Identity is a hot topic in the decentralized space. The decentralized identity movement aims to develop a new model that builds upon decentralized and interoperable standards. The new model will improve interaction with blockchain ecosystems and networks, enabling better experience and enhanced user safety. Solidifying an identity model is crucial to onboarding the first billion people to the decentralized ecosystems.
So what is the current status of the decentralized identity ecosystem? Is it just an abstract futuristic idea? Or are businesses and innovators actively working on implementing a new system? Here’s how models of identity will be crucial to the future of web3.
Want to discuss Web3 with like-minded people? BeInCrypto Trading Community on Telegram discuss Web3 projects, read technical analysis on coins, ask and get answers to all your questions from PRO traders & analysts! Join now
- What is the problem with current digital identities?
- Decentralized identity: forms and solutions
- Decentralized identity use cases
- Biggest challenges of decentralized identity
- Who are the builders?
- How to start building my identity? Is it too soon?
- Frequently asked questions
- About the author
What is the problem with current digital identities?
Why do we need a new decentralized identity model? What’s wrong with the current system?
Digital identity in web2
Users interact with decentralized applications (DApps) and in a completely different way than web2.
The latter still uses legacy-based digital identity models (i.e., centralized or federated). This means they are either unique for each platform or controlled by a big tech company through SSO (single-sign-on).
This approach is custodial of our identity. All the associated data is stored and owned by someone else on their servers. Thus, someone else may delete it without our consent
Digital identity in web3
Things are different in web3. Users connect to various decentralized applications using cryptocurrency wallets. Here, user identification and authentication are based on cryptography.
Asymmetric crypto key pairs and blockchain addresses identify users digitally. This approach is non-custodial or self-custodial; users control their digital identities by holding cryptographic keys in their wallets.
Using the keys and digital signatures on blockchain transactions, users can perform all operations on blockchains. This includes swapping tokens, trading NFTs proposals
The current decentralized identity model enabled the birth of many innovations and applications in the ecosystem. But there are still some drawbacks. The user is identified by their blockchain address which is tightly coupled with a single cryptographic key pair. So if a user loses access to their key, they lose their identity, too.
That presents a severe issue for global blockchain adoption. It will likely put off non-tech-savvy people concerned about the responsibility and pressure of keeping their keys safe. And imagine explaining all that to your (grand) parents!
Another problem is the storage of identity data. Since data is on blockchains, private identity data is at risk. If public, that data is easily viewable or, even worse, transferable and sellable to other blockchain users.
Decentralized identity: forms and solutions
Decentralized identity is one of the most active fields in blockchain ecosystems. Developers and innovators are constantly working on implementing and testing new approaches.
Ethereum co-founder Vitalik Buterin decentralized identity as one of the most exciting applications in the blockchain ecosystem. Other industry leaders, such as Cardano founder, the decentralization of identity essential to the future of crypto. But what might working solutions be?
As written above, identity has two critical parts: identifier management and data associated with the identity. Both can be achieved differently. Some optimizing approaches have different priorities from others.
On-chain identity: EOAs/AA and SBTs
The on-chain identity on several blockchain networks and L2s is moving from EOAs and their disadvantages to the account abstraction (AA) model or smart contract wallets (SCWs). This new model allows the implementation of custom functionalities of the blockchain accounts into the smart contract based on user needs.
For example, security can be improved by custom policies implemented in the smart contract. For instance, the user can use MetaMask as a hot wallet for smaller transactions and a secure hardware wallet for larger amounts. This also enables social recovery and other features that improve user UX.
Account Abstraction moves Ethereum from the current approach of one-account-fits-all, where anyone can lose everything with a small mistake, to a future where accounts can be tailored to individual needs
Here's our explainer if you want to learn more: https://t.co/004hQMSC7Y
(@argentHQ) October 11, 2022
For identity data, many projects are exploring using NFTS, more precisely SBTs (soulbound tokens). The latter is more suitable for identity. SBTs are not transferable and cannot be sold (just like our identity).
Off-chain identity: DIDs and VCs
While the first approach evolved in the blockchain community, off-chain identity is rooted in self-sovereign identity (SSI) circles and Internet Identity Workshop (IIW)
This type of identity is not tightly coupled to the blockchain itself. Blockchains store the identity metadata in a trusted, permissionless manner. Here the users’ identifiers are Decentralized Identifiers (DIDs). These are globally unique values similar to blockchain addresses. Behind each DID is a DID Document.
This document contains the metadata of identifiers, such as cryptographic public keys used for authentication. Each identifier is described by DID method, which defines the dynamics and workings of the DIDs of that type. For example, DID method determines these DID Documents are anchored on Ethereum or another EVM-complaint blockchain. DID records can be updated on-chain, enabling cryptographic key rotation and delegation.
Identity data is represented with Verifiable Credentials (VCs), digitally signed off-chain attestations issued by entities that usually have some reputation. All attestations and claims can be structured as VCs, such as passports, achievements, and certificates.
There are three actors in the VC lifecycle: issuers, holders, and verifiers. All actors have their DIDs and use them for identification purposes. Thus the VCs contain data about the issuer’s and holders DID. Since they are, by default, fully off-chain, they are great for cases where privacy is required. Advanced cryptographic techniques like Zero-Knowledge Proofs (ZKPs) can provide even more privacy. They enable the disclosure of only a subset of claims in VCs or proving predicates instead of actual values.
Account Abstraction moves Ethereum from the current approach of one-account-fits-all, where anyone can lose everything with a small mistake, to a future where accounts can be tailored to individual needs
Here's our explainer if you want to learn more: https://t.co/004hQMSC7Y
— Argent (@argentHQ) October 11, 2022
Which is better?
While on-chain and off-chain identity solutions aim to solve similar problems, their usage makes sense for different use cases.
First crack at a flowchart for ) following my musings last week: https://t.co/tb6pnghgPX
Feedback welcome! (inc. the text is too damn small) Notes / caveats below?? pic.twitter.com/XeekqEIiXH
— Fraser ???? (@fraser_again) May 30, 2022
On-chain identity is suitable for applications where data should be public and available to everyone. This could be a project/organization membership, where the total number of memberships should be shared and transparent. Another advantage is easier integration and interaction into other smart contracts since the data is on-chain. For example, giving users who own certain SBTs the ability to mint an NFT
On the other hand, off-chain identity is more suitable for privacy-focused applications. This includes anything from passport verification to driver’s license verification. Another advantage of off-chain data is that it does not incur any cost for issuing (or sharing/verifying) trusted data.
The decentralized identity field is complex, and there are many other elements to consider when deciding which path to follow. But both type of identities, and possibly some different approach or hybrid (e.g., Polygon ID), finds a role in web3 applications.
Decentralized identity use cases
Fairer DAO governance
Decentralized Autonomous Organizations (DAOs) experienced a boom during the last bull market. Some gathered thousand of users who oversee treasuries worth millions of dollars. But the lack of identity data available for users/members of DAOs and reputation mechanisms led to several problems.
Most DAOs constructed their governance power and reputation of members based on several governance tokens, or NFTs. This often leads to whales buying up the majority of tokens and thus concentrating voting power to a few members. Using SBTs and VCs, reputation can be based on participation, different achievements, and members’ skills. This leads to fairer, more personalized, and meritocratic governance
Bridging real-life data to the metaverse
The initial hype around metaverses that followed the Facebook rebrand faded quickly. But this space is full of exciting development. Graphics of digital worlds are being improved daily, and richer, more immersive user experiences are being developed.
One of the most exciting developments in the coming years will be the merging of real and digital assets and the movement of this associated data. SBTs and VCs will enable us to create real-world experiences based on our required privacy level in future virtual worlds.
Medical records
There are many inefficient processes regarding personal medical data and sharing them between different institutions. By digitalizing this data and storing it as VCs, users will own their data and share it with whomever they want.
Sybil attack protection
While pseudonymity is one of the most significant advantages of blockchains, it can present a problem for many applications, e.g., DAO governance. Building identity can solve Sybil attacks to some degree; it is still easy to create several accounts, but hard to obtain reliable identity data.
User identity profiles
Users are building their identity profiles by collecting and earning SBTs and VCs. This could be membership cards, course certificates, or participation in DAO governance. Self-signed data is also often overlooked. This can be very useful, for example, in creating a watchlist of favorite NFTs.
Instead of storing this data on platform servers or user wallets, this data can be shared and used everywhere, including on different NFT platforms. Using VCs for that data also costs nothing. Altogether, it enables a better user experience and furthers data interoperability.
Reusable KYC attestations
Many platforms require users to perform KYC registrations before accessing their services due to regulations in their operating country. But today, KYC must be performed separately on each platform due to data being held on exchanges’ centralized servers (or KYC provider servers).
KYC attestations could be issued as VCs (or SBTs, though the privacy here is questioned) and stored in user wallets. This would enable users to reuse them on multiple platforms and share them with consent when needed.
Biggest challenges of decentralized identity
One of the biggest challenges is preparing users to transition to a non-custodial or self-custodial way of managing identity. With social recovery, AA and DIDs solve the problem of losing keys to your identifier. However, it still needs to be set up and be easy to understand for users.
Many tools and wallets for web3 have come a long way in terms of features and UX. Support for these new primitives is still being developed (especially AA wallets, DIDs, and VCs). It will take time to implement, reiterate, and gain widespread adoption.
Due to several different models for managing data and identity, making different approaches user-friendly could take time and effort. Specific use cases may converge to one type of identity implementation in the future.
Who are the builders?
Many projects and companies are already building decentralized identity components. announced it would make BINANCE Account Bounds (BAB) as SBTs, the first-ever soulbound token on BNB Chain. The AA space is also very active, with many projects building and supporting smart contract wallets like. New standards are increasingly being proposed, such as EIP-4337
The SSI ecosystem, in combination with web3, has also started to expand. Some projects, like Spruce ID, are building open-source libraries to work faster with DIDs and VCs.Gitcoin Passport uses VCs to present various credentials and achievements, such as and GitHub activity. Users can, for example, vote on the Snapshot platform. Plugins are also on the way. Blockchain Lab:UM, for example, is developing a Snap plugin/extension for Metamask, allowing the wallet to support DIDs and VCs directly.
How to start building my identity? Is it too soon?
You can start building your decentralized identity today! Users can collect SBTs and VCs on several platforms described in the previous section. While work still needs to be done at the R&D level and with user experience, progress with decentralized identity solutions is being made on different frontiers.
Decentralized identity is positioning itself as the building block for many use cases in the future. It will be crucial to the future of web3, enabling richer and more secure experiences.
Frequently asked questions
What is decentralized identity?
Decentralized identity is the evolution of digital identity models with the management and control of identifier and identity-related data. The decentralization aspect means users can create and manage their digital identity independently of service providers or other centralized identity providers.
What is self-sovereign identity (SSI)?
While sometimes also called decentralized identity, self-sovereign identity redefines the digital identity from the ground up. The core building blocks are DIDs and VCs. DIDs present user identifiers and, with cryptographic signatures and proofs, serve as the replacement for usernames and passwords. VCs represent all the users’ claims, attestations, and other data.
What is account abstraction (AA)?
Account Abstraction (AA) abstracts EOAs (externally owned accounts) to smart contract wallets (SCWs). SCW allows the programmability of signature validation, support for different cryptographic algorithms, social recovery, and other features. One of the most known standards for AA is EIP-4337.
What are soulbound tokens (SBTs)?
Soulbound Tokens (SBTs) are non-transferable assets, similar to NFTs, but with the transfer functionality disabled. Thus they are suitable for identity data that shouldn’t be sellable. Due to their inability to be transferable, they are bound to the “soul” (account of the user)
What are decentralized identifiers (DIDs)?
Decentralized Identifiers (DIDs) are globally unique persistent identifiers for any entity without needing a centralized provider. DIDs are described by DID methods, which define the dynamics of DID identifiers and where or how to find the underlying data of DID identifiers. The specification was approved as a W3C Recommendation by W3
What are verifiable credentials (VCs)?
Verifiable Credentials (VCs) are a standard for trusted data representation. The standard defines how different types of data, such as certificates, can be structured containing digital signatures and metadata. The specification was approved as a W3C Recommendation by W3C.
About the author
Vid Kersic is an R&D Engineer and CTO of Blockchain Lab:UM, an R&D laboratory focused on researching, developing, and providing consultancy on blockchain technology and related applications. His work is mostly centered around research and development of blockchain networks, different decentralized identity approaches, and artificial intelligence. He has been in the space since 2018 and is very excited about all the development happening on different frontiers.
