Explore groundbreaking advancements in access control as Ahmad Salehi Shahraki discusses transitioning from traditional RBAC systems to decentralized, privacy-preserving ABAC models, reshaping identity management and cybersecurity infrastructure. Learn how cryptographic innovations can secure everything from healthcare systems to e-voting while maintaining user anonymity and minimizing data exposure.
Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe University
On LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
During this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.
Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.
Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.
Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual’s age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.
The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.
The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad’s research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.
Listeners are encouraged to follow Ahmad’s work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
The Imperative of Transitioning from Traditional Access Control to Modern Access Control | An Australian Cyber Conference 2024 in Melbourne Conversation with Ahmad Salehi Shahraki | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] All right, here we are. It's been a fantastic time here at Australia. Cybercon hosting. And, uh, obviously this is Sean Martin, host of the Redefining Cybersecurity podcast. And sometimes we talk about broad topics, sometimes we get into some specifics. Of course, I like to look at things from an operational perspective, uh, when I think of risk management and security and privacy.
And this is a space that, uh, that seems to continue to revolve, at least in terms of identity. And we're going to be talking about access control today and some research that my guest, Ahmed, has done. Uh, some things with La Trobe University, if I'm not mistaken. Yeah, yeah, that's right. So, uh, it's a pleasure to have you and I'm excited to hear about your session here at the conference, CyberCon, and some of the work you and the team have done.
And, uh, some of the feedback you've received. So maybe a few words about what you do at, uh, La Trobe and, and a little bit about yourself as well.
Ahmad Salehi Shahraki: Okay, cool. So, uh, first of all, [00:01:00] thank you so much for, uh, inviting for this talk. So that's very good. So it's an honor for me to share my experience inside what we've done before in La Trobe University here.
And so, by the way, my name is Ahmed. So, uh, um, uh, a lecturer. So Australia, we call it lecture, but in Europe and U. S. we call it assistance professor. It's a little bit different terms. And so, uh, I'm working in the cybersecurity area, but mainly, uh, my research focus is authentication, uh, authorization, applied cryptography, and also blockchain.
Also, we are working on IT. So, uh, yes. So in Lotrop University, we have, uh, uh, a wide range of, uh, researchers that they are working in different area. Uh, but in terms of cybersecurity, we are working on access control. We are working on data breaches. We are working on identity. And also, uh, we have a lot of teams that they are working on blockchain and also recent also is very good too.
Maybe it's interesting for your team. team that we launched, uh, [00:02:00] up to center in, uh, a lot of university. Okay. So in that one, also, we are working on different, uh, type of security and privacy in digital health that how we can secure healthcare system in the future. Uh, we should have another conversation on that after the conference.
I'd love to do that. But, but the main chair is a person. Limney was good. We can invite her, but I think she's right there in the U. S. if she just fly back to us, we have some presentation over there.
Sean Martin: Well, it's a, it's a date. We'll have the two of you on. We'll talk about, talk about that next time. Um, so what, uh, so obviously access control, a focus area, um, talking a little bit about the research, why, why there's an investment in this space?
Ahmad Salehi Shahraki: Um, that's a very interesting question. And so, okay. I think you had a lot of interview maybe with different people. So you had a lot of chat with different companies that right now they are here in this conference. So you can see most of companies right now they are focusing also in access [00:03:00] management, identity and so on and so on, which is very important because, uh, for all of us, it doesn't matter which age you are, we are kids, young, adult or whatever.
So we are going to access different people. Things right. We have many users. We have many passwords. Uh, we are, uh, for myself, I have all 20 emails or something like this with different companies with different things. So I need to remember that. Is it easy? Of course not. Right. So, uh, I'm not going to talk about passwords, uh, because that's, that's the huge area that we can talk about that, but I'm talking about the access.
For example, if I come a little bit back to what I discussed for yesterday as well, uh, is about, uh, transitioning from traditional access control model to modern access control model, which is fantastic. This is what actually Australian government also, they released a few, bill just a few days back before this conference, that we need to think how we can.
Can secure Australian infrastructure, and this [00:04:00] is not just for Australia. It's globally everywhere. U. S. Europe, Canada, New Zealand, Asia. So, uh, so far we have different type of treasure access control model. I'm not going through the detail because we need a couple of our talk. But most of organization, I can confirm 995 using RBAC, Rule Based Access Control, which is fantastic.
I'm not saying that it's not good, because lots of using that one. It's easy to define. Yeah. Easy, right? Easy, yeah. Yeah, you can set the boundaries. Yeah, exactly. Uh, lots of units are using other units, other compilers, all of them, I see, I'm pretty sure they're using that one as well. Because every companies like Microsoft, like AWS, like Google, everyone using RBAC, they are combining with existing, again, transaction access control model.
But the question is that, how we can make it better? How we can make it more efficient? Because all of these access control, they are centralized. They are very good for single domain. [00:05:00] Right. Uh, but if you want to actually, uh, make it for cross domain environments, how we can make it better. Right. So we have a lot of problems.
We have a lot of limitations like rule explanation. So, because in the RBAC, all the access, there are links to the rules. For example, my rule is to perform this job in the patient, right? To monitor the patient. This is my rules. So my access, my permission will links to that. But what I'm proposed is simply in large university is attribute based access control.
Okay. Which recently I'm now. I'd say recently, in 2000, in December 2014, ABAG, Active Bit Base Access Control, actually introduced by NIST, which is one of the biggest, yeah, you may know about that in US, with collaboration with National Cyber Security of Excellence in US, again, these two combined, they are both in US, they introduced ABAG, the first frameworks, and they mentioned that it's time to move But [00:06:00] unfortunately, no one did that one so far in the last 10 years.
And the reason, and maybe I can say why, uh, uh, because for organization, it's not easy, because right now all of, everyone using RBAC, so they paid a lot of money for those systems, and so on. So it's not easy to move on, but we have some reason that we need to do it. Right now is the time. Not in Australia, globally, everywhere.
Right. The reason is that. The system, for example, that I propose for my system model, it's a combination of using transient access control model, like ABAC that needs to be standard, and National Cyber Security of Excellence in the US proposed, and using the advantage of the, uh, Other attributes, uh, uh, base system, which is cryptographic primitives, like attribute based group signature.
So the good thing using these two, we can blockchain based, it's not blockchain, but the next step that I'm working is. Attribute [00:07:00] based ring signature. Maybe I can, uh, say just for a quick letter. So then if you use that one, you don't need to use blockchain anymore because you mentioned the blockchain because everyone right now talking about blockchain.
This is one of my area that I'm working as well. But the big problem with blockchain, you're not be able to use it anywhere. Blockchain is good is decentralized, but practically everyone says blockchain is centralized, but for the first time actually is not decentralized because we need to admin to run it And then the system can work decentralized, that's right.
But the next work that I'm doing is, I'm going to have fully decentralized access control without using blockchain. So that's fantastic, you can run it everywhere. In the healthcare system, university, anywhere.
Sean Martin: So, Let me ask you this, um, maybe set the scope of it. So is what you're working on an enterprise, so much.
Cause you mentioned an admin managing the system. So to me that says a [00:08:00] close, somewhat close. It may be connected, but somewhat closed system managed by an admin versus like an internet web three type thing. So is, is there a distinction between those two? And are you looking more at the enterprise business level or?
Ahmad Salehi Shahraki: It's more enterprise. Because for RBAC, the admin can do anything in the system. They have power to change all the policies in the system. Right? But in the ABAC, the admin, they are not able to do anything. They have to just run it, like blockchain, that I mentioned just. And then the system If anything happened, the system will work to how they can address it.
You heard maybe about what happened with the A. I. recently, right? If you use A. I. somewhere, the A. I. can help you to do this and this. But using a backward combination of cryptographic approach like A B G S, attribute based group signature, uh, this, uh, the policy system will work if there is any problem because everything is based on the attributes.
[00:09:00] So we use group signature to make authentication first and then so I'm not going more technical because maybe all tough scope of this talk, but in group signature and what needs proposed in 2014. Team that I'm working right now on that one, everything's based on attributes. So if in a BGS they're looking, if you have for example, this type of attributes, then the system can authenticate, okay, this is the right person, right, got it.
For access control, also, we say the right person should get access to the right resources. So we use those attributes from group signature, we pass it to standard, uh, a back. from this, and then that works.
Sean Martin: Okay. Can you, because we're talking group signatures, the equivalent to group policy? Yeah. Is that kind of the correlation?
Ahmad Salehi Shahraki: No. No. No, they don't have anything with policy. Because policy, all is in the ABAC.
Sean Martin: Right. So, so I guess what I'm trying to [00:10:00] understand is, When I'm an administrator, setting my access control policy, I would do that through GPO, let's say, typically, which then I have assigned to roles, and I assign to users, and I assign to systems, and I assign to applications, whatever.
So how does that relate to what you're
Ahmad Salehi Shahraki: That's fantastic. Because everyone, this for 20 years, they are working with the rules. And we have to keep working with the rules because my rule is to do this and this. I'm not be able to remove that one from anything, right? Still, you can use that one. But if you say, for example, my rule, if let's say, uh, let's talk about healthcare system.
If I'm a doctor and I want to get access to the patient data, my rule is to do this, right? Right. So these rules will associate to, uh, the user's attributes. So it's a connection. Exactly. Validation of attributes. Right. That's right. But what we're going to do, this rule will associate with the attributes.
What is attributes? [00:11:00] Your name, your age, identity, where you're working. Are you in Melbourne, U. S.? You know, it's almost a little bit similar to RBAC. But everything has to be attributes. But the good thing is that with RBAC that right now we are working, we are not be able to make it decentralized. The reason is that we have rule exploitation.
The reason is that RBAC is aesthetic. The reason is that RBAC is not be able to apply it in cross domain environments. You need to have one set. Center and talk to manage everything like certificates, right? The surface coming to each groups, each group using those certificate, they will assign it to the users.
And if you're going to another domains, you need to say, okay, I have these certificates that one will talk with the center. They, the center will talk with another domains. Can you validate these users? But in my system, we don't have that center anymore. Domains they can talk together, or users and patient they can talk together, but for that one maybe it's good for [00:12:00] everyone to know, uh, because we are talking about attributes.
Attribute is your sensitive information, right? Like your ID. Sensitive cryptography. Exactly. So, uh, So, uh, with our tech, with our approach, like group signature and later with link signature, uh, we achieve attribute anonymous. Okay. Use this anonymously, which your attributes animals. No one can see it everywhere.
Even if you share it. I, in my yesterday presentation, I gave a very good example to the audience and that was interesting, almost the same in the U. S. because I've been there a few times. So if you go into a big shopping like Meijer, David Jones that we have here, same in the U. S. Like H Enemy or whatever.
So they say, okay, fantastic, we like you, to be here every time we would like to send you some notification about our offers, blah, blah, blah, right? This is right. Yes, could you please put your name, email address, phone number, blah, blah, blah, blah, right?
Sean Martin: They hold on [00:13:00] it.
Ahmad Salehi Shahraki: Yeah, they will hold it. So are you happy to do that one?
Most of you will say, Oh, yeah, because if you want the stuff, you give the info. Yeah. So we want to do that one because we want to hear from them, right? But I just can say another benefit from my system. that you can do that one and you don't need to worry about your information. They will not be able to see anything, but their system can send you notification because every is animals.
Sean Martin: One of the, there's a scenario. Marco and I had somebody on years ago talking about validating age to enter a bar. What do you do? You pull out your ID. They need to verify the age. You Yeah. Which is only, it should only be, are you of age or not? Yeah, that's right. Instead, they can see your birth date and your name and your address and other information that happens to be on the ID, right?
Um, when all they need is that one piece of information. Yes or no. [00:14:00] Yeah. Positive or negative. And, so it sounds like what you're working on is very similar to that. That can happen as well. Yeah.
Ahmad Salehi Shahraki: Yeah, that can happen as well. We can have just a QR code or whatever, something like this. And with that, everything's, uh, uh, I'm not saying that if you have something like QR, QR code right now, we can have a lot of data breaches on that one as well.
That's why it's not secure. But we can use More NFC. Almost the same because we are using different protocols for security for and privacy for NFC as well. Right? If you just want to use NFC itself, you can share some information. But with the approach that you are working, you can share with NFC as well.
It doesn't matter which approach, but it's fully anonymous. No one can see. But for that one, we are using zero knowledge proof. So it's a big thing. We don't have time to talk about that. But with that, we can prove. That we have this type of things that you need and the system will, uh, uh, validate it, but [00:15:00] they will not be able to see anything.
Sean Martin: Okay. How does this look from an infrastructure perspective? Because I think a lot of, there's, there's a directory that, that allows you to access on prem stuff, and then there's the cloud stuff, and then there's Um, public stuff that you described for, for customers and things like that. And oftentimes the, the authentication and the access control is pushed to the end point.
Um, and then there, hence a lot of companies on the exhibition floor, uh, helping to provide additional capabilities, the endpoint, which means another agent, which means another check and some work together, some don't. So how does, how does your. Um, fit into an organization's enterprise infrastructure in that regard.
Ahmad Salehi Shahraki: That, that, that's an interesting question. That's, that's what actually we had a lot of discussion after my meeting yesterday as well. Some of the companies we had stopped, uh, I forgot a couple of them, that we are going to start working with them [00:16:00] from next couple of weeks. Because actually they have some identity systems.
Right. And they are almost here. So, that's fantastic. I had a good chat. So, the thing is that they are using your identity, here and there, right? Mm hmm. But they're using different approach that they, like, how they can mask it, how they can hide it to provide some type of privacy. Because that's your identity.
You don't want to share it. But we, or afterwards. They don't need to worry about that. They can share it. No one can see it. But the thing is that both parties, they need to use the approach, right? Because they need to have the same system, right? So, uh, if I refer back to your question for enterprise, for cloth or whatever, you know, You can do your job everywhere.
What you need to do, you need to just, uh, again, like what I mentioned, it's almost like peer to peer, like blockchain, right? Both parties, they need to just connect to the internet, do something, and the system can do validation. It's very quick as well, because we are not going to, uh, drape [00:17:00] the new key for each transaction or something like these.
I was gonna ask about keys. Yeah. And the good thing also, I'm very happy to hear your, your question as well. The good thing with our approach is that because so far, um, a few of our colleagues in UNSW and macro units in Australia, they proposed rule based encryption at a bit based encryption. They are a type of access control.
They are good, but the problem with those one is Uh, if you want to use it in, uh, they're again, fantastic for single domain, not for cross domain for this search, decentralized system. But again, if there are some way that you can make it decentralized, uh, the big problem is that you will not be able to use it out to devices because all of us, we are using watch, feedback, phone, whatever you traveling.
You don't want to hit your phone, right? You don't want to use a lot of stuff. Just think about, uh, garments because they have a lot of sensors attached here and there. So, they [00:18:00] have battery limitation, they have storage limitation, time limitation, and so on and so on. So, if you want to use those apps, approach, the size of key liner will increase, so you need to have high communication computation, which is not good for IoT devices, not good for healthcare system.
Because if I'm patient, especially for old people, so they
Sean Martin: We're talking devices too, right?
Ahmad Salehi Shahraki: Yeah, yeah, yeah.
Sean Martin: Not just people. Yeah. And if that thing's sitting in here. Exactly. You don't want to waste battery life,
Ahmad Salehi Shahraki: uh, computation on keys.
battery that we have. So this is one of my targets that we are working on as well. We are working on the sensor that can attach or implement in the body. Because for those batteries that you have, for example, in your body, so they have, you are not able to do surgery, right? Because that type of surgery is not possible.
So that part should work for 10, 20 years or longer and longer.
Sean Martin: Absolutely. Absolutely. Let me, [00:19:00] um, I was going to ask about keys. I think when you, when you talk cryptography, you talk key management and distribution and management of keys becomes a real mess. Yeah. So, um, have you solved kind of that problem as well?
Ahmad Salehi Shahraki: That's interesting. Like what I mentioned. In my current research, we are working attribute based group signature, right? So with that one, you may have thousand of the key, thousand key for different works, right? We don't worry about that. We say for the, for our work, for this signature, because we first want to authenticate you in the systems, for, for, for that signature actually, um, we need just one key.
That can, that key will associate your attributes like what I mentioned. We don't care about the rest of the key. We can have it. I don't know. You, you do, you work with the other companies or whatever other systems. That's fine. But with our system, only key that can, uh, for example, if you have 10 rules, you need to have 10 key because all [00:20:00] of those just associate your attributes.
And the good thing is that, In our, uh, work also we achieve, uh, attribute unlinkability. What that means, uh, have you heard about e voting? No, I have not. We, we, we are going to do this one everywhere over the world for e voting system, two person shouldn't be what one person shouldn't be what in the same time, right?
Because let's say in Australia we have voting. Which is, uh, next year. So if that's going to be fully online, maybe users can vote a couple of times, right? This shouldn't be happen. So we use Yes, yes, of course, yes. We use unlinkability in our approach. So if somehow your signature forged, if somehow, some reason, I don't know, because We are, we are in, uh, technology.
Everything's developing too fast. Something happened. Someone find your signature. So find your key in some case, or if you just reveal it because [00:21:00] of maybe sometimes I've received some money or do this one, right? This system will catch that one because 2 percent they are not able to do the same thing.
The systems, this is, this is, we can also program data breaches as well. I didn't hear e voting the first time. Sorry. Oh yeah, no worries. Yeah. What is something that you can do? What thing? So this is what all the garments they are going to do. We have this one in our system model. 2 percent they are not be able to use the same key.
2%. If your signature forged for any reason, the system can detect it
Sean Martin: kind of important. Yeah, I have a gazillion. questions for you, Hamad. But, uh, I think we're gonna leave it with just one more because I know you had a great session yesterday. I think, uh, one and a half times the space of people joined you than was initially thought about.
for the room you're in. You mentioned one thing where you got some feedback in your conversation yesterday. Any other single highlight that you want to share with folks from conversations you [00:22:00] had outside of that?
Ahmad Salehi Shahraki: You mean relevant to my talk, right? Okay, perfect, yeah. So, yep, that was fantastic because I had a lot of chat with a few companies that they are working almost, you know, So they come to me, how your approach works, because they explain to me, this is a problem that they have.
I told them, okay, using this, you can address that one, even if they don't want to use exactly what I'm doing. But I can share part of my protocol with them, so they can address it. And also, again, I had a couple of chats with other companies, uh, so I discussed with them. Again, I forgot their name, uh, that's not good for me.
But, uh, they are using. Blockchains are part of blockchain for identity management. So using blockchain, okay, blockchain is very good. I'm working on blockchain as well. But somehow you're not going to be able to use blockchain in the healthcare system very easily. But I told them, okay, later we can do that one.
And then we had just a 20 minute chat with their CIO yesterday. And we're going to start to do some work as well over there. [00:23:00] And, okay, from what I understand, Uh, I think the next step that we are going to do to, uh, uh, work directly with our government in Australia, to how we can, because, uh, there is one company in U.
S., I forgot the name of the company, that they already started working on such project just a couple of years ago. I had a lot of chat with them, but their base is in Israel. Uh, but their business all centers in the U. S. But technical people there in this, right? So they try to use a back because that's something fantastic everyone to do.
But unfortunately, they couldn't achieve their targets. So what they did They, uh, combined, uh, the engine and attribute based, uh, access control from ABAC again to RBAC, which is the existing works. So they call it policy access control. Right. Because they are just trying to make the policy decentralized.
It's like a [00:24:00] shim between. Exactly. But what, what, uh, uh, All the companies, public and private sectors, they are worried, they don't want to share their policies with each other, right? But we get It's almost a reverse problem. Exactly. And also we can have policy conflict. Yeah. If you share it, because maybe you're working on something somewhere else, the same policy, if you share it, you will get policy conflict, the system not working for a while.
And then the admin need to address that one. But the good thing with my works, uh, because I had chat with them. So probably we are going to continue with that because my system already down with it, uh, simulated in the real environments, but we're going to work with some of company in Australia. And hopefully we're going to apply for some grants with, uh, with our government's, uh, exactly based on what they released a few days back.
Right. We need to secure a fracture exactly. We need to see how we're going to share information with someone, and how we confidence that they are not be able to read what they do, but they have to perform their job. There's specific language in the Cyber Act. [00:25:00] Yeah, exactly. Yeah, that's right. So this is what I understand.
That's fantastic for me. I got a lot of good feedbacks from last night. Here come the grants. Yeah, from last night I went home after a black party. And I received 120, uh, requests in my LinkedIn. There you go. So that's fantastic. It is? Yeah. So this, this
Sean Martin: Nearly everybody in the room.
Ahmad Salehi Shahraki: Yeah. Probably, yeah, because I put my bar, uh, QR code over there.
But that's very fantastic for me to see that people, they are looking for something like this. And that's very interesting. And again, uh, I'm going to have also a chat with this company in the U. S. too. How we can maybe work in the future. Okay. So probably my target. Uh, is to, uh, get some grants from in, uh, government and in Dresden.
We can establish this one in Australia soon. And I hope we can also do it in the future, uh, widely, not just in Australia. Because I, I, I can see this very good. This is what NIST, uh, in 2014, with collaboration with It's a national cybersecurity of excellent in the U. S. they propose it, [00:26:00] but the problem is that, uh, we need to write to convince people why we have to move on because this for 20 years behind the thread show our back.
It's enough. Yeah. We need to move on. It needs to be operationalized. Exactly. Because of the trust, security, and privacy. We shouldn't share our digital identity with anyone. If you share it, you should be confident that you are not learning anything. But with our system, you can be confident. You can do your job.
Sean Martin: I love it. Well, I presume you have some research that you can share with our audience. Maybe you can share some links with us and we'll share that with everybody. And obviously, you'll get more LinkedIn followers. Of course. Well, thank you so much. Thank you so much for having me. For chatting with you. And congratulations on a successful, uh, research project and, uh, some outcomes that led to a talk and, and clearly.
Of course. Some good conversations following. Thanks everybody for listening, watching. Uh, please do subscribe, share. There's more coming from [00:27:00] Melbourne here at, uh, Australia CyberCon. Stay tuned. Thank you.