skip to content

Can you actually own your identity and content on the web?

How do you prove you're you on the internet? How do you make sure a startup shutting down doesn't take all your data with it? Rizél Scarlett will show us how we can take back control.

Full Transcript

Click to toggle the visibility of the transcript

Captions provided by White Coat Captioning ( Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings.

JASON LENGSTORF: Today, on the show, we're bringing on Riz�l Scarlett. Riz�l, how are you doing?

RIZ�L SCARLETT: I'm doing good. How are you doing, Jason?

JASON LENGSTORF: I'm doing good. I'm getting noise, what's happening?

RIZ�L SCARLETT: Is that me?

JASON LENGSTORF: Why is everything making noise? Oh, my god.

RIZ�L SCARLETT: What noise are you hearing?

JASON LENGSTORF: What have I done?
[Laughter]. I have, like, a recursive sound loop happening...


JASON LENGSTORF: Oh, jeez. Okay. I found it. I found it. Okay. [Laughter].

RIZ�L SCARLETT: I want to know� I want to know what you were hearing.

JASON LENGSTORF: I was hearing the stream on a short delay. One of them started autoplaying and I couldn't find the tab. [Laughter].

RIZ�L SCARLETT: I'm like, oh, no, who's talking? Why are they repeating me? I'm like, oh, it's just me. [Laughter].

JASON LENGSTORF: Okay. Absolute chaos, but we are here and it's happening. It's good to go. [Laughter]. Welcome, everyone. I am� I'm so happy that we're here. Let's just try that from step one. Today, on the show, we're bringing on Riz�l Scarlett. Riz�l, how are you doing?

RIZ�L SCARLETT: I'm doing great.

JASON LENGSTORF: Great. I've been following your work� I feel like since the day you broke into this industry. It's been so cool to watch you kind of grow your career and you're working on stuff with Angie Jones. Do you want to give us a bit of a background on yourself?

RIZ�L SCARLETT: Yeah, I can give a quick background. I do want to give a little preface. I learned to code in 2018. I worked as a software engineer in Boston at a couple of startups and then after that, I switched into, um, DevRel at GitHub, GitHub Copilot, GitHub Codespaces. I had help to start a nonprofit teaching women of color how to code and nonbinary women how to code. I was like, wait, I like coding but I like talking about code better and creating content around it and it's way more fun with me.
After two years at GitHub, I had a good time, but I had the opportunity to work with Angie, so I definitely had to take that. Also, I think the impact I had at GitHub was great and I was, like, I want to go into a new space where people don't know much about it and see what kind of impact I can have there.

JASON LENGSTORF: Yeah, I think� honestly, if Angie Jones calls, you answer the phone, right?
[Laughter]. But, yeah, so, I think� yeah, I think we've worked together before, when you were at GitHub, but not since you started this new job. So I'm really excited to hear about what you're doing because to be completely honest with you, this is an area that I have no familiarity with at all. So, I'll just ask you the� the 101 question of, what is Web5?

RIZ�L SCARLETT: Yeah. To tell you what it is, first I think I'll give a little bit of background. So, the way that I hear people talk about it and I'm like, oh, this makes a lot of sense to me. When the internet was originally created, it was created with you own your own data. We came out with HTTP and it made it easy for the internet to be adopted because it was open, you can use it, it's free. And then what ended up happening� which, like, I'm not throwing shade at these companies, but a lot of companies ended up saying, all right, we want to build our own private networks, like Facebook and Amazon and that changed the way the internet is used.
Even though we think something like Facebook or Twitter or something like that is free, what's happening in exchange is they're selling our data. We're using it for free, but they're selling our data to different advertising companies. A lot of� we're not even realizing that a lot of our data gets� gets sold. Sometimes when we sign up, in the terms and conditions, we're like, yeah, sure, we don't even know what data's being put out there.
With Web5, we're trying to go back to that situation, to be able to, like, own your data and I think another problem, too, where although that was the originally intention of the internet, we didn't have all that infrastructure in place, like, I don't know� well, you probably have heard Angie's talks. But, she talks about� [Laughter]. � the identity layer was missing, so, we kind of bring that in as well. And, let me see what I else I can tell you, really quickly.
The W3C, basically the worldwide web, they created these identity. Then, at TBD, we were like, okay, we can actually make a framework that puts that into practice. They wrote down the specifications. It's just, like, the document where the W3C did. We're like, okay, here's a JavaScript framework so anyone can build their applications on top of it.

JASON LENGSTORF: Okay. I'm surprised to hear that, because I� I had thought, for some reason, that distributed identity was, like, an invention of the� not TBD, specifically, but companies in the same space as TBD. I didn't realize it was a W3C. Is it a spec? Is it a proposal?

RIZ�L SCARLETT: I believe it's a spec. I'm still new to the whole W3C thing. I believe it's a specification that they created. Not necessarily� I think W3C has different working groups. You're not completely wrong about the companies in the space. You might be surprised at the companies. Microsoft was into decentralized identity, Okta was. They all came together and they are like, here is how decentralized identity can work in this W3C working group.

JASON LENGSTORF: Okay. So Web5 is an interesting name because it sounds like a version. So, how did that name specifically come to be?

RIZ�L SCARLETT: Yeah. So, you might have heard when Web5 came out, Jack was like, oh, this is Web2, plus Web3 put together and then they named it Web5. I think� the way I've been able to process this for myself is that, like, how I mentioned earlier, Web2 had these open protocols, like HTTP, and stuff like that, that people can build upon and then Web3 had this idea of maybe we should have no middle man, maybe we should have control over our idea.
But the obstacle there, with Web3, is a lot of it cost money. A lot of those networks they put on, a lot of those protocols, they weren't as open and as free so it made it less accessible for folks and a lot of it might have seemed a little bit confusing.
And then, Web5 said, okay, we kind of like this idea where Web3 had where let's own our data, but let's build on top of Web2 technology, such as HTTP. Let's build our own protocols so we don't change the full experience for the user, but behind the scenes, they're getting to own their data.

JASON LENGSTORF: Got it. Okay. Cool. Cool. Cool. Okay, so, let's talk about decentralized identifiers. Practicallyspeaking, how does this change how I would interact with the internet, for example?

RIZ�L SCARLETT: Gotcha, I hope I can explain this work. Decentralized identifiers are strings. You don't really� you carry your decentralized identifier with you within the Web5 ecosystem. You don't need to log in with your username and password. I like what Will says from Okta, he hates passwords. Your identity is already there, right when you open up the web appealing. It knows, like, who you are, without exposing too much information about you. It has that ID.
It's using private key and a public key. So sometimes people say, oh, can't someone copy your decentralized identifier and pretend to be you? They wouldn't be able to pretend to be me on the web.

JASON LENGSTORF: And so, this is sort of� like, this reminds me a little bit of when we're doing, like, any kind of authentication on the web now, when we do it programmatically, we've got a client ID and a secret ID or we'll have, you know, an API key that we can't share or we're using JSON web tokens, there's a secret. If I'm understanding correctly, the way that this works, we've got a public ID that anybody can see, your publishable key when you�re working with an API. When you want to validate, you hash together the public and private key with some data and if the hashes match, then you can prove that it's you? Is that� is it, like, the same idea?

RIZ�L SCARLETT: Yeah, I think so. When you print out your� when I print out my [Indiscernible], there's a whole document where it has, like, this is your private key or public key. This is this information, so it has a whole bunch of stuff in a JSON object for you so I believe it's hashed together.

JASON LENGSTORF: Cool. So that makes sense. I agree with Will that it's really frustrating to have to have a� just so many passwords, right. It's frustrating because, for very good reason, your bank login times out after five minutes and that's fine until you're trying to do your taxes and you have to log in every five minutes. I feel the same about my invoicing software and management on admin stuff that's not my deep personal identity stuff. The little login loops. Do I use a username or password or my GitHub account or my Google account, how do I log into this thing and you get it wrong and they don't have it linked and you have duplicate accounts and you're like, oh, my god, I hate this so much. For a while there, in my last job, they made us use Yubikeys. You can't lose it or you got to start a new life. [Laughter].

RIZ�L SCARLETT: I'm laughing because that's happened to me. I was like, I don't know what to do. [Laughter].

JASON LENGSTORF: That's it, I guess. [Laughter]. This idea of decentralized ID is really interesting to me because I feel like that is one of the worst friction layers of the web. If I walk into a store, right, like, if I'm a local at my coffee shop, they know who I am because they see me. They recognize me. They know my order. I walk in and they're like, your usual and I'm like, yeah. Let me show you my ID so I can prove to you that I'm allowed to use my credit card so I can use my drink. It sucks. I don't like it. So I'm really interested in a world where, you know, I have a computer, I know I own this computer. I have mine phone sitting right next to my computer. I can prove I own my phone. I just want to be me, on the internet, the same way that I am, inperson.
Is that what I can expect if we start using decentralized IDs? It's like, welcome back, Jason.

RIZ�L SCARLETT: Yeah. I really like the Starbucks order thing. I'm going to steal that.


RIZ�L SCARLETT: Hey, Jason, welcome back. Just like that. Keep going�

JASON LENGSTORF: No, no, I'm ready for you to start talking about how this actually works. I'm really curious.

RIZ�L SCARLETT: Cool. There's two other concepts I want to introduce within Web5. So, we talked about decentralized identifiers, then there's decentralized web notes, DWNs for short. They call them DIDs. Decentralized web nodes are, like, data stores. They're, like, your personal data store. From a developer standpoint, you can think of MongoDB or SQL. You can think Dropbox, your personal Dropbox, where if you� the thing with Dropbox or Google Drive is they can change the terms of service on you. They can lose the data. I actually saw people complaining, on Google Support, they can't get any data from before May 2023. They're like, what happened to my data? This is something that you take with you. Your decentralized data moves with you. Maybe on SQL or MongoDB, you have to put in your username and password, you just� it just picks up your decentralized identifier and then you have access to that decentralized web node or what information you want on it. I can should pause before I move to the next thing. Do you have any questions?

JASON LENGSTORF: So the idea of a decentralized web node is really interesting to me. I don't want to rabbithole too much on this. But it harkens back to, like, the old, old days of, like, early internet, where the only way you could really run a website was if you had either a computer in your house that you kept plugged in and on the internet or you paid somebody to, like, store files on their computer. That's still what we're doing today, it is just huge warehouses owned by Amazon.
Do I need to have my computer plugged into the internet and on at all times for my data to be accessible? How does decentralization of data work if we're not putting it on somebody else's system.

RIZ�L SCARLETT: Gotcha. That's a good question. I think you need internet for it. I haven't been able to do it without internet. I don't remember those days you're talking about. Maybe I'm too little. [Laughter].

JASON LENGSTORF: Yeah, I'm definitely showing my age here. [Laughter].

RIZ�L SCARLETT: Locally in your browser memory� this part, I'm a little shaky on, just to let people know. I'm two and a half months in. At TBD, we have two of them, that's only made to be able to sync your data across multiple devices. Whatever you had in your browser memory will be synced to whatever's on your phone. But I don't know if I can fullyanswer your question.

JASON LENGSTORF: No, yeah. I think this is always where I've struggled with the decentralization idea is that, you know, if the big push is, like, let's get away from these companies, like Facebook and, you know, that are selling our data and harvesting our data, then, you know, we have to put the data somewhere and it seems like right now, the only place to put data is either with Amazon, Microsoft or Google which are the three companies we're trying to decentralize away from, but that's the only place you can host things in a durable way.
Then when we start talking about true decentralization, do we expect consumers to have a server in their house that they manage their data on? Maybe? We all have routers in our house, but that seems to me like if I was looking at the biggest stumbling block for this technology, that seems to be it when I look at adoption.

RIZ�L SCARLETT: A comment in my chat, that my coworker wrote to help me, the current remote, we are at 0.8. At the end of the day, services, like Big corps, would probably offer to host these. I know a lot of people question why would an organization do this. But I think the idea is that once one organization benefits from it and they see that other people are moving towards that, the other organizations will be like, all right, we need to move to this model.

JASON LENGSTORF: I think this is probably where I see this going, we're building a standard, right, and we're making it possible for people's data to be portable. But I don't know that I would ever take the time to, like, stand up a server in my house so that I could truly own my data. Probably still going to put it on an AWS or Google server. There's no translation cost, it just moves, right, that's cool.

RIZ�L SCARLETT: One more� I know I'm talking so much� one thing I wanted to introduce is this idea is this idea of verifiable credentials. We talked about decentralized. Verifiable credentials, it's a way of proving your, um, you're proving that you have something or a credential or some part of your identity without showing all of your identity.
So, for example� oh, go ahead.

JASON LENGSTORF: I was just hearing about this. I'm so excited about it.

RIZ�L SCARLETT: Cool. Let's say you wanted to prove that you're 21, you can drink. Right. You don't have to give your entire ID, here's my address. You can have a verifiable credential that has been issued to you by a big organization and be like, here's my verifiable credential. And maybe people wouldn't adopt this, but we are already seeing stuff like that. People have mobile driver's license they can show on their phones. I just talked to this organization that is doing, like, verifiable credentials for, like, your college degree and other academic credentials and universities and partnered so you don't have to be like, oh, yeah, here's everything about me. But you can be like, yep, I got a degree in computer science, here it is. And stuff like that.
I think even in travel, where you're like traveling. It's almost the experience of Clear, but even better than that because Clear still has a couple of steps in between.

JASON LENGSTORF: I actually think this is the thing that would make me adopt this is, if we can get to the point where, you know, I� like, right now, when I leave my house, I have to get my phone and my wallet and my keys. Right. And, when I� when I go out, I always have to have my phone, my wallet and my keys. If there was a way for all this to live in my phone in a singly� I'm not giving you all of my identity, I'm just giving you the one thing. And we already do this for stuff. When you use Apple Pay, you are giving them a secondary credit card number. We are already using this technology in a form and I love the idea of going even further, where they have a reader that the bouncer uses at the bar and it gives you a green checkmark that you are 21. It is proving that the thing you are saying is in fact true through some authority, like the DMV. That stuff is freakin' cool. I love the idea of not needing to hand my whole passport over to someone, when I'm traveling abroad, because they need an ID. That makes me really nervous. These are all the most extreme of extreme horror stories, if you give somebody your passport and they walk away with it, what do you do? You have to find your way to a U.S. Embassy and hope you can get home? That sucks. Or if you lose your passport abroad? People do that all the time. You got to go to the embassy and hope you can prove who you are so they'll issue an emergency passport. I've heard of very expensive "I made a small mistake" and had to FedEx documents overnight so I could get proof of identity. Send me a new phone and let me log into my Apple account and I'm here. [Laughter].

RIZ�L SCARLETT: I agree. This is the part I'm the most excited about. I lose every single thing. One time, I went to the airport, I lost my whole wallet. And then I was like, oh, that's fine, I have Clear, I'll scan my fingers. Why was I chosen for random ID verification. They're like, you don't have anything? They had to call somebody on the phone and, like, TSA had to do this whole process. What's your address, what's your father's birthday. I was scared, you guys know all this stuff about me?

JASON LENGSTORF: Right. All you're supposed to know is whether or not I'm allowed to get on this plane. [Laughter].

RIZ�L SCARLETT: So I'm excited about that, too.

JASON LENGSTORF: So, this sounds really cool. I think there's a lot here, there's a lot of conceptual novelty. Is there anything else that you want to cover in the abstract or do you think it makes more sense to start diving into the actual code.

RIZ�L SCARLETT: I want to dive in. I seen one comment. Angie has a reallife use case. She was able to purchase wine using a digital ID. And she'll be traveling soon with verifiable credentials.

JASON LENGSTORF: I'm going to share my screen.


JASON LENGSTORF: Which I should have had ready, already.

RIZ�L SCARLETT: That's all right.

JASON LENGSTORF: All right. So, there is our screen. I'm going to move us over here so that our faces are just a little bit bigger and then I'm going to move� let's see. So, this is the ID recommendation. Okay, cool. So it's moving toward a spec but it's currently a spec. I don't really know the terminology the W3C uses. This was shared in the chat, but I'm going to drop it again.
We are talking to Riz�l today, so let's drop a link there. And, let's see, the stuff that we're going to be playing with is all part of TBD, so there's a link to TBD and one� one, last note, before I dive in, is this show, like every show, is being sponsored by Netlify and Vets Who Code. They make the live captioning possible. We've got Vanessa here with us, today, from White Coat Captioning. And thank you, Vets Who Code and Netlify, for covering those costs.
If you want to see the captions, I haven't figured out how to pipe them in as closed captioning yet, so check the ticker at the bottom, here, and that has the actual link for the captions.
I'm going to let it stream. Here it goes. Look at this. What a great use for a marquee. There it is.

RIZ�L SCARLETT: I love it. [Laughter].

JASON LENGSTORF: I'm going to hide that again, because it gets a distracting. I'm going to ask you� because we've hit the end of my knowledge� if I want to start here, what should I do first?

RIZ�L SCARLETT: I would go to the Quickstart because that will give you a broad overview. If you scroll down a little bit...the first thing we want to do, in your code� or, in your terminal...or VS Code or whatever, is go ahead and, like, npm init.

JASON LENGSTORF: So, I'm going into my new project and then I will npm init. Okay. I'm going to jump into this one. All right. Now we're in. We've got our basic project and nothing in it. It's a brandnew node project and we're using Node 20.9.

RIZ�L SCARLETT: Now we want to do npm install at Web5.

JASON LENGSTORF: We've got our Web5 API. We're�.08. Type module. We're not type module yet, so I can do that.

RIZ�L SCARLETT: Yeah. Let's add that.

JASON LENGSTORF: Okay. Type module.

RIZ�L SCARLETT: Cool. Now you want to create an index.js file so we can actually write some code in there.

JASON LENGSTORF: Okay. I'm just going to really quickly "get init" so it will make this� come on, man. I don't want all my� I don't want all my stuff to be grayed out. There we go. Now, these are here and I can create a new file. We're going to call it "index.js."

RIZ�L SCARLETT: Uhhuh. Perfect. Um, and then you want to actually import that Web5 package.


RIZ�L SCARLETT: Perfect. And we can skip all of that because you're not doing React Native and not using Node 18. Now you want to instantiate Web5 T. Basically, this method called Web5 Connect automatically will connect you to the Web5 ecosystem, it'll give you an instance of the Web5 instance and create a div. It's just like, this is your particular DID.
We can immediately write a message in our� store some text in our DWN. So, for Step 2...we'll see that it's going to tell us to do, um� well, scroll down. It'll say� oh, you're already there. It was just slow for me. It will say "consrecord." There is the method for creating the text we want and then we pass in the data, which is "hello, Web5," or "Learn With Jason." Or whatever.

JASON LENGSTORF: I'm listening as you go. All right. So the data�


JASON LENGSTORF: The data part here, so I'm saying I want to create a record in my distributed web node.

RIZ�L SCARLETT: Decentralized web node.

JASON LENGSTORF: The actual data is whatever I want it to be. Can it be an object?

RIZ�L SCARLETT: You can do an object. It just wouldn't be that data format. It would be application JSON, or something like that.

JASON LENGSTORF: Okay. Okay. Got it. So anything I can send as a content type header will work?

RIZ�L SCARLETT: Yeah, you can do a video, a GIF, anything.

JASON LENGSTORF: I've created my record.

RIZ�L SCARLETT: Yeah. Next thing we want to do is, we can� you can consolelog it, if you want to, that record. I don't think it's necessarily going to� yeah, let's see what happens.


RIZ�L SCARLETT: I think it's just going to print out information. Yeah.

JASON LENGSTORF: This is, like, some pretty interesting stuff in here because, like, it's kind of nice that I didn't have to write this. [Laughter].


JASON LENGSTORF: This is the DID of the� the� the TBD, like, web nodes?

RIZ�L SCARLETT: Yeah. Yeah. I think so, of the agent. So, like, every client on the web has a DID. I think if you scroll lower, you'll be able to see your own DID. There's a lot in there. There it is.

JASON LENGSTORF: Author. This is me.

RIZ�L SCARLETT: It tells you what method you used for this, the target DWN that it went into, which was yours, the interface, the date it was created. Cool stuff. [Laughter]. Not you can [Indiscernible] your record and you can do that by calling "08data.record.txt."


JASON LENGSTORF: Is that callable?

RIZ�L SCARLETT: If you want to store it in a variable and then consolelog that and we can comment out the other consolelog just so we can, like, see it.


RIZ�L SCARLETT: Oh, actually, I think it's a method for a text. So, put�


RIZ�L SCARLETT: Cool. Print that out. See. It says, "hi, chat." I forgot to say, one of the things I liked about Web5, it's really using [Indiscernible] operations and that's a really familiar experience when you're, like, doing API calls to databases.
You can create an updated record, as well, if you wanted to.


RIZ�L SCARLETT: You do 08.record.update. And update it.

JASON LENGSTORF: Updated is going to be "awaitrecord.update." Oh, I don't have to send the data?

RIZ�L SCARLETT: No. You don't have to. Because it should be� in this case, it's the same.

JASON LENGSTORF: It's, like, aware of�


JASON LENGSTORF: And I assume that's going to be updated output, so I would have to read it again.

RIZ�L SCARLETT: Yeah. [Away from mic].

JASON LENGSTORF: Okay. So, then if we run it again...we get this is new. So here's a question. Is this being done in the, like, one of the things that� like, when we get into these sort of, um� actually, is this� is this blockchain or are we doing� it's not?

RIZ�L SCARLETT: No, this is not blockchain. [Laughter]. I think the only part that is related to the blockchain is the DID method that we defaultuse, which is called Default Ion. I don't know much about blockchain. We're moving into using a different DID method, which is DID THT. It's decentralization without blockchain at all. But, like, whatever we're doing here, besides that identity you had, nothing's on the blockchain.

JASON LENGSTORF: Got it. Got it. Got it. Okay. I also realized, I created this "updated," but it read the record. That record is usable below so we didn't need this part, which is great. That simplifies my life.

RIZ�L SCARLETT: If you printed out "updated," it would tell you the status, or did you get a 404.

JASON LENGSTORF: Cool. Now we've got all of this, here. This is looking cool. And, it feels, to me, like this is pretty straightforward. I've got what kind of appears to be a database here.

RIZ�L SCARLETT: Yeah, it behaves very similarly to that. The last thing we can do here is basically deleting your DWN. Very simple.

JASON LENGSTORF: Okay. We can "awaitrecord.delete" and then I'm going to try to consolelog it again.

RIZ�L SCARLETT: It might give you an error. Let's see what happens.

JASON LENGSTORF: It does. It says "attempting to access the data of a record that has already been deleted." Oh, wait. Did it pick this up, though?

RIZ�L SCARLETT: That's weird.

JASON LENGSTORF: Oh, wait, wait, wait. Yeah, yeah, yeah. This is the first one.

RIZ�L SCARLETT: So I think what you would do if you actually wanted to� it will print out the status for if you "savedrecord.delete" in a variable and then it would just say, "successfully deleted," or something like that.

JASON LENGSTORF: Right. I like that the error message told me that the record has been deleted and didn't just say, like, you know, generic explosion, like, your code is broken.

RIZ�L SCARLETT: Yeah, I like that, too. So, that's� that's it, in its essence. [Laughter]. Any thoughts before we get into any more complicated? I kind of made it very beginner, intermediate and then advanced.

JASON LENGSTORF: No. This is good. At a high level� the only thing I didn't see here is we didn't really touch the DID and I'm assuming the reason for that is when we connected, it� it just kind of, like, autogenerated one for us because we didn't tell it, like, this is who I am, this is who I'm acting as and so I see a comment from, uh, from Ace Kid, if you use another device, there will be a new DID. So at the moment, we're kind of doing, like ephemeral DIDs? If I close this session and I start a new one, it's going to create a new DID every time?

RIZ�L SCARLETT: Let me see if I can explain it properly. If you're always within a particular browser, like, let's say you have a Google Chrome profile. I have Riz�l@TBD, that will always have that DID for me because it is stored in my local memory. If I opened up an incognito window, it would be a new DID generated for me, just because we're using that Web5. You can manually create your own DID and carry it across and we have an agent that will allow you to sync all the DIDs across devices.

JASON LENGSTORF: No, no. That makes sense. That makes sense. All right. If that's the case, then, I think I'm ready for the next step.

RIZ�L SCARLETT: Oohhh, let's do it. I gave you another link that is� it says, like, Galaxy Bytes Learn With Jason Burn Book. So, you can clone this repo and I have already, like, built out a basic, but ugly UI. [Laughter].

JASON LENGSTORF: I'm going to use the GitHub CLI. And then we're going to get into the burn book. Okay. I need to actually open this one. So I'm going to close this other one and here we go. All right. So, what should I do first? I guess, probably install dependencies?

RIZ�L SCARLETT: Oh, yeah. Um, let me see. Just do "npm install." Perfect. And then, we can go ahead and open up Source and the Source Pages Index.js. I put a whole bunch of code in one file, just to make it easy. But, you'll see that, like, I have a couple of methods that, like, just have console log and what we're going to do, in my readme, I have code snippets some you'll copy and paste it in there and I'll explain what we're doing as we go.

JASON LENGSTORF: Gotcha, gotcha. I like this. Go ahead?

RIZ�L SCARLETT: I could explain what we're building, but I'll let you speak first.

JASON LENGSTORF: I like this as a way to teach because if you have jump around to a bunch of files, it can be kind of hard to track things, whereas with something like this, I can start collapsing things down if I want to� I think I can even, like, collapse�

RIZ�L SCARLETT: Oh, I never seen that.

JASON LENGSTORF: Maybe it's "fold"? Fold everything? Fold all. There we go.

RIZ�L SCARLETT: That's cool�

JASON LENGSTORF: You can unfold one thing at a time and it lets you scan really quickly, so I like this because it'll let us jump around. But, yeah, so, I like this. I actually� I love that you set up a template for us to fill in because it does look like there's a lot going on here. [Laughter]. And I'm happy that we probably have enough time to get it working.

RIZ�L SCARLETT: Okay. Cool. I'm hoping we can do this and one more thing, if not, we'll just look at the gist of the other thing. So, um� aaww, thank you. This kind of explains basically peertopeer messaging because so far what we did, we store an hour on DWN. When I first joined this company and learned about Web5, I was like, how would I communicate to other people? This makes no sense to me. This is going to show us being able to do that and you use this concept called Protocols. They decide what the structure of the data you're going to put in your DWN and who can interact with it and how they can interact with it.
If you go to the readme, there's a first step you can copy. It says "search for the console log that says, this log is init Web5."

JASON LENGSTORF: I got way ahead here. Where�

RIZ�L SCARLETT: Keep scrolling, at level two. So we have that. Just go ahead and copy the part underneath it. Yeah.


RIZ�L SCARLETT: And we can paste it.

JASON LENGSTORF: Going back to my index and�

RIZ�L SCARLETT: Yeah. Yeah. Yes. Right there. So, you can replace the console log and paste in what you just copied. Hopefully we have enough time. Okay. What this is doing, again, we already saw it instantiates Web5 and creates a DID for us. It says "sync five seconds." Your DWN will sync between devices and people every two minutes, but you can change the synchronization settings. I made it a little bit faster. This is kind of like a chat appealing. You send the message to one person. If you wanted to show up to somebody's DWN, nobody wants to wait two minutes to send the message.


RIZ�L SCARLETT: We have that part, hopefully it makes sense.


RIZ�L SCARLETT: Cool. The next thing we want to do is on level three and we want to look where we define our protocol. So, level three and it says, like, look for this console log. Yep. And we're going to replace it with all of the stuff in here. And if we take a look� or you can copy it first and then paste it and then I'll explain.
Um, there's a lot of protocols, so you might want to look for this is� yeah. There we go.


RIZ�L SCARLETT: Paste over that.

JASON LENGSTORF: So I'm going to paste that and let's�

RIZ�L SCARLETT: Talk about it.

JASON LENGSTORF: Talk about it.

RIZ�L SCARLETT: This is the thing I talked about, the protocol where it will basically define the rule. So, in our project, we're going to have a secret message, a message we send only to ourselves. That's why I called it a burn book. What if you're like, I hate, my teacher. I don't know. I can't think of anything. [Laughter]. You don't want anybody else to see that. No one will. It will get stored only in your DWN. But then we have a direct message, you can send it to someone else. Maybe you want to send it Angie. If you scroll down either further, it says what type of data format it is. Now we'll see who can interact with it. We have Actions array. For a secret message, anyone will be able to write a secret message but only, um, you, the person who wrote it, will be able to read that secret message. That way, it stays secret. With a direct message, anyone can write it, but only the author and the recipient can be able to read it so if you sent a message to Angie, only you and Angie would be able to read it, I cannot read it.

JASON LENGSTORF: This is� I like this. This is great because I feel like defining those sorts of permissions is tricky, like, I� I feel like when you� you start getting into, um, how to define access control, it can be really challenging to do this in a way that feels good and this is, like, humanreadable. Like, that's really nice.

RIZ�L SCARLETT: Yay, awesome. I also wanted to timecheck. How much time do I have left?

JASON LENGSTORF: We have� we have about 35 minutes of, like, safe time.

RIZ�L SCARLETT: Oh, okay. I think that's good. So, yeah, I like this part, too, because this made it make sense for me, with DWNs a little bit. At first, I was skeptical. But, I like this part, too. Okay. Let's go to in next step.

JASON LENGSTORF: All right. Going to the next step.

RIZ�L SCARLETT: Next step is� okay. What we're going to do is everything gets stored� yeah, you can, like, search for that query local protocol and paste it in there and I'll just talk while you do that. Basically, everything gets stored in your DWN, including any protocols you create. But for an application to be� for a user to be able to use your protocol or application, you have to agree to it. It has to get installed into your DWN. You can't be like, all right, I'm using this. Anybody can use the protocol, but you have to agree to it and get it installed. But if it's already installed, you'll search your DWN to see if it exists, first, and if doesn't exist on your DWN, it will get installed. This step is searching to see if it exists on your DWN.

JASON LENGSTORF: If I'm understanding what we're doing here, because we've defined a protocol and anybody using this has to agree by effectively installing it. If you're using 0Auth, you log in to your account with GitHub and you have to grant email and repo permissions, do you agree, click "yes" and it takes you back to the appealing. So it's kind of the same thing. If you want to use this appealing, you need to use this protocol, do you agree to what this protocol says and once you do it, now you get to use the appealing?

RIZ�L SCARLETT: Yeah, basically. Although when you do try out the appealing at the end, I did see somebody kind of create that exact flow that you said.

JASON LENGSTORF: Cool. Okay. Cool.

RIZ�L SCARLETT: So, yeah, we're querying our local DWN. It's going to be the same thing for the next step, for querying your remote DWN.

JASON LENGSTORF: Gotcha. Gotcha. So let's go back here and I'm going to open up this one. Okay. So, samesame. Oh, with the� with the change of, like, now you're querying for your own version of the protocol or you're saying, I'm the person querying?

RIZ�L SCARLETT: Yeah. No, no, no. You're saying� hold on, let me make sure I'm saying this right. You're saying, I want to search for this protocol, that was created by this DID, I think.

Okay. Got it.

RIZ�L SCARLETT: Cool. And then next step is, we'll just create the methods to install the protocol.

JASON LENGSTORF: Okay. So, we're going to install the local protocol here.



RIZ�L SCARLETT: Perfect. And then same for doing it remote. There's another method...I made this a little while back. I found out that some of the lines here, I don't really need. I only need protocol.send. Just putting that out there for people to know.
Cool. For the next step, I think that's going to call every single method that we just made.

JASON LENGSTORF: Okay. And this protocol definition, weeeeeee haven't actually set up yet?

RIZ�L SCARLETT: No, we did. The protocol connection is where we said, like, who can interact with our data and who can, um� and how our data looks.

JASON LENGSTORF: Define new protocol. Right. Right. I remember now. This is the protocol definition and when we get into these pieces, here, this is the definition, where it's being actually used? Got it. And then this is our� our� our DID and then this is where we check to see if we've already installed. All right. I'm in on this. I got it.

RIZ�L SCARLETT: Maybe I should explain the protocol URL a little bit. If you scroll up a bit, a lot of people get confused about this. This is not a real URL. If you click it, it will give you a 404. The intention is, if you're a developer, in the future as we progress, they should be URLs. Right now, they are made for identification. Also, not to, like, confuse it with other similar protocols.

JASON LENGSTORF: Is there anything for globallyunique? If I were to create another protocol, like, I guess I'm about to do, where I'm going to define a protocol using your domain name, is this going to yell at me for trying to use the same thing you already created?

RIZ�L SCARLETT: No, it's not going to yell at you. And I don't know the full answer to that, maybe that's something that's coming.

JASON LENGSTORF: Okay. That makes sense because they're decentralized nodes. Anybody could use all the names. The names can clash if everything is using the same system.

RIZ�L SCARLETT: Exactly. I used my domain name, like you said, just to have some type of standard for myself.

JASON LENGSTORF: I gotcha, I gotcha. Grab all this.

RIZ�L SCARLETT: Yeah. Grab all that. There you go. Paste that in. And, there's not much� it looks like a lot, but there's not much going on. I'm just calling all the things that we created, like, the protocol definition and I'm installing�

JASON LENGSTORF: Okay. I'll get the URL. So we've got our local protocols and the protocol status, which is running that query local protocol that we just set up.


JASON LENGSTORF: Check to make sure if it didn't work, then we install it.


JASON LENGSTORF: Okay. And then we look for remote protocol. So, the same thing again. We see if we've got it. If it failed, then we install it?

RIZ�L SCARLETT: Yep. Perfect. Search local DWN.


RIZ�L SCARLETT: Next step is we actually want to write a secret message to our DWN and this is going to be similar to what we did in the Quickstart.

JASON LENGSTORF: Okay. So, here's our secret message...


JASON LENGSTORF: Let's see if I can reason through this. We define our new protocol. We use the records.write that we did earlier. We're sending in the message that will be passed in.


JASON LENGSTORF: Then we use our protocol details, the path is Secret Message, which is one of the ones we defined here, up here. Schema, which we put up above. And then the recipient is me, because I'm sending it to myself as a secret message.

RIZ�L SCARLETT: Yes, perfect. That's perfectly right. I think somewhere in the code, I've already defined the object code for you. I don't know if you want to look at it, just to give yourself context. I hope [Away from mic] if you look up "message." Let's see...oh, actually, it's called "construct secret message." And if you open that up and return. Yeah. So, basically� yeah, it's an object. It's not plain text that we had before. It has a timestamp, who sent it, I have an image URL [Away from mic] just so you have context.

JASON LENGSTORF: Got it. Got it. Okay.

RIZ�L SCARLETT: Cool. Next, we want to create.

JASON LENGSTORF: "Write secret message." Here we go.


JASON LENGSTORF: So then we're going over here and we want to do the direct message, which I'm assuming is very similar.

RIZ�L SCARLETT: Very similar. The only� well, I'll see if you see the only difference. [Laughter].

JASON LENGSTORF: Okay. So, save this. I have� we're going to try the direct message protocol. We send it in with all the protocol details and the recipient is who we're sending it to and then we've got more down here. We're writing the message� did I duplicate it?

RIZ�L SCARLETT: Maybe, because hold on.

JASON LENGSTORF: I might have hit that twice, it looked like I doubled that code.

RIZ�L SCARLETT: Unless I did. Let me doublecheck. Yeah, yeah. I think I did.


RIZ�L SCARLETT: It was me. But, yeah, you can just remove the second one.

JASON LENGSTORF: Okay. And we have done that, I believe. So, writing the direct message. And just� just the one of them.

RIZ�L SCARLETT: Yeah. Just one of them. Perfect. Only difference is the recipient and it's a direct message.
Next thing we want to do, oh, I have a method in there, already, that we can look at it. It's called "handle submit." I already wrote it. It's just saying whenever you click that submit button, it'll check to see, is it a direct message or not and then it'll go ahead and call those methods, where it writes the direct message or the secret message.


RIZ�L SCARLETT: Cool. And then next thing we want to do is actually be able to read our messages or fetch them so I have a fetch direct messages, or fetch sent messages and fetch received messages method somewhere.

JASON LENGSTORF: Let's see...user messages, sent messages.

RIZ�L SCARLETT: I think I confused myself with the naming. [Laughter].

JASON LENGSTORF: So, in this one, we're running the records query and our records query uses the protocol we've defined. We've got the direct message schema and then we...go through the user messages by running a promise.all, awaiting the JSON data. Okay. Okay. I'm with you. And then we return all those messages and otherwise, we have errors. Good. I assume the next step is going to be the direct messages? There they are.

RIZ�L SCARLETT: I hope. Yeah.

JASON LENGSTORF: Okay. So we got our direct messages. And same thing, we're in a query. This time, we're querying for... oh, actually, this is interesting. I'm running a query for all the records on this protocol and then we filter� promise.all. Map. Getting the� how does this know that it's not a� like, this one said "direct messages," but this one doesn't have a thing.

RIZ�L SCARLETT: Yeah. So, I think I kind� okay. So, I think I, like, misnamed some of them, or misnamed these. So I can explain a little bit more. It's not necessarily like fetching the direct messages and the secret messages. It's more fetching the messages that either you sent or the messages you received. For some reason, I was having issues with this and I found out if I didn't specify� I think one of them was, "from your DID." In the first one, it was fetching the messages that only came from myself but then the other one only fetches the messages that came from somebody else, like, not yourself.


RIZ�L SCARLETT: I'm a very messy coder, so. [Laughter].

JASON LENGSTORF: All good. All good.

RIZ�L SCARLETT: All right. Cool. And then, this kind of brought all of them together, yeah. So, I just, like, put it all in one, where I grab all of the messages that were received and sent, all in one method. Cool.

JASON LENGSTORF: Okay. So, now we've got user messages, direct messages, we're combining those into a single array and then we drop that into our React state.

RIZ�L SCARLETT: I don't think anyone needs to do this, but cool. Next thing we will do is� oh, I only wanted to show you the "delete message "method and, oh, I guess you can look at the "handle copy DID." For you to send a message to somebody, you need their DID to be able to send messages back and forth. I think better functionality's coming soon. You're able to copy your own DID and able to send it to someone else, because it's such a long alphanumeric string.
It's looping through all of the records, returning the promise.

JASON LENGSTORF: Okay. Okay. So, do I need any API keys? Do I need any, like, do I have to sign up for a TBD account? Is there anything I have to do to make this work?

RIZ�L SCARLETT: You can do "npm run dev." You don't need anything else.

JASON LENGSTORF: Okay. This is interesting. This is a point in a lot of tutorials where you would have to send me to the dashboard and have mean get� go get your API key and your secret and set up this thing and configure that thing with your callback URL. It's pretty cool that this is just going to work. Let's put this up and see how good my copypaste skills are. There it is.

RIZ�L SCARLETT: And can you check the console? I just want to make sure it doesn't have any errors. Perfect. It says it was installed. Ignore that. It will still work. [Laughter].

JASON LENGSTORF: You saw nothing. [Laughter]. Okay. So, this gives me my DID, which I'm just going to throw in here so we can see it. So, that's, like, my identity. And then I can say� so a secret message, um� and I'm going to say, "Vinny Code bullied me again today." And I'm going to find an image.

RIZ�L SCARLETT: Yay. Sad dog. Awwww.

JASON LENGSTORF: Okay. Then I submit. Okay.


JASON LENGSTORF: So now this is my secret message that only I can see, where I� I talk about the ways that I get bullied on the internet. So, then, if I want to send a direct message�


JASON LENGSTORF: I need somebody else's DID?

RIZ�L SCARLETT: Yes. I would say the best thing to do is open an incognito window. I would do it with you but I need to be on the same URL as you and I don't have local host.

JASON LENGSTORF: Let me minimize this and that should give us two, sidebyside windows. Then we're going to go to local host 3000. I actually want to see if we can� we can do, like, another thing, like...okay. So now I've got, like, two DIDs here. They are different. All right. So, then if I copy my DID, here...


JASON LENGSTORF: � I did it. And then I say...and then put in the DID.


JASON LENGSTORF: Okay. So that's sent. And then this should�

RIZ�L SCARLETT: Press "refresh." Because I think I forgot to tell you to put the fetch message.

JASON LENGSTORF: Oh, yeah. Right. Right. We didn't do this part. Well, this is cool. This is extremely cool. We got, like, a whole setup here. This window is also not� now it's the right size. This is dope. Like, and what I like about this, too, is� like, there's� I think there are some big, like, next steps that are going to be kind of tricky. I don't know how to, like, once I have my DID, how do I make sure I'm using the same one everywhere? When I go from one step to the next, how do I know it's me? Right out of the gate, this is supercool because I love this idea that if I build my website, using this decentralized ID, I'm not doing it in a way that is tied to, like, you know, if TBD decides they're going to pivot and now, you know, they're allin on something else, does that mean that� that all of this stops working? Like, no. Right. Is this code all open source, like, the framework and everything?

RIZ�L SCARLETT: Everything we're making is all open source.

JASON LENGSTORF: Where do I go to look at that, what's the org?

RIZ�L SCARLETT: Hold on. I'm going to send it. It's a long string. It's TBD456�

JASON LENGSTORF: I forgot. If you all really break through, that's going to go through as one of the worst naming decisions of all times. [Laughter].

RIZ�L SCARLETT: Yeah, it's a really strong team. I know my string tends to use TB. But I just sent it to you in private chat.

JASON LENGSTORF: Okay. So, I'm going to throw it up here and share it in the chat, as well, that will put it into the links on my Discord, also. This is� okay. So, here's all the stuff. We're going to look at the repositories and, we've got, let's see, docs. And this is what we're using today, the Web5 JS?


JASON LENGSTORF: This is cool stuff. I'm really interested in this idea. I love the idea of identity being something I take with me, between websites. I feel like we all want this. We're just waiting for somebody to do it in a way that doesn't feel like me carrying around a USB stick I can lose or having to show my teeth to my camera for a dental scan. Or whatever the thing is. [Laughter].

RIZ�L SCARLETT: Yeah, yeah. I get you. I think this is a cool, like, first step. How much time do we have?

JASON LENGSTORF: We probably have 15 minutes or so.

RIZ�L SCARLETT: I'm not going to make you type. I want you to see verifiable credentials. It is before Captioner Vanessa.

JASON LENGSTORF: Oh, here. Got it.

RIZ�L SCARLETT: I just wanted to show how to create a verifiable credential. This would have been Part 2 of the burn book. You want to say whoever sent you the message is a trusted, verified person, just to filter between spam and a trusted person or whatever. So, I created a verifiable� or a trusted friend credential. You would grab the, um, DID for each person and, like, you know how it automatically created a DID for you before? You can manually create where it says "awaitdidkeymethod." There's a class for the credential. So, I would create a class, just kind of giving the format of what it's going to have. It's going to have me, issuing the DID and then the subject, who is the person who is receiving it and for me, the trust level. This is a trusted person or not trusted and we'll pass in that data to it and if you scroll even more...if we call "verifiablecredential.create," it'll pass in all those values.
Oh, sorry. Let me pause. Then the next thing you would want do is actually sign the credential. So, I heard my coworker describe it this way and I'm like, oh, that makes sense. Kind of like, back in the day when kings would sign a decree, yes, this person should receive 100 and they stamp it. This is the credential saying, yes, I'm the issuer sending it to them and you would verify that that's actually been signed, in the next step. It's a little short, but also a lot to explain.
Then after that, what it does is it gives you an assigned JWT token so you assure that the data is what you expected. We're validating it and then expecting it. So I'll pause. Go ahead.

JASON LENGSTORF: So this� this is� like, I've been doing a lot with Auth lately. When we're doing this, what we're effectively doing is, it's a really similar� spiritually, if not mechanically� the way you� when somebody logs into your site, they are asking someone, who is an authority, in this case, the issuer is us. Log in with your GitHub account, GitHub is the issuer. You're saying, I want this person to have access to this part of my data and they� you know� once you get that permission, they send back the data and then they sign that data, using their private key, your GitHub API key, whatever, and then that gives you the JSON web token, which other people can use, they can verify whether or not that token is valid without being able to change the data in that token.

RIZ�L SCARLETT: Yeah. That sounds right to me.

JASON LENGSTORF: This is familiar. What I'm excited about is because I've never looked at this stuff, I didn't know if we were about to see something that was completely arcane. If you haven't looked at how Auth works, it can be really arcane. Look at all this math. I don't know what it means.

RIZ�L SCARLETT: It's the algorithm.

JASON LENGSTORF: What you're basically doing, it's exactly what you said. The data's here and somebody's using their signit ring, proving this is me. It is harder to forge than a signit ring. We're creating jots of our friendship, exactly. [Laughter].

RIZ�L SCARLETT: I like that. [Laughter]. And then the next thing we have is the� the presentation exchange. This part, I have a harder time, like, really understanding so I wrote a note to myself. But basically, this is where you do that� where I told you, okay, I don't want to give you all the information about myself, but I want to give you this, like, hey, I am this age, without you knowing. I am over 21, without you knowing my name and where I live. That presentation exchange, where you're giving it to someone and they get just the necessary information.

JASON LENGSTORF: Okay. So, trusted friend, presentation, definition, the purpose is to verify if it's a trusted friend. And then the input descriptors, we send in� we want to give only the trust level.


JASON LENGSTORF: And we're making sure they are coming in as trusted. So, if I put in this credential, using this presentation, it's going to return true or false?

RIZ�L SCARLETT: Uhhuh. I believe so.

JASON LENGSTORF: I hold up my phone and it shows a green checkmark or a red x and that means I can go in or not.

RIZ�L SCARLETT: And then the next part, you're actually just using the definition, itself. There's methods validating that definition, saying, okay, it satisfies what we want or it does not satisfy.

JASON LENGSTORF: This is the code equivalent of scanning your phone?

RIZ�L SCARLETT: Yeah. That's the code equivalent of scanning your phone.
After that, we store it in our DWN and then we can read it from our DWN so that we can be able to use it.

JASON LENGSTORF: Wonderful. This makes sense. I� I� I like where this is going. The DX nerd in me is like, this could be easier. We're on�.08. There's a lot of room for improvement before we get to the officialofficial release. This is such a cool space and it is interesting to see, when you enter a space like this, where it's� it's just new. Right. There's things that feel really familiar, like this� as somebody who's done 0Auth workflows, I don't feel like I'm complete out of depth looking at the Web5. There are things that are really novel and it's hard for my head to process, like, why don't I have to get an API key from a central authority. I want to dig into how that specifically works so how do I make sure that the ID that I've created is mine, verifiably. Math is not my thing. [Laughter].

RIZ�L SCARLETT: You want to see it.

JASON LENGSTORF: It's just cool. It's cool that these sorts of things are starting to emerge. I imagine they're only going to get better.
That takes us to the end of demos. If someone wants to go deeper and what is the math that makes this stuff work, where should I go and read next?

RIZ�L SCARLETT: I would say, definitely those repositories, Web5 SDK. The way I've been leveling up in this is, one, ChatGPT and looking at the actual source code. There are familiar concepts, but it's a whole paradigm shift for me. Yeah, it's nice to, like, read those stuff and then, the other thing I would do is probably follow us on because I've been either other experts to explain stuff to me or livecoding, allowing myself to look dumb, along with my coworker. It's not him looking dumb. We've been learning stuff and it's a good way for people to learn alongside us.

JASON LENGSTORF: I love that format. Teaming up with somebody and just kind of pair programming is such a good way to learn, to level up quickly, to expose gaps in our knowledge and figure out how to fill them. I love them.
People want that gist link. Yes, let me find where that was is the variable.

If you go to our Discord, there's documentation you can learn more from there, as well. We have, like, a Discord link at the bottom. That's a good place, too, because you can just jump in and ask questions and literally anybody from our team, like, there's, like, some really smart people on there. They will sit down and explain stuff to you.

JASON LENGSTORF: Nice. Very cool. All right. Well, I'm going to also send one more shoutout to Riz�l's Twitter. Lots of great information coming to her page. Let me do one more shoutout to our sponsors. We've had Netlify and Vets Who Code making the captioning possible. Vanessa's been here, all day, doing the live captioning. Thank you so much, Vanessa.
While you're checking out things on the internet, do make sure you do look at the schedule because we're closing out this year hard. I'm here every Tuesday, on my own, just going to code, play, it's going to be a good code. Next week, we've got Cassie Evans coming on and we're going to make some fun, like, holidaythemed animations. It's going to be a blast, probably her dog will make an appearance. Her dog is named Brody and he can sing. Don't even bother coming for the code. Come to meet Brody.
Mark is going to be here, we're going to be learning about Angular. I'm so interested, I actually got two people from the team. Mark is coming and then Jessica is coming. We're going to do more Angular.
I've also got Steve.
And, even more, so, please make sure you mark your calendars. We've got a Discord, calendars, YouTube, Twitch.
Riz�l, with that, we're going to call this one "all set." Any parting words, for the chat?

RIZ�L SCARLETT: No. Thank you so much� I said "no." [Laughter]. Thank you so much for tuning in and being engaging. Sorry if I made y'alls brains hurt.

JASON LENGSTORF: I'm excited about this stuff, as well. It's going to be an absolute blast. Riz�l, thank you so much. Chat, thanks so much for hanging out. It's been a wonderful day and we will see you all next time.

Closed captioning and more are made possible by our sponsors: