Rohan Pinto’s New Book “Decentralized Identity Explained”

Robert MacDonald:
All right. Hi, everybody. Rob McDonald here again. Welcome to our latest IBA Friday. Unfortunately, Sheil couldn't be with us today, so I brought along a heavy hitter. We have Rohan Pinto along for the ride today. Rohan, hi, how are you?

Rohan Pinto:
Hi, Robert. Thank you, thank you for having me on your so famous IBA Fridays again.

Robert MacDonald:
Absolutely, absolutely.

Rohan Pinto:
It's a pleasure talking to you, Robert.

Robert MacDonald:
Yeah, it's always good to talk to you. Before we get started, why don't you tell everybody what you do here and then we'll jump into why you're on today because it's kind of a big deal.

Rohan Pinto:
Well, I hope so. Hi, folks. I'm Rohan Pinto, I'm the CTO at 1Kosmos. I run the technology vertical, especially when it comes up to driving new technologies and embedding new technologies onto a stack. That's my primary focus at work.

Robert MacDonald:
At work. Yes, absolutely. Rohan, you're kind of a big deal right now, at least in my eyes, not that you never were before, but you are officially a published author, which is exciting. You've written a book around decentralized identity, it's called Decentralized Identity Explained: Embrace Decentralization for a More Secure and Empowering Digital Experience. Why don't you tell us a little bit about the book, Rohan? What's going on? What did you do? What did you write?

Rohan Pinto:
No problem at all. Usually when I listen to other podcasts or other interviews by authors, 100% of the time, I hear people state a statement and end the statement with, "You can read about it in my book," or, "I have explained this further in my book," or, "You can learn more about this in my book," and you hear that over and over, and over again. I'm going to refrain from trying to say that during this interview, and I'm going to start off and just buy my book and read it all day so I don't have to repeat myself over again because I'm not trying to sell anything out here.

The idea popped into my mind a long time ago. It's been a year and a half... It took me a year and a half to finish writing the book. The reason for coming up with a topic like decentralized identity explained is because when it comes up to identity management, we are on the forefront of how identities need to be managed in a decentralized manner.

The entire industry is split into two halves. There's one half of the industry that's a huge proponent of decentralized identity, and then there's this other half that's an openness to decentralized identities. When I say opponent, they don't really oppose the structure. I guess their opposition is more along the lines of why should it matter whether it is centralized and decentralized? The fact is that it actually does matter.

Even when I drive around town, whether I drive around in Mississauga or Toronto, sometimes I see this protests that go around where people are standing around with banners saying that stop digital ID, and half the time I think most of these people don't even know what they're protesting about. Regardless, I thought it would be good to write a book on explaining the huge differential between what decentralized identities really do and mean versus what people perceive decentralized identity to be.

The other huge myth out there in the marketplace today or in the industry today is that oh my God, this is rocket science. It's extremely complex, you're giving power back to the user, what does that really mean for an organization that's managing identities, et cetera? I thought the best thing to do is instead of having to explain myself over and over and over again, probably write a book and every time I'm invited to a podcast, I could show myself by saying, "Buy my book."

Robert MacDonald:
By my book, yeah.

Rohan Pinto:
I'm kidding.

Robert MacDonald:
I think you touched on it in that about the book. Tell me a little bit about why you wrote the book. Now, I know that you are very deep into the decentralized world. You've basically built the foundation of this organization with the decentralized architecture that we have, but tell us a little bit about why you thought now maybe was a good time to write this book.

Rohan Pinto:
Yeah. The reason I thought now was a good time to... Again, I'm trying to stick to the question that you asked rather than going off on a tangent.

Robert MacDonald:
Go ahead.

Rohan Pinto:
The reason I thought now is a good time is because we have seen a huge move in how organizations are also embracing decentralized identities right now. They are embracing authentication mechanisms that are beyond just the traditional user IDs and passwords and MFA technologies that they used to use in the past. We are going beyond user IDs and passwords and OTP codes or via hardware OTP tokens to leveraging biometrics to access systems.

When we look at leveraging biometrics to access systems, there's a huge fear in people's minds saying that oh my God, I don't want to give anybody my fingerprint, I don't want to give my face to anyone. It can be hacked, it can be compromised. I thought the best thing to do was to educate the populace a little bit by explaining what decentralized identity is all about and how security plays a pivotal role in how identities need to be managed, and there's no better way to do it than by leveraging decentralized identities to have secure access control into your applications and infrastructure.

Given the huge shift in how the industry is heading towards, where everybody's going towards passwordless, everybody's talking about using Fido tokens to access machines, people are talking about using things like magic links to access applications without having the need for using a user ID and password. While these verticals like Fido or magic links or TP codes are all strong MFA mechanisms, but they're not enough. I thought it would be a good time to explain how not just decentralized identities, but also verifiable credentials and concepts, like privacy by design, play a pivotal role and how identities need to be managed in the future. I thought 2024, here we are. Let's get a book out there.

Robert MacDonald:
Exactly. Yeah, there's certainly a lot of... I don't want to say upheaval, we're not quite there yet, but there is certainly a shift coming. When you look at the book and the contents that's within it, who is this book really for? Who should be reading this book?

Rohan Pinto:
Okay.

Robert MacDonald:
Outside of marketing people that just really need to get a little bit more technical.

Rohan Pinto:
If you are in the identity management space, if your business unit within your organization deals with access control or you're concerned about who has access to your applications and your data and how you can ensure that your applications and your data can be accessed only by authorized individuals, it's high time you stopped looking at a SQL database as your source of truth and control to applications within your enterprise and at least start reading about what decentralized identities brings to the table so that you can not only secure your own organizational infrastructure, but also enhance your knowledge on how identities really need to be managed in this day and age.

Robert MacDonald:
Yeah, for sure. Based on that, what will people learn about your book or what will people learn after reading your book? What are they going to walk away with?

Rohan Pinto:
Okay, they're going to walk away with a couple of primary things. One is they're going to walk away with a very clear understanding of the difference between decentralized identities and how centralized identity systems used to work in the past. They're going to learn more about authorization and roles and rules that can determine who has access to what, and they also learn about having the ability to vet the authenticity of an individual rather than relying on a token for validating access. What I mean by that is when you use a user ID and password to access any system, yes, the user ID is RPinto or Rohan or RohanPinto with some password, like password123 because it's very, very secure.

Robert MacDonald:
Of course.

Rohan Pinto:
But there's no assurance that the organization has that the actual individual accessing the system is actually Rohan Pinto, to who that credential was issued to, or whether it is somebody else that Rohan had let someone borrow their credential or the credential was compromised. There's a huge difference between how decentralized identities work and traditional centralized IM systems work.

Before you go about implementing anything in the decentralized space, or in the biometric space, or in the verifiable credentials space, or in the identity management space, step number one is for you to know what you're dealing with, for you to understand the turf, for you to understand the playground that you're working with so that you can maximize your ROI and invest your organizational revenues in the right channels so that it can drive better value in whatever you implement for your organization.

Robert MacDonald:
Yeah, for sure.

Rohan Pinto:
Number one value would be if you buy it from us, but if you put that aside...

Robert MacDonald:
That goes without saying. Here's a question for you. After writing the book and now that it's all published, what did you learn through this process? Was there anything in particular? I'm sure as you start writing this and you're working with an editor, they're like that's too technical, it's not technical... What did you learn through this process about yourself, the ideal digital identity, decentralized identity, you name it. What did you learn?

Rohan Pinto:
It's a huge space and you hit the nail on the head. I think the number one thing that I learned is that it's extremely difficult to dumb things down. What I mean by that is when you're trying to write a book, you don't really have a specific caliber of a target audience in mind. I'm not writing a book out here saying that this can be read only by PhDs or by somebody who has done their masters in computer sciences and engineering.

You want to make sure that it can be interpreted and read and understood by people of all caliber, right from the very top down to the very bottom. You got to be very careful when you try to write something, trying to address a huge populace. You don't put the people who are high up there in their intellect to get bored while reading the book, nor do you want the people at the low end, maybe college students, to feel overwhelmed when they hear new terminologies like verifiable credentials or terms like ECDSA or cryptography, or things like that.

The hard part that I found was to make sure that it is dumbed down, but not to a point where it is plain English and it has value, and the message is delivered regardless of the language you use.

Robert MacDonald:
Fair enough. Now you know how hard marketing people have it, right?

Rohan Pinto:
Was that your weird thing? I need a raise.

Robert MacDonald:
Of course. Of course. Listen, Rohan, thank you very much for coming by and talking to us about the book. Obviously, you start at the very beginning, you said I'm not going to say you can learn more if you buy the book, but what would be interesting to know is where can you buy the book, Rohan? After people watch this, where can they go find it?

Rohan Pinto:
It's everywhere. You can find it on literally every leading bookstore online, whether it is Amazon or Indigo or Chapters. Go to any book publisher of your choice, and you're going to find the book out there.

Robert MacDonald:
Awesome. Some good Canadian references there, I like that. All right, Rohan, I appreciate you coming by today and joining us for another IBA Friday. Congratulations on the book. At 1Kosmos, we're all super proud of you for getting that published and getting that into market. It's an impressive accomplishment, and look forward to having you back for another IBA Friday in the near future.

Rohan Pinto:
Excellent. Thank you so much.

Robert MacDonald:
Thank you, sir.