Identity is a hot topic in the decentralized space. The decentralized identity movement aims to develop a new model that builds upon decentralized and interoperable standards. The new model will improve interaction with blockchain ecosystems and networks, enabling better experience and enhanced user safety. Solidifying an identity model is crucial to onboarding the first billion people to the decentralized ecosystems.
So what is the current status of the decentralized identity ecosystem? Is it just an abstract futuristic idea? Or are businesses and innovators actively working on implementing a new system? Here’s how models of identity will be crucial to the future of web3.
What is the problem with current digital identities?
Why do we need a new decentralized identity model? What’s wrong with the current system?
Digital identity in web2
Users interact with decentralized applications (DApps) and web3 in a completely different way than web2.
The latter still uses legacy-based digital identity models (i.e., centralized or federated). This means they are either unique for each platform or controlled by a big tech company through SSO (single-sign-on).
This approach is custodial of our identity. All the associated data is stored and owned by someone else on their servers. Thus, someone else may delete it without our consent.
Digital identity in web3
Things are different in web3. Users connect to various decentralized applications using cryptocurrency wallets. Here, user identification and authentication are based on cryptography.
Asymmetric crypto key pairs and blockchain addresses identify users digitally. This approach is non-custodial or self-custodial; users control their digital identities by holding cryptographic keys in their wallets.
The current decentralized identity model enabled the birth of many innovations and applications in the ecosystem. But there are still some drawbacks. The user is identified by their blockchain address which is tightly coupled with a single cryptographic key pair. So if a user loses access to their key, they lose their identity, too.
That presents a severe issue for global blockchain adoption. It will likely put off non-tech-savvy people concerned about the responsibility and pressure of keeping their keys safe. And imagine explaining all that to your (grand) parents!
Another problem is the storage of identity data. Since data is on blockchains, private identity data is at risk. If public, that data is easily viewable or, even worse, transferable and sellable to other blockchain users.
Decentralized identity: forms and solutions
Decentralized identity is one of the most active fields in blockchain ecosystems. Developers and innovators are constantly working on implementing and testing new approaches.
Ethereum co-founder Vitalik Buterin refers to decentralized identity as one of the most exciting applications in the blockchain ecosystem. Other industry leaders, such as Cardano founder, call the decentralization of identity essential to the future of crypto. But what might working solutions be?
As written above, identity has two critical parts: identifier management and data associated with the identity. Both can be achieved differently. Some optimizing approaches have different priorities from others.
On-chain identity: EOAs/AA and SBTs
The on-chain identity on several blockchain networks and L2s is moving from EOAs and their disadvantages to the account abstraction (AA) model or smart contract wallets (SCWs). This new model allows the implementation of custom functionalities of the blockchain accounts into the smart contract based on user needs.
For example, wallet security can be improved by custom policies implemented in the smart contract. For instance, the user can use MetaMask as a hot wallet for smaller transactions and a secure hardware wallet for larger amounts. This also enables social recovery and other features that improve user UX.
For identity data, many projects are exploring using NFTS, more precisely SBTs (soulbound tokens). The latter is more suitable for identity. SBTs are not transferable and cannot be sold (just like our identity).
Off-chain identity: DIDs and VCs
While the first approach evolved in the blockchain community, off-chain identity is rooted in self-sovereign identity (SSI) circles and Internet Identity Workshop (IIW).
This type of identity is not tightly coupled to the blockchain itself. Blockchains store the identity metadata in a trusted, permissionless manner. Here the users’ identifiers are Decentralized Identifiers (DIDs). These are globally unique values similar to blockchain addresses. Behind each DID is a DID Document.
This document contains the metadata of identifiers, such as cryptographic public keys used for authentication. Each identifier is described by DID method, which defines the dynamics and workings of the DIDs of that type. For example, DID method ethr determines these DID Documents are anchored on Ethereum or another EVM-complaint blockchain. DID records can be updated on-chain, enabling cryptographic key rotation and delegation.
Identity data is represented with Verifiable Credentials (VCs), digitally signed off-chain attestations issued by entities that usually have some reputation. All attestations and claims can be structured as VCs, such as passports, achievements, and certificates.
There are three actors in the VC lifecycle: issuers, holders, and verifiers. All actors have their DIDs and use them for identification purposes. Thus the VCs contain data about the issuer’s and holders DID. Since they are, by default, fully off-chain, they are great for cases where privacy is required. Advanced cryptographic techniques like Zero-Knowledge Proofs (ZKPs) can provide even more privacy. They enable the disclosure of only a subset of claims in VCs or proving predicates instead of actual values.
Which is better?
While on-chain and off-chain identity solutions aim to solve similar problems, their usage makes sense for different use cases.
On-chain identity is suitable for applications where data should be public and available to everyone. This could be a project/organization membership, where the total number of memberships should be shared and transparent. Another advantage is easier integration and interaction into other smart contracts since the data is on-chain. For example, giving users who own certain SBTs the ability to mint an NFT.
On the other hand, off-chain identity is more suitable for privacy-focused applications. This includes anything from passport verification to driver’s license verification. Another advantage of off-chain data is that it does not incur any cost for issuing (or sharing/verifying) trusted data.
The decentralized identity field is complex, and there are many other elements to consider when deciding which path to follow. But both type of identities, and possibly some different approach or hybrid (e.g., Sismo and Polygon ID), finds a role in web3 applications.
Decentralized identity use cases
Fairer DAO governance
Decentralized Autonomous Organizations (DAOs) experienced a boom during the last bull market. Some gathered thousand of users who oversee treasuries worth millions of dollars. But the lack of identity data available for users/members of DAOs and reputation mechanisms led to several problems.
Most DAOs constructed their governance power and reputation of members based on several governance tokens, ERC20 or NFTs. This often leads to whales buying up the majority of tokens and thus concentrating voting power to a few members. Using SBTs and VCs, reputation can be based on participation, different achievements, and members’ skills. This leads to fairer, more personalized, and meritocratic governance.
Bridging real-life data to the metaverse
The initial hype around metaverses that followed the Facebook rebrand faded quickly. But this space is full of exciting development. Graphics of digital worlds are being improved daily, and richer, more immersive user experiences are being developed.
One of the most exciting developments in the coming years will be the merging of real and digital assets and the movement of this associated data. SBTs and VCs will enable us to create real-world experiences based on our required privacy level in future virtual worlds.
There are many inefficient processes regarding personal medical data and sharing them between different institutions. By digitalizing this data and storing it as VCs, users will own their data and share it with whomever they want.
Sybil attack protection
While pseudonymity is one of the most significant advantages of blockchains, it can present a problem for many applications, e.g., DAO governance. Building identity can solve Sybil attacks to some degree; it is still easy to create several accounts, but hard to obtain reliable identity data.
User identity profiles
Users are building their identity profiles by collecting and earning SBTs and VCs. This could be membership cards, course certificates, or participation in DAO governance. Self-signed data is also often overlooked. This can be very useful, for example, in creating a watchlist of favorite NFTs.
Instead of storing this data on platform servers or user wallets, this data can be shared and used everywhere, including on different NFT platforms. Using VCs for that data also costs nothing. Altogether, it enables a better user experience and furthers data interoperability.
Reusable KYC attestations
Many platforms require users to perform KYC registrations before accessing their services due to regulations in their operating country. But today, KYC must be performed separately on each platform due to data being held on exchanges’ centralized servers (or KYC provider servers).
But KYC attestations could be issued as VCs (or SBTs, though the privacy here is questioned) and stored in user wallets. This would enable users to reuse them on multiple platforms and share them with consent when needed.
Biggest challenges of decentralized identity
One of the biggest challenges is preparing users to transition to a non-custodial or self-custodial way of managing identity. With social recovery, AA and DIDs solve the problem of losing keys to your identifier. However, it still needs to be set up and be easy to understand for users.
Many tools and wallets for web3 have come a long way in terms of features and UX. Support for these new primitives is still being developed (especially AA wallets, DIDs, and VCs). It will take time to implement, reiterate, and gain widespread adoption.
Due to several different models for managing data and identity, making different approaches user-friendly could take time and effort. Specific use cases may converge to one type of identity implementation in the future.
Who are the builders?
Many projects and companies are already building decentralized identity components. Binance announced it would make Binance Account Bounds (BAB) as SBTs, the first-ever soulbound token on BNB Chain. The AA space is also very active, with many projects building and supporting smart contract wallets like Argent. New standards are increasingly being proposed, such as EIP-4337.
The SSI ecosystem, in combination with web3, has also started to expand. Some projects, like Veramo and Spruce ID, are building open-source libraries to work faster with DIDs and VCs. Gitcoin Passport uses VCs to present various credentials and achievements, such as POAP and GitHub activity. Users can, for example, vote on the Snapshot platform. Plugins are also on the way. Blockchain Lab:UM, for example, is developing a Snap plugin/extension for Metamask, allowing the wallet to support DIDs and VCs directly.
How to start building my identity? Is it too soon?
You can start building your decentralized identity today! Users can collect SBTs and VCs on several platforms described in the previous section. While work still needs to be done at the R&D level and with user experience, progress with decentralized identity solutions is being made on different frontiers.
Decentralized identity is positioning itself as the building block for many use cases in the future. It will be crucial to the future of web3, enabling richer and more secure experiences.
Frequently asked questions
What is decentralized identity?
What is self-sovereign identity (SSI)?
What is account abstraction (AA)?
What are soulbound tokens (SBTs)?
What are decentralized identifiers (DIDs)?
What are verifiable credentials (VCs)?
About the author
Vid Keršič is an R&D Engineer and CTO of Blockchain Lab:UM, an R&D laboratory focused on researching, developing, and providing consultancy on blockchain technology and related applications. His work is mostly centered around research and development of blockchain networks, different decentralized identity approaches, and artificial intelligence. He has been in the space since 2018 and is very excited about all the development happening on different frontiers.