Founder Spotlight: Wayne Chang of Spruce
Each month, we spotlight one of the founders of Okta Ventures’ portfolio companies. You’ll learn more about them and learn how they work with Okta. This month we speak with Wayne Chang from Spruce.
What is Spruce and what is your mission?
Spruce is an open source software company whose mission is to give users control over their data on the web, starting with Web3.
What were you doing before Spruce that brought you to this moment?
Prior to Spruce, I was part of the leadership team for decentralized identity initiatives at ConsenSys, which incubated uPort, one of the first self-sovereign identity projects. It was at ConsenSys that we realized the power of core technology. It gives control to individuals, while phasing out rent-seeking middlemen, and empowers end users. Essentially, this diminishes the power of platforms that rely on keeping users locked in. The combination of self-sovereign identity and Web3 enables a model where lock-in to a specific platform is erased and control returns to the user – a win for consumer choice. That’s what we try to continue and reinforce at Spruce.
What is Spruce’s solution? What challenges does it solve?
We believe the world is moving away from the centralized model of today, where users log into platforms and the mayor may not have access depending on various factors, to a decentralized model, where platforms access a vault of users’ personal data, and the user is empowered to adjust permissions for anyone, at any time.
To achieve this, we must move towards open authentication systems based on public key cryptography, such as Connect with Ethereum. Ethereum has tens of millions of monthly active users, and those we spoke to are excited to take back their digital control. As these systems develop, we are seeing a new class of compatible technologies, such as personal data safes like Kepler. This software allows individuals, businesses, and decentralized stand-alone organizations to host and protect their data wherever they want, whether with a trusted company or a server in their basement, all without downtime.
There will also be a move away from proprietary databases and shadow profiles, and toward open standards that allow digital credentials, exportable social media graphics, and data, all fully controlled by the user. We combine many of these open standards into two open source products under the Apache 2.0 license: the Decentralized Identity Toolkit DIDKitand white label ready ID card holder Credible.
Why did Spruce want to work with Okta?
We wanted to work with Okta because companies that choose Okta tend to take data security and ownership very seriously. It is the best recommended provider when companies standardize their single sign-on strategy to improve security, digital accountability, or security compliance standards such as SOC 2, ISO 27001, or FedRamp. We are both customers and partners of Okta.
These companies also tend to care about data sovereignty, zero-trust architectures, digital credentials, and user-centric data workflows like those found in Web3. Spruce solves many of these problem categories, and we appreciate the opportunity to partner with these companies in a way that works seamlessly with existing Okta installations. For example, our product allows any Okta or Auth0 customer to securely interact with blockchain accounts simply by installing a marketplace plugin.
How does Spruce work with Okta? What support are you looking for in a corporate partner?
We work with Okta in several ways. First of all, we are happy to announce the release of our Connect with Ethereum Auth0 marketplace integration, which allows any Auth0 customer to implement the one-click Ethereum login workflow to resolve blockchain data.
In the near future, we hope to consolidate our decentralized identity libraries to enable any Auth0 and Okta client to enable data interoperability with W3C Verifiable IDs and W3C Decentralized IDs. This means Okta customers can share trusted data with each other, including professional certifications, cross-organizational approvals, budgets, financials, and more, while tightly controlling access to satisfaction criteria. CISOs.
When we work with a partner company, we look for large scale and aligned incentives. It’s obvious that Okta has scale, with hundreds of millions of users on the service. What particularly impressed us was how well the incentives lined up for Spruce, Okta, and even Okta customers. Okta management strongly believes in innovation, that the world is non-zero sum and that huge industries will open up as we continue our transition into the digital age. Additionally, since Okta offers a simple service that does not monetize customer data, we believe it aligns well with our vision of data sovereignty.
What trends do you expect to see in the decentralized identity industry?
The following trends combine into the perfect storm for decentralized identity adoption.
- The proliferation of the Web3. Web3 is proving to be the largest movement of users taking back digital control that we have seen, it is also the most successful public key infrastructure adoption event of all time. For all decentralized identity projects, the widespread use of public key cryptography is essential for successful deployments. We think this perfectly answers the question “why now?”
- Antitrust rulings, data privacy regulations and growing user distrust of big tech. It’s no surprise that the FTC and the general public are upset with what are seen as big tech companies lacking accountability and hoarding data and power. . Given this climate, many data privacy officers may actually prefer that user data be stored directly with their customers and accessed only when needed. They understand that much of the data their organizations store today can become illegal without additional consent processes in place. As organizations are mandated by government regulations to allow users to export all of their data in a useful way, we believe personal data vaults will become a popular way for users to regain control, while mitigating risk. privacy for businesses.
- The transition to Zero Trust architecture. The White House issued a federal statement zero trust strategy, and this is a massive change in the security industry. This change will favor systems based on public key cryptography with next generation authentication/authorization systems. The types of authentication and authorization we are working on are fully aligned.
- The emergence of the data supply chain. We think the world is getting smaller. To be competitive, companies will need to share more information with their collaborations than they ever have before. Data will be tracked and traced like assets along a physical supply chain, but instead of paper bills of lading there will be digital certificates of origin, user consent packages and certifications of data anonymization. All of this is enabled using the tools of Decentralized Identity, in which not only people, but anything, can have an ID, even an Excel file.
Interested in joining Okta Ventures? Check out our FAQs here and feel free to contact our team or submit your business for review.