Probably, many of you have wondered about the following scenario: all my favorite platforms I authorized via my Google/Apple account. But if I have a problem with my account, will I lose access to all those platforms?
To prevent such a scenario, I will implement an additional authentication method on the platform as another backup email. Yes, this is a compromise between reliability and privacy because, in such a way, two email providers will track my web activity. But it can be considered a reasonable price because the chance that something will happen with two of them at the same time is much lower.
And what if I care not only about authorization issues but also about verification ones? Namely, each centralized platform requires more sensitive data to verify my identity. For example, am I forced to go through KYC every time and trust my passport, driver’s license, etc., to each individual platform? How responsibly do those platforms store and process my personal data? And does it even matter if at least one of them does it inappropriately?
Yes, Web2 has gifted us with a lot of technical complexities, and some of that has even carried over into Web3 while retaining some centralization and opacity. But Web3 is evolving, and we are gradually seeing more and more true Web3 solutions.
Today, we’ll look at Web3 identity solutions, and while being decentralized and open, they maintain and secure digital identity with blockchain much better. We’ll explore how decentralized identity works, break down the privacy and security in blockchain identity, and maybe help you forget about the compromises of Web2.
Centralized Identificator Problems
To better understand DID (decentralized identifiers) and its advantages, let’s first break down the main problems of centralized identities.
Single Point of Failure
Let’s start with the most obvious: centralized systems (and identities) create a single point of failure. Regardless of the specific problems that can happen to them – there are many, and we’ll go over them in more detail further – this is worth highlighting above all else. If something happens to a system or account that you use for identification, you can automatically assume that you have problems with all other systems to which it is linked. And there is no way to fix it because it is not a problem with the infrastructure or even the architecture of the system but with the very principle of their building.
Risk of Hacks and Leaks
Then, there are the more specific problems of centralized solutions in general and identities in particular. It’s one big repository of valuable data that automatically becomes a prime target for attackers. That’s why we can see that the second most hacker-hit industry after finance is healthcare – a veritable treasure trove for those who want to steal the maximum amount of the most sensitive data at once. Here we face the fact that it doesn’t matter how well protected 4 out of 5 banks or hospitals you trust your passport, social security number, financial data, medical records, etc. Attackers only need to hack into one, and the job is done.
Lack of Control and Ownership
Apart from the fact that attackers can more easily get your data, you don’t own it yourself. Yes, it’s still your data, and in certain jurisdictions with a strict attitude to this, like the EU with their GDPR, you have an impressive degree of control even after sharing it with other providers. But applying them to do certain operations, like deleting it, is not the same as being able to do it directly and independently, right? Neither is being unable to see the actual operations on that data and assuming that it is being handled strictly by policies and not shared with third parties. If you ask me, and I’m very strict with definitions, it’s at best control of the data to a degree but not full ownership.
Dependence on Third Parties
We have already mentioned this problem, but it is still worth highlighting it separately. You put yourself in the dependence on third parties, which, although not legally, but technically can do anything at any time. From using your data for targeted ads within their platform to selling this data for the same purposes to other third-party platforms. From restricting access to your account to deleting it completely for their reasons. There are plenty of other consequences of such dependency that none of us want to face.
Lack of Selective Data Sharing
Also, you are strictly limited by the features and rules of centralized platforms and cannot share your data partially. For example, you can’t use the platform where your passport is verified to share only your date of birth to pass the age barrier – instead, you have to give all your passport data, with your name, address, etc.
Decentralized Identifier (DID) Concept
This leads us to the idea that it would be great to have a solution where you could create a decentralized unique identifier that stores just basic data or a whole range of personal data and use it on a variety of other platforms. Without having to depend on centralized providers, losing ownership of your data, and having to share it completely anew every time.
Decentralized Identifiers, or DIDs, is a concept that allows everyone, from an individual or an entire organization, to create and own a globally unique identifier without centralized registries, identity providers, and certificate authorities. This concept is proposed and developed by the W3C, so it already has a strict structure but can still be implemented on different DTLs, including blockchain and others. Before we dive into blockchain identity management, let’s take a look at this structure and the elements that make it up.
So, the whole concept that the W3C has in mind is that DIDs are URIs that associate a DID subject with a DID document. Each DID document provides a set of mechanisms enabling a DID controller to prove control and operate with the DID.
Don’t worry, I’ll explain everything in a moment. URI is Uniform Resource Identifier, and if you thought it sounded familiar but not really, you are not confused. A URL or Uniform Resource Locator is a special instance of a URI that specifies the unique address of a website as we are used to seeing it, such as https://en.wikipedia.org/wiki/Blockchain. In other words, all URLs are URIs, but not all URIs are URLs.
So, the W3C proposes these DIDs as a new type of URIs, which serves the purpose we have described above, and has the following structure:
The DID subject is you, i.e., who the data relates to or identifies (but as you have already realized, this can be not only a person but also a group, organization, physical thing, digital thing, logical thing, etc.).
The DID document contains information associated with the DID, such as personal data, cryptographic material, verification methods, or services authorized to interact with your data, such as discovery services, agent services, social networks, file storages, and verifiable credential repository services. This is an example of the simplest DID document, but as you’ve already realized, there are many more possibilities.
The DID controller is an entity that is authorized to make changes to a DID document, and here is the key. In the world of centralized identifiers, the DID controller is never just you and sometimes not even you at all. DIDs enable a DID subject to be a DID controller and, furthermore, allow only a DID subject to be a DID controller.
How Decentralized Identity Works?
DID Methods and Implementations
Now, it is worth mentioning that DID is a technical concept and foundation, not a final solution, and assuming that Distributed Ledger Technology is used (although not necessarily, and hybrid solutions can also be used). This means that DID methods can be implemented on more than just the blockchain, and this determines how identifiers are created, stored, and resolved.
Ledger-based DIDs use blockchain for personal data security, such as Ethereum, to store identifiers, ensuring their immutability and availability.
Layer-2 DIDs apply additional layers of storage, such as distributed hash tables (DHTs), which are decentralized databases that store data across a distributed network of nodes without the need for a consensus mechanism to increase scalability and reduce the load on the blockchain.
Static DIDs are simple identifiers that cannot be changed or updated once they are created. They provide a basic level of identification without dynamic record management.
Peer DIDs operate on closed networks and do not require a global registry. They are used in confidential interactions where there is no need for public availability of the identifier.
DID Cryptography
Regardless of the exact DID methods, it utilizes several layers of cryptographic security to keep data secure while making it available for various operations.
Asymmetric encryption. Each DID is associated with a unique cryptographic key pair: the private key is used by the owner to sign transactions, and the public key is available for authentication.
Digital Signatures allow users to verify the authenticity of an identifier without having to trust a third party, where any transaction or update to a DID document requires a DID controller signature, eliminating unauthorized changes.
Zero-Knowledge Proofs (ZKP) for identity provide privacy by allowing proof of ownership without disclosure. For example, a user can prove that they are of legal age without revealing their exact date of birth.
Data Hash guarantees the immutability of records, preventing identity tampering and making it impossible to change data imperceptibly.
DIDs Mechanism
One more entity needs to be introduced here, namely the DID Resolver, which is a software component or service that enables the conversion of a DID into a corresponding DID document and plays a key role in the DID-resolving process by providing access to the DID metadata. Thus, simplifying it to the core algorithm, it goes that way:
- Takes a DID as input.
- Addresses the appropriate DID method (e.g., did:ethr).
- Retrieves DID document from the network (blockchain, DHT, or other storage).
- Transmits a DID document to the requesting party to verify the DID subject information.
There can be a lot more technical stuff, and if you are interested as a developer or technical researcher, I highly recommend reading the original W3C source. It is a not-so-common case with well-done documentation, and all the technical points are very clearly described.
Benefits of Decentralized Identity
DIDs naturally provide benefits that override the disadvantages of centralized solutions.
✅ Self-Sovereign Identity
DID makes possible self-sovereign identity systems or SSI, where the user fully owns and manages his identity between different platforms. While DID serves as the technical foundation, SSI is a system that also includes Verifiable Credentials (VCs) from authoritative sources (banks, universities, governments) and uses Zero-Knowledge Proofs to apply selective data disclosure and to protect privacy.
✅ Real Data Ownership
You become the full and undivided owner of your data, without compromise or reservations.
✅ Privacy Protection
Your data is protected by multiple types of encryption, making it much more pointless to try to get your data.
✅ Transparency and Decentralization
Because data is stored in distributed registries, there is no longer a single center that can intentionally or accidentally leak your data, delete it, or restrict your access to it.
✅ No Dependency on Third Parties
Also, you are no longer dependent on the internal policies and sudden decisions of centralized providers or forced to trust them and interact against trust. Trust here is not about reputation but math.
✅ Ability to Selectively Data Sharing
Yes, this allows you to disclose only the data that is necessary in a specific case and always only with your authorization, with no exceptions. Of course, decentralized KYC solutions occupy a special place among blockchain identity use cases. There are already promising ones, like togggle.io, but identity verification on blockchain is still not yet very widespread due to legal restrictions.
Are Web3 Identity Solutions Available Yet?
Yes, it’s a relatively fresh concept, and it hasn’t yet had time to get integration across all the desired domains or ecosystems, but there are a few who have picked up and implemented the idea pretty quickly. The first was the Ethereum Foundation, and given how rich its decentralized ecosystem and applications are, that’s already a lot.Â
Also, the Ethereum Foundation provides a master list of such solutions. I would personally only consider the ones more directly related to the Ethereum Foundation right now, but all initiatives in this direction are very helpful for the whole Web3.
Ethereum Name Service (ENS) – A decentralized naming system for onchain, machine-readable identifiers, like Ethereum wallet addresses, content hashes, and metadata.
Ethereum Attestation Service (EAS) A decentralized ledger/protocol for making onchain or offchain attestations about anything.
SpruceID – A decentralized identity project that allows users to control digital identity with Ethereum accounts and ENS profiles instead of relying on third-party services.
Proof of Humanity – Proof of Humanity (or PoH) is a social identity verification system built on Ethereum.
BrightID – A decentralized, open-source social identity network seeking to reform identity verification through the creation and analysis of a social graph.
walt.id – Open source decentralized identity and wallet infrastructure that enables developers and organizations to leverage self-sovereign identity and NFTs/SBTs.
Veramo – A JavaScript framework that makes it easy for anyone to use cryptographically verifiable data in their applications.
Conclusion
Like many other Web3 domains, this one is still very young, and there are probably many more developments and changes ahead of us. However, it is worth noting that it already has a solid foundation, as it selects best practices from Web2 that do not compromise the principles of Web3. Also, it has a pretty impressive incentive to develop, due to the digital monopoly of tech giants and the rapid pro-crypto regulation in the US right now.
Stay tuned and be updated about the latest developments in the crypto space, and keep your strategy always grounded and balanced.
Disclaimer: The information provided in this article is for informational and educational purposes only and does not constitute financial, investment, or trading advice. Any actions you take based on the information provided are solely at your own risk. We are not responsible for any financial losses, damages, or consequences resulting from your use of this content. Always conduct your own research and consult a qualified financial advisor before making any investment decisions. Read more
