What is Decentralized ID (DID)
In our modern digital age, the personal data that creates each person's digital identity is multiple. A person’s identity can be viewed as their legal ID, social ID, Web ID, etc.. Essentially, a network of data points that is unique to you. Usually these are stored in a centralized manner, interlinked across devices, applications, and third-party services. This setup leaves individuals without the power to selectively share their personal data, thus increasing the potential risk of data breaches and cyber threats. Most importantly, individuals are not in control of who can and cannot access this data.
Web3 signifies a major step forward, it's like the invention of a new kind of user-centric online marketplace. This digital landscape, built on the principles of blockchain technology, operates independently without any middlemen having a monopoly on a user’s ID, paving the way for a truly decentralized internet. In this new framework, each person can have complete ownership of their data.
The beauty of Web3 is that it gives users the power to tailor their profiles and securely store their personal data in a single account. Imagine being able to use this one account for all your online activities, whether it's engaging with your social media networks or accessing your cryptocurrency wallets. It's about providing a seamless, user-oriented experience, and that's the future that we are excited about.
Source: Goran Vranic
How does DID work?
DID is a new method of digital identification that aims to provide a secure, decentralized, and verifiable way of proving one's identity online – it enables users to selectively disclose information, provide verifiable credentials, and streamline interactions online. The mechanics of decentralized identity rely on some form of decentralized storage to contain an individual's decentralized identifiers (DIDs) - think of it as a customer-owned identity vault. This vault could take the form of an app, a browser extension wallet, a smart-contract, enabling customers to forge their decentralized identities and determine access levels for third-party service providers. In this model, customers hold exclusive ownership of the associated public and private cryptographic keys.
DID startups have developed different technology stakes to address the traditional issues of CID but no consensus has emerged so far. Some wallets employ alternative authentication methods, for instance, pairing customers' credentials with real-world verification data, such as biometrics, and secure them on the blockchain. When it's time to authenticate identity in web 3, users can sign transactions with their private key or biometric data on applications that support decentralized identity for authentication. The service provider then uses the shared decentralized identity to locate the corresponding unique DID on the blockchain. This user-centric innovation gives power back to the user, securing personal data, and enhancing the digital experience.
DIDs are a type of unique identifiers (URI) that enable entities to generate and control their identifiers in the digital world. They come with the following key properties:
- No centralized ID registration
- A decentralized ledger or network, though not necessary,
- It is a permanent Identifier
- It can be cryptographically verified
- Connects a DID subject to a DID document
- Interoperable if they conform with W3C
This is how a typical DID looks like (other alternatives on the market exist):
The DID acts as a Uniform Resource Identifier (URI) signifying the association of the transaction with the DID. The "method" constitutes the second part of the DID architecture. This involves a verifiable registry and the execution of the protocol dictating the means to locate the DID. This segment incorporates numerous methods, primarily focusing on creation, reading, updating, and deletion procedures. The DID method operates similarly to a DNS address in a computational context. DID methods typically link with a verifiable data registry, a system that unifies DIDs, DID documents, and DID methods. Verifiable data registries might be in the form of trusted databases, decentralized databases, distributed ledgers, or government ID databases, such as DigiLocker.
In simpler terms, the DID comprises a unique identifier employed to retrieve a DID document tied to a DID subject. This document is preserved in one or multiple decentralized storage platforms, like IPFS or STORJ.
The workflow would look something like this;
- The DID subject decides to create a DID to be shared with others this would contain the document itself;
- A timestamp is created;
- Metadata related to delegation and authorization;
- Cryptographic proof of the validity with public keys;
- List of services where the DID could be used;
- A JSON-LD signature to verify the integrity of the document (Off chain attestations – JSON Files or On chain attestations held in smart contracts)
Here is a highlight of the differences between a DNS and a DID:
Keys to DID Adoption
We believe that DID adoption will continue to proceed in the Web 3 world and that opportunities for investment are available. Similar to how email and phone numbers have become the central part of identity in Web 2 and through mobile, we believe that this will also be the case. However, we believe that this may not necessarily take the form of a pure on-chain DID solution given that onboarding challenges that users face with many of the current solutions that exist. In general, we believe that DID adoption will be shaped by the following key factors:
DID systems often come with an SDK to make it easy for developers to incorporate identity systems for their users. In the past, many DID systems have needed more interoperability and developer-friendliness, which has hindered the adoption of these protocols despite their existence. For example, Lens Protocol, a composable and decentralized social graph protocol, has developed LensClient SDK which is built in TypeScript, and it makes the interactions with the API easier. Systems which successfully develop intuitive SDKs will largely benefit from higher adoption.
Compliance and Regulation
Governments and regulatory bodies are increasingly acknowledging the importance of digital identity, privacy, and security. For example, GDPR compliance is addressing the "right to erasure" or the "right to be forgotten," which allows users to demand that a company removes all traces of their data from its system. Organizations will face considerable costs to restructure their data management systems to accommodate such requests. If regulation continues developing in this direction, self-sovereign DID approach to identity, will be invaluable to companies in order to avoid being non-compliant with regulations.
AI will enable to users to generate their customer experiences both on the content side and consumption side. This data layer needs to be composable & open. Verifiable identity becomes valuable with deepfakes and AI. Valid identity and content relationship must be established in an efficient manner.
Demand for interoperability
DID systems are designed to be interoperable, allowing for seamless communication between different identity systems. There will be increased value in using the technology due to its ability to connect with various other systems. Various forms of reputation systems will emerge in order to accommodate for more seamless integration which will de facto lead to increased adoption.
Some General Investable Technology Stakes
Authentication involves using cryptographic methods to verify the ownership and control of a DID. This process typically relies on decentralized public key infrastructure (DPKI), which doesn't depend on centralized certificate authorities. Instead, DID owners generate their own public-private key pairs, allowing them to securely prove their identity and authenticate themselves without relying on third parties. This approach enhances security, privacy, and user autonomy in digital identity management.
Aliases and ID Aggregators
Aliases and ID Aggregators serve as important components in the DID ecosystem. Aliases provide human-readable identifiers that can be associated with DIDs, making it easier for users to manage and share their decentralized identities. These aliases can be linked to DIDs while maintaining privacy and control. ID Aggregators act as intermediaries that facilitate the discovery, exchange, and verification of identity data and credentials in the DID ecosystem. They can help users manage their various DIDs and associated data across different contexts and platforms. By leveraging ID Aggregators, users can maintain privacy, security, and control over their digital identities while simplifying their interactions with various online services and applications.
Proof of Personhood
Proof of personhood typically refers to a cryptographic mechanism that verifies someone's uniqueness, ensuring that they are a single, distinct human being. This is often done to prevent Sybil attacks, where a single entity creates multiple fake identities to gain more influence or manipulate a system. Proof of personhood doesn't necessarily require revealing personal information, but rather focuses on ensuring that each participant is a unique individual. There are two types of Proof of Personhood projects:
- Federated Identity Projects: these solutions use a presumably trusted 3rd party that issues valid identities. With little incentive for adjacent apps to adopt incumbent local identities versus issuing their own, the path dependency of the market favors global federated identities.
- Emergent Identity Projects: Emergent identities are derived from an existing construct, such as a social graph or user actions. Identities can be established by agglomerating credentials from actions taken or by computing a user’s connectedness in a defined social cluster.
There are also two types of attestations:
- Off chain attestations: Under this arrangement attestations are transformed into JSON files and stored off-chain (ideally on a decentralized cloud storage platform, such as IPFS or Swarm). However, a hash of the JSON file is stored on-chain and linked to a DID via an on-chain registry. The associated DID could either be that of the issuer of the attestation or the recipient.
- On chain attestations: On-chain attestations are held in smart contracts on the Ethereum blockchain. The smart contract (acting as a registry) will map an attestation to a corresponding on-chain decentralized identifier (a public key)
Soulbound tokens are another solution that could potentially be used as a novel way to represent and manage aspects of a person's digital identity. Soulbound tokens should be unique and non-transferable, ensuring that each token is permanently associated with a specific individual's identity. This would prevent the token from being traded, sold, or stolen. Soulbound tokens should be designed to work seamlessly with the existing DID infrastructure, including decentralized identifiers (DIDs), verifiable credentials, and decentralized key management systems. Soulbound tokens could potentially be used to represent various aspects of a person's identity, such as their interests, achievements, or affiliations. This would allow users to personalize their digital identities and create a more meaningful representation of who they are.
Alternative to Wallets
Within the SSI community, there are many known DID methods, but most of them require you to have a digital identity wallet, where you will keep a seed (private key.) Using digital wallets can be a hassle for someone who is trying them for the first time as they must install the wallet software on their laptop or mobile. An alternative would be to reduce Wallet reliance and facilitate the Web 2 to Web 3 transition through smart contracts for example.
DID issuance and tooling
DID issuance and tooling refer to the processes and technologies used for creating, managing, and using Decentralized Identifiers (DIDs). DID issuance involves generating unique, persistent, and verifiable identifiers that can be associated with an individual, organization, or object in a decentralized manner, without reliance on a central authority. Tooling for DIDs encompasses a range of software and hardware solutions that facilitate key management, authentication, and interaction with the decentralized identity ecosystem. These tools can include wallets, SDKs, APIs, and libraries that simplify the integration of DIDs into applications and services. They enable users to securely manage their digital identities and engage with various web3 platforms, promoting greater privacy, security, and user autonomy in the digital world.
Our Views and Conclusion
We believe that DID adoption will continue to proceed in the Web 3 world and that opportunities in certain key technology stakes (below) are the most compelling. Specifically, our view is to focus on technology stakes that 1) offer a simplified onboarding experience 2) that has the potential to become the core layer to verification service providers. We view the following developments as attractive:
- New Information Distribution protocols : These are meaningful tools for better definition of who we are through data analysis on DID. Sovereign Identity systems, backed by new IDPs, not only authenticate users but also give them control over how, when, and where their data is used. In an increasingly complex digital ecosystem, the ability of different systems to work together (interoperability) is critical. New IDPs that promote this interoperability are likely to gain significant traction. (Examples would be RSS3, 0xScope.)
- Onchain Passports: In comparison to other identity verification systems, such as traditional authentication methods, Onchain Passports offer a more comprehensive, secure, and user-centric solution. Investing in this technology means investing in a system that not only meets current security needs but also aligns with the direction in which digital identity management is headed. Verification service providers such as Gitcoin pass, Link3 offer great examples of successful onchain passports.
- Super IDs: We should be looking for “SuperID” in DID world, that would encourage us to find the integrator that is most widely acknowledged and adopted. Examples would be SpaceID, Dmail, ENS, Worldcoin
- Tooling and Wallet Alternatives. One of the main barriers to adoption of DID methods remains the complex onboarding system as well as bridging Web2 and Web3 users. Right now, there are just over 200 million Web 3 users, compared to over 2 billion Instagram users. Teams building products that facilitate or skip entire wallet onboarding set ups (seed phrase or KYC) will help drive further DID and Web 3 adoption.
Furthermore building the full stack of open source tools and interoperability standards necessary to unbundle authentication, and rebuild from first principles will enable new DID solutions to emerge. Tooling projects will enable further sets of DID solutions to emerge.
Decentralized digital identity serves as a groundbreaking technology poised to further propel the Web3 revolution. This innovation allows users to seamlessly navigate through all their accounts, eliminating the need to recall multiple usernames and passwords, and provides heightened safety and data protection within the metaverse. Concurrently, it enables organizations to deliver personalized services to users while upholding their privacy. The adoption of this technology could occur earlier than projected, with both nascent start-ups and established companies, already integrating this system to oversee verification, security, and the management of various identities and access permissions.