The innovative deployment of Web2 technologies has raised a number of identity issues. Much work is being done to address these issues through decentralized identity projects.
Decentralized identity: what it is and why it is needed
Decentralized identity encompasses various approaches aimed at allowing individuals to control their own personal data and credentials while still being able to interact with government, service providers, and other entities.
Identity is something that defines each of us. It's inherently personal, but it's something we must share in order to participate in the pervasive systems we have in place for ourselves as a society.
Before the development of Web2, identity involved documents such as passports and driving licenses. As documents issued by centralized trusted authorities, we choose to use them as means of identification. This way, the individual still has some control over who this information is shared with.
The last 20 years have been marked by the development of Web2 technologies. This has changed the way identity is managed. For many Web2 giants, our identity and the personal data that goes with it have been the product. Through these platforms, our data is shared with third parties whose identities we do not even know.
With these online systems, our identity is manifested through email addresses and social media logins. This is certainly convenient, but it compromises our sovereignty and privacy because this approach offers us no form of control.
When centralized Web2 companies are not collect our data, they allow it to be compromised. A personal data breach Financial technology company Revolut is a recent example, although it is a regular and ongoing phenomenon among the centralized gatekeepers of our data.
In a post-Covid world, the importance of digital identity is increasing as the pace of digitalization accelerates. Digital identities are proliferating with the continued digitization of every imaginable service and interaction.
Blockchain and digital identity
It is clear that we need to find a solution to this problem. This quest has led to a focus on decentralized identity systems. Even though decentralized identity does not necessarily involve blockchain, it is not surprising that it could play a role given that decentralization is key to both.
In decentralized blockchain, the mantra is “neither your keys nor your coins”. Proponents of decentralized identity within the Web3 space believe that a similar “not your keys, not your identity” mantra can be pursued.
dApp builders have sought to take this approach from the start. In the Ethereum-centric DeFi and NFT space, platforms have long been established to allow the user to authenticate using a digital wallet such as MetaMask.
A decentralized digital wallet puts the user in control. Their wallet as a means of identity cannot be censored. And in DeFi, they are free to authenticate across a multitude of platforms using the exact same wallet.
The challenge then becomes how to apply this approach in some way to native non-crypto platforms or off-chain applications. In the DeFi example, we are referring to a largely anonymous user experience. The task is even more complicated because in many circumstances it will be necessary to authenticate identity and credentials. Even within DeFi itself, this is an emerging problem, as companies that must comply with current regulations cannot operate in completely anonymous DeFi markets.
Establish a system of trust
Although a decentralized identity can be owned by the user, a trusted system will be required to achieve this while being able to authenticate and verify that identity and the credentials associated with it.
Such a trust system therefore requires two essential elements:
-
Decentralized Identifiers (DID): Identifiers that users independently create and control. DIDs are user-generated, globally unique and can be verified on any platform. To facilitate independent user control, DIDs must be tamper-proof, censorship-resistant, and immutable.
-
Verifiable titles: attested information.
It is possible to have an identity validated on a peer-to-peer or reputation-based system. When it comes to use cases that bridge the existing banking and fintech world, it will require regulatory validation consistent with know your customer (KYC) and anti-money laundering (AML) standards. ).
A Bitcoin-based approach
Ironically, Microsoft, as a major Web2 incumbent, was one of the first to establish a decentralized identity system. ION or Microsoft's Identity Overlay Network is a decentralized open and public identification network built on top of the Bitcoin blockchain.
It's not just individuals who need a decentralized identity, but businesses as well. Many enterprise infrastructures rely on Microsoft products. There are more remote, contract and temporary workers than ever before, so organizations need a way to onboard them safely, transparently and without any violation of the integrity of the organization. By 2025, 70% of the global workforce will work remotely to some extent or other.
Businesses are also looking to mitigate risk, and a decentralized identity system allows for easier, more efficient, and more reliable auditing. Credentials can be verified for faster and better recruitment.
A trust system is required to validate credentials: IMG SRC
Concerns have been raised about the authenticity of profiles on one of the most sober social media platforms: LinkedIn. Even when the profiles themselves aren't fake, what about LinkedIn members' professional and academic records? Systems like ION offer the opportunity to solve these problems.
Credentials are anchored in the Bitcoin blockchain while personal data is kept on the peer-to-peer Interplanetary File System (IPFS).
An Ethereum-based approach
Sign In With Ethereum (SIWE) is another approach taken to achieve a decentralized identity. It is an initiative that was launched by the Ethereum Foundation and the Ethereum Naming Service (ENS). SIWE allows a user to perform off-chain authentication using their Ethereum account and ENS profile.
The application is currently being molded as it is part of Ethereum Improvement Process (EIP) 4361 which is still in the review stage. The project is led by Spruce Systems, an open source software provider focused on decentralized identity within Web3. SIWE would work similar to the current standard which allows users to log in to different platforms using their Facebook or Google credentials. The difference in this case is of course that the identity is decentralized.
Broader innovation
Beyond the SIWE project, Spruce Systems has its own decentralized identity products. SpruceID is an ecosystem of open source tools designed to enable user-controlled identity. It includes Credible, a mobile wallet that supports verifiable credentials and decentralized identifiers, as well as Rebase, a decentralized service that allows users to map their identity to cryptographic keys in a publicly auditable manner.
The Web3 startup has also optimized its products to run on a number of blockchains in addition to Ethereum, including Polygon, Tezos, Solana, Celo and Ceramic.
Circle, the company behind the leading US dollar stablecoin USDC, recently built a 'know your job' (KYB) proof-of-concept verification system based on open source protocols for decentralized digital credentials.
Proof of humanity is a project that takes a rather different approach to decentralized identity. This is similar to an online telephone directory in which users register by making a brief video of themselves. If other community members think the profile is fake, the account can be challenged.
There are other projects involved in decentralized identity, including the teams behind the IOTA distributed ledger, the Civic identity verification protocol, and many others.
Future prospects
With all of these approaches adopted, it is likely that we will see a move towards standardization. It makes sense to try to establish common principles so that decentralized identity can be applied more seamlessly across disparate platforms. This is already being pursued by organizations such as the Web3 Foundation and the Decentralized Identity Foundation.
Once standards are defined, their adoption seems inevitable. South Korea is renowned for being an early adopter of new technologies and innovation. In recent days, the country has sketched plans offer its citizens a decentralized identity system secured by blockchain.
It may still take some time to achieve significant adoption, but the outlook is good in terms of empowering users over their own data. Meanwhile, social media giants Web2 will likely have to go back to the drawing board and plan their transition to an entirely new business model.