a free coffee for every ten orders, making customers more prone to purchase to get the freebie.

The FOMO effect

FOMO (in short for “Fear of Missing Out”) is a very popular effect. Research shows that we’re more motivated to avoid losing something than earning it. This is called loss aversion, and recently it’s been applied to loyalty programs.

Loss aversion explains the difference between a one-time point-based survey and a rewards program; instead of earning points, customers are motivated when they see how many points they can lose.

In the sports betting industry, it’s a common strategy to offer customers to cash out. If they are betting on 5–6 events, they can cash out (while missing some of the potential profit) but keep some of their profits, or keep playing and lose everything, including their bets.

A sense of exclusivity

As humans, we’re naturally attracted to the feeling of gaining social status. High-tier rewards give shoppers an excellent reason to keep coming back and incentivize them to spend more.

People can easily find this exclusivity effect in real life. For example, the famous travel website Booking gives its users an additional discount if they reach a certain level (Genius 1, Genius 2, Genius). They have to book more holidays within a certain period to achieve it.

Increased commitment

Once customers have invested in your brand, they’re more likely to remain loyal than if they had only entered your store.

The “sunk cost fallacy” is a psychological phenomenon that occurs when individuals see investment as an increase in their own worth, so any withdrawal from that investment becomes a loss of personal value.

In other words, the more your customers engage with your ecommerce store, the more likely they are to keep purchasing from you.

PS: want to learn more about the topic? Then read our article about customer commitment here.

Summary

Loyalty programs are the backbone of almost any business, but businesses must constantly innovate to avoid becoming complacent and falling behind. Customer perception is crucial-marketers can customize everything from rewards to customer engagement techniques to appeal to audiences’ mindsets.

Rewards are the most direct way for customers to appreciate your brand-they give people something they want, so long as they continue buying your product or service.

And as you already saw, understanding and leveraging psychology will not only give you short-term results, but it will help your business succeed in the long run.

Did you like this article? Then make sure you don’t miss the one we’ve written about the best practices for loyalty programs. You’ll love it!

Originally published at https://www.monetha.io.


UNISOT

IKT-Norge Podcast

I en garasje på Kolbotn bygde de teknologien som binder revisjon, sporing og transparens i verdikjeder sammen
I en garasje på Kolbotn bygde de teknologien som binder revisjon, sporing og transparens i verdikjeder sammen

Er blokkjede en av de store gamechangerne i den sirkulær økonomien, revisjon, finans, sporing og transparense i verdikjeder? Med Stephan Nilsson CEO og Torje Vingen Sunde CFO i Unisot. Klikk på bildet under for å høre podcasten.

 

Thursday, 21. April 2022

Radiant Logic

Advanced Federal Use Cases: Identity on the Edge

When the carrier goes over the horizon, it carries all the identity information it needs. The post Advanced Federal Use Cases: Identity on the Edge appeared first on Radiant Logic.

KuppingerCole

Enabling MFA and SSO for IoT and Constrained Devices




Global AI Ethics and Governance

Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders.

Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders.




Closing Keynote & Announcement of EIC 2022 Gamification Winners




The impact of decentralized identity solutions in the marketplace, insights and lessons

Long theorized as the solution to the verification problem on the internet, decentralized identity has now achieved lift-off in the marketplace. In this workshop, we’ll explain who’s interested, why, and what we learned building a series of solutions for global enterprises in the finance, health, and travel sectors. We’ll explain how we implement decentralized identity through the concept of a Tru

Long theorized as the solution to the verification problem on the internet, decentralized identity has now achieved lift-off in the marketplace. In this workshop, we’ll explain who’s interested, why, and what we learned building a series of solutions for global enterprises in the finance, health, and travel sectors. We’ll explain how we implement decentralized identity through the concept of a Trusted Data Ecosystem, and what the near future looks like for businesses who adopt this technology now, including the critical importance of verifiable digital identity to decentralized finance, the metaverse, and to the interaction of digital objects and non-digital objects in the spatial web—the “Internet of Everything.”




"The Great Resignation" Combined with an Explosion in IT Complexity - How Can IT Weather this Perfect Storm?




Reducing the Species in your Cybersecurity Zoo




Reducing Complexity - Increasing Agility: How to Deliver Value With Hybrid & Multi-Clouds




Navigating the OT World – Selecting a Solution to Suit




Solving "The Right to be Forgotten" for Blockchains

"The Right to be Forgotten" presents a conundrum to builders of blockchain solutions, because the focus of most blockchains is to create an indelible, permanent record. This makes "The Right to be Forgotten" appear irreconcilable with blockchains. I will present a solution to "The Right to be Forgotten" that can be applied to most every blockchain, subject to governance approval by the stakeholder

"The Right to be Forgotten" presents a conundrum to builders of blockchain solutions, because the focus of most blockchains is to create an indelible, permanent record. This makes "The Right to be Forgotten" appear irreconcilable with blockchains. I will present a solution to "The Right to be Forgotten" that can be applied to most every blockchain, subject to governance approval by the stakeholders. The solution does not violate the integrity of the blockchain record.




Privacy = Data Protection + X

Data Protection is a very basic and profound concept of translating privacy as a human right into the digital sphere. But is it enough? and are our current approaches the right ones? In this panel we will try to find answers on how we can translate privacy into the (metaverse) future.

Data Protection is a very basic and profound concept of translating privacy as a human right into the digital sphere. But is it enough? and are our current approaches the right ones? In this panel we will try to find answers on how we can translate privacy into the (metaverse) future.




Knowing differences between Cyber Resistance and Cyber Resilience

You've probably heard about Cyber Resilience, but what should be the differences between the two terms in the context of Cybersecurity? Cyber Resistance is the same or not?. During this presentation, we will be understanding the differences between Cyber Resistance and Cyber resilience, and how we can apply both concepts to our current technology landscape, besides understanding how we can identif

You've probably heard about Cyber Resilience, but what should be the differences between the two terms in the context of Cybersecurity? Cyber Resistance is the same or not?. During this presentation, we will be understanding the differences between Cyber Resistance and Cyber resilience, and how we can apply both concepts to our current technology landscape, besides understanding how we can identify the High-Value Target (HVT) in our organization




Trust is a Team Sport, and Like all Good Sports it has Rules

Trust is not just technical, and it’s not just derived from a process or an organisation. The need for Trust is also variable based on the risk involved in a transaction or the risk appetite of the service provider. Sometimes trust is almost irrelevant. Digital doesn’t make things any easier as we often have multiple parties involved in the communication of trust from issuer to holder of credentia

Trust is not just technical, and it’s not just derived from a process or an organisation. The need for Trust is also variable based on the risk involved in a transaction or the risk appetite of the service provider. Sometimes trust is almost irrelevant. Digital doesn’t make things any easier as we often have multiple parties involved in the communication of trust from issuer to holder of credentials, and on to a relying service not to mention requirements for onboarding, verification, issuance, and authentication to name but a few along the way.

Emerging standards and relentless innovation make many things better, but they also introduce challenges when we want multiple systems to work together and for trust to be largely independent of the underlying technical stacks.

To make Trust work in diverse ecosystems we need clear rules of engagement that champion the needs of all participants and clearly define their responsibilities to one another, and to the wider legal and business ecosystems they ultimately interact with. Efforts in multiple jurisdictions in both the public and private sector are developing these rule sets right now – this is what we can learn from the rise of the Trust Framework.




Panel | Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms

In talking about a "Post Platform Digital Future", it is all about a Vision, or better: mission to not let the current platform dominance grow any further and create the foundations for a pluralistic digital society & business world where size would not be the only thing that matters. To get there, we need open Standards, Protocols and Alliances that help individuals, as well as businesses of

In talking about a "Post Platform Digital Future", it is all about a Vision, or better: mission to not let the current platform dominance grow any further and create the foundations for a pluralistic digital society & business world where size would not be the only thing that matters. To get there, we need open Standards, Protocols and Alliances that help individuals, as well as businesses of any size, to participate in a digital future inside the metaverse and beyond - just like trade unions helped the working class during the industrial revolution to fight for their rights. In this panel session, we will discuss about the enablers of such a different approach and the requirements to actually be successfull.




Digital Identities and IoT – How to leverage OIDC and OAuth 2.0 for the best user experience and security! IAM-related experiences from the automobile and home appliances sector.




OT Patch Management Best Practices




Inside the Mind of a Hacker – From Initial Access to Full Domain Admin

Ethical Hacker Joseph Carson will demonstrate a real-world use case of how a cyber adversary gains an initial foothold in your network through compromised credentials and then elevates control and moves laterally to identify and exfiltrate your critical data. He will share insights into how the mind of a criminal hacker operates based on his experiences and steps you can take to stop them in their

Ethical Hacker Joseph Carson will demonstrate a real-world use case of how a cyber adversary gains an initial foothold in your network through compromised credentials and then elevates control and moves laterally to identify and exfiltrate your critical data. He will share insights into how the mind of a criminal hacker operates based on his experiences and steps you can take to stop them in their tracks.

Staying up to date and learning hacking techniques is one of the best ways to know how to defend your organization from cyber threats. Hacking gamification is on the rise to help keep security professionals up to date on the latest exploits and vulnerabilities. This session is about helping you get started with hacking gamification to strengthen your security team.

In this session Joseph Carson Chief Security Scientist and Advisory CISO at Delinea will select two systems from Hack the Box and walk through each of them in detail explaining each step along with recommendations on how to reduce the risks. Going from initial enumeration, exploitation, abusing weak credentials to a full privileged compromise.

What will I learn?

How attackers gain access to IT environments and systems and escalate privileges What a real-world hack looks like in a use-case demonstration Best practices for combating attackers by establishing multiple layers of security to minimize risk

Get answers to these important questions:

How has moving to the cloud affected cyber security from a PAM perspective? What are the most common types of attacks that criminal hackers use to compromise cloud environments? What are common misconceptions that lead to cyber security “blind spots” of vulnerability?


Cyber-Securing the Digital Industry




Enhancing Cloud Security Standards: A Proposal for Clarifying Differences of Cloud Services with Respect to Responsibilities and Deployment

Widely used cloud security standards define general security measures/controls for securing clouds while not differentiating between the many, well-known implementations that differ with respect to the Service and/or Deployment Model they implement. Users are thus lacking guidance for decision-making and for preparing to ensure end-to-end security. By adding only two requirements, cloud security s

Widely used cloud security standards define general security measures/controls for securing clouds while not differentiating between the many, well-known implementations that differ with respect to the Service and/or Deployment Model they implement. Users are thus lacking guidance for decision-making and for preparing to ensure end-to-end security. By adding only two requirements, cloud security standards can really cover and consider virtually all possible Service Models and Deployment Models. As a result of this, they support differentiating between offerings and improve the support for user organizations for which the standards are also built for.




Panel | Decentralized, Global, Human-Owned. The Role of IDM in an Ideal (If there is One) Web3 World

The Internet had been created without an identity layer, leaving it to websites and applications to take care for authentication, authorization, privacy and access. We all know the consequences - username and password still being the dominant paradigm and, even more important, users not having control over information that personally identifies them. The risk of data misuse, of being hacked or man

The Internet had been created without an identity layer, leaving it to websites and applications to take care for authentication, authorization, privacy and access. We all know the consequences - username and password still being the dominant paradigm and, even more important, users not having control over information that personally identifies them. The risk of data misuse, of being hacked or manipulated has become a significant challenge and and requires a new approach in times of an emerging web3 and its core capability of transferring value. Is decentralized, DLT based Identity the solution that finally will enable DeFi, NFTs and DAOs? Join this awesome keanote panel to controversially discuss this topic. 




Enabling Digital Identity Ecosystems




In Transition - From Platforms to Protocols

Only a few years ago the identity ecosystem seemed to be ‘set’ with little chance for change or dislocation of the large federated identity providers. Today the entire identity technology ecosystem is in flux. What will emerge? OIDC? OIDC/SIOP? DIDComm? Join us for a discussion on the changing protocol landscape, the shifting identity power centers and why it is a both/and and not either/or.

Only a few years ago the identity ecosystem seemed to be ‘set’ with little chance for change or dislocation of the large federated identity providers. Today the entire identity technology ecosystem is in flux. What will emerge? OIDC? OIDC/SIOP? DIDComm? Join us for a discussion on the changing protocol landscape, the shifting identity power centers and why it is a both/and and not either/or.




Insights from India’s Data Empowerment & Protection Architecture




Spruce Systems

Presentation: Extending Sign-In with Ethereum - CASA Gathering 2022

During the initial part of the CASA unconference, we had a chance to present on extending Sign-In with Ethereum, and what the future of authentication looks like. Wayne's talk and an overview of the topics covered can be found here.

On April 25th, the Chain Agnostic Standards Alliance hosted a full-day in-person gathering during DevConnect to host various talks and workshops on cross-chain standards.

GitHub - ChainAgnostic/AMS-CASA-gathering Contribute to ChainAgnostic/AMS-CASA-gathering development by creating an account on GitHub. GitHubChainAgnostic

During the initial part of the unconference, we had a chance to present on extending Sign-In with Ethereum, and what the future of authentication looks like. Wayne's talk and an overview of the topics covered can be found here:

Additional presentations included a history of CASA by Pedro Gomes from WalletConnect, an overview of did:pkh and CACAOs by Joel Thorstensson and Sergey Ukustov from the Ceramic team, an overview of UCANs by Brooklyn Zelenka from Fission, and many more. Additionally, a number of breakout sessions took place, including a session on how Sign-In with Ethereum, CACAOs, and UCANs interoperate, and even one on a unified standard for wallet authentication (sign in with 'x').  

We look forward to attending future CASA gatherings, and the growth of continued contributions to the alliance!  

For a full look at the slides used in Wayne's presentation, check out the following:

Spruce lets users control their data across the web. If you're curious about integrating Spruce's technology into your project, come chat with us in our Discord:


Finicity

Synctera expands partnership with Mastercard

Synctera, a leading FinTech banking provider helping innovators build their own FinTechs more efficiently, is expanding its partnership with Mastercard by integrating Mastercard’s open banking platform (provided by Mastercard’s wholly owned subsidiary, Finicity) to provide account verification solutions for Synctera-powered FinTechs. The addition of consumer-permissioned data from an open banking

Synctera, a leading FinTech banking provider helping innovators build their own FinTechs more efficiently, is expanding its partnership with Mastercard by integrating Mastercard’s open banking platform (provided by Mastercard’s wholly owned subsidiary, Finicity) to provide account verification solutions for Synctera-powered FinTechs. The addition of consumer-permissioned data from an open banking platform allows early-stage FinTechs access to the data they need to mitigate fraud, maximize confidence, and provide more choice in payment transactions to improve user experiences.

“Mastercard’s open banking platform provides consumer-permissioned data that is critical to enabling all ecosystem players, opening the door for the future of financial experiences, and can help streamline account verification to reduce friction between apps and consumers,” said Andy Sheehan, Executive Vice President, U.S. Open Banking at Mastercard. “Mastercard and Synctera’s partnership enhances the support and collaboration that is critical to FinTech innovators and will allow entrepreneurs and developers the ability to go to market quickly and ultimately deliver more consumer choice.”

Read more here.

The post Synctera expands partnership with Mastercard appeared first on Finicity.


Indicio

Why You Don’t Want To Miss the Next IIW

The post Why You Don’t Want To Miss the Next IIW appeared first on Indicio Tech.

By Tim Spring

IIW was established in 2005, and boasts over a hundred sponsors, with hundreds in attendance. As the focus is on “getting things done” the agenda is created live each day by attendees present at the opening of the day, giving you the opportunity to establish what you want to talk about and getting the real time ability to see which topics others will be deliberating that you might want to join in on.

IIW is an un-conference, which means that there are no keynote speakers, presentations, or sales pitches (for the most part). Participants are encouraged to come with topics they would like to discuss with the community in attendance, with the goal of “moving topics, code and projects downfield.”

The Take Aways

Because of the unique style of this conference you are sure to take part in, sit in on, or just overhear a variety of conversations on all kinds of work in the identity space. Here are some of the topics Indicio’s team at IIW found interesting.

Trust registries and Machine Readable Governance: The question, “How do we know which Issuers to trust?” was brought up several times at IIW with “Trust registries” being a common response. But  there seemed to be a division over what a trust registry is or should be. One interpretation saw it as a third party fulfilling a top-down, command-and-control, pay-to-play, API-to-call function in determining which credential issuers can be trusted. The other saw it as something collaborative, a resource for governance files that allows those files to be cacheable among agents through machine readable governance. This triggered interest in what machine readable governance was, how it made a trust registry portable,  and how it could be implementedThere

DIDComm as a Control Channel: This concept is all about using DIDcomm as a coordinating service, connecting two endpoints that want to communicate and handling everything from authentication to coordinating money transfers or shipping details, while also adding an additional security layer for the end user. While it was a new idea to many, there were a few people that raised their hands and said that they have already implemented something like this and showed some real world examples, increasing excitement around the possibilities and promoting further adoption.

Interoperability: As usual, many people were concerned with how to solve interoperability challenges in the community. The crowd was very keen on the idea of running an Aries Interop-a-thon (based on the hackathon style events Indicio has run for the Cardea Project at Linux Foundation Public Health) The idea that IIW tickets be issued as credentials so the community can personally test its solutions and try to iron out some of the interoperability challenges was proposed, and has a good chance of moving forward.

The really thought provoking discussion was about the current state of identity interoperability vs interoperability in other areas of tech. When compared to browsers, it was said it is tempting to feel like we are in the Netscape era of standardization. When in reality we are likely more in line with the Compuserve-AOL era of standardization and have much further  to go.

AnonCreds VS W3C JSON-LD Creds: Our team expected some disagreement about this topic, but both sides seemed to realize that delivery is what matters here, and additional argument isn’t going to help. Multiple sessions were run trying to identify which credential format to use, resulting in 7+ different formats being discussed, with Anoncreds & W3C JSON-LD being the most popular for debate. The ISO mDL 18013-5 credential format was also brought up for use in drivers licenses.

Why should you participate in the next IIW?

No wrap up or bullet point list can capture every conversation. This year was the first in-person conference since the start of the pandemic and every member of our team was excited to go.

While it was cheaper to attend over zoom, the conversational opportunities presented by in-person attendance—the ability to to really dig into the technology, simply don’t occur online. While this could be said for any conference, the unconference style of IIW encourages much greater audience participation. The number of engineers in these discussions drives challenging, exciting, and insightful ideas, so much so in fact, that In the middle of this IIW they decided to do the next one in person, rather than one remote and one in person per year as had been previously planned.

And worse case scenario, you can use the opportunity of bringing your team together for some sweet photo ops like our team did.

Tickets sell out quickly so for more information and to make sure you can join the next event we encourage you to check out the IIW website!

If you’d like a first hand account of the conference from one of our engineers check out out recent YouTube video!

The post Why You Don’t Want To Miss the Next IIW appeared first on Indicio Tech.


KuppingerCole

HYPR Passwordless and Phishing-resistant Authentication

by Martin Kuppinger Die passwortlose Authentifizierung wird zum neuen Standard. Benutzer müssen keine lästigen Passwörter mehr verwenden und die mit Passwörtern verbundenen Sicherheitsrisiken werden umgangen. Innerhalb der großen Auswahl an Lösungen, die für sich in Anspruch nehmen, ohne Kennwörter zu arbeiten, zeichnet sich HYPR durch seine Desktop- und Microsoft Active Directory-Integration und

by Martin Kuppinger

Die passwortlose Authentifizierung wird zum neuen Standard. Benutzer müssen keine lästigen Passwörter mehr verwenden und die mit Passwörtern verbundenen Sicherheitsrisiken werden umgangen. Innerhalb der großen Auswahl an Lösungen, die für sich in Anspruch nehmen, ohne Kennwörter zu arbeiten, zeichnet sich HYPR durch seine Desktop- und Microsoft Active Directory-Integration und die Unterstützung einer breiten Palette von Anwendungsfällen aus. HYPR bietet einen hochsicheren, phishing-resistenten Ansatz für die passwortlose Authentifizierung.

Jolocom

Antworten auf die wichtigsten Fragen zu Self-Sovereign Identity (SSI) 

Es zirkulieren falsche Annahmen und Missverständnisse in den Medien über das Potenzial und die Risiken von SSI. In diesem Artikel setzen wir uns mit einigen Missverständnissen auseinander und fassen die wichtigsten Kernthesen über SSI zusammen. So entsteht am Ende ein übersichtliches Bild darüber, was SSI ist, und vor allem: was SSI nicht ist und sein ... [:en]The post Antworten auf die wichtigs

Es zirkulieren falsche Annahmen und Missverständnisse in den Medien über das Potenzial und die Risiken von SSI. In diesem Artikel setzen wir uns mit einigen Missverständnissen auseinander und fassen die wichtigsten Kernthesen über SSI zusammen. So entsteht am Ende ein übersichtliches Bild darüber, was SSI ist, und vor allem: was SSI nicht ist und sein soll. 

Können SSI Daten gestohlen und ohne mein Wissen verwendet werden? Ermöglicht SSI einen Datenmarkt und weiteren Missbrauch von unseren Daten? 

Bei SSI stehen die selbstbestimmte Nutzung und gleichzeitige Datensicherheit für das Individuums im Mittelpunkt. Gleichzeitig ist Datensparsamkeit wichtig: der User sollte immer nur das erforderliche Minimum der Informationen über sich preisgeben müssen, das für die Nutzung eines Dienstes notwendig ist. Zusammenfassend lässt sich sagen, dass man bei SSI nur entscheiden kann, wem man die Daten gibt, nicht aber, was mit ihnen passiert – was keine technische Frage ist, sondern den Trust Frameworks und der Umsetzung von Policies geschuldet. Dies wird über Zertifizierung und Zulassung geregelt, da so Vertrauen in die am Ökosystem beteiligten Akteure hergestellt werden kann. SSI selbst bietet keinen allgemeinen Schutz vor Datenmissbrauch. Dennoch stellt es die Möglichkeit dar, durch das Prinzip der Dezentralität die eigenen Daten sicher und selbstbestimmt zu verwalten. Die Dienste, an welche man persönliche Daten übermittelt, sind letztendlich ebenfalls an die Datenschutzgrundverordnung gebunden. Man kann nicht nur entscheiden, wem man die Daten gibt, sondern auch wie (bspw. als ZKP oder als VP). 

Wieso bietet SSI mehr privacy als derzeitige Systeme? 

Weil wir unsere Daten nicht an Hunderte von Plattformen auslagern, sondern zentral bei uns verwalten. So wären im Idealfall beim Hack eines Dienstes keine Tausende von Userprofilen mit sensiblen Daten zu erbeuten, sondern nur wertlose peer to peer connects. Dadurch entstehen mehr Privatsphäre und Eigenverantwortung über die persönlichen Daten. 

Schon im ersten Artikel zu SSI von Christopher Allan steht: Der User kann und soll selbst entscheiden, wem er oder sie persönliche Daten zeigt und wofür. Voraussetzung dafür ist Interoperabilität und Portabilität der Identitäten. Diese Idee ist gewissermaßen der Kern von SSI. Doch die Aussage, dass ich als User die komplette Hoheit über meine digitale Identität habe, wird oft missverstanden und ist in dieser Form falsch.  

Ist SSI mit Klarnamenpflicht gleich zu setzen und verliere ich meine Anonymität? 

Welche Daten ein Dienst einfordert liegt beim Dienst und an den gesetzlichen Vorgaben. Ist der Dienstanbieter nicht an eine Klarnamenpflicht gebunden, also nicht verpflichtet einen Klarnamen abzufragen und zu überprüfen so kann er das auch nicht vom Nutzer einfordern (nach Datenschutzgrundverordnung). Tut er dies trotzdem, muss der Benutzer zustimmen und es muss ein konkreter Grund genannt werden. 

Wieso hat SSI nichts mit Blockchain zu tun?  

SSI wird oft mit der Blockchain Technologie gleichgesetzt. Dadurch entsteht der Eindruck, dass SSI nur gemeinsam mit Blockchain funktionieren kann. Das ist jedoch nicht der Fall. Wir haben eine umfassende Erklärung hier zusammengefasst: https://jolocom.io/blog/dezentrale-identitaten-not-blockchain/ 

[:en]The post Antworten auf die wichtigsten Fragen zu Self-Sovereign Identity (SSI)  appeared first on Jolocom.[:]


Elliptic

Money Laundering Through DEXs and Mixers

Decentralized finance (DeFi) was one one of the most exciting areas of cryptoasset growth and investment across 2021, and it continues this trend into 2022. DeFi involves the use of “smart contracts” – or programmable, self-executing protocols – to enable users to have disintermediated access to financial services that have historically only been available through centralized financial

Decentralized finance (DeFi) was one one of the most exciting areas of cryptoasset growth and investment across 2021, and it continues this trend into 2022. DeFi involves the use of “smart contracts” – or programmable, self-executing protocols – to enable users to have disintermediated access to financial services that have historically only been available through centralized financial institutions.


OWI - State of Identity

The Pathways of Data Integration

Where is the biggest AI bottleneck and what is the next foundational shift in AI? On this week's State of Identity podcast, host Cameron D’Ambrosi welcomes Dr. Eric Daimler, CEO & Co-Founder of Conexus AI to dive into data integration and consolidation. They break down the limitations of AI and look at  regulatory headwinds around the development and deployment of AI technologies. 
Where is the biggest AI bottleneck and what is the next foundational shift in AI? On this week's State of Identity podcast, host Cameron D’Ambrosi welcomes Dr. Eric Daimler, CEO & Co-Founder of Conexus AI to dive into data integration and consolidation. They break down the limitations of AI and look at  regulatory headwinds around the development and deployment of AI technologies.   

Holochain

Launcher Launches New Features

Holochain Dev Pulse 119

This week we released a new version of Holochain Launcher with a lot of new features. I took it for a test run and I have to say… I'm excited. It feels like something my dad could actually use! The new Launcher is much more welcoming to non-technical users. I’m going to unbox it below, but first, the Holochain release notes for this week.

Holochain 0.0.139: Keystore version bump, simpler link CRUD

Breaking changes: none
Compatible HDK versions: 0.0.129, 0.0.130, 0.0.131, 0.0.132
Compatible Lair version: 0.1.3

This release is another small one, albeit with a couple meaningful changes for devs and users:

The compatible Lair keystore has been bumped to version 0.1.3 (#1377). This brings mostly documentation updates, but also fixes a bug involving spaces in Lair’s socket/pipe path (lair #91) and gets more strict about the version of Lair that it intends to connect to (lair #95). The link CRUD functions create_link, get_link_details, and get_links now take any DHT hash that can be converted to a linkable hash, rather than requiring you to convert it yourself. On the flip side, entry, header, and external hashes now have Into<AnyLinkableHash> implementations to make this all possible. Surprisingly, this isn’t a breaking change, as it all happens in the HDK before getting sent to the host. (#1365) Unboxing the user-friendly Launcher 0.4.4

Compatible Holochain versions: 0.0.127, 0.0.131, 0.0.132, 0.0.136

If you’re not familiar with the Holochain Launcher, it’s a user-friendly manager for running hApps. This will eventually be our end-user offering, and one of the primary ways you’ll be able to distribute web-based hApps to your users.

Version 0.4.4 is a huge jump toward the goal of user-friendliness, in a few ways:

DevHub, a built-in package manager that lets your users download and install hApps right from within the Launcher! It supports multiple Holochain versions, which means that you don’t have to worry quite as much about whether your users have the right Launcher installed. It also means they also won’t have to perform any more factory resets and lose their data!

Okay, let’s unbox this thing.

1. First run

Here’s something new: When you start up Launcher 0.4.4 for the first time, there’s already a hApp running! It’s the first public preview of the new DevHub hApp. (I’ll talk more about that at the bottom of this Dev Pulse.)

2. hApp Library

If you click on the ‘Install new app’ button, instead of getting a file dialog, you see the new App Library! It’s powered by the DevHub DNA, and it lets you download, install, and start a hApp with just a couple of clicks. Currently there’s only one hApp with a public release, called Notebooks, but it’s a fun one.

3. Installing a hApp

As you can see, I didn’t have to hunt around for a hApp bundle file on the internet, and I didn’t have to hunt for the downloaded file on my device’s storage. The Launcher just downloaded Notebooks and showed me a simplified installation dialog. The membrane proof fields are hidden; all I have to do is change the hApp’s name if I feel like it.

4. Behold, a newly installed hApp

Now I have two hApps, DevHub and Notebooks. They each require a different conductor version, but that’s no problem; you can see that Launcher started up 0.0136 automatically for me. Users probably won’t notice or care about this detail, but what it means for them is that It Just Works.

5. Using Notebooks for the first time

Notebooks is a real-time collaborative document editor, similar to HackMD or Google Docs. It’s built using a framework called Syn, created by Eric Harris-Braun and his son last year. I’d like to say more about Notebooks, but for brevity’s sake I’ll say this: I was surprised by how delightful it was to use. The real-time editing experience is smooth and snappy, just like you’d expect from a cloud app. But I’m comforted by the knowedge that all the stuff I care about is on my machine!

So, now that you’ve seen the new Launcher, why not give it a try? I invite non-developers to try it out too!
DevHub public preview

So the other big news that got bundled with Launcher 0.4.4 is, of course, the first public preview of the DevHub hApp. It’s not ready for prime time yet (that will likely happen after the Stable Validation milestone) but I’m still excited by the possibilities it hints at.

So what is DevHub? If you’re a developer, it’s easiest to think of it as a package manager and distributed repository for hApps, built on Holochain. You can distribute releases of your zomes, DNAs, hApps, and web-based UIs for other developers to remix, or for users to download.

If you’re a user, it’s like an open-source hApp store or library. As we’ve seen, the Launcher can talk to the DevHub DNA natively, giving it the power to search, download, install, and update hApps.

The DevHub hApp comes with a web-based GUI that attempts to serve both devs and users. In the future, it will split into two GUIs — one specifically tailored to devs, and a user-focused ‘hApp store’ experience.

This demonstrates that you don’t have to use a hApp’s default UI — you can fork it, create your own, or even build it into a desktop app, as the Launcher’s native support demonstrates. This is what happens when an app’s API is totally accessible to you on your machine. It’s all under your control!

Unboxing the DevHub GUI

Now let’s take a look at this first iteration of the DevHub GUI. It’s being redesigned at the moment, but this will give you a taste of what the DNA is meant for.

1. Main page

When you open up the GUI, you see a listing of hApp packages, sorted by date. You can get info on a package, add your own hApp, or choose instead to look at individual DNAs and zomes if you’re interested in remixing and creating your own hApp.

2. hApp info page

Let’s take a look at the Notebooks listing. We can see some information about the hApp — what it’s for, how fresh it is, who wrote it, etc. Below that, you can see all the individual releases of the hApp.

3. Release page

Let’s take a look at the 0.0.1 release of Notebooks. It was published on 9 May 2022, and we can see the changelog. To the right we can see the DNAs that comprise it — `syn` and `notebooks` — and download a headless `.happ` package or a full `.webhapp` package.

That’s all for now — once I learn more about DevHub I’d like to do a more in-depth study of what it can do!

Cover photo by SpaceX on Unsplash


ShareRing

Moving with the market – increased transaction fees for swapping out of SLP3

To the ShareRing Community, It’s been a tough few days for many people and we understand that the resulting challenges may be with us for quite some time. Transparency drives the core values of ShareRing, and we aim to maintain a level of consistency in being transparent with you, our community members who have supported... The post Moving with the market – increased transaction fees for swappin

To the ShareRing Community,

It’s been a tough few days for many people and we understand that the resulting challenges may be with us for quite some time. Transparency drives the core values of ShareRing, and we aim to maintain a level of consistency in being transparent with you, our community members who have supported us through the highs and lows.

As a company we have always strived to maintain consistent transaction fees, in particular when it is within our control. When external protocols are required in the transaction, it becomes more challenging to do so. The average cost of Ethereum transaction fees have risen exponentially over the last few days, and as a result we are going to temporarily increase the swap out fees from SLP3 to ERC20. 

Swap out fees will be increased from 5000 SHR to 10,000 SHR. This takes effect immediately as of the time of publishing.

Our team closely monitors the market costs and we are always positioned to make the necessary adjustments to reflect the trends.

The ShareRing Community has always been the core of our business, and we endeavour to work through the challenges together, as a whole. Short term challenges prepare us for prospective growth and we look towards the shining light at the end of the tunnel, not just as a community and company, but the industry a whole.

Regards, 

Jonathon,

ShareRing

The post Moving with the market – increased transaction fees for swapping out of SLP3 appeared first on ShareRing.Network.


KuppingerCole

Will users and organizations have trust in keys roaming via the cloud?

by Alejandro Leal The need for authentication standards In the cybersecurity industry, many new technologies–particularly those related to identity management and authentication–are constantly driving change and innovation. Yet one thing remains the same: the use of passwords continues to pose a threat to an organization’s IT security. As long as passwords continue to be used, users and organiz

by Alejandro Leal

The need for authentication standards

In the cybersecurity industry, many new technologies–particularly those related to identity management and authentication–are constantly driving change and innovation. Yet one thing remains the same: the use of passwords continues to pose a threat to an organization’s IT security. As long as passwords continue to be used, users and organizations will remain vulnerable to attacks. Fortunately, due to the development of new solutions and authentication standards, replacing passwords as the dominant form of authentication on the Internet now seems to be possible.

Various annual surveys demonstrate that password compromises are associated with 70-80% of data breaches. As a response to the over-reliance on passwords, the non-profit organization FIDO ("Fast IDentity Online") Alliance was launched in 2013 to develop and promote authentication standards. With the help of the FIDO Alliance, a set of open, scalable, and interoperable specifications has been developed to replace passwords as a secure authentication method for online services. The alliance has also worked with companies such as Microsoft, Google and Apple to integrate and adopt FIDO standards across their operating systems.


FIDO Alliance reveals its latest whitepaper

Most recently, the FIDO Alliance and the W3C WebAuthn working group published a whitepaper in March 2022 explaining how the introduction of multi-device FIDO credentials will enable FIDO technology to supplant passwords for many consumer use cases. The framework goes further by outlining two proposals for phishing-resistant authentication mechanisms:

Using your phone as a roaming authenticator: Essentially, this involves connecting the user's smartphone (which becomes the FIDO authenticator) and the device from which the user is trying to authenticate via Bluetooth. Since Bluetooth requires physical presence, the use of proximity-based authentication should be resistant to any phishing attacks. As a result, the smartphone becomes a sort of smart card while providing the necessary FIDO requirements to the device from which the user is trying to authenticate. Multi-device FIDO credentials: To improve user experience, the second proposal encourages FIDO authenticator vendors to adapt their authenticators in the event of lost or stolen devices. As users move from device to device, FIDO credentials should be available on a user’s new device without the need of implementing a password.  For example, a smartphone, a desktop, and a USB token could act as a mutually exchangeable FIDO authenticator.

The whitepaper argues that the syncing of FIDO credentials, together with the Bluetooth alternative, allows FIDO authentication to be a secure and convenient solution for existing two-factor deployments. Furthermore, the paper makes it clear that the proposal is not a change in standards, but rather a set of prescriptions for vendors to implement themselves.


However, there is one crucial point that the FIDO and WebAuthn proposals seem to ignore. So far, the whitepaper has not specified whether users will feel comfortable with a password successor where the cloud operator has access to secret keys. If users roam enterprise-issued keys via potentially insecure clouds, organizations must understand the risks that come with convenience when syncing is not end-to-end secured.  At the end of the day, it comes down to what end users will do and only time will tell if they are willing to trust Microsoft, Google, and Apple as the ultimate confidants of their organization's credentials.


In addition, if the deprovisioning of access within applications is not properly implemented, former employees might gain access to cloud-based applications when leaving an organization and returning their physical FIDO key. By not having proper controls in place, this new level of convenience will increase the risk and reduce the level of control an organization is able to exert.
Therefore, KuppingerCole believes that companies and other organizations that are looking to modernize and improve authentication solutions should understand the consequences beforehand. If done right, this solution has the potential to provide a frictionless user experience while improving security at the same time. We expect to see a significant number of FIDO authenticators, vendors, servers, and compatible web apps in industry over the course of the next few years.

  European Identity and Cloud (EIC) conference

Because we understand the importance of authentication standards, KuppingerCole has a great deal of content available in a variety of formats, including live events such as the 2022 KuppingerCole European Identity and Cloud (EIC) conference taking place in Berlin and online in May.
The agenda includes keynote presentations and panel discussions on the State of Passwordless Authentication, The Future of Authentication, MFA usage in enterprise, and Zero Trust Best Practices, as well as other cyber security-related presentations including:

A Blueprint for Achieving a Passwordless Reality Overcoming SMS OTP: Secure passwordless MFA with your mobile phone Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms

To find out more about the offerings in these markets and how to select the product that are best suited to your organization, have a look at the following Leadership Compasses:

Enterprise Authentication Solutions Access Management Adaptive Authentication


Infocert (IT)

Sanità Digitale, occorrono soluzioni affidabili, sicure e conformi. Leggi il contributo di Carmine Auletta, CISO di InfoCert, per “IMPRESACITY MAGAZINE” 

Nel numero 57 del magazine IMPRESACITY  uscito lo scorso Aprile 2022, è possibile leggere un’intervista rilasciata da Carmine Auletta – CISO di InfoCert – all’interno dello speciale dedicato alla sanità digitale. Nel corso di questi ultimi anni una serie di progetti innovativi, come l’invio digitale, certificato e sicuro, delle comunicazioni di inizio quarantena per Covid da parte [

Nel numero 57 del magazine IMPRESACITY  uscito lo scorso Aprile 2022, è possibile leggere un’intervista rilasciata da Carmine Auletta – CISO di InfoCert – all’interno dello speciale dedicato alla sanità digitale.

Nel corso di questi ultimi anni una serie di progetti innovativi, come l’invio digitale, certificato e sicuro, delle comunicazioni di inizio quarantena per Covid da parte dei medici di base ai propri assistiti o ancora, la raccolta del consenso informato dematerializzato dell’avvio della campagna vaccinale di inizio 2021 hanno contribuito in maniera forte alla digitalizzazione nel campo sanitario. 

“L’obiettivo è giungere a una digitalizzazione completa di tutte le fasi dell’iter pre-intervento di un paziente per garantire ai cittadini maggiore efficienza e anche migliore qualità di comunicazione con le strutture sanitarie.”

Carmine Auletta, CISO di InfoCert

Negli ultimi anni la sanità è stata oggetto di numerosi cambiamenti, dettati prima dalla pandemia e ora dagli investimenti in ambito Pnrr. In questo contesto numerose sono state le soluzioni digitali adottate nel campo sanitario, facendo sì che ad oggi la digitalizzazione della sanità risulti essere uno dei pilastri dei recovery plan di tutta Europa.  

InfoCert è da sempre protagonista della digitalizzazione nel mondo Health Care grazie soprattutto a LegalCare e ProxySign, le soluzioni Trust studiate per la digitalizzazione dei processi di lavoro clinici e amministrativi e già adottate da importanti Aziende Sanitarie Italiane. 

Se vuoi saperne di più sui benefici ottenuti da un’importante ASL Italiana che ha adottato le soluzioni Digitali di InfoCert

Scarica il Total Economic Impact di InfoCert LegalCare e ProxySign per la Sanità

The post Sanità Digitale, occorrono soluzioni affidabili, sicure e conformi. Leggi il contributo di Carmine Auletta, CISO di InfoCert, per “IMPRESACITY MAGAZINE”  appeared first on InfoCert.


Okta

Build Secure Ionic Apps with Angular and JHipster

Ionic is a framework for building mobile apps with web technologies that look and act like native apps. Because they’re built with web technologies (HTML, JavaScript, and CSS), you can also deploy your Ionic apps as single-page applications. Or, even better, as progressive web apps (PWAs) that work offline. Ionic supports the big three web frameworks: Angular, React, and Vue. Once you’ve w

Ionic is a framework for building mobile apps with web technologies that look and act like native apps. Because they’re built with web technologies (HTML, JavaScript, and CSS), you can also deploy your Ionic apps as single-page applications. Or, even better, as progressive web apps (PWAs) that work offline.

Ionic supports the big three web frameworks: Angular, React, and Vue. Once you’ve written your app, you can deploy it to a simulator or device with Capacitor. Capacitor (pictured as the blue layer) provides the runtime for your app to communicate with the native operating system and vice versa.

Ionic’s main competitors are native apps built with Swift or Objective-C (for iOS) and Java or Kotlin (for Android). Ionic also competes with React Native, which uses web technologies and translates them to native components.

The Ionic blog has a recent post that does a performance comparison between Ionic and React Native. TL;DR: Both options will give you a high-performance app with a truly native look and feel.

Prerequisites:

Node 16

Java 11

Docker Desktop

Table of Contents What the heck is JHipster? ✨ Introducing the JHipster Ionic blueprint! Build a mobile app with Ionic and Angular How to integrate Ionic and Spring Boot Run your Spring Boot API Run your Ionic app Run your Ionic app on iOS using Capacitor Run your Ionic app on Android Why use OpenID Connect for mobile apps? Switch your identity provider to Okta Switch your identity provider to Auth0 Learn more about Ionic, Spring Boot, and JHipster What the heck is JHipster?

This tutorial will show you how to use Ionic, Angular, and Capacitor to build a mobile app that talks to a Spring Boot backend. It won’t take but a few minutes, thanks to JHipster!

JHipster is an application generator that creates an Angular frontend and a Spring Boot backend based on the options you choose. It has the ability for you, as a developer, to customize what it generates with blueprints. The blueprints feature has resulted in many additional options for an app: Kotlin, Spring Native, Micronaut, Quarkus, .NET Core, NestJS, and Svelte.

Below is a diagram of the app you’ll create in this tutorial and its authentication flow.

✨ Introducing the JHipster Ionic blueprint!

The JHipster project has supported generating an Ionic app using a generator-jhipster-ionic module for the past several years. As the primary maintainer of this module, I’m proud to announce that it has been re-written as a blueprint, and it’s much easier to understand now. The previous module relied on the Ionic CLI, the base Angular starter, the Ionic JHipster starter, and custom code to glue it all together. Now, the source code is all contained in one project.

Marcelo Shima volunteered to do the conversion, and after a couple of months, I’m proud to say the JHipster Ionic blueprint is now available!

Ionic for @JHipster v8 is now available! There's lots to love in this release:

💙 Now available as a blueprint
🧪 Migrated from Protractor to Cypress
⭐️ @Auth0 support
🅰️ Upgraded to Angular 13 and Ionic 6

https://t.co/WQ6ZTsTkPP#ionic #jhipster #angular #springboot

— Matt Raible (@mraible) May 10, 2022

Here’s how to use it:

Create an ionic-app directory alongside your JHipster app.

- backend - ionic-app

Navigate into ionic-app using your terminal. Install Ionic for JHipster and create a new app using jhipster-ionic.

npm install -g generator-jhipster-ionic jhipster-ionic

You’ll be prompted for the location of your JHipster app, a name for your Ionic app, and then you’ll be off to the races!

You can also create a JHipster app and an Ionic app simultaneously by using the bundled JHipster.

mkdir bug-tracker && cd bug-tracker jhipster-ionic jdl bug-tracker.jh cd ../ionic4j

This process will follow the same convention where the generated backend and frontend apps are side-by-side on your hard drive.

Then you can run both apps from your Ionic app using easy-to-remember commands.

npm run backend:start # open a new terminal window npm start The JHipster Ionic blueprint currently only supports Angular. Now that it’s a blueprint, it will be much easier to add support for Vue and React. If you’re interested in helping out, please let me know! Okta is a platinum sponsor of the JHipster project and enjoys assigning bug bounties for feature development. Build a mobile app with Ionic and Angular

To see Ionic + JHipster in action, let’s start with a Full Stack Java + React app I created for the Auth0 blog. I updated the app to the latest version of JHipster (v7.8.1) and created an Ionic app with JHipster Ionic, so everything is guaranteed to work. This Flickr clone allows you to upload photos, tag them, and organize them into albums. First, clone the example:

git clone https://github.com/oktadev/okta-jhipster-ionic-example.git \ jhipster-ionic --depth 1 cd jhipster-ionic/backend

Start the app:

npm run ci:e2e:prepare # starts Keycloak and PostgreSQL in Docker ./mvnw

Then, navigate to http://localhost:8080 in your favorite browser. Sign in with admin/admin credentials and rejoice when it all works.

Open a new terminal window and enter the jhipster-ionic/ionic-app directory. Install its dependencies and run npm start to test the Ionic client.

npm install npm start

You should be able to sign in and add a new photo.

Please keep reading to learn how JHipster made all of this possible. Or, skip ahead to run your Ionic app on iOS using Capacitor.

How to integrate Ionic and Spring Boot

JHipster makes it easy to create a Spring Boot API that Spring Security protects. The JHipster Ionic blueprint generates an Ionic client that talks to your Spring Boot API and understands its auth mechanism. I created the jhipster-ionic project using the following steps:

Install the JHipster Ionic blueprint:

npm i -g generator-jhipster-ionic@8.0.0

Create a parent directory to hold everything:

# take is a shortcut for mdkir && cd take jhipster-ionic

Clone an existing JHipster Flickr example:

git clone https://github.com/oktadev/auth0-full-stack-java-example.git backend --depth 1

Create a new directory to hold your Ionic project, then run jhipster-ionic in it:

take ionic-app jhipster-ionic

Provide the path to your backend JHipster app and name your app flickr2.

That’s it! The blueprint will generate an Ionic client, complete with screens for editing entities, unit tests, and end-to-end tests with Cypress.

Pretty slick, don’t you think?! 😎

Run your Spring Boot API

You’ll need to start your backend first, so your Ionic app can talk to its API. First, start Keycloak and PostgreSQL in Docker containers:

cd backend npm run ci:e2e:prepare # starts Keycloak and PostgreSQL in Docker

Next, update backend/src/main/resources/config/application-prod.yml to allow CORS from http://localhost:8100.

jhipster: ... cors: allowed-origins: 'http://localhost:8100' allowed-methods: '*' allowed-headers: '*' exposed-headers: 'Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params' allow-credentials: true max-age: 1800

Then, start the backend app using ./mvnw -Pprod. You should be able to log in at http://localhost:8080 (with admin/admin) and add new photos using Entities > Photos. Add a few photos so you have some data to work with.

Run your Ionic app

Open another terminal and navigate to the ionic-app folder. Launch your Ionic client using npm start. In your default browser, the app will be opened at http://localhost:8100.

You should be able to log in with Keycloak and see all the listed entities in your app.

In the JHipster app’s tutorial, there’s a section where you’re instructed to remove photo fields that can be calculated. Specifically, height, width, date taken, and date uploaded. These values are calculated when the photos are uploaded, so there’s no reason to display them when adding a photo.

To add this same functionality to your Ionic app, modify src/app/pages/entities/photo/photo-update.html and wrap these fields with <div *ngIf="!isNew">.

<div *ngIf="!isNew"> <ion-item> <ion-label position="floating">Height</ion-label> <ion-input type="number" name="height" formControlName="height"></ion-input> </ion-item> ... <ion-item> <ion-label>Uploaded</ion-label> <ion-datetime displayFormat="MM/DD/YYYY HH:mm" formControlName="uploaded" id="field_uploaded"></ion-datetime> </ion-item> </div>

The Ionic CLI will auto-compile and reload the app in your browser when you save this file. You can prove everything works as expected by stopping your app (with Ctrl+C) and running all the end-to-end tests with Cypress.

npm run e2e Run your Ionic app on iOS using Capacitor

Generate a native iOS project with the following commands:

npx ionic build npx ionic capacitor add ios

Add your custom scheme (dev.localhost.ionic) to ios/App/App/Info.plist. This scheme is configured in src/environments/environment.ts; you can easily change it to something else if you like.

<key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleURLName</key> <string>com.getcapacitor.capacitor</string> <key>CFBundleURLSchemes</key> <array> <string>capacitor</string> <string>dev.localhost.ionic</string> </array> </dict> </array>

Modify the JHipster app’s CORS settings (in backend/src/main/resources/config/application-prod.yml) to allow capacitor://localhost as an origin.

jhipster: ... cors: allowed-origins: 'http://localhost:8100,capacitor://localhost'

Restart your backend app. Deploy your Ionic app to iOS Simulator and run it.

npx cap run ios

Confirm you can log in and rejoice in your success!

Run your Ionic app on Android

Generate an Android project with Capacitor.

npx ionic capacitor add android

Enable clear text traffic and add dev.localhost.ionic as a scheme in android/app/src/main/AndroidManifest.xml:

<activity ... android:usesCleartextTraffic="true"> <!-- You'll need to add this intent filter so redirects work --> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <data android:scheme="dev.localhost.ionic" /> <!--data android:scheme="com.okta.dev-133337" /--> </intent-filter> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity>

Modify the JHipster app’s CORS settings to allow http://localhost as an origin.

jhipster: ... cors: allowed-origins: 'http://localhost:8100,capacitor://localhost,http://localhost'

Restart your backend app and run your Ionic app on Android using the Capacitor CLI:

npx cap run android If you get an error when running this command, make sure to use Java 11.

You’ll need to run a couple of commands to allow the emulator to communicate with JHipster and Keycloak.

adb reverse tcp:8080 tcp:8080 adb reverse tcp:9080 tcp:9080

You should be able to log in and edit entities, just like you can in a browser and on iOS!

Why use OpenID Connect for mobile apps?

Storing API keys and secrets in mobile apps is not safe. OAuth 2.0 solves this problem by not shipping any secrets in mobile apps and instead involving the user in the process of getting an access token into the app. These access tokens are unique per user, and they’re updated every time the user logs in. The PKCE extension provides a solution for securely doing the OAuth flow on a mobile app even when there is no pre-provisioned secret.

If you need to access an API from a mobile app, hopefully, it supports OAuth and PKCE! Thankfully most of the hard work of PKCE is handled by SDKs like AppAuth, so you don’t have to write all that code yourself. If you’re working with an API like Okta, then Okta’s SDKs do PKCE automatically, so you don’t have to worry about it. The JHipster Ionic blueprint uses Ionic AppAuth.

The previous sections showed you how to use Keycloak as your identity provider. If you’re deploying to production, you might not want to manage your users and authentication system. That’s where Okta and Auth0 can help!

Switch your identity provider to Okta

If you don’t have an Okta developer account, you can sign up for one or run okta register after installing the Okta CLI.

If you want to change your JHipster app to use Okta, the Okta CLI makes this as easy as okta apps create jhipster. This command creates a .okta.env file you can source to override the default Keycloak settings.

source .okta.env ./mvnw -Pprod

With Keycloak, you don’t need a separate OIDC app for Ionic. With Okta, you do. See JHipster’s documentation to learn how to create a native app for Ionic on Okta.

After you’ve changed the client ID in your Ionic app, run it using npm start. You’ll be prompted to log in using your Okta credentials at http://localhost:8100.

Switch your identity provider to Auth0

To switch your identity provider to Auth0, you first need an Auth0 account. Then, create a .auth0.env file and see JHipster’s Auth0 docs for how to populate it.

Next, configure a native app for Ionic on Auth0. Once you’re finished updating your Ionic app with a new client ID and audience, you should be able to run your backend and new frontend client using the following commands:

source .auth0.env npm run backend:start # open a new terminal npm start

To see it in action on your mobile emulators, use the following commands:

npm run build # iOS npx cap run ios # Android npx cap run android Learn more about Ionic, Spring Boot, and JHipster

I hope you’ve enjoyed learning about Ionic and the new Ionic blueprint for JHipster. In my opinion, it’s pretty neat that you can rapidly prototype a mobile client for your JHipster. It’s even better that you can use a leading-edge mobile application framework to do it.

You can find the source code for this example on GitHub, in the @oktadev/okta-jhipster-ionic-example repository.

If you liked this post, you might like these others too.

Full Stack Java with React, Spring Boot, and JHipster

Ionic + Sign in with Apple and Google

Build Mobile Apps with Angular, Ionic 4, and Spring Boot

How to Docker with Spring Boot

A Quick Guide to Elasticsearch with Spring Data and Spring Boot

If you have any questions, please leave a comment below. You can follow @oktadev on Twitter and subscribe to our YouTube channel for more leading-edge content. We’re also on LinkedIn and Facebook.


bankless

UST Luna - The Biggest COLLAPSE in Crypto History

We’re currently watching one of the the largest events in Crypto history.  The sketchy outlook in the markets has triggered a run on the UST stablecoin, which began destabilizing in the last several weeks. As time progressed, the peg worsened, and it eventually rolled over into a complete crash of both the value of UST, and the native asset LUNA. What led to the crash? Was it a coordina

We’re currently watching one of the the largest events in Crypto history. 

The sketchy outlook in the markets has triggered a run on the UST stablecoin, which began destabilizing in the last several weeks.

As time progressed, the peg worsened, and it eventually rolled over into a complete crash of both the value of UST, and the native asset LUNA.

What led to the crash? Was it a coordinated attack, or an inevitable collapse?

What Red Flags were there ahead of time? What’s the fallout from all of this? What lessons can we learn? 

------ 📣 OPOLIS | Sign Up to Get 1000 $WORK and 1000 $BANK https://bankless.cc/Opolis 

------ 🚀 SUBSCRIBE TO NEWSLETTER:          https://newsletter.banklesshq.com/    🎙️ SUBSCRIBE TO PODCAST:                 http://podcast.banklesshq.com/   

------ BANKLESS SPONSOR TOOLS: 

⚖️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum 

❎ ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across 

🏦 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA 

👻 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave 

⚡️ MAKER DAO | THE DAI STABLECOIN  https://bankless.cc/MakerDAO  

🦁 BRAVE | THE BROWSER NATIVE WALLET https://bankless.cc/Brave 

------ Topics Covered:

0:00 Intro 6:30 Explaining the Terra Ecosystem 9:30 Tail Risk and Background 13:50 Bitcoin, Curve, and Monsters 17:54 The Initial Destabilization 20:14 The Panic Begins 24:40 The Charts 27:18 A Total Collapse 32:30 Regulators Get Involved 35:08 Was This An Attack? 37:58 The Collateral Damage 40:00 Do Kwon’s Big Talk 41:52 Rick Sanchez and Basis Cash 44:08 Community Response 46:05 How Do We Move On? 49:14 Don’t Take Shortcuts

------ Resources:

Anchor Protocol: https://app.anchorprotocol.com/earn  Buying Bitcoin: https://twitter.com/LFG_Reserve/status/1507688906820620291  Curve Pools: https://dune.com/SebVentures/UST  Binance Orderbook: https://twitter.com/hasufl/status/1523817151471230976?s=20&t=FiTLk5ce5JmTg_s7QnWgMw  External Collateral: https://twitter.com/ThinkingBitmex/status/1523526622044860416  Deploying More Capital: https://twitter.com/stablekwon/status/1523733542492016640  Collapse: https://twitter.com/ryanberckmans/status/1523712585794977792  Bitconnect: https://twitter.com/TrustlessState/status/1524451573908209664?s=20&t=1cKzW3BXwfKsAdFAsObfLQ  Historical: https://twitter.com/nic__carter/status/1524233730717585409?s=20&t=azvpduGJEOCfqyNCUFSBWA  Janet Yellen: https://twitter.com/tier10k/status/1524031909067698180?s=20&t=FiTLk5ce5JmTg_s7QnWgMw  Coordinated Attack: https://twitter.com/TerraBitesPod/status/1524229263469293570?s=20&t=FiTLk5ce5JmTg_s7QnWgMw  Vitalik Clip: https://twitter.com/BanklessHQ/status/1523995722261147648?s=20&t=FiTLk5ce5JmTg_s7QnWgMw  Mental Health: https://twitter.com/Shigeo808/status/1524149580048191488?s=20&t=azvpduGJEOCfqyNCUFSBWA 

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 


Blockchain Commons

Announcing the Silicon Salon

What if semiconductor manufacturers made chips especially intended for crypto-wallets? That’s the topic of Blockchain Commons’ first Silicon Salon, which will feature two different chip manufacturers who are expanding into the crypto industry. The first is CrossBar, a leader in Resistive RAM (ReRAM) technology, which can implement high-performance physical unclonable functions (PUFs). Together, ReR

What if semiconductor manufacturers made chips especially intended for crypto-wallets? That’s the topic of Blockchain Commons’ first Silicon Salon, which will feature two different chip manufacturers who are expanding into the crypto industry. The first is CrossBar, a leader in Resistive RAM (ReRAM) technology, which can implement high-performance physical unclonable functions (PUFs). Together, ReRAM memory and PUF solutions enable a new class of secure computing and storage with physical countermeasures — and CrossBar is interested in bringing that to digital-asset management. The second is Tropic Square, whose tropic01 secure element offers a fully transparent and auditable chip as a basis for better hardware security. They use transparency as a driver for innovation.

Because Blockchain Commons is dedicated to bringing together a community of developers and manufacturers to jointly develop specifications that will empower the entire industry, we’ve seized upon our work with these two companies to produce our first salon since the pandemic: a virtual Silicon Salon, where semiconductor manufacturers, crypto-wallet makers, and other interested parties can come together to talk about the next generation of semiconductors, which for the first time ever will be specialized for our cryptographic needs.

The Silicon Salon is scheduled for June 1st, running three hours beginning at 9am PT (noon ET, 6pm CET). Signups for the Salon are now available on Eventbrite, with tickets limited to the first 40 participants.

The first hour of the Salon will feature presentations from silicon manufacturers, crypto-wallet makers, and experts in the field about how semiconductor design can support cryptographic functionality. Companies CrossBar, Tropic Square, and Proxy and experts Bryan Bishop and Christopher Allen are all scheduled to talk.

The other two hours of the Salon will feature facilitated discussion of topics intended to determine the needs of the hardware-wallet community. Specific topics may include: the importance of MCU and secure enclave integration; the importance of secure and persistent storage; the need for physical countermeasures; the advantages of hardware and software cryptography; the use of open licenses for hardware; and discussions of how new semiconductor designs intended for cryptography can improve security and efficiency. We don’t have all the answers: one of the most important goals of the salon is to find out the needs and thoughts of the community!

We hope you’ll join us to learn a bit about what’s already going on and to share your ideas, requirements, and expertise!

We are limiting the number of attendees to allow for Q&A from the community, thus we are charging US$25 to hold a space at this unique virtual event. So sign up soon! If you are already a Patron or a monthly sponsor on Github of Blockchain Commons, please check your email: we will be sending you a free invite code automatically. If you don’t receive it, contact us directly.

Wednesday, 11. May 2022

KuppingerCole

Digital Identity in Travel (and beyond): a public-private affair




Zero Trust and the Business – why you have to align with the application owners!




Game Theory: Will it put your mind at ease, or make you doubt your decision on where to run an IAM solution?




Creating a Seamless Access Experience with the Digital Double

Today, seamless access experiences are crafted based on identity fundamentals such as single sign-on, multi-factor authentication, passwordless authentication, self-service portals, and federated access. But, is this enough for the next epoch of digital applications, metaverse, and Web 3.0?  The digital world is a  replication of the physical world in a digital ecosystem. As a result,

Today, seamless access experiences are crafted based on identity fundamentals such as single sign-on, multi-factor authentication, passwordless authentication, self-service portals, and federated access. But, is this enough for the next epoch of digital applications, metaverse, and Web 3.0? 

The digital world is a  replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double.

In this keynote, Asanka will look at creating a seamless access experience around the digital double using APIs, integration, and identity in order to prepare organizations to address the next digital era. 




Connecting 10.000+ mobility companies and multi million customers




Quo vadis, SSI? – Self-sovereign Identity on route to production

Self-sovereign identity (SSI) has reached the in-between stage: more than a concept, not yet fully deployed. This is where the work can get the most gruesome and exhausting, but also the most creative and rewarding. While the dedicated W3C standards are reaching maturity levels, we see regulators and government actors jump on board and asking for even more stability across specifications and stand

Self-sovereign identity (SSI) has reached the in-between stage: more than a concept, not yet fully deployed. This is where the work can get the most gruesome and exhausting, but also the most creative and rewarding. While the dedicated W3C standards are reaching maturity levels, we see regulators and government actors jump on board and asking for even more stability across specifications and standards in order to establish real world systems. In fact, we see large pilot projects and implementation programs worldwide. One promising but equally critical development is the eIDAS 2 regulation,  promising dependable answers to questions about governance and trust frameworks that will drive adoption. This short deep dive will give you an orientation of the state of play for SSI in the context of these greater developments – and might provide an outlook for your projects as well.




IGA in the Financial Industry - Implementing IAM

Field report from a compliance-driven implementing of a full-blown IGA system at a German finance corporation.

Field report from a compliance-driven implementing of a full-blown IGA system at a German finance corporation.




Panel | GAIN Interoperability




How to innovate your Identity Governance and Administration program

The Holcim EMEA digital center has received the EMEA innovation award in 2021 from their IGA program.

The Holcim EMEA digital center has received the EMEA innovation award in 2021 from their IGA program.




Panel | B2B IAM




Creative Disruption: How Web 3 Models are Capturing Markets & Customers

Web 3 businesses are gaining traction. Data and metrics around customers and markets show growing usage, early adoption and huge growth potential. Currently, these businesses built on decentralized networks are separate from traditional web 2 platforms. Will the 2 paths converge? Will there be a bridge from web2 to web3 and how might that hybrid work? A few use cases will be discussed with points

Web 3 businesses are gaining traction. Data and metrics around customers and markets show growing usage, early adoption and huge growth potential. Currently, these businesses built on decentralized networks are separate from traditional web 2 platforms. Will the 2 paths converge? Will there be a bridge from web2 to web3 and how might that hybrid work? A few use cases will be discussed with points of view around how this convergence could work.




The Omniverse SWOT

Our headlines and podcasts are filled with the promise of web3. Positioned as a digital utopia that will foster and reward creativity whilst righting the wrongs of data equity. This new world, fusing our physical and digital – will be more immersive, collaborative and experiential than any technology we have known. However, along with the opportunities, it is already presenting new security, ident

Our headlines and podcasts are filled with the promise of web3. Positioned as a digital utopia that will foster and reward creativity whilst righting the wrongs of data equity. This new world, fusing our physical and digital – will be more immersive, collaborative and experiential than any technology we have known. However, along with the opportunities, it is already presenting new security, identity and privacy threats.

This presentation will explore where we are on the road to the omniverse. Both the opportunities to strengthen digital rights and decentralise identity, along with the very real threats that exploit digital trust. Understanding the weaknesses provides a window into the next wave of identity and security innovation.




Global Trust Frameworks Interoperability




GAIN Insight

In this session, Daniel Goldscheider will give an overview on GAIN, the standards behind, and use cases. 

In this session, Daniel Goldscheider will give an overview on GAIN, the standards behind, and use cases. 




Panel | IGA for Successfully Managed Identities




Human-Centric Identity

Security vs experience. Platform vs best of breed. Fast vs thorough. The identity technology world forces us to make trade-offs. These difficult decisions are an endless exercise in technical and logistical nuances like developer and IT resources, product licenses, integrations, and deployment methods.  Get ready! We are entering an era where IAM professionals can rise above those tradeoffs

Security vs experience. Platform vs best of breed. Fast vs thorough. The identity technology world forces us to make trade-offs. These difficult decisions are an endless exercise in technical and logistical nuances like developer and IT resources, product licenses, integrations, and deployment methods. 

Get ready! We are entering an era where IAM professionals can rise above those tradeoffs, and rapidly evolve from technical experts to experience artists by using solutions that customize, code, and integrate for you. This means humans can focus on what humans do best: creating amazing experiences, differentiating from competitors, reacting to market trends, leveraging innovations like decentralized identity and partnering with business owners to anticipate and exceed user expectations.




Interoperability Between Global Identity Networks




Protocol Independent Data Standards for Interoperability




Cloud 3.0: Decentralizing Cloud Storage with Web 3.0 and Analyzing Security Threats

We are in the mid of one of the most significant revolutions in the cloud and identity ecosystem since the last decade. With the dynamic transformation from Web2.0 to Web3.0, both the cloud as well as the identity ecosystem embrace themselves for a change in the way we perceived security. Blockchain is revolutionizing both the cloud industry as well as the financial sectors. In my talk, I will foc

We are in the mid of one of the most significant revolutions in the cloud and identity ecosystem since the last decade. With the dynamic transformation from Web2.0 to Web3.0, both the cloud as well as the identity ecosystem embrace themselves for a change in the way we perceived security. Blockchain is revolutionizing both the cloud industry as well as the financial sectors. In my talk, I will focus on the transformative impact of blockchain protocols like Filecoin and Storj which are playing a significant role in changing the way we have perceived cloud storage. Decentralized Cloud Storage will be the future for sustainable data storage in Web 3.0, in which we will move from a single service provider to create an ecosystem where anybody could be a cloud storage provider. Highly successful blockchain projects like Filecoin have been able to create such an ecosystem. But we are far away from attending the level of scale needed to reach out to every corner of the globe. Decentralized Cloud Storage poses a different set of security challenges and scalability issues. I will be presenting my research work which focuses on the new advances in tackling future security threats for decentralized cloud storage. Additionally, I will focus on discussing how to overcome scalability issues in the blockchain using the most advanced cryptographical tools knowns as zk-SNARKs.




Preserving Privacy in Identity-Aware Customer Applications

 As customer identity programs mature, they bring new opportunities and risks. In the rush to launch new customer experiences, personal data is over-exposed and over-replicated. The default is to ship all identity attributes, to all systems, on every request in order to make access decisioning easier for application developers. This approach disperses identity information across the applicat

 As customer identity programs mature, they bring new opportunities and risks. In the rush to launch new customer experiences, personal data is over-exposed and over-replicated. The default is to ship all identity attributes, to all systems, on every request in order to make access decisioning easier for application developers.

This approach disperses identity information across the application stack; which increases risks of data breach, data loss, and compromised identities. As a result, consumers lose trust and new business opportunities falter; or worse, customers like the new experience, but its success creates security and compliance liabilities that expand exponentially. To remediate the risk, data teams enter a never-ending cycle of costly data analysis and audits.

Identity architects and developers need to address privacy requirements earlier - not in post-collection data management, but instead in the application development process. While Privacy by Design and Privacy by Default principles are a helpful framework, they offer little practical guidance for developers to actually build privacy-preserving applications.

We will discuss how to use identity data at run-time, in the context of the application; how to retrofit existing applications with privacy requirements; and how to easily evolve applications over time.




Vampires & Cybersecurity: Using Deception to Increase Cyber Resilience

This presentation will explore adding deception as a component of a security-in-depth strategy to increase cyber resilience (in case the garlic, crosses, and wooden stakes are not effective). We will discuss whether you should invite attackers into your network. Much like with vampires, inviting attackers in can have serious repercussions. However, unlike vampires, cyber attackers do not need an i

This presentation will explore adding deception as a component of a security-in-depth strategy to increase cyber resilience (in case the garlic, crosses, and wooden stakes are not effective). We will discuss whether you should invite attackers into your network. Much like with vampires, inviting attackers in can have serious repercussions. However, unlike vampires, cyber attackers do not need an invitation. Fortunately, deception within our networks can aid in identifying, delaying, and evicting unwanted guests, including insider threats (or vampires already amongst us). We will explore several deception use cases  that can dramatically increase cyber resilience without attracting more attackers.




Latest Developments in CIAM

Consumer identity is still a hot topic in IAM in general. CIAM has experienced a great deal of technological innovation in the last five years, and much of the innovation in CIAM has found its way into B2B and B2E IAM solutions through the "consumerization of IT". KuppingerCole is updating research on CIAM, and in this session we'll consider what we have learned thus far, including trends in authe

Consumer identity is still a hot topic in IAM in general. CIAM has experienced a great deal of technological innovation in the last five years, and much of the innovation in CIAM has found its way into B2B and B2E IAM solutions through the "consumerization of IT". KuppingerCole is updating research on CIAM, and in this session we'll consider what we have learned thus far, including trends in authenticator availability and usage, consent and privacy management features, regulatory compliance developments, the integration of consumers' device identities, the challenges of account recovery and linking, and the rising need for identity proofing services. 




Building Secure, Trusted and Interoperable Self-sovereign Identity with OpenID Connect

 

 




Panel | CIAM and Customer Data Platforms




Cyber Security Architectures in a Hybrid World

A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-s

A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-security, OT-security and cloud-security. Finally we will put it all together in combined scenarios. This presentation will focus on practical security architecture rather than on formal compliance.

 

Key Topics:

* IT-security, OT-security, cloud-security

* Cyber security: from basics, perimeter, air gap to zero trust

* Hybrid world: isolation or integration

* Tops and flops in practical cyber security




The Unique Challenges of Identity M&A in High-Growth Organizations

Mergers and acquisitions amongst large, globally-distributed organizations are notoriously complex, error-prone, and resource consuming. But did you know that merging smaller organizations comes with its own set of unique issues and risks? One year ago, Okta announced its acquisition of Auth0. Since then, the combined forces of their internal business systems teams have been working hard to bring

Mergers and acquisitions amongst large, globally-distributed organizations are notoriously complex, error-prone, and resource consuming. But did you know that merging smaller organizations comes with its own set of unique issues and risks? One year ago, Okta announced its acquisition of Auth0. Since then, the combined forces of their internal business systems teams have been working hard to bring the identity and compliance capabilities of the organizations together. The union of these two companies introduced some novel challenges- even for veteran practitioners with experience in IAM mergers at much larger organizations. In this talk Jon Lehtinen will take you on a guided tour of the Okta/Auth0 identity merger from a practitioner’s perspective, and share the learnings, the challenges, and the recommendations for other practitioners tasked with merging the IAM programs within smaller, high-growth companies.




Remote onboarding with Verifiable Credentials

Many companies are engaging in remote onboarding and need to adopt new methods of identity verification that can be done digitally. While new forms of ID verification are most prevalent today with Financial Services as a means of performing Know-Your-Customer regulations, there is nascent adoption across other industry verticals. In this session, the speakers will demonstrate an open standard base

Many companies are engaging in remote onboarding and need to adopt new methods of identity verification that can be done digitally. While new forms of ID verification are most prevalent today with Financial Services as a means of performing Know-Your-Customer regulations, there is nascent adoption across other industry verticals. In this session, the speakers will demonstrate an open standard based approach to ID verification based on verifiable credentials and decentralized identifiers for remote onboarding across industries. With this new approach users can verify their identity once and use their credentials with any organization. Enterprises can leverage this simpler cost-saving approach to remotely onboard employees, partners and customers compliantly while respecting the end users’ privacy.




The Balance Between Decentralization and Efficiency

Currently, lots of topics are fast-moving in crypto. There is still a gap to be closed between non-crypto businesses and the application of blockchain technology. It is PolyCrypt's vision to realize the true power of decentralization – bringing privacy, speed, scalability and user freedom to the masses – as a frontier of innovation we passionately strive for excellence with no compromise on qualit

Currently, lots of topics are fast-moving in crypto. There is still a gap to be closed between non-crypto businesses and the application of blockchain technology. It is PolyCrypt's vision to realize the true power of decentralization – bringing privacy, speed, scalability and user freedom to the masses – as a frontier of innovation we passionately strive for excellence with no compromise on quality.




Implementing SSI using the existing web infrastructure

SSI and Verifiable Credentials are the latest development in identity management. They offer many benefits over existing federated identity management systems. Unfortunately some proponents of SSI are mandating that companies implement decentralised identifiers (DIDs) and blockchains in order to benefit from SSI. This is not necessary. In fact the W3C Verifiable Credentials Data Model Recommendati

SSI and Verifiable Credentials are the latest development in identity management. They offer many benefits over existing federated identity management systems. Unfortunately some proponents of SSI are mandating that companies implement decentralised identifiers (DIDs) and blockchains in order to benefit from SSI. This is not necessary. In fact the W3C Verifiable Credentials Data Model Recommendation makes it clear that DIDs are not needed for verifiable credentials, and vice versa. DIDs and blockchains are something of a ball and chain around the legs of companies that want to benefit from SSI when leveraging their existing web based security infrastructures. This keynote talk will describe how it is possible to build standards compliant high performance, user friendly, SSI systems using the World Wide Web, Transport Layer Security, Jason Web Tokens, Web Authentication and X.509 public key certificates, allowing them to experience all the benefits of SSI without the ball and chain impediments of DIDs and blockchains. - the benefits of SSI over existing identity management systems - the downsides of DIDs and blockchains - the upsides of using existing World Wide Web infrastructure to build your SSI solution




Verifiable Credentials on the front line

Learn how businesses are using verifiable credentials, decentralized orchestration and blockchain identity to reduce fraud, increase privacy and improve user experience. See real-world examples of production ready solutions from one state’s Department of Education and other public sector organizations. Learn how biometrics, proofing, KYC and other MFA services link with verifiable credentials thro

Learn how businesses are using verifiable credentials, decentralized orchestration and blockchain identity to reduce fraud, increase privacy and improve user experience. See real-world examples of production ready solutions from one state’s Department of Education and other public sector organizations. Learn how biometrics, proofing, KYC and other MFA services link with verifiable credentials through decentralized orchestration. See how paper-based documents like diplomas, academic transcripts and citizen identity are being replaced with verifiable credentials that reduce cost, increase security and privacy preservation. Learn how Ping Identity and other sources can issue and verify blockchain based verifiable credentials.




Bridging Traditional IGA with Cloud Native Authorization

IGA vendors often point to ABAC vendors when asked how authorization should actually be enforced and ABAC vendors point in the direction of IGA vendors when asked where all that context information is coming from. The talk will shed some light on how the grey area between IGA and cloud native authorization systems like Styra DAS / Open Policy Agent can be bridged. The focus will be on inhouse appl

IGA vendors often point to ABAC vendors when asked how authorization should actually be enforced and ABAC vendors point in the direction of IGA vendors when asked where all that context information is coming from. The talk will shed some light on how the grey area between IGA and cloud native authorization systems like Styra DAS / Open Policy Agent can be bridged. The focus will be on inhouse applications not on commercial off the shelf software as bolting a foreign authorization system onto existing software brings little benefit. We will share where different concerns like auditability, scalability and user experience for engineers and end users can be solved. 
Zalando has 4000+ inhouse applications and 280+ engineering teams so we will also talk about organizational scalability by using 100% automation and self service. 




Securely Identifying Mobile Apps

Today's open standards ensure that when a user chooses to login, the user’s authentication is protected and only delivered to the mobile app that initiated the authentication. However, how does the Authorization Server identify or verify the invoking app? This talk will look at the potential for mobile app impersonation and mechanisms available to protect against these attacks. Key takeaways:

Today's open standards ensure that when a user chooses to login, the user’s authentication is protected and only delivered to the mobile app that initiated the authentication. However, how does the Authorization Server identify or verify the invoking app? This talk will look at the potential for mobile app impersonation and mechanisms available to protect against these attacks.

Key takeaways:

What’s needed to impersonate a mobile app How standards currently address this exposure Mechanisms to strongly identify a mobile app


Drivers for Identity & Access Management in the Financial Industries

Identity & Access Management is a key requirement from banning regulations. At Creditplus, a new IAM solution was implemented recently. Drivers for IAM as well as the overall design of the new solutions are presented in this talk.

Identity & Access Management is a key requirement from banning regulations.

At Creditplus, a new IAM solution was implemented recently. Drivers for IAM as well as the overall design of the new solutions are presented in this talk.




What if your digital twin misbehaves?

The concept of the digital twin comes originally from the Industry 4.0 domain with the idea of having a digital representation of real-life objects or processes. The representation of the digital twin consists of the physical object, the virtual product, and the connections between those. Data and its flow form the connection. Only recently has this concept been applied to people as well. While th

The concept of the digital twin comes originally from the Industry 4.0 domain with the idea of having a digital representation of real-life objects or processes. The representation of the digital twin consists of the physical object, the virtual product, and the connections between those. Data and its flow form the connection. Only recently has this concept been applied to people as well. While this concept is very promising for design or optimization scenarios, the fact that data is in the center of it, a missing overall data governance and security might be the next challenge. Thus, potentially leading to a misbehavior of the digital twin.




Designing an European Identity Wallet: An overview of UI and UX aspects

The European Identity Wallet will be made available to all Europeans by the different Member states as part of the revised eIDAS regulation. In this talk Adrian Doerk will provide an overview of how a potential user interface (UI) might look like and will illustrate common challenges when designing customer centric user experience (UX) flows within the wallet. 
The European Identity Wallet will be made available to all Europeans by the different Member states as part of the revised eIDAS regulation. In this talk Adrian Doerk will provide an overview of how a potential user interface (UI) might look like and will illustrate common challenges when designing customer centric user experience (UX) flows within the wallet. 


If it’s not Simple, Scalable and Agile, it’s not Modern IGA




Panel | The Pieces of Modern Authorization - Whats Happening in the Market




Access Control - The new Frontier




All Other Identities - The Risk That Is Hiding in Plain Sight

For the last 30 years  virtually every  company, agency and organization has been forced to accept the risks associated with identity management and control for third parties and  all  the other identities that  are not  directly addressed by today's workforce or customer access management solutions. The universe of  "all other identities"  is enormous, numbering in the billions and  maybe even th

For the last 30 years  virtually every  company, agency and organization has been forced to accept the risks associated with identity management and control for third parties and  all  the other identities that  are not  directly addressed by today's workforce or customer access management solutions. The universe of  "all other identities"  is enormous, numbering in the billions and  maybe even the trillions of distinct and unique identities. In the absence of solutions and processes to actively manage and control the identities of contractors, service providers, agencies, franchisees and  all  the possible variations of people,  devices  and entities that your organization interacts with, accepting risk but not being able to  mitigate  it has been the normal course of business. It is past time that these risks are acknowledged,  addressed,  and mitigated. Richard Bird explains the current state of third and n-th party identity risk, how to recognize it and what to do about it in this presentation on a new frontier in security and risk.




Panel | The Future of Corporate Directories in the Cloud Era. Will they Survive?

In this session we will have a look at traditional corporate directy systems and discuss wether, how and where they will survive a cloud first stragey. Do we still need a corporate directory? If so, what are or will be their role compared to oter centralized directories like Azure AD? How would a migration path look like and which APIs have to be supported? How will HR, Corporate Directo

In this session we will have a look at traditional corporate directy systems and discuss wether, how and where they will survive a cloud first stragey.

Do we still need a corporate directory? If so, what are or will be their role compared to oter centralized directories like Azure AD? How would a migration path look like and which APIs have to be supported? How will HR, Corporate Directory and IAM plac together? Will Distributed Ledger based technology be a game changer?


The Identity R/Evolution

The identity r/evolution is ongoing. For a while it seemed that not much has changed since Kim Cameron spearheaded the discussion about “The Laws of identity”. New technologies like Privacy-ABC based on ZKP were ready to provide the user with control over how much personal data he wants to disclose, while promising, commercial solutions were neither accepted by the market nor solving the problem o

The identity r/evolution is ongoing. For a while it seemed that not much has changed since Kim Cameron spearheaded the discussion about “The Laws of identity”. New technologies like Privacy-ABC based on ZKP were ready to provide the user with control over how much personal data he wants to disclose, while promising, commercial solutions were neither accepted by the market nor solving the problem of reliability of transactions exhaustively. Today, the new decentralized digital identity model of Self-Sovereign Identity, utilizing verifiable credentials and Decentralized Identifiers, is giving new hope of finding sustainable solutions. This session will map out the main questions around privacy within this context:

What are the privacy pros and cons of a blockchain-based identity management system based on an “European Digital Identity Wallet”? What are key pain points of the emerging "European Autonomous Identity Framework" (ESSIF) compatibility with GDPR? Is there “enough privacy” in eIDAS 2.0? How can one trust that the entity issuing the credentials is in fact the entity that it claims to be?


Credentials and Privacy - History and New Kinds of Cards

David will talk aboout a new technology that allows the person owning a public key to prove that they have memorized a passphrase, from which they could at any time easily compute the private key. One example use is for votexx.org elections, which are conducted remotely without polling places. The ballot-casting in such elections is done by a signature that is publicly verifiable as corresponding

David will talk aboout a new technology that allows the person owning a public key to prove that they have memorized a passphrase, from which they could at any time easily compute the private key.
One example use is for votexx.org elections, which are conducted remotely without polling places. The ballot-casting in such elections is done by a signature that is publicly verifiable as corresponding to a particular public key posted in advance by the election authority. The voter registration authority would require a proof that the voter knows the corresponding passphrase and hence ensures that the voter has irrevocable access to the private key corresponding to the posted public key. This lets the voter give all of their keys (in an extreme case) to a vote buyer and/or coercer – while the voter is never able to give up knowledge of the passphrase and the ability that it confers to secretly cancel any vote made with the corresponding private key. This is just one example David will feature in his presentation.




Transatlantic SSI Interoperability: Building the Identity Layer for the Internet

Many decentralized identity infrastructures and ecosystems around the world are emerging, but how can we get to true global interoperability, where my digital identity works seamlessly across borders and across different use cases? Two of the most prominent initiatives in the digital identity space right now are 1. the digital Permanent Resident Card use case supported by the U.S. Department of

Many decentralized identity infrastructures and ecosystems around the world are emerging, but how can we get to true global interoperability, where my digital identity works seamlessly across borders and across different use cases?

Two of the most prominent initiatives in the digital identity space right now are 1. the digital Permanent Resident Card use case supported by the U.S. Department of Homeland Security, and 2. the European Blockchain Service Infrastructure (EBSI) with its various pilot projects.

In this talk, we will look at the "Transatlantic SSI Interop" experiment conducted by an EU company (Danube Tech) and a US company (Digital Bazaar) that shows how such different initiatives can connect and interoperate.




Panel | Turning (Distributed) Workforce Challenges into Productivity Gains

Customer Identity & Access Management (CIAM) has made us learn about reducing friction in the way customers access and consume our services, and to add value to the relationship. It is time now to apply CIAM learnings to workforce identity. 

Customer Identity & Access Management (CIAM) has made us learn about reducing friction in the way customers access and consume our services, and to add value to the relationship. It is time now to apply CIAM learnings to workforce identity. 




Identity is the New Perimeter: How to Discover, Mitigate and Protect Identity Risks

Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the prol

Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the proliferation of potentially exposed identities. Once an attacker establishes initial access it becomes trivial for lateral attack movement to take control over critical systems or the entire network. The network perimeter is obsolete. Identity is the new perimeter. Organizations must discover, mitigate and protect their identity risks.




There is No Consensus About Consent

 

 




Qualified electronic signatures in times of the eIDAS2-wallet - a Nordic-Baltic perspective

When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspect

When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.




The SolarWinds Hack and the Executive Order on Cybersecurity Happened - It Is Time to Prepare

Again and again, I am asked how one can start with the topic of security in an agile project environment. What are the essential first steps, and what should you focus on at the beginning? Of course, this raises the question of suitable methodologies and tools. At the same time, the strategic orientation of the company must be included in this security strategy. We have also learned in the recent

Again and again, I am asked how one can start with the topic of security in an agile project environment. What are the essential first steps, and what should you focus on at the beginning? Of course, this raises the question of suitable methodologies and tools. At the same time, the strategic orientation of the company must be included in this security strategy. We have also learned in the recent past that attacks like the “Solarwinds Hack” are becoming more and more sophisticated and that the attackers now focus on the entire value chain. What tools are there, and where should they be used? How can I start tomorrow to prepare myself for the future against the challenges of cyber attacks? And that’s exactly what you will get an answer to here.




Kubernetes and Crossplane at Deutsche Bahn

This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes "native" experience. The journey has not been without challenges,

This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes "native" experience.

The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.




Deploying Open Policy Agent (OPA) at Scale and in Production

OPA is a fast rising star in the Authz market. In this deep dive we will cover lessons learned and best practice from early adopters on how to deploy OPA at scale and in production. How can you ensure consistent polices, how do you test and life cycle policies, how do connect with external data sources.

OPA is a fast rising star in the Authz market. In this deep dive we will cover lessons learned and best practice from early adopters on how to deploy OPA at scale and in production. How can you ensure consistent polices, how do you test and life cycle policies, how do connect with external data sources.




Identity Management in a Web 3.0 World

The third iteration of the Web, Web 3, aims to put more control over web content in users’ hands. It promises to be built on blockchain, eliminating all big intermediaries, including centralized governing bodies. The vision for a Web3 world is for people to control their own data and be able to bounce around from social media to email to shopping using a single personalized account, creating a pub

The third iteration of the Web, Web 3, aims to put more control over web content in users’ hands. It promises to be built on blockchain, eliminating all big intermediaries, including centralized governing bodies. The vision for a Web3 world is for people to control their own data and be able to bounce around from social media to email to shopping using a single personalized account, creating a public record on the blockchain of all of that activity. What does this mean from an identity management point of view? We will explore some important questions that should be addressed as the future of the internet unfolds, including the impact that limited oversight in crypto currency will have, including poor authentication; the role of decentralized identities and private key management; and finally, the privacy aspects of having transaction data on the blockchain and what that means for attackers that can potentially compile new identities or further identity theft as we know it today. Whether it is Web3 or beyond, these issues will be critical to build trust on the internet of the future.




An ecosystem for trusted identities

 

 




Enterprise Identity: A case study of the EU Gaia-X project

Gaia-X Federation Services is a European project that promotes innovation through data sharing and represents the next generation of the data infrastructure ecosystem. To see how we bring about an open, transparent, and secure digital ecosystem, we thus share a practical example and working code of the Gaia-X for the Notarization API. The aim of this product is to establish digital trust in di
Gaia-X Federation Services is a European project that promotes innovation through data sharing and represents the next generation of the data infrastructure ecosystem. To see how we bring about an open, transparent, and secure digital ecosystem, we thus share a practical example and working code of the Gaia-X for the Notarization API. The aim of this product is to establish digital trust in disclosed data (paper or electronic) for Gaia-X participants to use in the Gaia-X ecosystem. To reach this goal, an issuance module to transform data into digital verifiable credential (VC) is needed. With this component, certification institutions such as government, lawyers, etc. are able to prove the identity and provide data of any organization that desires to be a Gaia-X participant. Thus deliver the desired verified attestation as a digital representation. This use case on enterprise identity is an example of a contribution to the meta-platform concept: a platform that enables and fosters participant-controlled value transfer across and among other platforms and participants. An open, interoperable, portable, decentralized identity framework is thus a prime candidate for becoming such a meta-platform and for leveraging this aggregate network effect.


Self-Sovereign Identity for Legal Entities and their Representatives globally




Friends don’t let Friends Centralize Authorization Enforcement




Your Journey to the Cloud: Can you Finally Replace Active Directory?

In this session, we will answer a question that everyone is asking: "Can we really get rid of Active Directory in the cloud era?". In the conversations with many CISOs and CTOs, the future of Active Directory was constantly being questioned and we could see a lot of confusion about what strategy to take. Active Directory is currently experienced as a huge pain in most organizations and they all

In this session, we will answer a question that everyone is asking: "Can we really get rid of Active Directory in the cloud era?".

In the conversations with many CISOs and CTOs, the future of Active Directory was constantly being questioned and we could see a lot of confusion about what strategy to take. Active Directory is currently experienced as a huge pain in most organizations and they all dream of being able to eliminate this classic entry point for Malware and Ransomware within their IT ecosystem.




Challenges for Women in Identity and Security

It is well known that women face various challenges when working in the IT industry. These challenges lead to the fact that only about 20% of employees in IT are women. The situation in security and identity is even worse, as some studies have shown. "Women in Identity" is a global organization whose mission is to develop solutions with diverse teams. This presentation will look at the various WID

It is well known that women face various challenges when working in the IT industry. These challenges lead to the fact that only about 20% of employees in IT are women. The situation in security and identity is even worse, as some studies have shown. "Women in Identity" is a global organization whose mission is to develop solutions with diverse teams. This presentation will look at the various WID initiatives on a global and local level that support women in the industry and create solutions “for everyone built by everyone”.




Privacy Enhancing Mobile Credentials

The Kantara Initiative is developing a standard and requirements so that organizations can demonstrate to their stakeholders that their commitments to privacy and data protection go beyond transactional and technical trust. At the end of the day people trust, or don't trust, organizations - not the technologies that the organizations use. This session will provide you with an up-to-date report on

The Kantara Initiative is developing a standard and requirements so that organizations can demonstrate to their stakeholders that their commitments to privacy and data protection go beyond transactional and technical trust. At the end of the day people trust, or don't trust, organizations - not the technologies that the organizations use. This session will provide you with an up-to-date report on the development of these standards and requirements and also provide you with an opportunity to provide input into their development.




The Future of Digital ID in South Africa




Signing in the Rain: HTTP Message Signatures and Web Security

HTTP is an amazingly powerful protocol, and it's the lifeblood of the internet today. On the surface, it seems to be a simple protocol: send a request to a server and get back a response, and everything's structured in useful ways. HTTPS adds the TLS protocol to secure the connections between endpoints, protecting the messages with encryption and keeping them away from attacker's eyes. But what if

HTTP is an amazingly powerful protocol, and it's the lifeblood of the internet today. On the surface, it seems to be a simple protocol: send a request to a server and get back a response, and everything's structured in useful ways. HTTPS adds the TLS protocol to secure the connections between endpoints, protecting the messages with encryption and keeping them away from attacker's eyes. But what if you want to be sure the sender is the right sender, and what you see is what they sent? What if you've got a more complex deployment, with proxies and gateways in between your endpoints that mess with the contents of the message? What if you need assurances on the response as well as the request, and to tie them together? People have been trying to sign HTTP messages in various ways for a long time, but only recently has the HTTP Working Group picked up the problem. Come hear about the HTTP Message Signatures work from the draft specification's authors and see how it works, how to apply it, and talk about how it could change how we use the web.




PAM for the People

The cyberssecurity approaches and strategies that works well for a multinational with a large and well funded cybersecurity department may not be as applicable for a mid sized company where the security department may be a single person. Still if the partner company that delivers the cheese to a retailer falls to a cybersecurity attack there is simply no cheese to sell to the customers so the
The cyberssecurity approaches and strategies that works well for a multinational with a large and well funded cybersecurity department may not be as applicable for a mid sized company where the security department may be a single person. Still if the partner company that delivers the cheese to a retailer falls to a cybersecurity attack there is simply no cheese to sell to the customers so the retailer not only looses money but also fails at their most basic task. So how do we as multinationals help our partners with implementing basic controls such as PAM in a way that works in their business reality? In this session we will be looking at how you as a relatively cybersecurity mature company can do to help your less mature partners. It is also suitable for persons who has been asked to launch a cybersecurity or PAM program without been given the full resource to execute a full program.


Proofing your Success: Defining & Measuring Meaningful Metrics for IAM




Trimming down User Access Governance to its Essentials

Securing access to data and applications has become a cornerstone of any modern cybersecurity strategy. In the IAM market, user access governance projects have a history of incurring multi-year roll-outs and requiring specialized personnel, making many companies shy away and bear excessive cyber risk. In this space, Elimity tries to break the status quo. As an innovator, Elimity provides a dat

Securing access to data and applications has become a cornerstone of any modern cybersecurity strategy.

In the IAM market, user access governance projects have a history of incurring multi-year roll-outs and requiring specialized personnel, making many companies shy away and bear excessive cyber risk.

In this space, Elimity tries to break the status quo. As an innovator, Elimity provides a data-driven platform that specifically offers the essentials for user access governance: automated data collection, holistic risk analytics and user-friendly access reviews integrated with ITSM. As a result, the platform lets companies achieve mature access governance in a matter of days, not months.

In this session, Maarten will give an overview of the essentials of user access governance, showcase the Elimity platform and how it is successfully applied in practice.




Cloud Security Standards: Expectations, Benefits and Use Case




Unified Endpoint Management: Practical Considerations




PAM I^3 - Implementation, Integration and Intelligence about Privileged Access Management

A look at how 5 of Canada’s biggest financial institutions have tackled the challenge of Privileged Access Management. Sharing similar requirements all went down paths of successful deployments of technologies to protect their clients, and workforce while providing a more efficient user experience for day to day activities.   A look at the 5 common steps to success.

A look at how 5 of Canada’s biggest financial institutions have tackled the challenge of Privileged Access Management. Sharing similar requirements all went down paths of successful deployments of technologies to protect their clients, and workforce while providing a more efficient user experience for day to day activities.   A look at the 5 common steps to success.




Joni Brennan and Allan Foster




Panel | PAM




Enterprise Domain Annotation based Segregation of Duties strategies




Hybrid Central/Decentralized Identity: Deployment Strategies for SSI

The disruptive changes in the SSI paradigm will not be effortlessly adopted by the industry worldwide without technological enablers. Indeed, before transitioning to a fully decentralized ecosystem, standard enterprise IAM solutions and canonical IGA disciples will need to adapt and integrate verifiable credentials. This talk will explore the hybrid decentralization paradigm, offering pointers and

The disruptive changes in the SSI paradigm will not be effortlessly adopted by the industry worldwide without technological enablers. Indeed, before transitioning to a fully decentralized ecosystem, standard enterprise IAM solutions and canonical IGA disciples will need to adapt and integrate verifiable credentials. This talk will explore the hybrid decentralization paradigm, offering pointers and insights into the uncontestable evolutionary needs of enterprises. After all, industry IAM solutions must evolve to include VCs issuing and verification capabilities to fully embrace the trustless trust paradigm while retaining complete control of authorization flows.




Making SSI accessible: IOTA technology, solutions and projects

Traditional identity and access management solutions built so far on the trust for selected identity providers and their adoption from an ecosystem of identity owners and identity verifiers. The decentralized identity paradigm is disrupting these ecosystems and required more democratic collaboration and competition among a number of identity and credential issuers, identity owners,

Traditional identity and access management solutions built so far on the trust for selected identity providers and their adoption from an ecosystem of identity owners and identity verifiers. The decentralized identity paradigm is disrupting these ecosystems and required more democratic collaboration and competition among a number of identity and credential issuers, identity owners, and verifiers selecting and using them. This requires not only to design and implement new technologies but also to identify new business opportunities and business models. Collaboration, experimentation, and evaluation are the road to adoption, and the EU collaborative H2020 research and innovation framework offers the opportunity to de-risk such collaborations, in favor of innovation.




Best Practice: CIAM as Business Enabler for Digital Transformation




Progress and lessons on the establishment of Digital Identity in UK




Panel | How to improve customer IAM and CIAM




Finicity

How Banking-as-a-Service is Enhancing Financial Technology

In traditional banking, to get a loan, make a deposit or speak to a banker, customers have usually traveled to a physical branch. But today, more banking services are available digitally. As a complement to existing online banking services, innovators are building the new and improved financial experiences that consumers are looking for. These innovators […] The post How Banking-as-a-Service is

In traditional banking, to get a loan, make a deposit or speak to a banker, customers have usually traveled to a physical branch.

But today, more banking services are available digitally. As a complement to existing online banking services, innovators are building the new and improved financial experiences that consumers are looking for. These innovators may not even have a brick-and-mortar presence, but they add multiple layers of value on top of existing financial services.

The digital movement is giving customers more tools and options to build their financial lives in the way they see fit, and Banking-as-a-Service (BaaS) is making this possible. Customers can now turn to innovators who offer niche financial services that cater to their unique needs, creating new ways for them to split dinner bills, take out a microloan, invest in crypto, track spending, saving and more.

But creating a new fintech company, app or product has not been simple. The traditional path to creating financial services was a long, hard road, from getting a banking license to building a new tech stack. Synctera is one fintech that offers an easier on-ramp to new, innovative financial products through BaaS. BaaS platforms and technology solutions provide the building blocks necessary for a fintech or neobank to quickly start creating innovative financial use cases for the modern consumer.

Synctera acts as a fintech banking platform, connecting a fintech builder with a community bank that has the requisite banking license. On the development side, Synctera provides an end-to-end toolkit, offering the critical technology services and providers that help innovators build their ideas. This includes consumer-permissioned data for account verification through Mastercard’s open banking platform, to help bring financial service ideas like quick money movement to life.

Modularizing banking solutions

All the things an entrepreneur needs in order to offer a banking service—including the ability to accept deposits, make loans and payments — BaaS service providers like Synctera encapsulate into the application programming interface (API) as modular blocks, so a fintech can tap in and build new solutions. Whether it’s issuing cards, sending ACH payments or more basic financial operations, developers can take these blocks and reassemble them to meet their needs.

The key to building with a BaaS provider is having just one API that’s simple to connect to. This reduces architecture and modeling requirements on the fintech development side. These tools allow fintechs to set up new customer accounts without delays from microdeposits, using instant verification, enabling customers to connect their external accounts and transfer funds into new financial services faster.

Another advantage of BaaS: Since multiple solutions are offered in the same API, it’s easy to make changes. If a company that’s scaling up tries an account authentication solution that’s slow and not quickly verifying that customer accounts are funded, they can replace it seamlessly with an alternate solution. That means less disruption to operations; money can keep moving.

Offering a marketplace of options

BaaS wraps all of its services, including those developed in-house and those from outside developers, into one API marketplace to make it easy for fintechs to launch everything together. Instead of trying to integrate tech from multiple financial services partners, a fintech developer can come to a BaaS provider like Synctera and build more, with less overhead and less plumbing.

Working with a BaaS provider allows fintech builders to focus more on the features of the product they’re offering to customers, like offering a virtual storefront to artists, discounted pet insurance to pet owners or easier access to small business capital. The marketplace solution means a fintech could choose a waterfall approach; if one solution fails, the system can be set up to automatically try another one.

How Mastercard fits in

Consumer-permissioned financial data can also be piped into BaaS solutions. Mastercard’s open banking platform provides secure connections to consumer-permissioned financial data from 95% of bank deposit accounts in the U.S. This data can power use cases like credit decisioning, account opening and linking. It creates more choice in payments and transaction data for better financial insights.

Every fintech product needs financial data, the ability to manage consumer permission and to access those accounts. It’s one thing to have a customer knock on your door. It’s another to help them walk through the door without unnecessary obstacles blocking their way, and to make the first deposit into their new accounts happen quickly and compliantly.

Mastercard’s open banking platform provides consumer-permissioned data to power the tools that Synctera and other BaaS providers and innovators create. By using account verification and transaction data from Mastercard’s open banking platform, all ecosystem players can authenticate users and get them online fast, and in a compliant manner.

Fraud detection and speed are of utmost importance

Understandably, the risk, compliance and customer experience balance is delicate–efficiency can’t compromise fraud prevention. By adding open banking data to the BaaS platform, financial service providers can verify and access bank account data with instant account verification, helping to ensure that the person opening a new account actually owns the account they are linking to the new fintech app, before moving money.

Speed is another top concern for fintech builders. And since banks are not tech companies, many operate on pre-internet tech. COBOL, a programming language developed in 1959 that underpins many banking systems, can make it difficult to upgrade systems quickly, or to seamlessly connect with today’s technology. This can result in a speed mismatch between banking networks and the world of fintechs, who want to be able to release new products and services in a few weeks. Mastercard helps connect customer accounts quickly and speeds up the customer onboarding process.

There’s a lot of new and improved technology being created in the world of financial services, and more options for developers result in more next-gen products that help consumers on their financial journeys.

Learn more about how Synctera and Mastercard are helping neobank and fintech builders unlock better financial access for people at synctera.com.

The post How Banking-as-a-Service is Enhancing Financial Technology appeared first on Finicity.


Anonym

Part 3: How We’re Enhancing Sudo Digital Identities with Decentralized Identity

Over the past few years we’ve seen the development and standardization of the concept of decentralized identity. Built on blockchain technology, decentralized identity provides a strong foundation for a much-improved privacy experience for a user – and it has been called the most important privacy innovation for the coming decade.  Anonyome Lab’s Sudo Platform provides enterprise de
Over the past few years we’ve seen the development and standardization of the concept of decentralized identity. Built on blockchain technology, decentralized identity provides a strong foundation for a much-improved privacy experience for a user – and it has been called the most important privacy innovation for the coming decade. 

Anonyome Lab’s Sudo Platform provides enterprise developers with decentralized identity capability to use for their applications and users. The platform offers both client- and service-side capabilities.

Sudo Platform identity components.

You can see above some of the key areas of decentralized identity development within Anonyome Labs. On the left side, we have how a user can leverage decentralized identity capabilities within the context of their Sudo digital identities. This extends compartmentalization of digital interactions into decentralized identity-based interactions.

On the right of the diagram are the current areas of decentralized identity development within the Sudo Platform:

Identity Wallet – A user-controlled local data store that safeguards a Sudo’s decentralized identity identifier (DID), cryptographic keys, verifiable credentials, and other artifacts for use with issuers, verifiers, public ledgers, and other third parties. The wallet supports multiple devices, cloud backup and recovery. Mobile Agent – Usually an app that lets users interact with the Identity Wallet, as well as enabling various external activities, such as interacting with any standards-based public ledger, streamlining the login process to accounts and services, providing end-to-end encrypted peer-to-peer interaction, assisting users with the request and presentation of verifiable credentials, and more. DI Relay – The DI Relay (i.e., decentralized identity relay) provides mobile agents with an always onconnection point that facilitates user-to-user and user-to-service communications. Without an always on relay, mobile agents wouldn’t be able to communicate reliably with each other. Verifiable Credentials – The Sudo Platform issuer service can create verifiable credentials. The issuer service first registers a credential definition on the blockchain which references an existing schema as well as registers the issuer service’s DID and public key. 

Using their mobile agent, a user can request a verifiable credential from the issuer service. The new credential will be securely transmitted to the user’s mobile agent, which will secure it in the user’s identity wallet.

Additionally, via their mobile agents, users can present their verifiable credentials to a verifier, including the Sudo Platform’s verifier service. The user will be prompted to approve (or deny) presenting all of the requested verifiable credential claims, just some claims, or may even elect to only provide zero knowledge proof.

Encrypted Messaging (end-to-end) – Whether used for user-to-user, user-to-service, or service-to-service communication, messages are encrypted end-to-end using peer-to-peer connections secured using the DIDComm protocol.

Next week, in part 4, we’ll outline the benefits to enterprises from proactively adopting decentralized identity.

Photo By Foxy burrow

The post Part 3: How We’re Enhancing Sudo Digital Identities with Decentralized Identity appeared first on Anonyome Labs.


Coinfirm

UAE’s DeFi Policy Considerations

The discussion paper Policy Considerations For Decentralised Finance presents the United Arab Emirates’ Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market’s (ADGM) view on the direction of DeFi – their proposed regulatory approach to DeFi, the predicted growth, high level policy positions on how FSRA might consider adopting, and implications for future...
The discussion paper Policy Considerations For Decentralised Finance presents the United Arab Emirates’ Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market’s (ADGM) view on the direction of DeFi – their proposed regulatory approach to DeFi, the predicted growth, high level policy positions on how FSRA might consider adopting, and implications for future...

Shyft Network

Crypto Rule: Solving the Unsolvable (Webinar)

A deep dive into the current state of crypto regulation, the FATF Travel Rule, and how our recently-launched solution, Veriscope, has solved the unsolvable: the Sunrise Issue. On May 4th at 11:00 am EST, Shyft Network launched the debut edition of the Unhosted Webinar Series, with 80 attendees joining. It was presented by Shyft Network and Veriscope’s Head of Strategy for Global Regulatory a
A deep dive into the current state of crypto regulation, the FATF Travel Rule, and how our recently-launched solution, Veriscope, has solved the unsolvable: the Sunrise Issue.

On May 4th at 11:00 am EST, Shyft Network launched the debut edition of the Unhosted Webinar Series, with 80 attendees joining. It was presented by Shyft Network and Veriscope’s Head of Strategy for Global Regulatory and Compliance Solutions, Malcolm Wright.

The webinar’s theme was the current state of crypto regulation, the FATF Travel Rule, and how Shyft Network’s recently-launched solution, Veriscope, has solved the unsolvable: the Sunrise Issue.

We’ve also done a short re-cap of the key themes and challenges discussed in the Webinar:

FATF Recommendations on Virtual Assets

Financial Action Task Force, the global anti money-laundering & terrorism financing watchdog, has made recommendations to prevent the use of virtual assets in illicit activities. Countries are required to adopt these recommendations within a definite period of time, which will then become a guideline for the industry to follow.

After countries implement FATF recommendations, the global watchdog will make periodic assessments on the implementation of the guidelines. Countries that fail to receive satisfactory scores on various parameters can be penalized by FATF, which can affect their financial standing globally and impact their ability to obtain funding from external sources, such as the World Bank and the IMF.

The Travel Rule

The Travel Rule is the most crucial recommendation on virtual assets issued, to date, by FATF. It was adopted in June 2019 when FATF issued draft guidelines. Then, during the first (June 2020) & second (June 2021) assessments, FATF found that countries and industries are still not following its recommendations. Then, in October 2021, FATF issued its final guidelines on virtual assets & Virtual Asset Service Providers (VASPs).

Under the Travel Rule, both originator and beneficiary VASPs must store and exchange certain personally identifiable information, such as the customer’s name, wallet address, location, national ID number, and DOB. They must also present the information to authorities when requested.
Risk of Sanctions

Although Know-Your-Customer (KYC) and blockchain analytics are among the must-have tools that VASPs should have to ensure sanctioned parties cannot find a way around sanctions through virtual assets, they aren’t enough to mitigate the sanctions risk.

To fully comply with the FATF recommendations, it is crucial to know both parties involved in the transaction, which requires the implementation of the Travel Rule. Failing to comply with FATF recommendations can result in sanctions from authorities, which can yield devastating results.

To mitigate the risks, ensure GeoIP monitoring, proper KYC with name screening, implement blockchain analytics, and Travel Rule. Following these steps enables businesses with a significant amount of business volume outside their jurisdiction to have a solid defense against any potential sanction violation.

The Challenges 1. Poor Data Accuracy

Receiving incomplete or inaccurate data from the originator or beneficiary VASPs can result in significant challenges, such as increased customer support & compliance costs, failed payments, and poor customer experience.

Shyft Network’s Veriscope has implemented automated discovery of counterparty VASP through the token’s address to solve this problem. Also, Veriscope has automated exchange of personally identifiable information (PII) of both originator and beneficiary to ensure 100% accuracy.
2. Data Security

Storing PII on Travel Rule Service Provider’s (TRSP) infrastructure can result in internal and external hacking attacks, intermediaries meddling in and snooping on the data, and malicious actors exploiting the entire process to obtain counterparty PII by submitting fake transactions. There are also challenges to storing PII without user consent.

The solution? Veriscope. It offers data security through three measures.
(i) User consents every time before PII is shared.
(ii) PII is encrypted and off-chain to prevent malicious actors from accessing the user data.
(iii) The transmission of PII data between VASPs is through peer-to-peer mode only, which means Shyft Network does not handle PII at any point in time.
3. Know Your VASP (KYV)

Opting for just any average TRSP comes with a fair share of challenges. First, all data that a VASP relies on is collected by the TRSP; with such TRSPs, there is no option to choose a counterparty VASP. Then, there is the issue of inaccurate VASP discovery, as it may fail to capture granular data at the entity level.

Veriscope’s design mechanism enables it to solve these complex problems swiftly. It ensures that PII data is sent to the correct VASP entity and that the network participants have undergone due diligence at internationally recognized standards. It is also highly scalable and can easily accommodate the growing needs of both legal and operational teams.
4. Payment Screening

The usual approach to obtaining beneficiary data is to collect the information from the originator. There are several issues with this approach. For instance, such data can be incomplete or inaccurate, further complicating screening efforts. It can even lead to higher exposure to sanctions risk.

Veriscope has implemented a mechanism that mandates obtaining beneficiary data from the beneficiary VASP. Shyft Network’s approach ensures that the data is accurate and complete, resulting in efficient name screening. That’s not all, as it also enables VASPs to request any additional information through the RFFI process.
Sunrise Problem: A Major Roadblock in Implementing the Travel Rule (Recap)

The most significant problem that VASPs face in implementing Travel Rule is the Sunrise issue. The problem is that countries have adopted or will adopt the Travel Rule into local regulations at different times. Thus, most VASPs located in jurisdictions that have not yet adopted the Travel Rule are unlikely to have a Travel Rule Solution and will issues for those VASPs who do have a Travel Rule Solution.

Recent data suggests there are over 600 cryptocurrency exchanges globally. Depending on their jurisdiction, they may or may not have adopted the Travel Rule yet. That’s where the problem lies, as the countries that have adopted the Travel Rule may mandate compliance both domestically and internationally. So, a compliant VASP must obtain data from the counterparty VASP regardless of their compliance status. If the compliant VASP fails to comply with the rule, they may receive severe penalties.

Suppose a VASP based in a country that has adopted the FATF Travel Rule (VASP A) sends Requests for Information (RFI) to a VASP operating in a country yet to adopt the Travel Rule (VASP B) on day zero (April 1st, 2022). They may or may not provide the information. After all, they are not legally obligated to do so yet. But VASP B will want to respond after the country they are based in implements the regulations. Meanwhile, without the necessary information, how can VASP A be compliant? This problem is referred to as the sunrise problem.

So, what’s the solution here? Veriscope. Thanks to Veriscope’s Historic Look Back feature, whenever VASP B’s home country adopts the Travel Rule, they can sign up for the solution and access all the RFIs sent to them even before they were legally required to comply with the Travel Rule.

Let’s say the VASP B joins six months after day zero (October 1st, 2022). They will see all the RFIs when they join and can respond to all of them. So, VASP A & VASP B finally successfully exchanged the information required under the Travel Rule because of Shyft’s Veriscope.

About Shyft Network

The Shyft Network aggregates and embeds trust into data stored on public and private ecosystems, allowing an opt-in compliance layer across all systems. The key pillar for Shyft is user consent, allowing users to track the usage of their data. Therefore, no one can use personal data without consent from the owner. Shyft Network allows and gives incentives to individuals and enterprises to work together to add context to data, unlocking the ability to build authentic digital reputation, identity, and credibility frameworks.

Website / Telegram / Twitter / MediumDiscord


Ocean Protocol

OceanDAO Round 17 Results

26 proposals received and 345,644 OCEAN granted OceanDAO Grants Hello, Ocean Community! The OceanDAO is honored to share the results of the 17th round of our community grants initiative: A total of 345,644 OCEAN was available. Conversion rate of 0.29 OCEAN/USD. A final amount of 100,000 USD (at the time of voting deadline) was available for grants. All funds that were not grante

26 proposals received and 345,644 OCEAN granted

OceanDAO Grants

Hello, Ocean Community!

The OceanDAO is honored to share the results of the 17th round of our community grants initiative:

A total of 345,644 OCEAN was available. Conversion rate of 0.29 OCEAN/USD. A final amount of 100,000 USD (at the time of voting deadline) was available for grants.

All funds that were not granted will be recycled back into the treasury as part of our initiatives to continue leveraging treasury funds into greater outcomes.

Round 17 included 13 first-time projects and 13 returning projects requesting follow-up funding.

345,644 $OCEAN have been granted

Congratulations to all grant recipients! These projects have received an OceanDAO grant in the form of $OCEAN tokens.

For the full vote results please see the Voting Page.

You can view the expanded proposal details on the Round 17 Ocean Port Forum!

OceanDAO Round 18 and announcements will be live shortly. Ocean Protocol is dedicated to ever-growing resources for continued growth, transparency, and decentralization. Keep an eye out on Twitter @oceanprotocol, @oceandao_ and our blog for the full announcement and new highlights.

For up-to-date information on getting started with OceanDAO, we invite you to get involved and learn more about Ocean’s community-curated funding on the OceanDAO website.

We encourage proposers who did not win to re-apply and for every participant to vote for projects who applied for a grant.

Thanks to all proposers, participants, and voters who engaged in Round 17!

OceanDAO Round 17 Results

You can find the final results on the Oceanpearl Leaderboard, or for a fully detailed overview on our Round 17 — Votes page.

Round 17 Rules

Proposals with 50% or more “Yes” Votes received a grant, until the “Total Round Funding Available” is depleted in descending number of votes received order.

Claiming your Grant

If your Proposal was voted to receive a grant, you have 14 days to claim your granted $OCEAN: here

You can find instructions on claiming your grant here.

Deadline to claim your grant (claiming for grants is after this period):
May 23rd, 2022, midnight UTC

Funding Tiers — All Categories (max per team):

New Project Funding Ceiling: $3,000 USD Requires: No one in your project has ever received a grant from OceanDAO. Open to all. Benefits: Earmarked. Receive feedback during the application process. Introduced to related projects.

2. Existing Project

Funding Ceiling: $10,000 USD Requires: You have completed 1 or more grants. Benefits: Same as above. Receive promotion via Newsletter, Twitter, and other channels.

3. Experienced Project

Funding Ceiling: $20,000 USD Requires: You have completed 2 or more grants.

Earmarks

“Earmarks” means that there are funds available exclusively to the first three groups listed below, without having to compete as an incentive to apply.

15,000 OCEAN for New Teams (non-outreach category) 9,000 OCEAN for New Teams (outreach category) 35,000 OCEAN for 2nd/3rd Time Teams (all teams) 26,000 OCEAN for Core Tech Initiatives (listed below) 115,000 OCEAN for remaining General Grants

To distribute 100,000 USD, earmarks were adjusted based on the same distribution for a total of 345,644 OCEAN. The final numbers distributed are as such:

25,923 OCEAN for New Teams (non-outreach category) 15,554 OCEAN for New Teams (outreach category) 60,488 OCEAN for 2nd/3rd Time Teams (all teams) 44,934 OCEAN for Core Tech Initiatives 198,745 OCEAN for remaining General Grants

The grant proposals from the snapshot ballot that met these criteria were selected to receive their $OCEAN Amount Requested to foster positive value creation for the overall Ocean ecosystem.

Voting opened on May 5th midnight UTC Voting closed on May 9th midnight UTC

Proposal Vote Results:

26 proposals submitted 15 funded or partially funded 151 Unique Wallets Voted (That’s ATH, and more voted via delegation) 5,955,911 $OCEAN voted Yes on proposals 317,810 $OCEAN voted No on proposals 6,273,802 $OCEAN Tokens voted across all proposals 212,176 $OCEAN has been granted 0 $OCEAN will be returned to the treasury Winning Proposals

Compare: Oceanpearl Leaderboard

Including: partially and completely funded projects
Due to having introduced Quadratic Funding, we are able to fund more projects. Most are partially funded (exact amount in landing pages), hence appear in one list.

General Grants

Ocean Ambassadors: Project Flagship marks a key step in the decentralization of Ocean Protocol: the Ocean Ambassador program will get its funding from OceanDAO going forward.

DATALATTE: Share your data to Earn passive income! We empower internet users to monetize their own data and provide data scientists with access to non-identifiable users’ data using AI Feature Store at an affordable price.

Core Tech

Algovera: Algovera is a DAO for data science teams building decentralized AI apps on top of Ocean Protocol.

Opsci DAO: Opsci is an initiative to bootstrap an Open Science Data DAO that will generate datasets and algorithms to host on our fork of the Ocean Marketplace and will provide templates for other groups to replicate our efforts leading to new future proposals.

Athena Equity: A data brokerage who’s primary objective is to drive inflows of data and datasets to the ocean platform through the development of partnerships with data producers and data scientists. Building the data verification layer for ESG.

New Entrants

Unity to Ocean Uploader: Editor tool (script) on unity’s nav bar, that let’s you choose a scene to upload it to the Ocean Marketplace.

Autobots: Autobots seeks to build a location based plugin that will collect decentralized navigational data from vehicles such as cars, trains, motorcycles and travellers and in turn incentivise the data providers.

4th Wall: Bring real-time TV & movie streaming data to Ocean Marketplace

DoDAO — Onboarding and Education Platform for DAOs/Blockchain Projects: Will create a white-labeled site for Ocean DAO and will create educational onboarding and how to guides for new members

New Outreach

Predictive Model for Borrowing Cost of Popular DeFi Protocols: Test models trained on Compound Protocol on unseen data and build an application to interact with the models.

The Web3 Ocean Podcast: The Web3 Ocean Podcast is at the intersection of Audio, Blockchain, Community and Data. In Season 1, we aim to feature the worldview of Bruce Pon & some of the community members from the Ocean Protocol. We need it before the Ocean V4 release. We have started incorporating the feedback from the community as we shape our episodes.

2nd/3rd Time Proposals

WeDataNation: WeDataNation offers an anonymous and secure platform for user data aggregation. It’s simple. Users can upload their data from social media , e-commerce, gaming, streaming and Web3 apps on WeDataNation. Their data runs through algorithms (in an anonymous way) and is pooled into a dataset. Insights of the dataset can then be purchased by various players such as marketing agencies to leverage their marketing strategy. The revenue that is generated is shared between all users.

The Data Shift: Decentralised data wallets for users to build and store their verified datasets in the form of DataNFTs. This allows for monetisation through Ocean as well as connection to dApps to enable futuristic data-sharing, designed for optimization.

PGWG Rewards: Coordinape circle & rewards for Project-Guiding Working Group (PG WG) to review proposals, provide support, insights, and connecting participants across the OceanDAO ecosystem.

DeadmanDAO Web3 Hacker Network: Create a decentralized network analytics data pipeline for team-builders to find Web3 hackers and to understand the developer-developer multilevel network.

OceanDAO Ecosystem

Continue to support and track progress on all of the Grant Recipients inside of Ocean Pearl or view our Funding History page to learn more about the history of the grants program.

Much more to come — join our Town Halls to stay up to date and see you in Round 18. Thank you!

Follow Ocean Protocol on Twitter, Telegram, LinkedIn, Reddit, GitHub & Newsletter for project updates and announcements. And chat directly with other developers on Discord.

OceanDAO Round 17 Results was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


Ontology

Ontology Weekly Report (May 1–9, 2022)

Highlights As part of our ONT ID framework upgrade, we’re pleased to announce that the Ontology Verifiable Credentials SDKs are now open source. This forms part of our commitment to building Web3 infrastructure and making privacy accessible to all. Latest Developments Development Progress We are 93% done with the Rollup VM design. We are 60% done with the RISCV instruction set cont
Highlights

As part of our ONT ID framework upgrade, we’re pleased to announce that the Ontology Verifiable Credentials SDKs are now open source. This forms part of our commitment to building Web3 infrastructure and making privacy accessible to all.

Latest Developments Development Progress We are 93% done with the Rollup VM design. We are 60% done with the RISCV instruction set contract implementation. We are 50% done with the Rollup RISCV EVM actuator. We are 40% done with the Rollup L1<->L2 cross-layer communication design. Product Development ONTO App v4.2.5 brought support for authoritative information sources such as CoinMarketCap, and all tokens on CoinMarketCap are now fully supported. ONTO hosted various online activities with Ivy Market, AFK, SUNT·DaoFi, DEMON, Drift Delivery, Anonverse, Shambala, OceanMollu, HEZI, Hangout, X-Rush, DeFi Launch and OpenLeverage. Earn rewards by participating with ONTO. Follow the @ONTO Wallet Official Announcement on Telegram for more details. ONTO App integrated NFT Marketplace Ivy Market to provide users with additional benefits. On-Chain Activity 135 total dApps on MainNet as of May 9th, 2022. 6,989,694 total dApp-related transactions on MainNet, an increase of 34,660 from last week. 17,400,262 total transactions on MainNet, an increase of 58,848 from last week. Community Growth We held our weekly Discord Community Call, with the theme “Possibility of DID layout in NFT field”. There are still many problems behind the current NFT industry, such as piracy, single function, etc. DID can theoretically solve some problems such as right confirmation and verification for NFT, Ontology is providing ONT ID identity framework integration for NFT projects to gradually complete the layout of the NFT industry. We held our Telegram weekly Community Discussion led by Polaris, an Ontology Harbinger from our English community. He shared the latest developments with community members: Ontology’s Verifiable Credentials SDKs now open source for all Go and Java developers, accelerating the adoption of DID in the blockchain sphere. As always, we’re active on Twitter and Telegram, where you can keep up with our latest developments and community updates. Global News Ontology’s Business Development Manager Li Ge was invited to participate in the TRENDS TWITTER SPACES NFT special session held by Cointelegraph Chinese, focusing on the theme of “BAYC and Moonbirds are popular, what is the next new NFT?” In the live broadcast, they shared opinions on “how to choose NFT for newbies” and “the layout of Ontology on the NFT track”. Ontology’s Business Development Manager Li Ge was invited to participate in the online marketplace session hosted by SME Finance Forum, a member of the World Bank Group, sharing the benefits of DID in the form of the suite of solutions offered by ONT ID. Ontology’s unique infrastructure supports robust cross-chain collaboration and is available on the well-known Digital Asset Exchange DECOIN.io. It now supports digital assets transactions on the Ontology chain, providing global users with safe and convenient digital asset services. Ontology in the Media

Cointelegraph — “Decentralized credit scores: How can blockchain tech change ratings

“From DeFi to decentralized credit rating, the blockchain industry has brought security and efficiency to the financial world. Although decentralized credit rating is in its early stages, even with the advancements already made, there’s no doubt about its growth into an even better assessment tool in the future.”

Based on DID technology, Ontology has built a complete on-chain reputation scoring system. The ONT ID identity framework verifies multiple trust credentials, evaluates the user’s behavior and reputation, generates real scores, and gives users on-chain convenience. Combined with DeFi, SocialFi and other products, users with higher reputation scores are more likely to gain the trust of other users; they can also get discounts when participating in lending.

Learn more about our decentralized data and identity solutions on our website and official Twitter account. You can also chat with us on Telegram and keep up-to-date with the latest news via our Telegram Announcement account.

Ontology Weekly Report (May 1–9, 2022) was originally published in OntologyNetwork on Medium, where people are continuing the conversation by highlighting and responding to this story.


Tokeny Solutions

From Start-up to Scale-Up: How Tokeny Prepared for Large-Scale Tokenization

The post From Start-up to Scale-Up: How Tokeny Prepared for Large-Scale Tokenization appeared first on Tokeny.

Product Focus

From Start-up to Scale-Up: How Tokeny Prepared for Large-Scale Tokenization

Our solutions now become more scalable and flexible as we have our own indexer and nodes to interact with relevant data on the blockchain. This improvement eliminates any downtime for our services and enlarges our capacity to handle thousands of tokens in parallel.

This content is taken from the Product Focus newsletter April & May 2022.

Scalability is one of our top priorities as we are working with large financial institutions with very high volumes anticipated. We regularly run intense scalability tests and a few months ago, we concluded that we should reduce our dependence on some third parties to provide faster and enterprise-grade solutions. This newsletter explains how we became more autonomous and scalable by running our own blockchain Indexer and nodes:

Blockchain data Indexer

In order to build the real-time cap table of token holders with fully accurate information, our T-REX Platform needs to scan and read the blockchain to index relevant transactions happening to the ERC-3643 tokens and ONCHAINIDs. Technically, it can be very challenging for complex operations, and tools like The Graph, the “Google for blockchains”, enables developers like us to tackle these issues.

However, in our testing, we encountered some upcoming limitations as the use of these third party tools and protocols can be slow and requires some manual procedures. Therefore, we decided to build our own Indexer technology, enabling automated token indexing that can be completed within minutes, without any downtime, for thousands of tokens in parallel.

Also, we realized that many Web3 applications were having trouble interacting with blockchain through third-party services,  so we decided to improve this as well:

Blockchain connector (Remote Procedure Call) 

A RPC is a set of protocols and interfaces that enables a software to interact with the blockchain, to read and write, similar to a website interacting with a server. In blockchain terms, a server is referred to as a node, a synced database of the blockchain. Most applications use Infura to do so; it provides RPCs and AWS-like services for nodes, so developers don’t need to build a RPC or manage their own nodes.

Due to Infura’s popularity, blockchain applications become less decentralized and it could become a single point of failure, such as the time it went down because of a service outage one week ago, causing many dApps, including MetaMask, to not function.

It became obvious to us that we had to run our own nodes and build our own RPC to provide better services for our customers. As a result, we have built a system that we can monitor, scale, and rapidly fix if needed. We even enabled switchable RPCs to keep the T-REX Platforms always available by monitoring the state of nodes to connect with functional nodes including our own nodes and third party nodes (e.g. Infura, Alchemy, …).

We are proud of our tech team, especially our DevOps Engineer Cyrille, Lead Core Developer José and Senior Full Stack Developer Mihalis, for their hard work to complete these improvements. We will continue pushing the limit to provide the most advanced, flexible and secure solutions for you.

Subscribe Newsletter

This monthly Product Focus newsletter is designed to give you insider knowledge about the development of our products. Fill out the form below to subscribe to the newsletter.

Other Product Focus Blogs From Start-up to Scale-Up: How Tokeny Prepared for Large-Scale Tokenization 11 May 2022 Introducing LEGO-like onboarding solutions for digital asset investors 6 April 2022 ComplyDeFi – The Compliance SDK For DeFi Protocols 28 February 2022 2022 Roadmap: Enhancing the Liquidity of Tokenized Assets 31 January 2022 Tokeny’s Product Achievements in 2021 6 December 2021 White-label Digital Asset Marketplace 16 November 2021 T-REX Protocol Recognized as ERC3643 11 October 2021 Gas Tank on Polygon 10 September 2021 DvD Transfers 29 June 2021 Blockchain Layer Enhancement 8 June 2021 Tokenize securities with us

Our experts with decades of experience across capital markets will help you to digitize assets on the decentralized infrastructure. 

Contact us

The post From Start-up to Scale-Up: How Tokeny Prepared for Large-Scale Tokenization appeared first on Tokeny.


UbiSecure

The Opportunities for Europe’s Identity Landscape with eIDAS 2.0, with Bo Harald – Podcast Episode 68

Let’s talk about digital identity with Bo Harald, Founding Member at MyData Global Network. In episode 68, Bo discusses all things eIDAS... The post The Opportunities for Europe’s Identity Landscape with eIDAS 2.0, with Bo Harald – Podcast Episode 68 appeared first on Ubisecure Customer Identity Management.
Let’s talk about digital identity with Bo Harald, Founding Member at MyData Global Network.

In episode 68, Bo discusses all things eIDAS 2.0 – what eIDAS 2.0 is and how it differs from eIDAS 1.0; the opportunities with Self-Sovereign Identity (SSI) and eReceipts; public and private sector involvement; what the world can learn from the Nordics for projects like eIDAS and GAIN; and how smaller players can influence the Commission’s decisions.

[Transcript below]

“Some people say that this is more important than the Internet, I agree… During 40 years of digital work, I’ve seen a lot of important things, but this is the biggest by far.”

Bo Harald has been named as one of the most influential technologists of the 20th century by Institutional Investor, and has been awarded for advancing the Information Society by the Finnish Ministry of Transport and Communications. He currently works as an independent advisor at Findy.fi, a Senior Advisor at the Finnish Council of Regulatory Impact Analysis, a Founder and Steering Committee member at MyData.org, and with the publicly funded Real Time Economy programme. He also has an active role in the Finnish eIDAS 2.0 workgroups.

Connect with Bo on LinkedIn.

Find Bo’s open letter to the EU Commission posted in Finextra –https://www.finextra.com/blogposting/22017/open-letter-to-the-eu-commission

We’ll be continuing this conversation on Twitter using #LTADI – join us @ubisecure!

 

 

Podcast transcript

Let’s Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla.

Oscar Santolalla: You might have heard of eIDAS before, especially if you are in the payment industry. But now in the recent years, the European Commission is working on a new version, eIDAS 2.0. We’re going to talk about that and especially from the perspective of Finland. We have a special guest who has been working in Finland. And our special guest today is Bo Harald.

He started his career in banking in the 1970s by promoting and building electronic banking, payments, and e-business services. He developed Nordea’s Electronic Banking and payments operation for 30 years, after which he started working with TietoEvry as the Head of Executive Advisors.

He has also served as the Chairman of the EU Expert Group on Electronic Invoicing, the Chairman of Mobey, Mobile Financial Services Forum, and has held and holds directorships in various companies and associations. He has been named as one of the most influential technologists of the 20th century by Institutional Investor, and has been awarded for advancing the Information Society by the Finnish Ministry of Transport and Communications.

Bo currently works as an independent advisor at Findy.fi, a Senior Advisor at the Finnish Council of Regulatory Impact Analysis, a Founder and Steering Committee member at MyData.org, and with the publicly funded, Real Time Economy programme.

Hello, Bo.

Bo Harald: Hello, and thank you for having me.

Oscar: It’s a pleasure, Bo. Thanks for joining us. And definitely, I want to hear all these very interesting things about eIDAS 2.0. So let’s start, let’s get started. Let’s talk about digital identity. We’d like to hear from your very extensive and varied background in banking and technology. Please tell us a bit more about your career journey – how everything until today working in the Finnish eIDAS 2.0 workgroups.

Bo: Yeah, it’s a long ladder, and I want to call it a ladder. It started back in the late ’70s, when we developed the first versions of home banking, the PC banking in the very early 1980s for private customers at Union Bank of Finland, and nowadays Nordea. And also for SMEs long before internet. And the first step was obviously with payments, invoice payments, typically, bill payments. And then we moved on to put all banking services actually into e-banking before internet already. And so that was the first phase.

The second phase was about interconnecting bank customers, not only with payments, but also with e-identification, e-signatures, e-invoice and e-salary, for example. This was a very important step when you look at the benefits for society at large, you get the economy of trust the economic reuse, the economic repetition, the economy of scale, and all that.

And from here, when internet then came in the mid ’90s, we had already half a million people on e-banking in Finland. And we were the biggest bank in e-banking in the world, in absolute terms for many, many years, all the way to Nordea.

So from here, we established then the public-private real time economic programme, focusing very much on e-invoicing, accounting automation, real time income register for the tax authorities. And that’s what I tried to also promote when I was the Chairman for the EU Commission Expert Group.

The next phase, if I condense this ladder, was the MyData principles that started to grow out in 2016, putting the citizen in control of all of his or her data, naturally supported by the legal promise from GDPR in Europe. But we could see at that early stage that there was no practical way of getting this data to travel from the enterprises that had the legal obligation to send it and that’s where we started to look for a new solution in 2017 and ’18.

And there we could see that Self-Sovereign Identity and Trust over IP was the solution to go forward with. And we established this public-private Findy cooperative as the solution. And it was a real eye-opener and this is soon coming to eIDAS to see that we were able to solve the pressing need for being able to trade and issue non listed, unlisted shares.

And there you have this pretty tricky situation that you need to serve private shareholders, organisational shareholders, the issuer, the state, the trade registry, the banks, for payments, for trading, for settlement, for delivery, for keeping up the registers. But when you issued all of these parties, with the same generic wallets or fact wallets, we prefer to call them fact wallets – identity wallets is the other name for it. Then it was astonishingly easy to interconnect these parties – four coders, four months, and it worked like a dream.

So that’s when I got the eyes open for the eIDAS architecture needs. That’s the ladder. And actually, the ladder is important to understand that you should have all the ranks or the steps on it, you know, enabled to rise to the higher platforms in between. That was the path, my path.

Oscar: Well, very, of course, been long, long journey and super interesting all the type of projects you have been involved. And now, you are working very heavily on eIDAS, especially this new version 2.0. If you can tell us about that but also tell us for the ones who are not so familiar, what is eIDAS? And then tell us the difference between the current eIDAS 1.0 and the new one, eIDAS 2.0.

Bo: Yes, eIDAS 1.0 and eIDAS 2.0 are two entirely different things. eIDAS 1.0 failed. It was focusing on cross-border identification services with pretty stiff requirements. And there were two things missing that led to the failure – supply and demand. There is such a limited need for identifying citizens, organisations, cross-border. And in the Nordic countries, we already have extremely well-functioning identification services in place, mainly run by the banks in Finland, also teleoperators are involved, I think that may be the only country in the world where teleoperators are doing this as well. It’s good with competition.

But when you talk about eIDAS 2.0, it’s not a question of identification, it’s a question of identity. And that’s a totally different thing. You could say that the identity is built from credentials from all sorts of sources in the private sector, in the public sector, statements about your knowledge, your skills, your vaccinations, where you live. We’re disclosing as little as possible, thousands of different statements that build a person’s identity all the way to – you might call it a “digital twin”.

And, here, obviously, eIDAS 2.0 is promising that every European will get a wallet issued by qualified issuers, possibly also by the states, if needed. And these wallets are then the ones where you will get these credentials, statements, the verified data about you when you need it.

So that’s a big difference between eIDAS 1.0 and eIDAS 2.0. And obviously eIDAS 2.0 is an absolutely enormous opportunity for the economy at large on the one hand, and for building a real single digital market on the other hand.

Oscar: As you have mentioned wallets, earlier you mentioned fact wallets or identity wallets, does it already exist? Just to understand that concept better, could you describe how it would be in practice? Is there anything like that today so we can have an idea?

Bo: Yeah. There are already wallets out there, pretty many, many versions of them actually. Obviously, Europe is working on trying to establish what kind of standards such a wallet should have, be it then an application in your mobile phone, which seems to be very much in focus now, mainly serving citizens, also, perhaps smaller enterprises.

But obviously, these kinds of applications or wallets, ID wallets or rather fact wallets, are also needed by larger organisations. And then the mobile application is not the solution, but an application, a computer or in the cloud. But obviously, all these wallets, be they then in a mobile or in a computer or in the cloud, should be interoperable by design. That’s the whole idea here.

Oscar: OK. Yeah, understanding now the, what is this new concept of eIDAS 2.0 based on identities that you say in wallets, tell us more about the opportunities that this new framework is going to provide for the future across Europe.

Bo: Yes, I’m very happy to see that the commission work is really embracing Self-Sovereign Identity, which is obviously the standard, and I can’t see any alternative to that. And in many, many countries already Trust Over IP stacks are the starting point like they are here in Finland, and have been already for five years.

And here, what will happen is that the data rights holder, you as a citizen, or you as working for a company, you are in the driver’s seat. You can go to a data source, public or private, and say, that now I have a life event of this sort, looking for a job, establishing a company, somebody has died in the near family, which is the most stressful life event, and thousands of other life events, and now I need the data from all of these, all relevant sources. And I have a wallet, and the wallet is helping me to find those sources. And then I get the data to my wallet. And then I go to a service provider of my choice, I have this data and you are specialising in this particular life event. If I need financing, it may be a bank. And could you please take care of the need.

And the beauty of this is these three parties, the data rights holder with the wallet, the source and the service provider do not need to be technically integrated, do not need to be technically integrated. Because in this infrastructure, the technical connection is handled in the infrastructure, which is very cheap to build, of course, it needs rulebooks. And that’s the whole beauty of it.

Obviously, this infrastructure, we call it the data highway here in Finland is used both by the public sector and the private sector. That’s a no brainer, like a road is open to everyone to use. And it should obviously be a non-profit organisation that handles this. That’s why we have established this in the cooperatives to do that. So that’s how it works. And it’s not that difficult to understand, actually.

The benefits of Self-Sovereign Identity are absolutely enormous to reducing risk and friction in the economy at large. It’s of course, improving automation. It’s protecting privacy like nothing we have seen before. It’s preventing crime and grey economy. And this book that I mentioned to you, Self-Sovereign Identity by Drummond Reed, is quoting sources saying that the cost of cybercrime is something in the region of $6 trillion. So that’s a kind of a big picture. McKinsey for its part estimates the benefits of the trust infrastructure to be 3% to 6% of GDP, depending on the maturity of a country.

So this is an absolutely massive step forward. Some people say that this is more important than Internet, I agree. And some people say that the fact wallet is at least as important as the internet browser was when internet started. So you can see that this is something that every state, every government should actually do everything they can, and obviously, European Union to happen as fast as possible. We have no time to lose in this world. But they cannot do it on their own. And they are– the clever governments understand that they have to do this hand-in-hand with the Self-Sovereign Identity experts and the enterprises that are working in that field, and that’s the way it works in Finland.

Oscar: Yeah, definitely the way you say it sounds like there are definitely plenty of benefits. And yeah, we hope to see these benefits in the near future definitely.

Bo: Oh, I mean, it’s a kind of a responsibility of any government that are looking for reducing crime and improving privacy and above all, naturally, getting the productivity in place and the benefits of data according to the MyData principles. And this is the really only practical way I can see that they could implement the MyData principles, protecting people’s data. I’ve seen during 40 years of digital work, I’ve seen a lot of important things, but this is the biggest by far.

And if you want to go into the wallets, which will get a lot of so-called credentials or statements, verify data, the e-receipt is something of the highest volume. And even the lines in the e-receipts, if you look at the number of lines in e-receipts and e-invoices in Finland, and both of them will in a couple of years’ time be the only kind accepted legally. In accounting, there are some 20 billion of them every year and these can– each line can be verified on its own. So it will be by far the biggest volume of credentials sitting delivered from the seller’s wallet to the buyer’s wallet, be the buyer or seller private or an organisation.

And the reuse of this e-receipt is a fantastic opportunity. We all know what travel expense means for all of us. We know how difficult it is to get financing in enterprises, and you have an invoice there, verified by the buyer, it’s so much easier for insurance companies. In Finland only there is a calculation saying that about 100 million can be saved when e-receipts are actually available. And obviously the insurance fraud is a big issue in any country. That’s just one example. But there are any number of them that– what is the– when you get a verified data statement, a credential that can be used in so many different places.

Oscar: So the e-receipts is also part of eIDAS 2.0?

Bo: Well, it’s not directly but I mean, when you have eIDAS 2.0 in the right way. And I’m a little bit worried, I have to admit, about the Commission’s, let’s say, level of understanding of the importance of this 3% to 6% of GDP. They are focusing, in my opinion, too much on the private wallets and not enough on the enterprise wallets, to get the real benefit. If you focus only on private wallets, and for example, then government-issued credentials, then you get to a point 0% or 0.1% perhaps of the benefits. But when you have a full picture then you can get 90% of the enormous, enormous benefits.

That’s why I wrote this open letter, which can be found in my LinkedIn account. Also, if somebody’s interested to the Commission, but we should understand how big this step can be if it’s done correctly, and not only looking at some sort of additional identification tool and only government-issued credentials.

Oscar: Yeah, we’re going to add this, I read your open letter to EU Commission. So yeah, we’re going to add it also to the show notes of this episode so people can read it, definitely. How can we centre the users’ needs while at the same time balancing organisational priorities in any new solution?

Bo: Yeah, this is a very good question and an important question, and I don’t have all of the answers here. But I have some basic answers based on my experience from banking, and so forth. I think that the, the mission and the– must always be the passion in any organisation that wants to be successful is to think hard about what the customers need tomorrow. And it’s a familiar phrase is that you should never ask the customer what he needs, because he doesn’t know, you should know before he does.

And in this particular time now, I think it’s time to start all the service design from the customer’s life events. Both data is needed for this live event and where does it sit? How can the data be verified and available in real time? The value of data arriving one second faster is quite different from the one that comes later. And it’s then in this particular setting, natural for many, many organisations to issue these wallets, be they in a mobile phone or in a computer. And also then include the National ID, invite the government to make the root idea, the electronic ID card into these wallets, so that it can be used for opening bank accounts and whatnot, where this is always needed according to the law, at least in the Nordics, but also other credentials from the public sector.

Then you can produce fantastic value for the customers, be they private customers or for SMEs who are going to take and actually charge. So that you [indiscernible] and the costs are not big, that is the fantastic feature here with open source technology and open data and open standards. So, I see that the solution will be that the role of public and private sector organisations will be, and is already, in GDPR supply data, but it should be verified data. The value of verified data is a thousand times more than just generic data. Also for machine learning and artificial intelligence, to supply that data to citizens and SME fact wallets and these are generic tools, generic tools, standardised interfaces all over the place.

The data rights holder as I said before here, then herself decides which service provider is best suited to use the data, to solve the need. And then in an ideal world, the public sector would not need to act as a service provider at all. They can let the enterprises do that on their own, and that will save a lot of taxpayers’ money. But of course, we have to see to it that there are no walled gardens built, that data is flowing freely, that you can always change your service provider without any lock ins, and that the competition is serving us all.

It shouldn’t be that difficult because the whole Self-Sovereign Identity is built on open standards and no wall gardens and no technology and no– it’s a kind of religion in that so that’s why I feel so comfortable in promoting it.

Oscar: Now with your experience working in Finland in banking and several other projects until now, how can Europe – and even if we see it globally with initiatives like GAIN, the Global Assure Identity Network – how these can learn from the experiences in Finland and in the Nordics in general?

Bo: Yeah, I have to admit that I have failed miserably in one aspect. This e-identification services that GAIN is now looking at was started back in I think ’93 in Finland. And we have then taken it from here to the other Nordic countries so that the banks are actually the suppliers to the identification services. And I have been preaching this in conferences all over the world all the time, since then, and I have written any number of blogs, in the Finextra blog posts, you can you can find it on frequently. That banks should be doing this and not only by their own will but should actually be forced into this kind of service by the government. Because they are so suited, because they are trusted, trusted institutions and the economic trust is immensely important and they are legislated into it because of the anti-money laundering legislation and all that.

And now GAIN is looking at it and unfortunately, it is very late. And now with the wallets, you don’t need it in the same time as– in the same way as you would have done it if you had started 20 years ago, 25 years ago as we did. But I didn’t get in my way, there has been so many different crises in banking that has taken away the attention. A little bit the same has happened also in electronic invoicing, banks woke up a little bit late. I can only look myself in the mirror.

But the lessons learned in Finland was that the economy of reuse and the economy of trust, using bank ID for identifying in all kinds of services was really, really important. It became a generic tool, both in your private role and in your work roles. And now, when you have this in overflow of everything – I mean, the attention span is– if it is eight seconds, still, it’s good. I mean, the goldfish has nine seconds. And everything else is overflowing except time and the value of something that you know already and trust is growing exponentially.

But now, I jump from there to the wallets, a generic wallet that you can use at home and at work supported by a generic public-private joint infrastructure is, of course, even more valuable, many times more valuable than the e-identification services provided by the banks. And this is something that not only the banking sector should be providing but many other sectors as well and everyone should naturally use it. So we have to live with the times and realise that people don’t have time to learn anything new if it can be avoided.

Oscar: Now, seeing the evolution because eIDAS 2.0 as I understand is still being cooked, let’s say, so it’s not completely finished. So how, let’s say smaller EU countries, and even individuals, who are really concerned about this or how is it going to be the standard and the standard coming can have more power to influence the commission decisions that is going to affect so many residents?

Bo: And this is a very critical question, an important question. And to get anything done now, the first thing to say is that even if you have the best public servants in the world, they are not Self-Sovereign Identity experts. Even if the European Commission has said that the Self-Sovereign Identity is at the core of eIDAS, they haven’t yet understood– had time to understood the full picture perhaps.

The remedy is that EU and any country, sit down with the public sector and say that OK, you government, you have realised that you can have 3% to 6% GDP benefits out of this Trust Infrastructure. And you do understand that your lawyers and economists and whatnot, they are not experts in building this radically new infrastructure. You have to do it together, in this public-private team, formulate the narrative. And some basic use cases like the receipts, or whatnot, so that the citizens will actually start asking for it, demanding it from their own government. That’s what you need.

And from Brussels, because we do understand that the Europe is the biggest economy in the world and if it becomes one single market, the benefit for everyone will be absolutely massive. And this is real – this trust infrastructure is a bigger step than Internet. And the fact wallet is the new browser. So we have to get people to understand how big this is.

And then the countries, once you have done it in your home country, then you join forces with others, like we now do with Sweden, Norway, and Germany, Holland, and so forth, and influence Brussels so that it is not overregulated, which will make it too expensive for small players, and actually just help large organisations to protect their positions. They have money enough to do this, even if it’s very regulated. So it’s important to see to it that the competition from the smaller guys is possible.

Oscar: So yeah, it’s important to, as you say, join forces, right, with the countries that have already– countries and organisations that are already active in… yeah, quite knowledgeable and active today.

Bo: Exactly. And that’s what they are doing now. Very happy to see that our neighbour Sweden has been quite keen to work together with the other countries also.

Oscar: And when is it expected to be ready, eIDAS 2.0?

Bo: Well, we’ve had a very tight timetable when it was launched. And we were of course quite happy about that last summer, it was announced and this was exactly what we had been hoping for, and even more. So that was good. But then it has now taken a lot of time and gone into overregulation aspects, which we fear and not enough understanding for the need for organisational wallets and of course or for wallets for things and bets and whatnot to get the full benefit.

So I’m, let’s say, prepared to wait half a year more if these aspects get into the drawings so that you can get the benefits out of it. The economic benefits and privacy benefits and single market benefits. So we must work hard to avoid, let’s say, minimal mobile application for citizens only. I don’t know how long it will take but probably not much will be seen how in way of use cases this year, next year should be a breakthrough year.

Oscar: OK. In 2023, we’ll see some of the fruits at least will be available for people to use and as you say organisations as well, all together.

Bo: Absolutely.

Oscar Santolalla Excellent. Final question for you, Bo. For all business leaders listening to us now what is the one actionable idea that they should write on their agendas today?

Bo: Well, this is of course a very challenging question. But if I choose from a long list of experiences from the past in electronic banking, electronic invoicing, e-identification services and all and how they come together and form the ladder. And when this ladder was– when they started to raise this ladder, we were happy enough to have hundreds and hundreds of bank branches that could do the selling on a personal basis to the individuals. Now, we are not really that many bank branches left anymore so it’s a new, it’s a new game, you have to do it without much personal selling.

So my simple line would be to say that, for God’s sake, do not serve your customer, to have a life event, with the fact wallets for all needed verified data into the wallet, and you have to do it closely together with the public sector. And they should also help with the financing because so much of the benefits will be for the society at large and only a small part for the enterprises and such. But this is the joint effort, the biggest one I’ve seen ever.

Oscar: Well, thank you very much, Bo, for this very interesting conversation and shedding light about eIDAS 2.0 and everything that is, yeah, behind that. I definitely learned a lot from this conversation. I’m sure our audience had fun and also super interesting. If someone would like to hear more about you, or get in touch with you, or follow you, what are the best ways?

Bo: Well, I have such an unusual name so it’s easy to find me on LinkedIn and please feel free to contact me. I have written blogs for at least 10 years on Finextra. So there, most of the material that I have myself produced can be found there in a fairly condensed form, not too long texts. So please feel free to use as much as you like.

Oscar: OK, perfect. Again, thanks a lot, Bo, for this conversation and all the best.

Bo: Thank you very much.

Thanks for listening to this episode of Let’s Talk About Digital Identity produced by Ubisecure. Stay up to date with episodes at ubisecure.com/podcast or join us on Twitter @ubisecure and use the #LTADI. Until next time.

[End of transcript]

The post The Opportunities for Europe’s Identity Landscape with eIDAS 2.0, with Bo Harald – Podcast Episode 68 appeared first on Ubisecure Customer Identity Management.


bankless

Betting the Fund on the Merge | Hal Press, North Rock Digital

What happens when a guy becomes so convicted on ETH that he bets HIS ENTIRE FUND on the Ethereum Proof-of-Stake merge? How much alpha is there in the All Core Devs calls? How should YOU play the merge?  Hal Press of North Rock Digital joins us as we discuss how to value tokens, and how to trade the biggest moment in crypto history. ------  OPOLIS | Sign Up to Get 1000 $WORK and 1000
What happens when a guy becomes so convicted on ETH that he bets HIS ENTIRE FUND on the Ethereum Proof-of-Stake merge?

How much alpha is there in the All Core Devs calls? How should YOU play the merge? 

Hal Press of North Rock Digital joins us as we discuss how to value tokens, and how to trade the biggest moment in crypto history.

------  OPOLIS | Sign Up to Get 1000 $WORK and 1000 $BANK https://bankless.cc/Opolis

------  SUBSCRIBE TO NEWSLETTER:          https://newsletter.banklesshq.com/   ️ SUBSCRIBE TO PODCAST:                 http://podcast.banklesshq.com/  

------ BANKLESS SPONSOR TOOLS: 

️ ARBITRUM | SCALED ETHEREUM https://bankless.cc/Arbitrum

 ACROSS | BRIDGE TO LAYER 2 https://bankless.cc/Across

 ALTO IRA | TAX-FREE CRYPTO https://bankless.cc/AltoIRA

 AAVE V3 | LEND & BORROW CRYPTO https://bankless.cc/aave

️ MAKER DAO | THE DAI STABLECOIN  https://bankless.cc/MakerDAO 

 BRAVE | THE BROWSER NATIVE WALLET https://bankless.cc/Brave

------ Topics Covered:

0:00 Intro 7:00 What Sets ETH Apart 18:09 Revenue and Cost 24:50 DeFi Utility 31:00 Blockchain Expenses 35:45 Inflating and Revenue 39:48 Supply and Demand 45:56 ETH vs Alt Layer 1s 56:06 Will the Price Lag? 1:03:36 Who Leads the Market? 1:05:35 Modeling Ethereum 1:11:45 ETH Staking Numbers 1:20:00 Wen Merge? 1:30:18 Trading the Merge 1:35:50 Closing

------ Resources:

Hal Press: https://twitter.com/NorthRockLP?s=20&t=ZONa4ZJl5kcxbE43zFZKBg

Crypto Fees: https://cryptofees.info/

Nillion: https://www.nillion.com/

The Ethereum Thesis: https://twitter.com/NorthRockLP/status/1484926691990556675?s=20&t=ZONa4ZJl5kcxbE43zFZKBg

----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://newsletter.banklesshq.com/p/bankless-disclosures 

Tuesday, 10. May 2022

Identosphere Identity Highlights

Identosphere 81 • Apple Google & MS to expand support for FIDO • ISO/IEC 18013-5 vs SSI • DID:INDY complete!

Weekly edition of news and updates surrounding decentralized id, data sovereignty, relevant public policies, events and other updates!
Welcome to Identosphere’s Weekly! ✨✨✨Thanks to our newest patrons✨✨✨ Support Identosphere on Patreon …or reach out to Kaliya directly.

Read and Subscribe : newsletter.identosphere.net

Submissions: newsletter [at] identosphere [dot] net

Upcoming

MEF CONNECTS Personal Data & Identity 5/10-11 Mobile Ecosystem Forum (Kaliya will be there both days)

European Identity & Cloud Conference celebrates its 15th edition Berlin - 5/10-13 (Kaliya will be there 12-13)

Kaliya thinking of hosting a social conversation in London likely on May 17th at NewsSpeak House - you can register on eventbrite.

Complex harms reduction through co-design of socio-technical systems in FinTech HXWG May 18th TOIP

Travel & Hospitality Biometrics Online Summit FindBiometrics 5/28 (register)

ID4Africa Marrakesh, Morocco 6/15-16 (Kaliya will be there in advance of the conference starting June 11 through the 17th)

IAM and SSI: A Combined Approach to Digital Identity June 15th, 2022 TOIP

Kaliya hosting a meetup in the Netherlands on June 18th details TBD - reach out if you want to help her organize it.

Identiverse in Denver June 21-24, 2022 (Kaliya is talking there)

Thoughtful Biometrics Workshop - Mid July virtual several days over 2 weeks.

Decentralized Web Camp August 24-28 in Northern California (Kaliya will be attending and encourages SSI folks to participate)

Internet Identity Workshop #35 November 14-16, Mountain View California

Policy End-To-End Encryption is Too Important to Be Proprietary Cory Doctorow

End-to-end messaging encryption is a domain where mistakes matter. The current draft of the DMA imposes a tight deadline for interoperability to begin (on the reasonable assumption that Big Tech monopolists will drag their feet otherwise) and this is not a job you want to rush.

Explainer Podcast: Digital Identity and Self Sovereignty Kaliya Young & Lucy Yang -Future of You

The tools Kaliya and Lucy are developing to enable self-sovereign identities

Whether anonymity or pseudonymity is feasible while maintaining accountability

Wallet Wars: how might wallets evolve and consolidate across the public and private sector

Decentralization is the Future of Digitization Jolocom

Digital identity data is introduced as having a positive impact on Germany’s future as well as Europe’s. Following, benefits of a decentralized identity based on a fully open infrastructure are given. 

What Will We Learn from the Market Failure of Digital Identity? Identiverse

We have a widely accepted Standard Model of Identity, or architecture, in which Subjects, Identity Providers and Relying Parties (aka Holders, Issuers and Verifiers) hold, present, exchange, use and/or consume digital identities.

The World’s First Verifiable Credentials Steve Wilson

Commonly associated with blockchain and the Self-Sovereign Identity movement, Verifiable Credentials are in fact an old idea.  It is instructive to break down their essential properties and examine the pioneering examples.

Standards Development Me2B Safe Specification v1.0 Me2B

The current version focuses on mobile apps and websites and encompasses only a portion of the harms outlined in the complete Me2B Digital Harms Dictionary. As the safe specification evolves subsequent versions will grow to include more of the harms identified in the Me2B Digital Harms Dictionary.

Building a Safety Spec for the Digital World Me2ba

It was three years in the making, and this is how we got here.

 A WebAuthn Apache module? Hans Zandbelt

any sensible WebAuthn/FIDO2 Apache module would rely on an externally running “Provider” software component to offload the heavy-lifting of onboarding and managing users and credentials.

ONT ID Upgrade: Verifiable Credentials SDKs Now Open Source Ontology

In making the code widely accessible, Ontology is accelerating the adoption of decentralized identity (DID) in the blockchain sphere As the project that has focused on the Decentralized Identity (DID) field for over 4 years…

Agri-Food Product Identity Verification & Governance DIACC Special Interest Group Insights

This report discusses what the identity verification related requirements for the creation and management of agri-food products (or items) unique identifiers to enable provenance tracking, ensure traceability, facilitate agri-food data integration, enhance governance, protect privacy and confidentiality, inform policies, and improve communications. 

ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential Procivis

in the context of government identity programs we see it as useful to compare them on the following parameters – background, credential data model & trust anchor and transmission protocols. 

Hyperledger completes development of DID:Indy Method and advances toward a network of networks Howland & Bluhm - Linux Foundation

With the groundwork complete, networks and agent frameworks now need to incorporate the Indy:DID Method. This community adoption will increase the viability of the Indy and Aries project stack and position it to be the globally dominant way to issue and share verifiable credentials in a multi-ledger world.

Company News Remittances Specialist Leverages Biometric Onboarding Via Onfido Find Biometrics

Chipper Cash has become the latest financial institution to adopt Onfido’s identity verification technology. The company currently operates one of the largest money transfer platforms in Africa, and is hoping

 Spruce Developer Update #19

Sign-In with Ethereum offers a new self-custodial option for users who wish to assume more control

Kepler is a decentralized storage network organized around data overlays called Orbits. Kepler allows users to Securely share their digital credentials, private files, and sensitive media to blockchain accounts, all using a Web3 wallet

What Indicio’s Seed Funding Means for Decentralized Identity Technology Indicio

Our new funding will be used to refine the open-source, decentralized-identity technology stack. We have the basic technology for a functional ecosystem, now we improve that functionality by adding all the features, user interfaces, and management tools that make it easier to deploy, use, and monitor. 

Raising the Bar on Identity: One Year of Okta + Auth0

Today marks one year since Okta and Auth0 officially teamed up to lead together in the customer identity and access management (CIAM) market.

Exposing Bad Actors Who Hide Behind Anonymity With Traceable Credentials Dock

Traceable credentials are a way of instilling that layer of privacy but allow the relevant authorities to ‘unwind’ that layer of privacy and identify those bad actors. We do this through verifiable encryption.

final phase eSSIF-Lab and maximum funding by the European Commission Work X

our team has been selected to enter the third and final phase of the European Self-Sovereign Identity Framework Lab. [...] to let employees regain control over their career-related data. Therefore receiving the maximum development grant of €106.000

Expanding the public preview of verifiable credentials Ankur Patel Microsoft Identity 

more than 1,000 enterprises with premium subscriptions have issued and verified tens of thousands of verifiable credentials […] from remote onboarding at work, collaboration across business boundaries as well as enabling education beyond the campus [...] we are extending the public preview […] for all Azure Active Directory (Azure AD) Free and Premium users. 

Myth Busters myths and facts. Is Self-Sovereign Identity Dangerous? Jolocom (in german)

we examine more closely whether self-sovereign identity can increase or reduce risks for data misuse in certain cases. 

Digital Identity Conspiracies ContinuumLoop

The only ones who will benefit from your digital ID are the Issuer (who gave you the credential), holder (you) and verifier (who you’re sharing it with). 

Data Managment Helping Data Trusts Manage Personal Data Mydex

Mydex CIC has just published a blog for Cambridge University’s Data Trust Initiative on ‘Helping Data Trusts Manage Personal Data’. In it, we address the challenges that arise as the Data Trust movement begins to scale.

EDU/HR Use-Case Self-Sovereign Identity User Scenarios in the Educational Domain Gerd Kortemeyer Educause

The model of self-sovereign identity offers tempting benefits as educational systems become increasingly global and as learning spans a lifetime.

Blockchains in HR: Prosoon and Talao go together on SSI and HR credentials Talao

This partnership will enable the use of Blockchain and Self-Sovereign Identity technologies such as verifiable credentials to enable the support of diplomas and professional certifications in compliance with personal data in a decentralized environment (#web3).

Wallets Self Sovereign Identity through Thrivacy Wallet Dr Gordon Jones

“Blockchain Ethics: A Bridge to Abundance” (2018) and “Re-Generation X” (2020) not only discuss the benefits of blockchain technology, but also capture Jamil’s experience on how he has transitioned from being a loyal yet downsized former corporate employee to a self sovereign individual.

Trust In Your Wallet Findy Agency

Finnish Trust Network (FTN) consists of “strong electronic identification” providers. The concept means proving one’s identity in electronic services that meets specific requirements laid down by Finnish law. The identity providers are required to implement multi-factor authentication to authenticate the users.

.

Identity Not SSI Apple, Google and Microsoft Commit to Support for Standard to Accelerate Passwordless Sign-In FidoAlliance

two new capabilities for more seamless and secure passwordless sign-ins: 

Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account. 

Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.

Accountable Digital Identity (ADI) Kiran Addepalli

In the last blog post, I presented a non-trivial use case where Verifiable Credentials can reduce process timelines and enhance digital transformation efforts for enterprises. I mentioned Accountable Digital Identity (ADI) as a framework for Trust and Accountability.

Editorial Note: The reason this is in Identity NOT SSI is because it does not follow the conventional SSI model and instead has a closed network of “core” identity providers that are let onto their network.

Web 3 Sign-in with Solana — Use Your Solana Account for Web2 & Web3

Users will now be able to control their digital identity with their Solana accounts instead of relying on traditional/custodial profiles. The Importance of Building a Self-Custodial Future In crypto, there is a saying that goes ”Not your keys, not your crypto’’ 

Web3Auth at the Paris Blockchain Week 2022 Torus

A whole lot of ecosystem players at the event were pleasantly surprised to discover Web3Auth’s Key Management Infrastructure

iXRPL - A Smart Contract-Powered, Self-Sovereign KYC Solution for the XRP Ledger by Scott Chamberlain, Richard Holland, and Ravin Perera

the verification is “stamped” on the User’s XRP Ledger Account with a Non-Fungible-Token, called a Human UUID, that uniquely identifies the verified individual. The User can then present their verified credentials, cross-checked against the XRP Ledger Account, to financial institutions to satisfy KYC requirements. Effectively, iXRPL “tokenises” the one-off cost of verifying your identity into a reusable asset. 

7 Essential Ingredients of a Metaverse Liz Harkavy, Eddy Lazzarin, Arianna Simpson Solving the ‘Sunrise Issue’ is the key to unlocking crypto mass adoption Cointelegraph

Regulation will touch every person in every jurisdiction worldwide; crypto must find ways to preserve its decentralization and privacy.

Question: Does SSI align with these? FRIDA’S principles to guide data and technology Young Feminist Fund

The tech we use should be responsive to and responisble with the climate, environment crises of our time. Frida advocates for the use and creation of volence-free technologies putting first the care of our territories and bodies

They also published this - which is good for all in tech to think about

FRIDA Happiness Manifesto Young Feminist Fund ✨Thanks for Reading!✨

Read More \ Subscribe: newsletter.identosphere.net

Support this publication: patreon.com/identosphere

Contact \ Submissions: newsletter [at] identosphere [dot] net


Trinsic (was streetcred)

IIW 2022 Recap: Building an SSI Proof of Concept in 30 Minutes and The Catch-22 of Interoperability

Internet Identity Workshop IIWXXXIV The 34th Internet Identity Workshop in Mountain View, California was a major success. Our Trinsic team, sporting our Trinsic-blue Vans, gathered with hundreds of other buzzing minds to discuss the disruptive technologies and principles that are shaping the internet movements around us. The conference covered a wide array of topics with […] The post IIW 2022 Re
Internet Identity Workshop IIWXXXIV

The 34th Internet Identity Workshop in Mountain View, California was a major success. Our Trinsic team, sporting our Trinsic-blue Vans, gathered with hundreds of other buzzing minds to discuss the disruptive technologies and principles that are shaping the internet movements around us. The conference covered a wide array of topics with over 80 sessions held in the span of a few days. While we can’t begin to do a comprehensive overview of all of IIW, below are some key insights our team gained from this latest IIW.

  Building in Under 30 Minutes

IIW is the perfect staging ground for testing out ideas and experimenting with emerging technology. Keeping in tradition with other IIW conferences, our Trinsic team talked with new innovators this spring about building an SSI proof of concept in under 30 minutes. This year’s group taught us the following in regards to building and testing SSI proof of concepts:

 

You truly can build a proof of concept in under an hour. The feasibility of building and testing a concept is not only thrilling but it also means we can make advancements in digital identity quicker. If testing is easier, more ideas can be brought to light which enables us to sift through and make headway in building better identity products for everyone. If you’re someone with an idea but have been hesitant about where to begin building and testing, this is an excellent place to begin working within minutes. We build better products when we openly collaborate with each other. If you’re looking to build a new ecosystem, seek feedback from community members who have been through the process or are building a product that could complement yours. At the end of the day, we’ll only be successful if all our identity products are interoperable. Yet that won’t ever happen if we aren’t talking with one another and following the same standards. Trinsic’s developer slack community is a great place to start meeting and speaking with fellow builders. The best SSI proof of concepts are built by teams with great chemistry. We’ve worked with a lot of companies, and those that are the most successful are successful because of their team. Having the right resources in terms of talent often outweighs the importance of other capital resources. This spring’s IIW conference showcased a growing community of talented companies, with a rapidly growing need to hire. It seems we’re all hiring, which means we can each expect to put a lot more effort into attracting top talent.   The Catch-22 of Interoperability

Verifiable credentials and adoption were among the hottest topics of IIW. The unique value of a verifiable credential is the fact that it is an interoperable standard–that is, one credential can be accepted and verified across multiple institutions. However, the value of a standard is less obvious before being widely adopted. Thus, we find ourselves with a chicken-and-egg problem: how do we get people to use verifiable credentials while the main value is the fact that other people are using the standard? The key is to focus on solving business problems today for a single ecosystem. That’s why Trinsic created Trinsic Ecosystems, a product focused on enabling adoption among issuers and verifiers. If you’re building an SSI ecosystem, reach out for a demo.

  Decentralized Identity Has Great People

IIW once more established that this industry has some of the best people. From veteran faces like Sam Smith to newcomers (Josh from our team attended for the first time), we truly have some of the kindest, most brilliant minds around. Here are a few noteworthy folks we’re going to be following after IIW:

 

Evin McMullen. Evin spoke about adoption among web3 users at IIW. Catch her bringing self-sovereign identity to the Metaverse with Disco.xyz. Ankur Banerjee: Ankur lifted the sights of the group at IIW. You’ll find him building a network for creating digital credential businesses at Cheqd. Wenjing Chu. Wenjing spoke about a framework for interoperability at this year’s conference. He’s currently leading the open-source standard work with multiple organizations, including Trust Over IPMike Ebert. Mike is working on the code side of machine-readable governance at Indicio, which is similar to a Trust Registry. Michael Boyd. Michael spoke about digital wallet UI this spring and is Trinsic’s Co-Founder and CPO. If you want to talk about web wallets and debate decentralization concepts, reach out to him. Kristina Yasuda. Kristina has been recognized for her innovative work around the world. You’ll find her leading identity standards at Microsoft.  

 

Stay tuned for more insights and industry updates. If you haven’t already, sign up for our newsletter below to never miss an invite. (Pssst…We have some big news coming next week you won’t want to miss.)

 

Like blue Vans and disrupting the identity space? Come join our team. 

The post IIW 2022 Recap: Building an SSI Proof of Concept in 30 Minutes and The Catch-22 of Interoperability appeared first on Trinsic.


KuppingerCole

SASE vs. Zero Trust: Perfect twins or antagonists?

The concepts behind Zero Trust and SASE are not new, but recent developments in technological capabilities, changes in the way people are working, accelerated adoption of cloud and Edge computing, and the continued evolution of cyberthreats have resulted in both rising in prominence.   As organizations seek to improve their security capabilities, many are evaluating Zero Trust and SASE

The concepts behind Zero Trust and SASE are not new, but recent developments in technological capabilities, changes in the way people are working, accelerated adoption of cloud and Edge computing, and the continued evolution of cyberthreats have resulted in both rising in prominence.  

As organizations seek to improve their security capabilities, many are evaluating Zero Trust and SASE to determine whether to adopt either, one, or both.  Join this session to understand what each can potentially deliver and the exact nature of the relationship between them.   




What Does It Mean to Package Ethics Into a Technology Stack?




Key Requirements for Next Generation MFA

In this talk you will learn how MFA can be a foundation for your Zero Trust Initiative

In this talk you will learn how MFA can be a foundation for your Zero Trust Initiative




Panel | Best Practices for Implementing Zero Trust

The “zero trust” approach to cybersecurity has been gaining momentum in recent years, as both corporations and government agencies have struggled with how to enhance security given the de-emphasis on the network perimeter. For the most part, the zero trust movement has remained rooted in network principals. However, in the last two years, much of the world was forced

The “zero trust” approach to cybersecurity has been gaining momentum in recent years, as both corporations and government agencies have struggled with how to enhance security given the de-emphasis on the network perimeter. For the most part, the zero trust movement has remained rooted in network principals. However, in the last two years, much of the world was forced to interact exclusively online, creating a sense of urgency around zero trust security and the “never trust, always verify” philosophy behind it reached a new level of importance.

In this panel, you’ll hear from security leaders who have approached and implemented zero trust with an identity-first philosophy, considering it a transformative way of reducing friction for users, while addressing the increasingly challenging risk environment. They believe a true zero trust environment requires a strong identity and access management framework. 




The Importance of a Centralized Access Management System




SSI, NFTs, ENS & Co - Trends and Adoption of Decentralized Identity in 2022

Goal of this Deep Dive: Listeners will leave with a solid understanding of different approaches to decentralized identity like Self-Sovereign Identity (SSI) and Non-Fungible Token (NFTs), Ethereum Name Service (ENS) their adoption (based on real use cases) their impact on web2/3. Main Contents / Flow: The new status quo: The broken web and the shift from data silos to ecosystems.

Goal of this Deep Dive: Listeners will leave with a solid understanding of

different approaches to decentralized identity like Self-Sovereign Identity (SSI) and Non-Fungible Token (NFTs), Ethereum Name Service (ENS) their adoption (based on real use cases) their impact on web2/3.

Main Contents / Flow:

The new status quo: The broken web and the shift from data silos to ecosystems. The rise and latest trends in Web3: On-chain identity, NFTs, ENS & Sign-in with Ethereum Comparing paradigms: What is better, NFTs or SSI? Adoption & real-life use cases (selected SSI projects from walt.id users/clients) web 2: public sector, banking and financial services, HR, education, marketplaces, … web 3: decentralized finance (DeFi), creator economy (art, music), gaming, DAO governance, … Conclusion & Predictions for 2022


What Ails Enterprise Authorization

Continued advances in authentication technology have made the "identity" part of "identity and access management" more manageable over the years. Access management on the other hand, is still very much a "wild-west" landscape. As enterprises move to a zero-trust network access model, access management is the only way in which attackers can be prevented from gaining unwarranted access to enterprise

Continued advances in authentication technology have made the "identity" part of "identity and access management" more manageable over the years. Access management on the other hand, is still very much a "wild-west" landscape. As enterprises move to a zero-trust network access model, access management is the only way in which attackers can be prevented from gaining unwarranted access to enterprise data. Attackers can include both malicious insiders and those using compromised identities. Numerous organizations have suffered significant financial damage as a result of such unwarranted access from legitimately identified users.

Authorization rules in an enterprise can apply to many types of assets: files on a network drive, cloud resources such as virtual machines and storage buckets and enterprise applications and actions within them. Managing authorization across all these assets is complex in and of itself. Most enterprises also use third-party “Software as a Service ' platforms that maintain their own permissions, further complicating enterprises’ efforts to effectively manage authorization.

This talk identifies common causes of "privilege sprawl" in enterprises, and discusses management techniques that can result in "least privilege" permissions to personnel while ensuring no business disruption




The Empowered Consumer and the Next Era of Digital Identity




Experience is What Counts, Orchestration is How you Get There




Reinventing the Network with Zero Trust to Stop External Network Attacks




OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dyn

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.

This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information




What Supports Zero Trust in the Enterprise?

When we think of Zero Trust, we often discuss how it can support and improve your security posture, defense-in-depth strategies, and architecture -- but what supports Zero Trust? This discussion will focus on other IT / Security strategies, methodologies, and business practices that can help better position an organization to be successful in their approach to Zero Trust. 
When we think of Zero Trust, we often discuss how it can support and improve your security posture, defense-in-depth strategies, and architecture -- but what supports Zero Trust? This discussion will focus on other IT / Security strategies, methodologies, and business practices that can help better position an organization to be successful in their approach to Zero Trust. 


The Path to Zero Trust by Securing Privileged Identities

Attacks on identity and privileged access pathways are relentless, with the stakes of a cyber-breach never higher. Securing privileged identity within your organisation has never been more important as it is the foundation of a successful Zero Trust implementation. Zero Trust is built on foundations that are essential across your cybersecurity strategy, delivering greater value from existing cyber

Attacks on identity and privileged access pathways are relentless, with the stakes of a cyber-breach never higher. Securing privileged identity within your organisation has never been more important as it is the foundation of a successful Zero Trust implementation. Zero Trust is built on foundations that are essential across your cybersecurity strategy, delivering greater value from existing cyber investments. In this session, we will outline:

Why protecting identities is fundamental to achieving Zero Trust Practical steps you can take NOW to secure your privileged identities The pivotal role Privileged Access Management plays in achieving Zero Trust


Plan A: Reduce Complexity in your Cloud Native Environment (there is no Plan B)

Organizations with an advanced cloud migration program have hit a roadblock. TO successfully navigate the adoption of compartmentalized code, in order to reap the benefits of improved agility and reduced costs, The CISO must embrace automated deployment and gain control over APIs.

Organizations with an advanced cloud migration program have hit a roadblock. TO successfully navigate the adoption of compartmentalized code, in order to reap the benefits of improved agility and reduced costs, The CISO must embrace automated deployment and gain control over APIs.




A Learning Agenda for Federal Identity




Panel | Introducing Open Policy Agent (OPA) for Multicloud Policy and Process Portability

With over 120 million downloads, and users like Netflix, Zalando and GS,  the open source project Open Policy Agent has quickly become the de facto standard for Authorization. In this session, KuppingerCole´s Alejandro Leal will discuss with  Jeff Broberg, Gustaf Kaijser and Ward Duchamps on most common use cases where OPA is adopted.  

With over 120 million downloads, and users like Netflix, Zalando and GS,  the open source project Open Policy Agent has quickly become the de facto standard for Authorization. In this session, KuppingerCole´s Alejandro Leal will discuss with  Jeff Broberg, Gustaf Kaijser and Ward Duchamps on most common use cases where OPA is adopted.  




Panel | MFA usage in enterprise

There are so many ways enterprises could benefit from using Multi-Factor Authorization (MFA). Benefits include identity theft prevention, secure devices, lower breach risks, to name just a few. But why are so many businesses still not using MFA? Perhaps because it is too complex and time-consuming for IT departments? In this panel, our security leaders will try to clear up any misconceptions there

There are so many ways enterprises could benefit from using Multi-Factor Authorization (MFA). Benefits include identity theft prevention, secure devices, lower breach risks, to name just a few. But why are so many businesses still not using MFA? Perhaps because it is too complex and time-consuming for IT departments? In this panel, our security leaders will try to clear up any misconceptions there seem to be about implementing MFA in the enterprise.




IAM 2025: Integrated, Agile, Flexible. Decentralized?

Times are challenging, probably more than during the last few decades, with a pandemic that seems to never ending, homeoffice workers who don´t want to return, some frightening growth rates on the dark side of digital with ransomware everywhere and nation-state intellectual property theft on a broad level. We therefore have to update and modernize our identity & access programs to meet ch

Times are challenging, probably more than during the last few decades, with a pandemic that seems to never ending, homeoffice workers who don´t want to return, some frightening growth rates on the dark side of digital with ransomware everywhere and nation-state intellectual property theft on a broad level. We therefore have to update and modernize our identity & access programs to meet chose new challenges and enable an agile & composable business. Identity proofing through global identity networks, risk mitigation of a workforce that remains at the home office, and all that within an increasingly complex multi-cloud & hybrid infrastructure.

In this session Martin Kuppinger will provide you with predictions on how IAM will evolve over the years to come and which role decentralized technologies will play.




The State of Passwordless Authentication

The FIDO Alliance has made tremendous strides in its mission to change the nature of authentication with stronger, simpler and passwordless authentication. Join this session to get find out the state of passwordless authentication from the FIDO lens, including a sneak peak at major news that will – finally - make passwordless FIDO authentication available to the masses.

The FIDO Alliance has made tremendous strides in its mission to change the nature of authentication with stronger, simpler and passwordless authentication. Join this session to get find out the state of passwordless authentication from the FIDO lens, including a sneak peak at major news that will – finally - make passwordless FIDO authentication available to the masses.




OAuth DPoP (Demonstration of Proof of Possession): How to Not Let Attackers Steal your OAuth Token

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enablin

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.

The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.

These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.




Implementing Multi-Region Identity Identifiers and IAM




Siemens AG: Real-World Enterprise IAM at Scale

In today´s unpredictable business environment where change is the normal, it has become critical to have a manageable and scalable Identity & Access Management program in place. In this Best Practice Presentation, Leonardo Morales will talk about the challenges and his learnings from implementing state-of-the-art IAM at Siemens AG, and what the next steps will be.

In today´s unpredictable business environment where change is the normal, it has become critical to have a manageable and scalable Identity & Access Management program in place. In this Best Practice Presentation, Leonardo Morales will talk about the challenges and his learnings from implementing state-of-the-art IAM at Siemens AG, and what the next steps will be.




Practicalities of Identity Proofing for Authentication




A Blueprint for Achieving a Passwordless Reality

Password-related attacks increased by a staggering 450% in 2020, with over 1.48 billion records breached worldwide. Meanwhile, the average cost of a password reset exceeds $50 USD. We all know that passwords fail to deliver adequate Zero-Trust security and cause unnecessary friction for both customers and the workforce. So why have passwords not receded into the background? What are the key challe

Password-related attacks increased by a staggering 450% in 2020, with over 1.48 billion records breached worldwide. Meanwhile, the average cost of a password reset exceeds $50 USD. We all know that passwords fail to deliver adequate Zero-Trust security and cause unnecessary friction for both customers and the workforce. So why have passwords not receded into the background? What are the key challenges facing enterprise passwordless agendas? And how can modern identity and access management help us realise a blueprint for a passwordless reality? 




Fraud Reduction Intelligence Platforms - an Overview




Panel | Overcoming SMS OTP: Secure passwordless MFA with your mobile phone




Panel | Identity Fabrics: The Mesh and the Factory for Identity Services

Identity Fabrics as a concept has established itself as a common paradigm for defining and implementing the identity services needed by organizations to provide seamless, yet secure and controlled access of everyone and everything to every type of service, regardless whether its legacy or shiny & bright SaaS, and regardless of where it runs. Identity Fabrics support the shift-left in IAM think

Identity Fabrics as a concept has established itself as a common paradigm for defining and implementing the identity services needed by organizations to provide seamless, yet secure and controlled access of everyone and everything to every type of service, regardless whether its legacy or shiny & bright SaaS, and regardless of where it runs. Identity Fabrics support the shift-left in IAM thinking from only managing applications to providing a consistent set of identity services for the developers of digital services. Identity Fabrics deliver the integration and control plane required for a modern IAM.

In this panel, the panelists will discuss where Identity Fabrics stand today, how they are implemented in practice, and what to consider for prioritizing services, for picking the right technologies, and for operations, as well as for building an Identity API layer and integrating back to the legacy.

They also will look at whether and where specific variants are needed, such as Consumer Identity Fabrics looking at the CIAM and CDP (Customer Data Platform) use cases.




Why KYC Isn’t Enough




Building a robust CIAM foundation, fit for the dynamic financial market

As organizations are recovering from the pandemic, many of them embark on a digital transformation at high-speed. Investments to drive online business, powered by customer insights and an attractive user experience, yet secure and compliant to rules and regulations, have never been bigger. NN, an international financial services firm with over 15,000 emplo

As organizations are recovering from the pandemic, many of them embark on a digital transformation at high-speed. Investments to drive online business, powered by customer insights and an attractive user experience, yet secure and compliant to rules and regulations, have never been bigger.

NN, an international financial services firm with over 15,000 employees, is changing from a traditional insurance firm into a modern and online financial services firm that focuses on frequent and valuable customer interactions. NN is providing these online services across multiple channels in a secure and compliant manner while offering its customers an outstanding user experience. For this NN has implemented a robust innovative IAM platform that entails key functions like identification, verification, authentication and authorization, fit for the dynamics of the financial industry.

Join Ronald van der Rest & Bas Kerpel, who lead NN's IAM Platform Teams, as they explain how powerful Customer Identity & Access Management can be, when you are transforming your organization to become successful in doing business online. Ronald and Bas will share relevant insights into NN's IAM Platform and will touch especially on its identity orchestration capabilities.




Panel | Deliver on the Promise of an Identity Fabric: The Power of Data

Digital identities of consumers, customers, business partners, employees, but also devices, things, or services are at the core of the digital business.  Unfortunately, most digital identities reside in siloes. Building a modern Identity Fabric that delivers seamless yet secure and controlled access from everyone and everything to every service requires breaking down the legacy identity siloe

Digital identities of consumers, customers, business partners, employees, but also devices, things, or services are at the core of the digital business.  Unfortunately, most digital identities reside in siloes. Building a modern Identity Fabric that delivers seamless yet secure and controlled access from everyone and everything to every service requires breaking down the legacy identity siloes, and building a modern, flexible, identity data foundation.




The Value Paradox: The 3 Inflections of IGA




Denmark's 2022 brand new eID solution




The ICaaS (Identity Component as a Service) approach for taking control of customer experience




Panel | Centralized vs. Decentralized: Pros, Cons, Use Cases




Certificate Based Authentication in a Cloud Native Environment - a Migration Journey from Handcrafted XML Signing to OpenID Connect

During this best practice session we will present you with hands-on experience from one of our financial services industry customers. The company used a handcrafted xml signature mechanism to authenticate their business partners when initiating machine-to-machine communication to exchange data between data centers. When the customer decided to migrate to REST APIs in a cloud native setup, the ex

During this best practice session we will present you with hands-on experience from one of our financial services industry customers.

The company used a handcrafted xml signature mechanism to authenticate their business partners when initiating machine-to-machine communication to exchange data between data centers. When the customer decided to migrate to REST APIs in a cloud native setup, the existing mechanism was no longer fit for purpose. Together, we designed a solution to keep the benefits of certificate based authentication while establishing an interaction model conforming to the OpenID Connect standard. We implemented the mechanism based on the open source software Keycloak, successfully passed an external penetration test and have to this point authenticated hundres of thousands of sessions. After our session, attendees will

be familiar with standard conforming approaches to use OpenID Connect with certificates for authentication be able to assess which parts of their authentication flow will benefit from using certificates know relevant open source technologies and technical approaches to use in their own implementations understand common pitfalls and relevant considerations when implementing the standards in a real-world, cloud based scenario


IAM-Suites for Medium-Sized/Mid-market Organizations




Zero Trust and Software Supply Chain Security: Must-do’s for Every Organization




Panel | Multi-Cloud Agility Must-Haves

With a highly prioritized digital tranfsformation towards a composable enterprise, it will be inevitable to work with multi-cloud solutions to achieve the level of agility and flexibility required. If it was to avoid vendor lock-in or to consequently go for best-of-breed solutions - in this cloud expert panel we will discuss approaches to manage multi-clouds efficently and to avaid increased compl

With a highly prioritized digital tranfsformation towards a composable enterprise, it will be inevitable to work with multi-cloud solutions to achieve the level of agility and flexibility required. If it was to avoid vendor lock-in or to consequently go for best-of-breed solutions - in this cloud expert panel we will discuss approaches to manage multi-clouds efficently and to avaid increased complexity.




Dealing with Multi-Cloud, Multi-Hybrid, Multi-Identity: Recommendations from the Field




Panel | Digital Identity & Web3- Rethinking Business Models




The Changing Cyber Threat Landscape and its impact on IAM (I)




Panel | The Stack, the Stack, the Stack: How Trust over IP is Enabling Internet-Scale Digital Trust

The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems (aka self-sovereign identity or “SSI”) based on digital wallets and digital credentials. What industry insiders have demanded for long is becoming reality. This is bringing challenges to the forefront inc

The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems (aka self-sovereign identity or “SSI”) based on digital wallets and digital credentials. What industry insiders have demanded for long is becoming reality. This is bringing challenges to the forefront including resistance of the identity establishment and major questions about interoperability between emerging and existing identity systems.

The Trust over IP Foundation was founded by a pan-industry group of leading organizations with a mission to provide a robust, common standard and complete architecture for internet-scale digital trust. In this session, leaders in digital identity from the ToIP Steering Committee will outline the impact this missing layer has had on digitization of trusted interactions, why technology alone won’t solve this and how the ToIP stack is designed to tackle both technology and human governance to bring open and interoperable standards at each layer of the trust architecture. This interactive panel will be moderated by ToIP’s Director of Strategic Engagement and will explore the views of its member organizations for a lively and engaging debate on how we finally establish trust in the digital age.




From A to B - How Decentralized Technologies Are Changing Collaboration Between the Public and Private Sector

The world of modern urban mobility is full of - unused - opportunities. To get to their destination, people can use public transportation, take a cab or rent an e-scooter. But many options also means many providers. Anyone who uses more than one of the aforementioned forms of transportation to get from A to B will inevitably be confronted with a fragmentation of their journey. This is anything but

The world of modern urban mobility is full of - unused - opportunities. To get to their destination, people can use public transportation, take a cab or rent an e-scooter. But many options also means many providers. Anyone who uses more than one of the aforementioned forms of transportation to get from A to B will inevitably be confronted with a fragmentation of their journey. This is anything but smooth and user-friendly. A simple example makes this particularly clear: If Erika Mustermann has to go to London for a business meeting, she first takes the suburban train to the airport, then gets on a plane, and then has a cab take her to the hotel. That's three different booking processes with three different mobility providers. Decentralized technologies, on the other hand, enable a new kind of efficiency and effectiveness in the back-end networking of different providers. But how can such a seamless customer journey be implemented so that both mobility service providers and customers benefit equally? Sophia Rödiger, CEO of bloXmove, is happy to tackle this challenge in a talk on IT Trans. In doing so, she explores the question of how, for example, the individual players in local public transport can cooperate with each other while remaining independent and what role blockchain technology plays in this. She also explains how providers can save resources through the decentralized concept while gaining more customers. In addition, she puts a special focus on how the cooperation between the public and private sectors can be changed by the approach in the long term.




Security Improvement Through Visibility of Changes in Hybrid/Multi-Cloud Environments

Performing accidentally wrong or intentionally bad configuration changes by administrators, scripts or systems can lead to serious security vulnerabilities or unintentional visibility or leakage of data. This applies to on-premises systems, but especially to systems and applications in cloud environments. With a comprehensive change auditing and reporting in hybrid environments, such critical cha

Performing accidentally wrong or intentionally bad configuration changes by administrators, scripts or systems can lead to serious security vulnerabilities or unintentional visibility or leakage of data. This applies to on-premises systems, but especially to systems and applications in cloud environments.
With a comprehensive change auditing and reporting in hybrid environments, such critical changes and conditions can be quickly identified and remediated.
This session will deal with this topic in general and with a solution approach in particular.




Demystifying CIEM for an Effective Multi-Cloud Security Enablement

As digital business pushes organizations towards an accelerated multi-cloud adoption, CIEM (Cloud Infrastructure Entitlements Management) emerges as a strong enabler for securing access and entitlements across an increasingly distributed cloud environment. Traditional PAM and IGA tools aren't natively designed to manage cloud infrastructure entitlements and therefore can't be easily re-purposed to

As digital business pushes organizations towards an accelerated multi-cloud adoption, CIEM (Cloud Infrastructure Entitlements Management) emerges as a strong enabler for securing access and entitlements across an increasingly distributed cloud environment. Traditional PAM and IGA tools aren't natively designed to manage cloud infrastructure entitlements and therefore can't be easily re-purposed to discover and remediate excessive cloud permissions across multiple IaaS and PaaS platforms. The confusion arising from un-identically structured CSPs and misaligned cloud terminology is further aggravated by the quest of IAM, PAM and Cloud Security providers to enter CIEM space and capture market share.

In this session, we will focus on how the CIEM market has been evolving over the last few years to manage the critical cloud security gaps left unaddressed by CSPM (Cloud Security Posture Management) and CWP (Cloud Workload Protection) tools, and how CIEM complements these tools to offer a wholistic cloud security advantage. We will also discuss how CIEM addresses some of the most critical security tenets of your organization's cloud adoption program and future planning.

As for the key takeaways of this session, you will be able to understand and articulate:

When and where does CIEM fit in your overall cloud security and access governance strategy? What are the critical capabilities of CIEM to help evaluate the right CIEM product for your multi-cloud environment? What are industry best practices for implementing and operationalizing CIEM for your cloud security and achieving faster ROI?


Panel | Cloud Infrastructure Entitlement Management (CIEM): Managing Your Cloud Scale Risk with an Identity Defined Security Approach

CIEM adopts a zero trust approach to Identity and Access Management (IAM) for cloud infrastructures, making access risks visible and avoidable. In this panel session 

CIEM adopts a zero trust approach to Identity and Access Management (IAM) for cloud infrastructures, making access risks visible and avoidable. In this panel session 




How organizations can make and save money with decentralized identity

In this talk John will present one way of modelling the potential value propositions for the parties (people and organisations) in decentralised identity models. Using real world examples of products and systems, he’ll use the model to consider their value propositions, and whether we need a “value exchange” ecosystem to enable the decentralised identity market to thrive.  Along the way the

In this talk John will present one way of modelling the potential value propositions for the parties (people and organisations) in decentralised identity models. Using real world examples of products and systems, he’ll use the model to consider their value propositions, and whether we need a “value exchange” ecosystem to enable the decentralised identity market to thrive. 

Along the way the talk will consider the risk of false prophets and fake profits, where the residual value will remain,  as well as why (in John’s opinion) decentralised identity is following the story arc of “gradually, then suddenly” (E. Hemmingway, The Sun Also Rises).




The strategic building blocks of the composable enterprise: Concepts & technologies

This session is a continuation of the opening keynote by Martin Kuppinger on the future Composable Enterprise. Together we take a look at what powers the composable enterprise and which concepts and technologies can contribute to building a composable enterprise. KuppingerCole proposes an engine that powers composable enterprises, made up of composable services, identities, and data. Since this

This session is a continuation of the opening keynote by Martin Kuppinger on the future Composable Enterprise. Together we take a look at what powers the composable enterprise and which concepts and technologies can contribute to building a composable enterprise.

KuppingerCole proposes an engine that powers composable enterprises, made up of composable services, identities, and data. Since this journey towards becoming composable is intensely individual based on business goals and requirements, there countless ways of cultivating this modular trifecta. Therefore, this session identifies some of the building blocks that organizations use to cultivate interchangeability and agility to achieve their continually shifting business goals. These building blocks are modular themselves, allowing organizations to exercise different aspects to power composability.




Give me 10 minutes, I'll give you the truth about verified Identities




Promoting Cyber Resilience through Identity and Zero Trust

Resilience is defined as the dynamic process of encompassing positive adaptation within the context of adversity. Organizations today are under constant siege from any number of security threats. The only path to weathering this ongoing storm is to learn to intelligently adapt through the understanding of identity and the application of Zero Trust. In this presentation, we will illu

Resilience is defined as the dynamic process of encompassing positive adaptation within the context of adversity. Organizations today are under constant siege from any number of security threats. The only path to weathering this ongoing storm is to learn to intelligently adapt through the understanding of identity and the application of Zero Trust. In this presentation, we will illustrate how applying greater identity assurance and least privilege principles organizations can dramatically improve their overall cyber resilience.




A Story About Convenient Security




Dissecting Zero Trust, a real life example

After his presentation on Strategic and Tactical approaches for Zero Trust, in this presentation Fabrizio will breakdown the components of a Zero Trust implementation and highlight what a company needs to implement it. Fabrizio will also cover use-cases like legacy or cloud-based applications.

After his presentation on Strategic and Tactical approaches for Zero Trust, in this presentation Fabrizio will breakdown the components of a Zero Trust implementation and highlight what a company needs to implement it. Fabrizio will also cover use-cases like legacy or cloud-based applications.




Trends in Enterprise Authentication




Identity in Polyglot Cloud Environments




Panel | Assessing the Cybersecurity Impact of Russia’s Invasion of Ukraine

Russia’s invasion of Ukraine has tectonic consequences for citizens and businesses across the world. An expectation of normalcy post the pandemic has been replaced with fears of increased gas prices and supply chain disruptions. Attackers are expected to leverage the context to carry out advanced cybercrime intrusions, leaving businesses susceptible to attacks that could have potential second

Russia’s invasion of Ukraine has tectonic consequences for citizens and businesses across the world. An expectation of normalcy post the pandemic has been replaced with fears of increased gas prices and supply chain disruptions. Attackers are expected to leverage the context to carry out advanced cybercrime intrusions, leaving businesses susceptible to attacks that could have potential second and third-order effects on their operations. A cyber problem immediately becomes a business problem that requires effective business continuity contingency plans built around defensible, risk-informed choices.  

In this panel session, you’ll hear from security leaders who will provide a pragmatic assessment of organizational dependencies to improve your odds of identifying and mitigating cyber attacks, while addressing the increasingly challenging risk environment organizations find themselves in.  




Demystifying Zero Trust

“It’s about the journey, not the destination” they said. “It’s basically just Don’t Trust But Check, what’s the real difference?” they said. “ What’s the big deal?” They said. Zero trust has been the panacea to everyone’s security problems, for a really long time now, and yet we are still talking about it, and not just doing it. It’s no surprise that there is a certain level of cynicism then th

“It’s about the journey, not the destination” they said. “It’s basically just Don’t Trust But Check, what’s the real difference?” they said. “ What’s the big deal?” They said.

Zero trust has been the panacea to everyone’s security problems, for a really long time now, and yet we are still talking about it, and not just doing it. It’s no surprise that there is a certain level of cynicism then that zero trust was all marketing and no trousers.

If 2021 brought us anything though, it was finally some clarity that zero trust really does have a role to play in the enterprise, just not by itself. Various vendors and enterprises have finally conceded that while it is important, it is just one part of the puzzle to help organisations manage their ever changing, digitally transformed, hybrid working, flexible, work from home environments.

Everything changed with zero trust, and now it is actually helping us to change again. In this talk, learn from;

Where zero trust came from, and where it is now
What the new working paradigm means for CISOs…
… and how zero trust environments and working models can help, not hinder, even without a final destination




The Digital Identity Shake-up we’ve been waiting for: How to Survive, and how to Thrive

 

 




European Identity & Cloud Awards Ceremony

Once again, analysts from KuppingerCole come together to showcase outstanding Identity Management and Security projects, standards and people. The winners will be honored live on stage during the award ceremony.

Once again, analysts from KuppingerCole come together to showcase outstanding Identity Management and Security projects, standards and people. The winners will be honored live on stage during the award ceremony.




SSI Market Size (and opportunity in web3.0) and use cases

Who is this new beast, which widespread technology is going to be used everywhere from banking to metaverse, travel to healthcare? The technology that has no limits in its application across sectors is equally welcome in centralised and decentralised worlds. Meet, self-sovereign identity (SSI). How do you quantify the impact of a paradigm which will completely transform how we interact with

Who is this new beast, which widespread technology is going to be used everywhere from banking to metaverse, travel to healthcare? The technology that has no limits in its application across sectors is equally welcome in centralised and decentralised worlds. Meet, self-sovereign identity (SSI).

How do you quantify the impact of a paradigm which will completely transform how we interact with identity and more broadly, authentic or trusted data? Our estimates say its market size is $550b / $0.55Tr.

We’ll give a brief rundown of SSI applications across Finance, NFT, Banking, Crypto and many more.




Zero Trust at Siemens: Where the impossible and the doable shake hands

Two years ago, Siemens started a still going on process to change its security architecture to Zero Trust. Not an easy task for a company that big, widespread, and divers in products. In this session program leads Thomas Müller-Lynch and Peter Stoll are talking about what they mean when talking about Zero Trust at Siemens, what everyone can learn from the approach Siemens is taking, an

Two years ago, Siemens started a still going on process to change its security architecture to Zero Trust. Not an easy task for a company that big, widespread, and divers in products.

In this session program leads Thomas Müller-Lynch and Peter Stoll are talking about what they mean when talking about Zero Trust at Siemens, what everyone can learn from the approach Siemens is taking, and what they are planning as their next steps.




Identity Ecosystems for a Better Customer Experience

Portable, verifiable and, most importantly, reusable representations of personal data can enable high-touch, high-trust and low-cost engagement between customers and networks of complementary service providers. The EU is already adjusting to the opportunities of Self-Sovereign Identity, but the private sector needs to demonstrate more high-value use cases in order to force beneficiary regulations

Portable, verifiable and, most importantly, reusable representations of personal data can enable high-touch, high-trust and low-cost engagement between customers and networks of complementary service providers. The EU is already adjusting to the opportunities of Self-Sovereign Identity, but the private sector needs to demonstrate more high-value use cases in order to force beneficiary regulations and an enabling environment for the technology. The tools and techniques of Self-Sovereign Identity (SSI), including the no-code capabilities provided by ProofSpace, can be used to create trust networks within an organization’s existing technical infrastructure in order, for example, to verify that a credential shared by a customer was issued by a trusted partner. A valuable use case for this is re-usable Know Your Customer verification. Other high-value use cases for SSI trust networks include: networks of affiliated hospitality services referring and on-boarding customers; networks of educational institutions verifying academic credentials; networks of employers verifying employment histories; and web 3.0 and DAO communities verifying member reputation and voting rights for management and governance purposes. A brilliant case study for this is ProofSpace’s work with the pro-democracy opposition of Belarus, where Self-Sovereign Identity enables a decentralized and secure “virtual country”, offering private and public services to unite, serve and empower the pro-democracy community.




The 'Credentials-first Mobile-first' Identity Ecosystem

This is a new development in the world and touches on mDL, Verifiable Credentials, decentralized identity, and personal data topics. A forward-looking presentation about what the world might look like, the foundational changes represented by this change, and some current and potential innovations that are now possible because of this.

This is a new development in the world and touches on mDL, Verifiable Credentials, decentralized identity, and personal data topics. A forward-looking presentation about what the world might look like, the foundational changes represented by this change, and some current and potential innovations that are now possible because of this.




Cardea: verifiable credentials for health information go open source

As an incubator for innovation in air travel, Aruba has chosen to use verifiable digital credentials to manage entry requirements and health testing for travel to the island. This decentralized, open-source technology, which provides secure authentication while preserving traveler privacy, was developed by SITA and Indicio.tech and donated to Linux Foundation Public Health as &

As an incubator for innovation in air travel, Aruba has chosen to use verifiable digital credentials to manage entry requirements and health testing for travel to the island. This decentralized, open-source technology, which provides secure authentication while preserving traveler privacy, was developed by SITA and Indicio.tech and donated to Linux Foundation Public Health as  Cardea. In this session, representatives from Aruba’s government, Indicio, and SITA will discuss why they chose a decentralized approach, how they created a trusted data ecosystem, and why the ability to verify personal data without having to check in with the source of that data will transform air travel, healthcare, and tourism




Drone Pilot Credentialing for Air Safety

Drone operations are estimated to bring €10bn/yr to the EU economy by 2035. A critical e-Government issue is the ability to fly drones in regulated airspace around airports. Unauthorised drone operations in the flightpath of passenger aircraft can endanger lives and cause huge financial loss for airport operators. Heathrow Airport has invested >£10M in security systems to track and destroy

Drone operations are estimated to bring €10bn/yr to the EU economy by 2035. A critical e-Government issue is the ability to fly drones in regulated airspace around airports. Unauthorised drone operations in the flightpath of passenger aircraft can endanger lives and cause huge financial loss for airport operators. Heathrow Airport has invested >£10M in security systems to track and destroy unauthorised drones. Digitising the entire drone flight approvals process will involve many steps, but the major one we are addressing is verifying pilot training credentials. SSI could radically improve this currently cumbersome and low-trust process. In an Innovate-UK grant funded project (Fly2Plan), we developed an SSI PoC for a drone pilot training company to issue training certificates as verifiable credentials to drone pilots, which can be verified by Heathrow Airport. In this talk we present our learnings and future work.




The CASE for a Vehicle Lifecycle Ledger

Mobility-as-a-service is changing the way people move. From mobility based on driving your own car, it is converging to the consuming of various services using multiple modes of transportation. Ranging from eScooters, bicycles, ride-sharing to car-sharing, ride-hailing and public transport.

Mobility-as-a-service is changing the way people move. From mobility based on driving your own car, it is converging to the consuming of various services using multiple modes of transportation. Ranging from eScooters, bicycles, ride-sharing to car-sharing, ride-hailing and public transport.




A Key Milestone towards CBDC Wallets - The eIDAS 2.0 Payment-Authorising Wallets

The presentation to be made by Stéphane Mouy (SGM Consulting - France) and Michael Adams (Quali-Sign - UK) will focus on the forthcoming eIDAS 2.0 digital identity wallets (DIWs) and the payment use case. DIWs will allow users to share high LoA identity and status credentials to various relying parties, including financial institutions, as well as meet applicable strong customer authentication req

The presentation to be made by Stéphane Mouy (SGM Consulting - France) and Michael Adams (Quali-Sign - UK) will focus on the forthcoming eIDAS 2.0 digital identity wallets (DIWs) and the payment use case. DIWs will allow users to share high LoA identity and status credentials to various relying parties, including financial institutions, as well as meet applicable strong customer authentication requirements for payments.
The payment use case is of critical importance to eIDAS 2.0 digital identity wallets and promises to be transformational for EU payment service providers as it offers a level-playing field for payment means, whether account-to-account or card based. DIWs are also likely to play a key role for the deployment of CBDCs supporting offline interactions with embedded AML/CFT verifications.
The presentation will draw on the work of the eWallet Network presented in the Developing a digital identity solution for use by the financial sector based around eIDAS trust services report published by the EU commission in October 2021 and authored by Stéphane Mouy. It will include a live presentation of an eIDAS 2.0/ISO 23220-1 digital identity wallet offering online/offline connectivity that can be used in a variety of contexts, including for payment authorisation purposes.
The session should be of interest to anyone interested in eIDAS 2.0 developments for digital identities as well as its regulatory implications for the financial sector but also to digital payment experts. A specific focus will be made on the offline connectivity requirement for DIWs that has clear technology implications.




We’re Gonna Need an even Bigger Boat: How Pervasive Digital Transformation, Nation State Actors, and Open Code Repositories Mandate a Reinvention of Identity




Panel | The Future of Authentication




Making Digital Identity Enable Your Organization's Cloud/Digital Transformation