The decentralized identity revolution: How will digital identities be built on Web3?

By Donovan Choy

Source: Bankless

There are some glaring problems with today's digital ID systems: centralized entities control who and how we can access the world, we get password fatigue from keeping track of too many accounts, and the organizations that control this data are huge cybercriminals. honey jar.

How did we get here?

It is commonplace to place the blame on the Web2 giants, but the fact is that the big tech companies have dramatically accelerated digital identity innovation by popularizing the federated identity model.

By establishing federated identity protocols such as OAuth, SAML, and OpenID, big tech companies act as middlemen for "identity providers," dramatically reducing the number of logins users must keep track of. "Single Sign-On" improves the interoperability of digital movements between our online services.

It allows you to access Gmail and YouTube without logging into multiple accounts, or logging into various e-commerce sites with Facebook or Twitter.

But while Web2 digital identities improve many of the problems associated with centralized digital identities, problems still exist. Web2 digital identity still operates within the same account-based structure as its centralized predecessors.

Accounts still belong to the big tech companies that issued them:

"Ownership" of your digital identity does not belong to you.

Your digital identity runs on their servers.

We have no way of understanding the richness of our social connections because these are proprietary data owned by private companies.

The good news is that thanks to advances in cryptography and decentralized blockchain networks, an alternative is on the horizon.

I call it the decentralized identity revolution. This time around, blockchains offer the opportunity to enact our own self-sovereign identities in a spontaneous, bottom-up fashion that traditionally requires us to jump through the hoops of centralized institutions.

Functionally, the key difference in the decentralized identity revolution is that ownership of your online identity is no longer account-based and "provided" by a middleman. Rather, it is a digitally shared connection that all parties to the relationship commit to maintaining over the long term, mirroring the types of direct relationships we have in the real world.

Broadly speaking, Web3 digital identity actors fall into three groups.

They are proof of personality projects, verifiable credentials and most recently soulbound tokens.

Let's look at them one by one.

proof of personality

Proof of Personality (PoP) protocols are perhaps the least ambitious of the decentralized identity projects. As the name suggests, these projects try to do one thing, and one thing only: prove the uniqueness of identity.

Popular examples include Proof of Humanity (Proof of Non-Robots), BrightID , andIDENA .

PoP projects are mainly used to establish unique identities. In turn, this solves problems that Sybil attacks are particularly common, such as universal basic income or quadratic financing.

They do this through traditional authentication methods such as photo and video submissions or complex AI-generated captcha tests.

While PoP projects also establish identity through "web of trust" community mechanisms, such as requiring participants to sign each other's digital certificates as a form of "voucher," they do so only to prove the uniqueness of identity.

In short, these items help build personality, but personality is a black box. They are not aimed at the rich, contextual mapping of identities and relationships between people on the social graph, which is what soul-bound tokens and verifiable credentials try to do.

soul bound tokens

In May 2022, Glen Weyl, Puja Ohlhaver, and Vitalik Buterin published "The Decentralized Society ," setting out the case for "soul-bound" tokens (SBT).

SBT can simply be thought of as a permanent and non-transferable token on a public blockchain, like the "soul-bound" metaphor the author borrowed from the popular World of Warcraft video game. They can be issued in various forms—academic grades, financial debts, employment contracts—by anyone, whether an individual, a private company, a university, a commune, or a government.

Why do we want these aspects of our identity to be non-transferable and permanent?

When two people shake hands when they first meet, the relationship exists only in their short memory. SBT is an attempt to formalize this handshake on a public blockchain that the rest of the world can witness and verify. In doing so, we can shape a person's identity based on social context, opening up a world of coordinating possibilities that until now was impossible without an intermediary.

Essentially, SBT is about codifying social capital (i.e. reputation) into formal property ownership. By "barring our souls," people can publicly bet on their reputations, proving the truth of who they claim to be.

Below are examples of several economic innovations that SBT can unleash.

Art: An artist without professional accreditation but recognized by the grassroots community can prove their "street cred" through SBT

Education: Those who cannot afford an expensive college degree can demonstrate their academic credentials through SBTs obtained from informal learning channels.

Banks: Loan applicants can prove their credibility by having no bad credit history, or demonstrate their good credit through SBT collection, eliminating the capital-inefficient over-collateralization model commonly used in DeFi (after repaying the loan, you can issue Another SBT as proof of repayment)

Governance: DAOs can improve their collective decision-making systems by guarding against whales. DAOs could also avoid the tyranny of majority consensus by issuing SBTs to trusted outsiders through a more inclusive voting system design.

Records Management: SBT reduces the friction of exiting an existing relationship with your medical or insurance provider by easily transferring all medical records as SBT.

Business Operations: By easily targeting the type of SBT carried by a prospect/employee, SBT can increase the efficiency of traditional business functions such as sales/HR.

The grand vision behind SBT is that one day, in a society where Web3 has penetrated the mainstream, a rich SBT ecosystem will exist where one's wallet address can provide a reliable and comprehensive "digital identity" with us on LinkedIn pages and in contrast to the unreliable, spontaneous credentials used in job resumes.

Source: @Leo_Glisic

"Proficient in Microsoft Office" will no longer be a meaningless placeholder, but an actual market-tested certificate publicly viewable on the blockchain that some commercial enterprise (probably Microsoft) will issue to You, as proof of your skills.

Do we really want to bare our souls?

Soulbound tokens are not without criticism.

SBT's permanence is great when we want to prevent the concealment of negative behavior, such as a person's bad credit or criminal history. This censorship resistance can backfire.

Disco founder Evin McMullen has a serious critique of SBT (see also Kate Sillis critique).

The permanence and public nature of SBT makes it easy for anyone to associate and infer about a person, with potentially too much loss of privacy and encourages some forms of negative discrimination.

For example, a racist employer might discount a potential hire for peeking into a job applicant's purse showing a Black Lives Matter event.

To alleviate this problem, critics of SBT such as McMullen prefer the W3C-dominated "Verifiable Credentials" (VC) format.

Like SBT, VC can be issued by anyone and represent any information. However, the key difference is that it works privately by applying zero-knowledge proof techniques.

Here's a simple example of how VC works:

I say I'm Batman, but you don't believe me.

To prove that I am indeed the Dark Knight of Gotham, I sent you an encrypted VC, which is stored off-chain.

This VC is issued and cryptographically signed by Gotham Police’s decentralized identifier (think of it like a wallet). The "signature" of each decentralized identifier represents a unique watermark, so you know the information hasn't been tampered with.

You now know I'm Batman, because there's no way an imposter could get that certificate.

The entire verification process is confidential and I don't need to reveal anything about myself to you.

Source: Self-SovereignIdentity

In short, Verifiable Credentials, unlike SBT, operate on the basis of "selective disclosure".

Many verifiable certificate protocols already exist in the Web3 space and have been market tested. They build on an official web standard recently established by the W3C framework in July, offering a decentralized way to establish digital identities that is privacy sensitive and does not require a centralized issuing authority.

Some notable examples include Civic, whose on-chain VC product has supported over 295 NFT minting projects and helped stop 1.2 million bot attacks. Another is Ontology, whose flagship identity solution has created over 1.5 million DIDs (decentralized identities).

Finally, protocols like Disco let you create decentralized identifiers from your Ethereum address to sign off-chain VCs.

Solutions and trade-offs

The co-authors of the SBT article are not unaware of these claims. As they explicitly acknowledge in their article, SBT can lead to "dystopian scenarios".

But these criticisms are not necessarily set in stone.

To address privacy concerns, zero-knowledge techniques can be applied to SBTs to create individual access rights to read them, allowing SBT holders to decide how and when to disclose their SBTs. Second, variants of SBT can be used to weaken its permanence. For example, making SBT a transferable token after a certain period, or allowing the issuer to withdraw SBT entirely.

The tension between soul-bound tokens and the verifiable credential paradigm can be considered the difference between choosing to be a public figure and keeping a low profile. One's public reputation (soul-bound tokens) carries more weight and power as it effectively declares "I have nothing to hide", but your enemies can also undermine it by discrediting you.

On the other hand, private reputation (verifiable credentials) is not trusted by the public due to its covert nature, but it is less susceptible to unwanted manipulation and you have greater control over how a few people perceive you.

From this perspective, the soulbound token’s greatest disadvantage is also its greatest strength. There are benefits to betting your reputation in public to be scrutinized, but you better make sure you don't have any dark secrets, or it can backfire quickly.

The decentralized identity revolution

The internet was built without an identity layer.

For decades, efforts to build identity layers have relied on some form of centralized provider...until now.

Web3 digital identities—soul-bound tokens, verifiable credentials, and proof-of-personality projects—represent a solid alternative to building digital identities in a decentralized, bottom-up manner.

Although their approaches differ, these builders have the same goal: to enable individuals to create a rich social layer without reliance on centralized issuers.

Nine times out of ten, different digital identity solutions will exist for different purposes. Whatever identity setting you determine will vary depending on the purpose for which it was created. Deep personal information such as personal medical conditions may not be stored on-chain in the form of SBT, which may be more suitable for other situations, such as a person's criminal history.

These efforts eventually lead to the gradual replacement of centralized identification systems (driver's licenses, passports, birth certificates) thanks to blockchain technology, thereby reducing reliance on powerful rules for determining human identity.