Original title: DID – Putting Control Back Into The Hands of Users
Author: Avant Blockchain Capital
Compiled by: Qianwen, ChainCatcher
In the modern digital age, a variety of data make up everyone's digital identity. A person's identity can be considered as a legal identity, a social identity, a network identity, etc. In essence, these identities form a unique network of data points, usually stored in a centralized manner, interconnected between devices, applications, and third-party services. This setup makes it impossible for individuals to selectively share personal data, thereby increasing the potential risk of data breaches and cyber threats. Most importantly, individual users cannot control others' access to this data.
Web3 marks a significant advancement, inventing a new user-centric online market. This digital vision is built on the principles of blockchain technology and is able to operate independently without any intermediary platform monopolizing user IDs, paving the way for a truly decentralized Internet. In this new framework, everyone can have full ownership of their own data.
The beauty of Web3 is that it empowers users, allowing them to customize their profiles in a single account and store their personal data securely. Imagine being able to use this account for all your online activities, whether participating in social media networks or accessing your cryptocurrency wallet. It provides a seamless, user-oriented experience, and this is the future we are looking forward to.
How DID works
DID is a new digital identity approach that aims to provide a secure, decentralized, and verifiable way to prove an individual's online identity - it enables users to selectively disclose information, provide verifiable credentials, and simplify online interactions. The mechanism of decentralized identity relies on some form of decentralized storage to contain an individual's decentralized identifier (DID) - think of it as an identity vault owned by the user. This vault can be in the form of an application, browser extension wallet, smart contract, enabling users to forge decentralized identities and determine the level of access that third-party service providers can have. In this model, users have exclusive ownership of the relevant public and private keys.
DID startups have developed different technologies to solve the traditional problems of CID, but no consensus has been reached so far. Some wallets have adopted alternative authentication methods, for example, pairing users' certificates with real-world verification data (such as biometrics) and keeping them safe on the blockchain. When identity authentication is needed in Web3, users can sign transactions with their private keys or biometric data on applications that support decentralized identity authentication. After that, the service provider uses the shared decentralized identity to find the corresponding unique DID on the blockchain. This user-centric innovation returns power to users, guarantees the security of personal data, and enhances the digital experience.
A DID is a unique identifier (URI) that enables an entity to generate and control its identifier in the digital world, with the following key properties:
No centralized ID registration
A decentralized ledger or network (although not required)
Is a permanent identifier
Can be authenticated cryptographically
Connect a DID subject to a DID file
If it complies with W3C regulations, it is interoperable
The above are the classic features of DID (but there are other alternatives on the market).
DIDs are associated with transactions as a Uniform Resource Identifier (URI). “Methods” are the second part of the DID architecture. This involves a verifiable registry and execution protocol that specifies the methods for looking up DIDs. This part contains many methods, mainly focusing on create, read, update, and delete procedures. DID methods operate similarly to how DNS addresses operate in a computing environment. DID methods are often associated with a verifiable data registry, which is a system that unifies DIDs, DID files, and DID methods. Verifiable data registries can take many forms and can be trusted databases, decentralized databases, distributed ledgers, or government ID databases such as DigiLocker.
In short, a DID includes a unique identifier that is used to retrieve the DID file associated with the DID subject. The file is saved on one or more decentralized storage platforms, such as IPFS or STORJ. The workflow is as follows:
The DID subject decides to create a DID and share it with others (including the file itself);
A timestamp is created;
Metadata related to delegation and authorization;
Use the public key to encrypt and prove validity;
List of services using DID
Use JSON-LD signature to verify the integrity of the file (off-chain proof, i.e. on-chain proof held in JSON file or smart contract)
Here are the key points of the difference between DNS and DID:
Keys to DID Adoption
We believe that DID adoption will continue in the Web 3 world, but given the usage challenges users face with many current solutions, end users will not necessarily adopt pure on-chain DID solutions. In general, we believe that DID adoption will be determined by the following key factors:
SDK
DID systems often come with an SDK that makes it easy for developers to incorporate identity systems for their users. In the past, the lack of interoperability and developer friendliness of many DID systems has hindered the adoption of these protocols. For example, the Lens Protocol, a composable, decentralized social graph protocol, has developed the LensClient SDK, which is built in TypeScript to make interacting with the API easier. Systems that are able to develop intuitive and easy-to-use SDKs will largely achieve higher adoption rates.
Compliance and Regulation
Governments and regulators are increasingly recognizing the importance of digital identity, privacy, and security. For example, the EU General Data Protection Regulation is addressing the "right to erasure" or "right to be forgotten," allowing users to ask companies to delete all traces of their data from their systems. As a result, companies will face huge costs to restructure their data management systems to accommodate such requirements. If regulation continues to move in this direction, sovereign DID identity identification methods will be a key focus for companies to focus on, otherwise they may face the consequences of violating regulations.
AI
AI users are able to have a customer experience in terms of content and consumption. This data layer should be composable and open. As deep fake technology and AI advance, verifiable identity will become more and more valuable. The relationship between valid identity and content must be established efficiently.
The need for interoperability
DID systems are designed to be interoperable, allowing seamless communication between different identity systems. The value of the technology will increase as it is able to connect with various other systems. Various forms of reputation systems will emerge to accommodate more seamless integration, which will lead to greater adoption in real life.
Some general technology directions worth investing in
Certification
Authentication involves using cryptographic methods to verify ownership and control of a DID. This process typically relies on a decentralized public key infrastructure (DPKI) and does not rely on a centralized certificate authority. Instead, DID owners generate their own public-private key pairs, enabling them to securely prove their identity and authenticate themselves without relying on a third party. This approach enhances security, privacy, and user autonomy in digital identity management.
Alias and ID Aggregator
Aliases and ID aggregators are important components in the DID ecosystem. Aliases provide human-readable identifiers that can be associated with DIDs, making it easier for users to manage and share their decentralized identities. These aliases can be associated with DIDs while protecting privacy and being under the control of the user. ID aggregators act as intermediaries that facilitate the discovery, exchange, and verification of identity data and certificates in the DID ecosystem. They can help users manage their various DIDs and related data across different environments and platforms. By using ID aggregators, users can maintain the privacy and security of their digital identities while simplifying their interactions with various online services and applications.
Proof of Personhood
Proof of personhood generally refers to a cryptographic mechanism that verifies that someone is unique, ensuring that the person being verified is a single, unique person. This is usually done to prevent Sybil attacks, where an entity creates multiple fake identities to gain more influence or manipulate the system. Proof of personhood does not necessarily require revealing personal information, but instead focuses on ensuring that each participant is a unique individual.
There are two types of character certification items:
Federated identity projects: These solutions use a largely trusted third party to issue valid identities. Current applications prefer to use existing identities rather than issue new ones, so the market prefers global federated identity projects.
Emergent identity projects: Emergent identities are derived from existing data structures, such as social graphs or user behaviors. Emergent identities can be obtained by integrating existing credentials from actions taken or calculating the interconnectedness of users in social groups.
Two types of certification:
Off-chain proof: In this arrangement, the proof is converted into a JSON file and stored off-chain (preferably on a decentralized cloud storage platform such as IPFS or Swarm). But the hash of the JSON file is stored on-chain and linked to the DID through the on-chain registry. The associated DID can be the DID of the issuer or recipient of the proof.
On-chain proofs: On-chain proofs are stored in smart contracts on the Ethereum blockchain. The smart contract (acting as a registry) will map the proofs to the corresponding on-chain decentralized identifiers (public keys).
Soulbound Tokens
Soulbound tokens are another solution that has the potential to be used as a new way to represent and manage a person's digital identity. Soulbound tokens should be unique and non-transferable, ensuring that each token is permanently associated with a specific personal identity. This will prevent tokens from being traded, sold, or stolen. Soulbound tokens should be designed to work seamlessly with existing DID infrastructure, including decentralized identifiers (DIDs), verifiable credentials, and decentralized key management systems. Soulbound tokens have the potential to be used to represent various aspects of a person's identity, such as interests, achievements, or affiliations. This will enable users to personalize their digital identity and build meaning around their identity.
Wallet alternatives
In the SSI community, there are many known DID methods, but most of them require users to have a digital identity wallet and need to save a seed (private key). Using a digital wallet can be cumbersome for novices because they have to install the wallet software on their laptop or phone. An alternative is to reduce reliance on wallets and promote the transition from Web 2 to Web 3 through smart contracts and other means.
DID issuance and tools
DID issuance and tools refer to the processes and technologies used to create, manage, and use decentralized identifiers (DIDs). DID issuance involves the generation of unique, persistent, and verifiable identifiers that can be associated with individuals, organizations, or objects in a decentralized manner without relying on centralized authorities. DID tools include a range of software and hardware solutions that facilitate key management, authentication, and interaction with the decentralized identity ecosystem. These tools can include wallets, SDKs, APIs, and libraries to simplify the integration of DIDs in applications and services. They enable users to securely manage their digital identities and interact with various Web3 platforms, bringing greater privacy, security, and user autonomy to the digital world.
Outlook
We believe that DID adoption will continue in the Web 3 world, and the opportunities for certain key technologies (listed below) are the most compelling. We focus on the following two technologies: 1) can lower the barrier to entry for first-time users 2) have the potential to become the core layer of verification service providers. Specifically, we have the following recommendations:
New Information Distribution Protocol
These tools can better define who we are by analyzing data from DIDs. Sovereign identity systems, supported by new IDPs, can not only authenticate users, but also give users control over how, when, and where their data is used. In an increasingly complex digital ecosystem, the ability of different systems to work together (interoperability) is critical. New IDPs that facilitate this interoperability may gain significant traction. (e.g., RSS3, 0xScope).
Passport on Chain
Compared with other identity verification systems (such as traditional authentication methods), on-chain passports provide a more comprehensive, secure and user-centric solution. Investing in this technology means investing in a technology that not only meets current security needs, but also conforms to the development direction of digital identity management. Verification service providers such as Gitcoin pass and link3.to are good examples.
Super ID
We should look for "super IDs" in the DID world, which will encourage us to find the most widely recognized and adopted integrators. For example, SpaceID, Dmail, ENS, Worldcoin.
Tool and wallet alternatives
One of the main barriers to adoption of the DID approach remains the high barrier to entry and difficulty connecting Web2 and Web3 users. Right now, there are just over 200 million Web3 users, compared to over 2 billion Instagram users. Teams building products that can simplify or skip the entire wallet onboarding experience (seed phrase or KYC) will help drive further adoption of DID and Web 3.
Additionally, building complete open source tools and interoperability standards, unbundling authentication, and rebuilding from first principles will enable new DID solutions to emerge. Tooling projects will enable more DID solutions to emerge.
Decentralized digital identity is a breakthrough technology that can further promote the Web3 revolution. This innovation allows users to seamlessly browse all their accounts without having to remember multiple usernames and passwords, and obtain higher security and data protection in the metaspace. At the same time, it enables enterprises to provide personalized services to users while protecting user privacy. The adoption of this technology may be earlier than expected, and both new startups and mature companies have integrated systems to oversee the verification, security and management of various identities and access rights.
