Data security promotes decentralized identity (DID) to become the next track

Data security makes Decentralized Identity (DID) become the next trend, and application products based on Web3 DID will shine.

In fact, there has been a lot of uproar about data leakage in the past two days, and some sgks in tg have begun to have relevant data sources that can be queried. In fact, I do not encourage everyone to contact these things here, but I also hope that this thing will arouse everyone’s attention to personal data security.

Originally, the topic of DID was planned to be discussed later when we talked about Web5, but we used this data leak as an introduction to talk about the topic and application of DID.

In this article, I will not cover specific projects and specific DID solutions, but more about sorting out the DID field at the macro level and the philosophical dialectics of this field.


“Je pense, donc je suis” – Rene Descartes

I think, therefore I am. This is a well-known philosophical proposition. I searched for a more authoritative explanation on the Internet.

“I can’t deny my existence, because when I deny, doubt, I already exist!” Because when I am thinking and doubting, there must be a “thinker” who performs “thinking”, this “I” as the subject “There is no doubt that this I is not the “I” of the extended body, but the I of the thinker. Therefore, denying one’s existence is paradoxical.

This may sound too philosophical and does not seem to have anything to do with the DID mentioned in today’s article. But it is not the case. In modern society, the concept of identity has been confused. It is obviously the same person, but there are various identity certificates, such as common ID cards, driver’s licenses, social security cards, passports, and so on.

And these IDs expire when you go to other countries, or because you don’t bring the documents, it’s like “I want to, but I don’t exist.”

Simply put, the “I” in modern society is defined by various third-party institutions. If they deny “I”, then “I” does not exist.

If readers still do not understand this too philosophical topic, then I can use another case that is relevant to your real life as an example.

In the few years of the epidemic, I believe everyone is very familiar with nucleic acid codes and health codes. Then in this environment, everyone can clearly perceive the impact of the green code, yellow code, and red code mechanism on people’s work and life. But does the color of the health code change according to whether the body is infected with the new crown? Actually not.

In the case of the health code, it is typically formulated by other third-party organizations according to various epidemic prevention policies. At this time, the identity of “I” cannot be proved by itself, and a third party needs to give “I” an identity so that “I” can live normally.

Let’s talk about the decentralized identity of the title (hereinafter referred to as DID, Decentralized Identifiers). The concept of decentralized identity can be traced back, but it is actually a type of digital identity. And digital identity began to have related technologies and concepts as early as the 1990s when the Internet appeared. Then I will briefly sort out the development history of digital identity according to the timeline and combined with Internet data.

Since the birth of the Internet, digital identity has developed into four broad stages, namely centralized identity, alliance identity, user-centered identity and self-sovereign identity.

Phase 1: Centralized Identity

Centralized identities are managed and controlled by a single authority. Centralized bodies such as the IANA (Internet Assigned Number Authority) established in 1988 manage IP addresses, domain names and many other parameters used in the Internet. By 1998, ICANN (Internet Corporation for Assigned Names and Numbers) was established to take over Internet-related tasks including managing the assignment of domain names and IP addresses.

By 1995, the Certificate Authority (CA, Certificate Authority), as an authority responsible for issuing and managing digital certificates, and a trusted third party in e-commerce, was responsible for authenticating the user’s public key in the public key system, thereby Authenticate the user’s identity.

If the example of the 1980s and 1990s is too old and the perception is not strong, then you can refer to the Internet wave after 2000. With the rise of various portal websites, each needs to register an account, including the following blogs and Weibo. Such accounts are a manifestation of centralized digital identities.

With the development of the Internet, as power has accumulated in the hierarchy, another problem has been revealed: identity is increasingly fragmented. They multiply as the site grows, forcing users to deal with dozens of identities on dozens of different sites with no control over any of them.

Stage 2: Alliance Identity

The end of the 20th century saw significant progress in the development of digital identities. The confusion and fragmentation of identity data caused by centralized identity has given birth to an identity system that is managed and controlled by multiple institutions or alliances. Simply put, the user’s online identity data has a certain degree of portability. For example, when users log in to a certain website, they can use the account information of other websites, similar to the cross-platform login of QQ, WeChat or Weibo.

The Passport program launched by Microsoft in 1999 first proposed the concept and solution of “federated identity”. Passport is a centralized identity authentication service controlled by Microsoft. It provides a centrally coordinated single sign-on service that allows users to access many websites with a single login. However, this makes Microsoft the center of the alliance, with extremely great power.

Although the federated digital identity solves the problem of fragmentation to a certain extent, such a digital identity is still controlled by a single authority. In this case, Tencent controls.

Just imagine, if your WeChat account is banned, then it is very likely that the assets in your WeChat wallet, the game assets logged in WeChat, and the knowledge assets of the official account will all be frozen together. So your identity data is still not your identity data, you are just using the identity data defined by a third-party authority as a user.

Stage 3: User-Centric Identity

In 2001, the Identity Commons began to integrate all work on digital identity and focus on decentralization, which also led to the creation of the Internet Identity Working Group (IIW, Internet Identity Workshop) in 2005. IIW emphasizes user-centric identity, putting the user first and center in the process of creating an online identity.

User-centric identity, it is hoped that the user can decide the storage and use of identity and share identity from one service to another through authorization and permission. It therefore focuses on three elements: user permission, interoperability, and full user-based control over data.

Unfortunately, user-centric identity initiatives have not been successful. Taking OpenID as an example, users can theoretically register their own OpenID, but due to the high technical threshold, ordinary Internet users are more inclined to register OpenID on a public and relatively reliable website to log in to other websites. Therefore, the OpenID registered by the user is at risk of being deprived by the network provider at any time, which means that the user does not have full control over his identity data.

However, encrypted digital identities, born after the aforementioned digital identities, have enjoyed unprecedented growth in the Web3 world. At present, the common Web3 wallet address in blockchain is a user-centered digital identity. Tens of millions of users around the world have accessed Web3 websites through metamask, and user permission and interoperability have been achieved in the above three elements.

However, in terms of the user’s complete control over the data, due to a major feature of the blockchain is that the data is completely open and transparent, the current encrypted digital identity cannot achieve complete control over its own data. At present, there are also many on-chain data analysis tools that have developed tracking functions for the addresses of giant whale users. For users, complete control of the data is still out of the question.

Stage Four: Self-Sovereign Identity

Self-sovereign identity is an advanced stage of user-centered identity. What they have in common is that they both start from the user’s complete control of their own identity data, but self-sovereign identity goes a step further. The collection, storage and use of data are all It is distributed in an ecosystem in a decentralized manner, and at the same time, for the verification of personal identity, other ordinary users are allowed to issue statements containing the identity information of others (that is, the “verifiable statement” mentioned below). Self-sovereign identities provide three required elements: individual control, security, and full portability. It removes the centralized external control of the above three phases. Identity is entirely owned, controlled and managed by an individual (or organization). In this sense, individuals are their own identity providers – no outside party can claim to “provide” an identity for them, because the identity is essentially theirs. The digital existence of individuals is independent of any single organization.

In Phase 3, I listed Web3 Wallet as a “user-centric identity”, but in Phase 4 I still use Web3 Wallet as an example. Among them, the core function that makes the Web3 wallet span from the third stage to the fourth stage is EVM.

As early as 2017, at the time of the public chain war, each public chain was different from each other. No matter whether it was data, addresses or tokens, it was impossible to transfer across chains. It was a very typical data island.

However, with the popularity of EVM, a large number of EVM compatible chains have been born, including BSC, AVAX, HECO and so on. The vigorous development of EVM-compatible chains has also made up for the lack of portability of Web3 wallets in the third stage.

When you often operate the EVM compatible chain, you will find that as long as the RPC corresponding to the EVM compatible chain is configured, you can use the original Ethereum address to access the corresponding EVM compatible chain, which has realized all the basic elements of self-sovereign identity. For the entire blockchain industry, the EVM may be more important than the Ethereum blockchain itself.

(Part of the content of digital identity development is from Timestamp Capital’s Decentralized Identity Research Report (2019), with some deletions and personal opinions. The full report is available at the end of the article.)

Open source DID standard and development direction of Web3 DID

In fact, at present, there are already two sets of open source and relatively mature DID standards. They are the W3C DID standard and the Decentralized Identity Foundation, or DIF.

Among them, the W3C DID is more like a definition standard, and the DIF is the solution. The technical logic in it is limited by my own lack of knowledge, so I did not delve into it. But it can be known that most of the Web3 projects about DID on the market have their solutions evolved from these two sets of open source DID standards.

So now the Web3 DID direction that is being explored is not how excellent the technology of DID solutions is, but how to implement these DID solutions in applications.

Specifically, including POAP, RSS3, Project Galaxy, rabbithole and other projects, they are all applications in the direction of DID derived from Web3 encrypted identity. For example, POAP, Project Galaxy, and rabbithole give various types of identity authentication or badges by analyzing the user’s on-chain data interaction behavior. Such identity authentication gets rid of the single control of the third-party authority. Once you obtain the corresponding identity, you will It will be permanently stored and verifiable by the blockchain.

The goal of the RSS3 project is to be the RSS specification for the Web3 world. The vision of the project is to let users own the ownership and subscription rights of content, and to aggregate and present content in a way that does not depend on a centralized platform. RSS3 saves user-created content on Arweave, achieving decentralization at the storage level and user control over the content.

These projects are not the development of DID standard protocols as everyone thinks, but are more based on the existing Web3 DID led by Metamask to develop application scenarios. Effectively ensure that users have real application scenarios in the fields of Web3 encryption authentication and user control over content.

Of course, there are still many projects working on DID’s technical solutions, in order to make greater breakthroughs in safety and technology. But this could fall into the midst of the 2017 public chain wars scene. Although there are hundreds of DID technical solutions, they are different, but they are not compatible with each other. And the portability of DID is the top priority. It cannot be said that if I change a Web3 application, my DID identity will be invalid.

Now talking about the DID technical solution, I will compare it to the differentiation of the consensus algorithm of the public chain. But no matter what kind of technical solution, it is undoubtedly the specific application product that can bloom in the end.

So in the current situation, the Web3 wallet account system based on EVM is a perfect DID framework at this stage. Based on this, it is the development direction of Web3 DID to realize more products that are actually available to users. Most users do not use or study DID standards, but they can directly use DID-based applications.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-07-08 10:27
Next 2022-07-08 10:29

Related articles