A brief analysis of Web3 Identity Infrastructure: Wallets, identity proof, and Privacy systems

原文标题：《 Towards Digital Self-Sovereignty: The Web3 Identity Stack 》

Original article by Nichanan Kesonpat, 1kx

Kxp, BlockBeats

This article covers the core concepts of decentralized identity, the evolution of identity on the Internet, a layering overview of the Web3 identity infrastructure stack, and related developments in privacy primitives. We will explore personality proof, compliance, and the application layer in future articles.

Web3 Identity Infrastructure - December 2022

Identity is an emerging attribute made up of data relating to a person, entity, or object. In the real world, it's a mental concept we form in our minds based on the reputation of others and our own associations; In the digital world, identity is made up of two parts:

· ID: A set of characters or numbers (e.g., passport number, Twitter ID, student ID) used to identify a single subject

· Data related to the subject (e.g., travel history, tweets and followings, academic achievements, etc.)

Creating an identity layer for the Internet is often not simple because there is a lack of consensus about what it means and how it works. Digital identities cannot be separated from context, and our different experiences of different content on the Web are often based on context. Today, most of our digital identities are not only fragmented, but controlled by a handful of people who don't want to take them out of their context.

· Companies view customer relationships as key assets and are reluctant to relinquish control of those relationships. Nor, so far, have they found a rational reason to do so, since even temporary status is better than frameworks over which they have no control.

· Specific industries such as finance often have unique needs (e.g., compliance) when it comes to maintaining online relationships with customers and suppliers.

· Governments have different needs than other types of organizations, for example, they have authority over driver's licenses and passports.

This model creates a different division of power between the parties that manage our identities and data. It limits our autonomy, prevents us from selectively disclosing information about ourselves, and transfers our identities between different contexts, making it difficult to achieve a consistent online/offline experience.

Prior to the rise of Crypto and Web3, decentralized identities were getting a lot of attention. The goal is for individuals to regain autonomy over their identities, without having to rely on centralised organisations. At the same time, the misuse of customer data and the erosion of trust in big companies have made decentralisation a central element of the next age of Internet identity.

The core concept of decentralized identity

Decentralized identification (DID) and proof are major components of decentralized identity. Dids are published and stored in verifiable Data registries (VDRS), autonomous "namespaces" that are not centrally managed. In addition to blockchain, decentralized storage infrastructure and P2P networks can also act as VDRS.

Here, all kinds of entities (individuals, communities, organizations) can use decentralizedPublic key infrastructure(PKI) to authenticate, prove ownership, and manage their DID. Unlike traditional web-based PKI, it does not rely on a centralized certificate authority (CA) for its purposeTrust root(RoT).

Data about identities are written as proofs -- they are "claims" made by one identity to another (or themselves). We can verify these claims with the Crypto signature implemented by PKI.

Decentralized identifiers have four main attributes:

· Decentralization: Its creation does not depend on centralized institutions, and each entity can independently create corresponding identity according to different environments, so as to realize the separation of different identities, roles and interactions.

· Permanence: Once created, it is permanently owned to an entity (although some DIDs are designed for transient identities).

· Resolvable: Can be used to reveal additional information about the entity.

· Verifiability: Thanks to Crypto signatures and proofs, entities can prove ownership or claims (verifiable credentials) of DID without relying on third parties.

These attributes set DID apart from other identifiers, such as username (non-verifiable), passport (non-decentralized), and blockchain address (persistent, limited resolvable).

World Wide Web consortium(W3C) is an international community of different organizations, staff, and the public working together to develop web standards. W3CDID SpecFour main components are defined:

· System: The prefix "did" will tell other systems that it is interacting with DID, not other types of identifiers such as urls, email addresses, or product barcodes.

· DID method: Specify to other systems how to interpret the ID. More than 100 DID methods are listed on the W3C website, often related to its own VDRS and with different mechanisms for creating, resolving, updating, and deactivating identifiers.

· Unique ID: A unique ID specific to the DID method, such as an address on a particular blockchain.

· DID file: The three sections above can be parsed into a DID file, which includes the manner in which the entity can self-authenticate, any attributes/claims about the entity, and an indicator (" service endpoint ") of where the additional data of the entity is kept.

Decentralized identity and DID file resolution

The role of Crypto

althoughPublic key infrastructure(PKI) has been around for a long time, but the Crypto has accelerated its adoption through the incentives of the Token network. Once used mainly by privacy-conscious technologists, Crypto has become a prerequisite for participating in the new economy. Users need to create wallets to hold their assets from themselves and interact with Web3 applications. Driven by the ICO wave, the DeFi Summer, the NFT craze and the tokenized community, users have more keys than ever before. What follows is a vibrant ecosystem of products and services that greatly improve the ease and security of key management. Arguably, Crypto provides a solid foundation for decentralized identity infrastructure and its adoption.

We can start with the wallet. Although the wallet is still primarily an asset management function, tokenization and on-chain history have enabled us to show our interests (NFT collection), work (Kudos, 101) and opinions (governance voting). The loss of private keys is no longer limited to the loss of money, but more akin to the loss of a passport or social media account. So encryption gradually blurs the line between who we are and what we hold.

However, our on-chain activities and possessions only partly reflect our identity. Blockchain is only one layer of the decentralized identity stack, the other layers will help solve some important problems, such as:

· How do we identify and authenticate ourselves in networks and ecosystems?

· How do we prove something (reputation, uniqueness, compliance) while still protecting personal privacy?

· How do we grant, manage, and revoke access to our data?

· We interact with apps where we are in control of our identity and data?

The solutions to these problems will have profound implications for the future of the Internet.

In the following sections, I'll give a layer-by-layer overview of Web3's identity stack, verifiable data registration, decentralized storage, data variability and composability, wallets, authentication, authorization, and proof.

Decentralized identity infrastructure stack

Web3 Identity Stack

The blockchain acts as a verifiable data registry

The distributed nature and immutability of blockchain make it suitable as a verifiable data registry for publishing DID. In fact, various public chains have W3C DID methods, such as:

· Ethereum, among themdid:ethr:< public key> Represent the identity of the Ethereum account

· Cosmos, wheredid:cosmos:< chainspace> :< namespace> :< unique-id> Represents a Cosmos interchain compatible asset

· Bitcoin, in whichdid:btcr:< btcr-identifier> Represents a TxREF-encoded transaction ID that references the transaction location in the UTXo-based Bitcoin blockchain

It is worth noting that,did:pkh:< address> Is a generative DID method that is ledger independent and aims to achieve interoperability of blockchain networks. According toCAIP-10Standard, < address> Is the account ID used for cross-chain key pair representation.

FractalIs an identity configuration and authentication protocol for applications that require unique and different levels of KYC users. After completing validation and KYC checks, the Fractal DID is published to the appropriate Ethereum address and added to the appropriate list. The Fractal DID registry is a smart contract on Ethereum that allows counterparties to look up the Fractal DID and its validation level against it.

Kilt,DockandSovrinIs a specific application blockchain for self-sovereign identity. At the time of this writing, they are primarily used by enterprises to issue identities and credentials to end users. In order to participate in the network, nodes need to pledge local tokens to process transactions (such as DID/ voucher issuance), define voucher patterns, and perform undo updates.

Decentralized data storage

While universal blockchains can also serve as a source of immutable user-like data such as asset ownership and transaction history (for example, for portfolio trackers and "DeFi score" apps), they may not be suitable for storing much of a user's data because the cost of writing and regularly updating large amounts of information is quite high, And its data visibility can compromise personal privacy.

Even so,ArweaveThis application-specific blockchain is also designed for permanent storage. To replicate the information stored on the network, Arweave pays miners block incentives and transaction fees. Miners are required to provide "Proof-of-Access" to add new blocks. Arweave will pay a portion of the cost to a permanent fund that will pay miners in future when inflation and fees do not cover storage costs.

Etherum and Arweave are both blockchain-based solutions for permanent data storage. On Ethereum, each full node must store the entire chain of data; On Arweave, all the data needed to process new blocks and transactions is entered into the state of each individual block, and new participants simply download the current block from their trusted peers to join the network.

Contract-based persistence means that data cannot be permanently replicated and stored by each node. Instead, data can be persisted by deploying contracts on multiple nodes. These nodes hold certain data for a certain period of time and must renew each time they run out to keep the data persistent.

IPFSAllows users to store and transfer verifiable, content-addressed data in a peer-to-peer network. Users can store the data they want on their own IPFS nodes, using dedicated node groups or third-party fixed services such asPinata,InfuraorWeb3.storage. As long as there is one node storing data, it exists in the network and can be made available to other nodes when they need it. At the top of IPFS is the Crypto economy layer, such asFilecoinandCrust Network, aims to incentivize network data storage by creating a distributed marketplace for long-term data persistence.

For personally identifiable information (PIIs), licensed IPFS can be used to complyGDPR/CCPA's right to be forgotten because it allows users to delete their data stored on the network. Identity walletNuggetsTaking this approach, it further decentralizes by having merchants and partners run dedicated nodes.

SiaandStorjAre two other contract-based decentralized storage solutions that encrypt and split individual files between multiple nodes throughout the network. Both use erasure encoding (only a subset of storage nodes is required to provide the file) to ensure that the data remains available when some nodes are offline; And both have built-in incentive structures for people to store using native tokens.

Data mutation and composability

Universal blockchain, Arweave, and IPFS all guarantee data invariance, which is important for things like static NFT art and permanent records. However, our interactions with most applications today constantly update our data. The Web3 protocol designed for mutable data was created to do just that, taking full advantage of the underlying decentralized storage layer.

CeramicIs a decentralized data mutation and composability protocol that takes immutable files from a persistent data storage network such as IPFS or Arweave and converts them into dynamic data structures. In Ceramic, these "data streams" resemble its own variable ledger. Private data can be attached to DID data stores leading to external private stores by indexing on Ceramic for off-link storage.

As users update their data in a Ceramic driven application, the Ceramic protocol validates these updates to a stream file, converting it to a new state while keeping track of previous state changes. Each update on Ceramic is validated by a DID that can be mapped to multiple addresses, allowing users to update their data without a server.

Currently, the Web2 platform has its own user interface and back end for storing and controlling user data. Google and Facebook use this data to collect further data by using algorithms to differentiate our user experience. New applications must acquire users from scratch and cannot provide a personalized experience from the start, so they are less competitive in the marketplace.

Web3 democratizes data, levels the playing field for new products and services, and creates an open platform for application experimentation and market competition. In a world where users can carry data from one platform to another, app developers don't have to start from scratch to give users a personalized experience. Users can log in with their wallets and authorize the application to read/write to a "database" that they control entirely.

CeramicComposeDBIs a decentralized chart database that application developers can useGraphQLDiscover, create, and reuse composable data models. The nodes in the diagram are accounts (DID) or files (data streams), and the boundaries represent the relationships between the nodes.

DID represents any entity that can write data to the chart, such as an end user (group), an application, or any authentication service.

A model is metadata that stores information about document data structures, validation rules, relationships, and discovery informationCeramicStream file. Developers can create, combine, or mix models to form data complexes that can serve as databases for their applications. This replaces the traditional user table with centralized Uids and associated data. Instead of managing their own separate tables, applications can build on common data sets controlled by users.

Because applications can define patterns without permissions when they are used in a particular context, the curation market is also important because it can inform the most useful data models (patterns for social graphs, blog posts). In markets that run on these data models, applications can provide feedback to these models to further optimize them. This incentivizes the common data set to generate better analytics and charts, so that products can build on them for more innovation.

TablelandIs an infrastructure for variable, structured relational data, where each table is cast as an NFT on an EVM compliant chain. The owner of an NFT can set up access control logic for its tables to allow third parties to perform updates on the database if they have reasonable write permissions. Tableland runs an off-chain validator network that manages the creation of the table and subsequent data changes.

Both on - and off-chain updates are handled by a smart contract which connects to Tableland network using baseURI and tokenURI. With Tableland, the NFT metadata can be modified with access control, queried using SQL, and combined with other tables on Tableland.

Just as smart contract standards like ERC-20 and ERC-721 provide a shared language for DApps to create and transfer tokens, data model standards enable mutual understanding of data, reputation, DAO proposals, and social graphs between different applications. Since anyone can submit to a public registry, the data can be reused by multiple applications.

The separation of the application from the data layer allows users to move their content, social graph, and reputation across platforms. Applications can use the same database in their respective environments, giving users a reputation for composability across platforms.

wallet

Broadly speaking, wallets consist of interfaces and underlying infrastructure for key management, communication (exchange of data between holder, issuer, and verifier), and presentation and validation of claims.

We need to distinguish between the Crypto Wallet (MetaMask, Ledger, Coinbase Wallet, etc.) and the identity wallet: The Crypto wallet stores the Crypto key specific to the blockchain network for sending/receiving tokens and signing transactions; Identity wallets store identities and allow users to create and make claims so they can present identity data across applications/platforms.

Examples of identity wallets includeONTO,NuggetsandPolygon ID Wallet. Some identity wallets, such asFractalMake activity checks and KYC part of its rollout process, so users can show their claims to applications that require them, though this is not common with Crypto wallets. Identity wallets are more likely to support W3C-approved DIDs, verifiable credentials, andDIDComm, and use cases other than Web3.

An example of an identity wallet

WalletConnect* is a communication protocol that connects wallets and Dapps. As a minimalist, unbiased protocol that already serves millions of Crypto users, WalletConnect may be superior to DIDComm in accelerating the adoption of autonomous identity infrastructure. Unlike DIDComm, which requires a service provider to provide a managed mediator infrastructure, WalletConnect stores the information in a "cloud mailbox" on a relay network that pushes it to the wallet when it comes back online.

Authentication system

Authentication systems confirm a user's identity based on one or more authentication factors, which can be the user's possession (digital signature, ID card, security Token), information known to the system (password, PIN, confidential question answer) or biometric information (fingerprint, voice, retina scan).

The evolution of authentication on the Internet

In a decentralized identity paradigm, users can use wallets to authenticate themselves. Behind the scenes, the wallet uses its stored key to generate a digital signature that serves as "proof" that the holder has the private key associated with the account. Since the Crypto wallet can generate signatures, applications that offer Web3 logins can let users authenticate with their Metamask or WalletConnect.

For years, Crypto natives have interacted with Dapps through a "Connect Wallet," a basic operation by which they specify which accounts they want to use. The Dapp does not remember any information about the connected user, and every time the user visits the site, the dapp treats them as a blank SLATE.

Today, users have a deeper mode of interaction with DApps. Decentralized identity information becomes very useful here because it allows applications to access more information about users, thereby providing a personalized experience while allowing individuals to retain control over their data.

For richer interaction scenarios, such as loading user preferences, profiles, or private chat messages, applications need to first ensure that they are talking to the actual key holder behind the account. While Connected Wallet does not provide this guarantee, authentication standards do. The authentication system establishes a dialogue with the user and allows the application to read and write their data securely.

Sign-In with Ethereum (SIWE)bySpruce,ENSandEthereum FoundationJointly developed certification standards. SIWE standardizes a message format (similar to jwt) that allows users to log in to services using blockchain-based accounts.Sign-In with X(CAIP-122) builds on this by making SIWE the Ethereum version of SIWx and adapting the standard to different blockchains.

For individuals, this means they can sign up or log in with their Web3 wallet without the need to create a username and password, while guaranteeing autonomy over their online identity. Applications can use this as a marketing strategy for Web3's native audience to meet user needs.

In the medium term, using encrypted wallets to log into DApps and other Web2 platforms will improve the user experience for Web3 Natives. However, this also exposes users to relevance and tracking issues in Web 2. In view of this, passPeer DIDorSelf-authentication identityAuthentication can be an alternative.

Unlike the "normal version" of DID above, Peer DID can be used between 2 or N known parties. They can be used as unique identifiers for each service or interaction. The Crypto wallet address in this digital identity can be stored with the VC as a proof of verification for each merchant or service interaction.

Authorization and access control

Authentication confirms a user's identity, while authorization determines what resources an entity has access to and how they can use those resources. These two processes are independent of each other, but often complement each other in the user experience design process. After logging in (authentication) to the third-party service platform with a social account, the user may receive the following authorization requests:

An instance of an authorization request

In the joint identity paradigm, you can authorize third-party applications to view or update data stored with an identity provider, such as Google, who will be responsible for maintaining the list of applications and associated permissions that you grant to those applications. The Web3 licensing infrastructure and standards help achieve the same goal, only in this case you have your own sovereign data and can grant each third party the right to decrypt/read/update the data without relying on a centralized platform.

With the rise of tokenized communities,Collab.Land,GuildandTokenproofAnd other Web 3 Token threshold products have also appeared. One of the main uses of these tools is access control for member-only Discord channels, as well as refined access based on roles and reputations. Instead of manually assigning access, communities can programmatically grant access based on Token holdings, on-chain activity, or social verification.

LitIs a decentralized key management and access control protocol that uses MPC technology to assign "permissions" to private keys between Lit network nodes. The public/private key pair consists of PKP (Programmable key pairNFT indicates that its owner is the sole controller of the key pair. When any defined condition is met, the owner of PKP can trigger the aggregation mechanism of the network to decrypt the document or sign the message under their identity.

In terms of access control, Lit lets users set on-chain conditions to access off-chain resources. For example, the DAO could upload a file to Arweave or AWS, encrypt using Lit, and define a set of conditions (such as NFT ownership). Eligible wallets sign and broadcast a message to the protocol node, which checks the blockchain to make sure the signer meets the criteria. If the conditions are met, the protocol synthesizes a key for the signer to decrypt the file. The infrastructure can also be used to build Web2 experiences such as Shopify discounts, a Zoom meeting and Gathertown space with Token thresholds, live streaming, and Google cloud hard drive access.

KeplerData can be organized around a user-controlled data vault (" Orbits ") that represents a list of designated hosts for the data, which will act as a smart contract holding the only key that has control. These databases can be managed by trusted parties, consensus mechanisms across hosts, resource owners, and license validity. Anyone using SIWE can immediately take advantage of private data vaults to store their preference data, digital certificates and private files. Users can also self-host or use a managed version, as it supports "own storage" for multiple storage backends.

The following examples show how an application can use a combination of building blocks:

, & have spentOrbisCeramic is a social application (" Twitter/Discord for Web3 ") that uses Ceramic for data storage and updates. The DM first encrypts data using Lit before storing it

Lit can be used as a decentralized encryption system for delegating to decrypt your Tableland data

· Kepler can use Ceramic Documents as beacons to route to private storage areas

· Lit PKP can "own" applicationsCeramicFlow,Lit Action(Code on IPFS) will also have the right to sign and update the database if any conditions are met

CACAOIs a standard for expressing link through object capability (OCAP), created using Sign-in-With X. CACAO defines a way to record the result of a SIWx signature operation based onIPLDObject Capability (OCAP) method to not only create a record of events for authentication, but also a composable and replayable authorization for verifiable authorization.

The authorization approach allows users to grant applications the ability to view/update data in a refined, verifiable manner. And because these methods set deadlines, instead of having to sign each update, people can have a rich interaction with the application and sign once at the end of the deadline.

Proof and certificate

As you can see, we've reached the top of the decentralized identity infrastructure stack:

· Proof can determine whether a claim and signature are valid, and they arise from the need for independent verification of recorded events.

· Credentials are documents detailing information related to an entity, written and signed by another entity or themselves, tamper-proof and encryption-verifiable, and can be stored in a wallet.

Verifiable credentials (VC) are the standard data model and presentation format for encryptable digital credentials as defined by the W3C Verifiable Credentials specification:

· The issuer is the issuer of the voucher (e.g., university)

· Holder has credentials (e.g. student)

· The verifier is responsible for verifying the credentials (e.g. potential employer)

· Verifiable presentation means that users share their data with a third party who can verify that the certificate was indeed signed by the issuing party

Note: The issuer, holder, and verifier are relative concepts here, each with their own DID and their own collection of credentials.

Credentials are the foundation upon which reputation is built, and reputation is essentially a social phenomenon that changes with circumstances. An entity may demonstrate its qualifications, competence, or authority externally with one or more credentials. It is as if anyone can claim to have graduated from a prestigious university, but this will not win the trust of others, only the certificate issued by the university can prove it.

Although the Web3 native badge and so-and-so demonstrate that projects do not all adhere to the W3C VC standard, we can see similarities in the system described above.

· The most direct example is the non-transferable NFT badge, which can only be minted by wallets that have completed some on-chain activity. Since all the transaction history is on the chain, it is verifiable and tamper-proof from the start.DegenScoreQuantify your gambler's index by summarizing your interactions with the DeFi protocol and output a score based on the rules on the smart contract. You can cast it into an NFT and keep it as a "DeFi certificate" in your Crypto wallet. If there is a Degen DAO that limits the score, you can show it the NFT, the Token threshold protocol validates it, and you can join the DAO -- Proof of Degen.

, & have spentPOAPProof that you attended an event or met someone in real life -- proof of attendance/proof of encounter

, & have spentOtterspaceAllow DAOs to decide what constitutes meaningful work and issue ntNFT badges to their members;

, & have spentProvedRequire DAOs to "sign" a declaration -- proof of contribution -- before having their members cast a DAo-specific NFT badge for them

, & have spent101An ntNFT - Certificate of Learning - is issued to students who pass the exam at the end of the online course

, & have spentKleoverseUsers are issued Typescript, Rust, or Solidity competency badges -- proof of skills -- based on Github data

In addition to the access control use cases mentioned above,Lit PKPAlso as a Crypto notary, letLit ActionsCheck the certificate before signing it. For example, some decentralized education platforms may let course creators define their own exam passing criteria, deploy those conditions as Lit actions, and programmatically publish VC based on those conditions using their PKPS.

Two questions arise here: Which of these certificate data points are meaningful? How do we put them together to gain a reputation?

Orange ProtocolOne solution to this is to integrate these data points into well-defined patterns through a model provider. On Orange, MP generally refers to a platform that has a reputation assessment measure in its system. The data from the "data provider" is used in the model designed by the model provider, and MP then adds computational methods, assigns reputation markers to different entities, and makes the model available to others. Dapps can curate and embed these reputation models for their use cases.

So far,Aave,Gitcoin,Snapshot,DAOHausEtc have provided their data to Orange. The data was compiled by them and other projects such asDework,talentDAOandCrypto SapiensModeling to provide members with ntNFT. This improves Discord licensing for using CollabLand and Guild, as wellReputation weighted governance of SnapshotJobs like this create a lot of opportunities.

Privacy issue

We can't discuss identity infrastructure without considering privacy issues and the technical primitives that implement privacy, because privacy is important at all levels of the stack. In the last decade, the adoption of blockchain has accelerated the development of cryptographic primitives such as zk-proof, which can be applied in addition torollupAnd allow identities to make nuanced, privacy-protecting claims about publicly verifiable information.

Privacy guarantees help avoid the negative externalities that arise when we use fully transparent data to generate trusted claims. Without these guarantees, third parties can initiate interactions unrelated to the original transaction (e.g., advertising, harassment). Using cryptography and zk, we can build identity systems where the interactions and data sharing involved can be "sandbogged down" within clearly defined and context-dependent boundaries.

"Plain" verifiable credentials are typically in JSON-JWT or JSON-LD format, and each credential has an external or embedded proof (digital signature) that makes it tamper-proof and verifiable.

Zk-proof and the new signature scheme enhance the privacy features of W3C VC, such as:

· Disassociation: This identifier can be shared every time the holder shares a credential. Thus, each time a credential is presented the verifier may collude to see where the holder presented their credential and locate it to an identified person. With blind signatures, you can share the unique proof of the signature each time, but not the signature itself.

· Selective disclosure: only the necessary attributes of VC are shared, while the rest are hidden. Both JSON-JWT and JSON-LD ld-signing credentials require the holder to share the entire credential with the verifier, not "partial" sharing.

· Compound proofs: Combine the attributes of multiple VCS into one proof without the need to seek help from the publisher or generate a new VC.

· Judgment basis: The true value provided by the verifier is allowed to be hidden in the proof operation. For example, proving that the holder's account balance is above a certain threshold without disclosing its exact amount, or proving that you are of legal drinking age without disclosing your birthday.

A simplified chart on how ZKP protects privacy in credentials

BBSThe signature scheme isMATTRA forward-looking approach originally proposed in 2020. The proposal allows BBS signatures to be used with the JSON-LD format commonly used by VC. The holder may optionally disclose the claims in the original signed certificate. The proof generated by this scheme is the zero-knowledge proof of the signature, which means that the verifier cannot determine which signature is used to generate the proof, thus solving the relevance problem.

Iden3Is a zk native identity protocol that provides a zk identity primitive, authentication, and proof-of-claim generationProgrammable zk frameworkandOpen source library. Use of this protocolBaby JubjubThe elliptic curve generates a key pair for each identity, and the elliptic curve is designed to work effectively in conjunction with zk-SNARK, which is used to prove identity ownership and claims in a privacy-preserving manner.PolygonIDIt is now using this agreement to build its identity wallet.

Applied zkp has attracted a lot of attention from the Crypto community over the past few years. In Web3, it has been used in the following applications:

· Private airdrop:Stealthdrop

· Private but credible proof:Sismo(ownership),Semaphore(membership system)

· Anonymous communication:heyanon

· Anonymous voting:Melo

conclusion

A few takeaways from the study:

Just as Crypto catalyzed the growth and adoption of DPKI, a composable reputation that can provide online /IRL access will also act as a catalyst for a decentralized identity infrastructure. Currently, the certificate issuance protocol is still scattered across different use cases and blockchain networks. By 2023, we will see these aggregation layers (such as profiles) mature and become a unified interface. If it can be used to unlock other experiences besides encryption, such as accessing events or e-commerce discounts, then it will also have higher usage.

Key management remains a friction point prone to single points of failure. It's an awkward experience for most Crypto natives, and something completely out of the reach of most consumers. Federated identity optimizes the Web 1.0 paradigm of user experience by allowing users to use single sign-on without having to remember different user names and passwords. While the user experience of Web3 authentication is improving, it still does not provide the desired user experience -- not only does it require memorizing mnemonics, but it also provides limited recourse if the key is lost. withMPCThis will also be perfected gradually as technology matures and spreads to individuals and institutions.

The Crypto native infrastructure is meeting users' needs in Web2. Web3 primitives are beginning to integrate with Web2 applications and services, providing a decentralized identity for people, for exampleCollab.LandwithNuggetsThe integration allows Reddit users to use their reputation as a VC to unlock access. Auth0 Authentication and authorization middleware is integrated as an identity providerSIWE, their 2K Enterprise customers can now offer wallet logins in addition to SSO.

With the democratization of data, curatorial mechanisms need further validation. Just as The Graph, an indexing protocol, uses the network of curators and patrons to signal the most useful subgraphs (the API for on-chain data), Data models about users and reputation on protocols such as Ceramic and Orange also require sufficient time and community involvement to mature beyond the DAO and Crypto native use cases.

Privacy is also a concern. Projects should carefully consider the implications of common or permanent storage when choosing their stacks. "Pure" public data ntNFTs may be suitable for limited use cases (e.g., abstract descriptions of some on-chain activities) as opposed to privacy-protecting combinations of VC, short-term and Peer DID, and ZKP of on-chain/off-chain activities that provide features such as selective disclosure, key transpotion, anti-correlation, and undo.

New Crypto tools like zkSNARK will be key building blocks of the next generation of identity infrastructure. ZKP is currently being used for stand-alone use cases, and there is still work to be done by the R&D department to integrate it with application design patterns, implementation of Crypto primitive ZK circuits, circuit security tools, and developer tools. At the same time, it's an issue that needs to be watched closely.

Decentralizing identity is a very large project that is difficult for a single team to do on their own. Its implementation requires the entire ecosystem to iterate over primitives and examine each other for the impact of design decisions, according to uniform standards.

This article explored the infrastructure part of the decentralized identity stack, and in the next installment I'll discuss configuration files, witch resistance, compliance, and the application layer, all implemented through the building blocks mentioned in this article.

If you are building in this area, or have more ideas on this topic, feel free to contribute your insights.

Original link

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia