Author's Note
In fact, the issue of data leaks has been widely discussed in the past few days, and some sources on TG have already started to provide relevant data for inquiry. Here, I do not encourage everyone to engage with these matters, but I also hope that this incident will raise awareness about personal data security.
Originally, the topic of DID was intended to be discussed later when talking about Web5, but I will use this data leak incident as a starting point to discuss the topic and applications of DID.
In this article, I will not delve into specific projects or specific DID solutions, but rather provide a macro-level overview of the DID field and the philosophical dialectics within it.
Additionally, some readers may notice that I have inserted some advertisements in my article, which will provide incentives based on ad click traffic. If you don't mind the trouble, feel free to click on the ads pushed within the text to help me earn some coffee money.
Main Text
“I think, therefore I am” — René Descartes
I think, therefore I am, is a well-known philosophical proposition, and I searched online for a more authoritative explanation.
“I cannot deny my existence because when I deny or doubt, I already exist!” Because when I am thinking or doubting, there must be a “thinker” executing the “thinking,” and this subject “I” is beyond doubt. This “I” is not the extended physical “I,” but the thinker’s “I.” Therefore, denying one’s own existence is self-contradictory.
This may sound overly philosophical and seems unrelated to the DID discussed in today’s article. However, it is not the case; in modern society, the concept of identity has become confused. Clearly, it is the same person, but there are various forms of identification, such as common ID cards, driver’s licenses, social security cards, passports, etc.
These forms of identification may become invalid when you go to other countries or if you do not carry the necessary documents, which seems to turn into “I want to exist, but I do not.”
To put it simply, the “I” in modern society is defined by various third-party institutions. If they deny the “I,” then the “I” does not exist.
If readers still find this overly philosophical, I can provide another example that is more relatable to everyone’s real life.
During the pandemic years, I believe everyone has become very familiar with the nucleic acid code and health code. In this environment, one can clearly perceive the impact of the green code, yellow code, and red code mechanisms on people's work and life. But is the color of the health code changed based on whether the body is infected with COVID-19? Actually, it is not.
In the case of the health code, it is a typical example where third-party institutions determine it based on various epidemic prevention policies. At this point, the identity of “I” cannot be proven by itself; it requires a third party to give “me” an identity so that “I” can live normally.
To cut to the chase, let’s return to the topic of decentralized identity (hereinafter referred to as DID, Decentralized Identifiers). The concept of decentralized identity can be traced back to a subset of digital identity. Digital identity has had related technologies and concepts since the emergence of the internet in the 1990s. I will provide a brief overview of the development history of digital identity along a timeline, combining internet resources.
Since the birth of the internet, digital identity has developed through four broad stages: centralized identity, federated identity, user-centric identity, and self-sovereign identity.
Stage One: Centralized Identity
Centralized identity is managed and controlled by a single authoritative institution. Centralized institutions, such as IANA (Internet Assigned Number Authority), established in 1988, manage IP addresses, domain names, and many other parameters used in the international internet. In 1998, ICANN (Internet Corporation for Assigned Names and Numbers) was established to take over tasks related to the internet, including the management of domain names and IP address allocation.
By 1995, Certificate Authorities (CAs) emerged as authoritative institutions responsible for issuing and managing digital certificates, acting as trusted third parties in e-commerce, and authenticating users' public keys in the public key infrastructure to verify user identities.
If the examples from the 1980s and 1990s seem too distant and less perceptible, one can refer to the internet wave after 2000. Various portal websites emerged, and each required users to register accounts, including later blogs and Weibo. These accounts are a manifestation of centralized digital identity.
With the development of the internet and the accumulation of power within hierarchical systems, another issue was revealed: identity became increasingly fragmented. They multiplied with the growth of websites, forcing users to manage dozens of identities across numerous different sites while being unable to control any of them.
Stage Two: Federated Identity
By the end of the 20th century, significant progress was made in the development of digital identity. The chaos and fragmentation of identity data caused by centralized identity led to the emergence of federated identity, a system managed and controlled by multiple institutions or alliances. Simply put, users' online identity data gained a certain degree of portability, allowing users to log into one website using account information from another, similar to cross-platform logins via QQ, WeChat, or Weibo.
In 1999, Microsoft launched the Passport project, which first proposed the concept and solution of “federated identity.” Passport was a centralized identity authentication service controlled by Microsoft, providing a centralized single sign-on service that allowed users to access many websites with a single login. However, this made Microsoft the central authority of the federation, holding significant power.
Although federated digital identity somewhat addressed the issue of fragmentation, such digital identity was still controlled by a single authoritative institution, in this case, Tencent.
Imagine if your WeChat account were banned; it is likely that your assets in the WeChat wallet, game assets logged in via WeChat, and knowledge assets in public accounts would all be frozen as well. Thus, your identity data is still not your own; you are merely a user utilizing identity data defined by a third-party authoritative institution.
Stage Three: User-Centric Identity
In 2001, Identity Commons began to integrate all work related to digital identity, focusing on decentralization, which also led to the creation of the Internet Identity Workshop (IIW) in 2005. IIW emphasized user-centric identity, placing users at the forefront and center of the process of creating online identities.
User-centric identity aims to allow users to determine the storage and use of their identity through authorization and permission, as well as to share their identity from one service to another. Therefore, it focuses on three elements: user permission, interoperability, and complete user control over data.
Unfortunately, the user-centric identity initiative did not succeed. Taking OpenID as an example, users theoretically could register their own OpenID, but due to high technical barriers, ordinary internet users preferred to register OpenID on a public and relatively reliable website to log into other sites. Consequently, the OpenID registered by users faced the risk of being revoked by network providers at any time, meaning users did not fully gain control over their identity data.
However, the emergence of cryptographic digital identity after the aforementioned digital identities has seen unprecedented growth in the Web3 world. Currently, common Web3 wallet addresses on the blockchain represent a form of user-centric digital identity. Tens of millions of users globally access Web3 websites through Metamask, achieving user permission and interoperability among the three elements mentioned above.
However, regarding complete user control over data, due to the characteristic of blockchain being fully open and transparent, current cryptographic digital identities cannot achieve complete control over their own data. Many on-chain data analysis tools have developed tracking functions for whale users' addresses, making complete control over data still a distant goal for users.
Stage Four: Self-Sovereign Identity
Self-sovereign identity is an advanced stage of user-centric identity. Both share the starting point of users fully controlling their identity data, but self-sovereign identity goes further, with data collection, storage, and use decentralized across an ecosystem. Additionally, for personal identity verification, it allows other ordinary users to issue statements containing others' identity information (referred to as "verifiable claims" below). Self-sovereign identity provides three essential elements: individual control, security, and complete portability. It eliminates the centralized external control present in the previous three stages. Identity is entirely owned, controlled, and managed by individuals (or organizations). In this sense, individuals are their own identity providers—no external party can claim to “provide” identity for them, as identity is inherently theirs. An individual's digital existence is independent of any single organization.
In the third stage, I categorized Web3 wallets as “user-centric identity,” but in the fourth stage, I still use Web3 wallets as an example. The core feature that allows Web3 wallets to transition from the third to the fourth stage is EVM.
As early as 2017, during the public chain wars, various public chains were different, and data, addresses, and tokens could not flow across chains, creating typical data islands.
However, the popularity of EVM gave rise to a large number of EVM-compatible chains, including BSC, AVAX, HECO, and others. The robust development of EVM-compatible chains also compensated for the significant lack of portability in Web3 wallets during the third stage.
When operating EVM-compatible chains, users often find that as long as they configure the corresponding RPC for the EVM-compatible chain, they can use their original Ethereum address to access the corresponding EVM-compatible chain, achieving all the basic elements of self-sovereign identity. For the entire blockchain industry, EVM may be more important than the Ethereum blockchain itself.
(The content regarding the development of digital identity is derived from the Decentralized Identity Research Report by Timestamp Capital (2019), with some content edited and personal opinions added. The complete report can be obtained at the end of the article.)
Open Source DID Standards and Web3 DID Development Directions
Currently, there are two open-source and relatively mature DID standards: the W3C DID standard and the Decentralized Identity Foundation (DIF).
The W3C DID is more like a definition standard, while the DIF is a solution. The technical logic is beyond my knowledge scope, so I have not delved deeply into it. However, it is known that most Web3 projects related to DID on the market have evolved from these two open-source DID standards.
The current exploration of Web3 DID directions is no longer about how excellent the DID solution technology is, but rather how to implement these DID solutions in applications.
Specifically, projects like POAP, RSS3, Project Galaxy, and Rabbithole are all applications derived from the DID direction of Web3 cryptographic identity. For example, POAP, Project Galaxy, and Rabbithole analyze users' on-chain data interaction behaviors to grant various identity certifications or badges. Such identity certifications break free from the single control of third-party authoritative institutions; once you obtain the corresponding identity, it will be permanently stored and verifiable on the blockchain.
The goal of the RSS3 project is to establish an RSS standard for the Web3 world. The project envisions allowing users to control content ownership and subscription rights, aggregating and presenting content in a way that does not rely on centralized platforms. RSS3 stores user-generated content on Arweave, achieving decentralization at the storage level and user control over content.
These projects are not what everyone thinks of as developing DID standard protocols; rather, they are more about developing application scenarios based on existing Web3 DID led by Metamask. They ensure that users have real application scenarios in the field of Web3 cryptographic identity verification and user control over content.
Of course, many projects are still deeply researching DID technical solutions to achieve greater breakthroughs in security and technology. However, this may lead to a scenario similar to the public chain wars of 2017. Although DID technical solutions are diverse and varied, they may not be compatible with each other. The portability of DID is crucial; it cannot be the case that changing a Web3 application renders my DID identity invalid.
Now, discussing DID technical solutions, I would compare it to discussing the differences in consensus algorithms of public chains back in the day. Regardless of the technical solution, the products that can truly shine are undoubtedly the specific application products.
In the current situation, the EVM-based Web3 wallet account system is a perfect DID framework at this stage. Based on this, achieving more real and usable products for users is the development direction of Web3 DID. The vast majority of users will not use or study the DID standards, but they can directly use applications based on DID.
Author: Liu Ye Jing Hong
WeChat Official Account: Weisman Notes
Personal WeChat ID: liuyejinghong_
RSS3 Personal Homepage: liuye.rss3.bio
ETH Donation Address: liuyejinghong.eth
Discord: https://discord.gg/6tu2hpwvUh
Reply “web3” in the official account backend to receive free Web3 learning resources.
Reply “industry report” in the official account backend to receive the 2022 industry report for free.
Reply “DID” in the official account backend to receive the decentralized identity industry report for free.
Weisman Notes has now opened a WeChat community; you can get the QR code in the official account menu.
Recommended Previous Content: