Author's Note\
In fact, the issue of data leaks has been widely discussed in the past few days, and some relevant data sources have already started to appear in certain Telegram groups. Here, I do not encourage everyone to get involved in these matters, but I also hope that this incident will raise awareness about personal data security.
Originally, the topic of DID was intended to be discussed later when talking about Web5, but I will use this data leak incident as a starting point to discuss the topic and application of DID.
In this article, I will not delve into specific projects or DID solutions, but rather provide a macro-level overview of the DID field and the philosophical dialectics within it.
Additionally, some readers may notice that I have inserted some advertisements in my article, which will provide some incentives based on the traffic from ad clicks. If you don’t mind the trouble, feel free to click on the ads pushed within the text to help me earn a little coffee money.
Main Text
“I think, therefore I am” — René Descartes
I think, therefore I am. This is a well-known philosophical proposition, and I searched online for a more authoritative explanation.
“I cannot deny my existence, because when I deny or doubt, I already exist!” When I am thinking or doubting, there must be a “thinker” executing the “thinking,” and this subject “I” is beyond doubt. This “I” is not the extensive physical “I,” but the thinker’s “I.” Therefore, denying one’s own existence is self-contradictory.
This may sound overly philosophical and seems unrelated to the DID discussed in today’s article. However, it is not the case. In modern society, the concept of identity has become confused. Clearly, it is the same person, but there are various forms of identification, such as common ID cards, driver’s licenses, social security cards, passports, and so on.
These forms of identification may become invalid when you go to other countries or due to the lack of carrying proof documents, which seems to turn into “I want to exist, but I do not.”
To put it simply, the “I” in modern society is defined by various third-party institutions. If they deny “I,” then “I” do not exist.
If readers still find it hard to understand this overly philosophical topic, I can provide another example that is more relatable to everyone’s real life.
During the pandemic years, I believe everyone has become very familiar with the nucleic acid code and health code. In this environment, people can clearly perceive the impact of the green code, yellow code, and red code mechanisms on their work and life. But is the color of the health code changed based on whether the body is infected with COVID-19? Actually, it is not.
In the case of the health code, it is a typical example of identity being defined by third-party institutions based on various epidemic prevention policies. At this point, “I” cannot prove my identity by myself; I need a third party to give “me” an identity in order to live normally.
To cut to the chase, let’s return to the topic of decentralized identity (hereinafter referred to as DID, Decentralized Identifiers). The concept of decentralized identity can be traced back to a subset of digital identity. Digital identity has had relevant technologies and concepts since the emergence of the internet in the 1990s. I will provide a brief overview of the development history of digital identity along a timeline, combined with internet resources.
Since the birth of the internet, digital identity has developed through four broad stages: centralized identity, federated identity, user-centric identity, and self-sovereign identity.
Stage One: Centralized Identity
Centralized identity is managed and controlled by a single authoritative institution. Centralized institutions, such as IANA (Internet Assigned Number Authority), established in 1988, manage IP addresses, domain names, and many other parameters used in the international internet. In 1998, ICANN (Internet Corporation for Assigned Names and Numbers) was established to take over tasks related to the internet, including the management of domain names and IP address allocation.
By 1995, Certificate Authorities (CAs) had emerged as authoritative institutions responsible for issuing and managing digital certificates, acting as trusted third parties in e-commerce, and authenticating users' public keys in the public key infrastructure to verify user identities.
If the examples from the 1980s and 1990s seem too distant and less perceptible, one can refer to the internet wave after 2000. Various portal websites emerged, and everyone needed to register accounts, including later blogs and Weibo. These accounts are a manifestation of centralized digital identity.
With the development of the internet and the accumulation of power within hierarchical systems, another problem was revealed: identity became increasingly fragmented. They multiplied with the growth of websites, forcing users to manage dozens of identities across numerous different sites, while being unable to control any of them.
Stage Two: Federated Identity
In the late 20th century, significant progress was made in the development of digital identity. The chaos and fragmentation of identity data caused by centralized identity led to the emergence of federated identity, a system managed and controlled by multiple institutions or alliances. Simply put, users' online identity data gained a certain degree of portability, allowing them to log into one website using account information from another site, similar to cross-platform logins via QQ, WeChat, or Weibo.
Microsoft's Passport initiative, launched in 1999, first proposed the concept and solution of “federated identity.” Passport was a centralized identity authentication service controlled by Microsoft, providing a centralized single sign-on service that allowed users to access many websites with one login. However, this made Microsoft the central authority of the federation, wielding significant power.
While federated digital identity somewhat alleviated fragmentation, it was still controlled by a single authoritative institution—in this case, Tencent.
Imagine if your WeChat account were banned; it is likely that the assets in your WeChat wallet, game assets logged in through WeChat, and knowledge assets from public accounts would all be frozen as well. Thus, your identity data is still not your own; you are merely using identity data defined by a third-party authoritative institution.
Stage Three: User-Centric Identity
In 2001, Identity Commons began to consolidate all work related to digital identity, focusing on decentralization, which also led to the creation of the Internet Identity Workshop (IIW) in 2005. IIW emphasized user-centric identity, placing users at the forefront and center of the process of creating online identities.
User-centric identity aims to allow users to decide how their identity is stored and used through authorization and permission, as well as to share their identity from one service to another. Therefore, it emphasizes three elements: user permission, interoperability, and complete user control over data.
Unfortunately, user-centric identity initiatives did not succeed. Take OpenID as an example; theoretically, users could register their own OpenID, but due to high technical barriers, ordinary internet users preferred to register OpenID on a public and relatively reliable website to log into other sites. As a result, the OpenID registered by users faced the risk of being revoked by network providers at any time, meaning users did not fully gain control over their identity data.
However, the emergence of cryptographic digital identity after the aforementioned digital identities has seen unprecedented growth in the Web3 world. Currently, common Web3 wallet addresses on the blockchain represent a user-centric digital identity. Tens of millions of users globally access Web3 sites through Metamask, achieving user permission and interoperability among the three elements mentioned above.
However, regarding complete user control over data, due to the characteristic of blockchain being completely open and transparent, current cryptographic digital identities cannot achieve full control over their own data. Many on-chain data analysis tools have developed tracking functions for whale users' addresses, making complete control over data still a distant goal for users.
Stage Four: Self-Sovereign Identity
Self-sovereign identity is an advanced stage of user-centric identity. Both share the common starting point of users fully controlling their identity data, but self-sovereign identity goes further, with data collection, storage, and usage decentralized across an ecosystem. It also allows ordinary users to issue statements containing others' identity information (referred to as “verifiable claims” later). Self-sovereign identity provides three essential elements: individual control, security, and complete portability. It eliminates the centralized external control present in the previous three stages. Identity is entirely owned, controlled, and managed by individuals (or organizations). In this sense, individuals are their own identity providers—no external party can claim to “provide” them with identity, as identity is inherently theirs. An individual's digital existence is independent of any single organization.
In the third stage, I listed Web3 wallets as “user-centric identities,” but in the fourth stage, I still use Web3 wallets as an example. The core feature that allows Web3 wallets to transition from the third stage to the fourth stage is EVM.
As early as 2017, during the public chain wars, various public chains were different, and data, addresses, and tokens could not flow across chains, creating typical data islands.
However, the popularity of EVM has given rise to a large number of EVM-compatible chains, including BSC, AVAX, HECO, and others. The vigorous development of EVM-compatible chains has also compensated for the significant lack of portability in Web3 wallets during the third stage.
When operating EVM-compatible chains, users often find that as long as they configure the corresponding EVM-compatible chain's RPC, they can use their original Ethereum address to access the corresponding EVM-compatible chain, achieving all the basic elements of self-sovereign identity. For the entire blockchain industry, EVM may be more important than the Ethereum blockchain itself.
(The content regarding the development of digital identity is derived from the Decentralized Identity Research Report by Timestamp Capital (2019), with some content edited and personal opinions added. The complete report can be obtained at the end of this article.)
Open Source DID Standards and Web3 DID Development Direction
In fact, there are already two sets of open-source and relatively mature DID standards. They are the W3C DID standard and the Decentralized Identity Foundation (DIF).
The W3C DID is more like a definition standard, while the DIF is a solution. The technical logic is beyond my own knowledge scope, so I have not delved deeply into it. However, it is known that most of the Web3 projects related to DID on the market have evolved from these two open-source DID standards.
The current exploration of Web3 DID direction is no longer about how excellent the DID solution technology is, but rather how to implement these DID solutions in applications.
Specifically, projects like POAP, RSS3, Project Galaxy, and Rabbithole are all applications derived from the DID direction of Web3 cryptographic identity. For example, POAP, Project Galaxy, and Rabbithole analyze users' on-chain data interaction behaviors to grant various identity certifications or badges. Such identity certifications break free from the single control of third-party authoritative institutions. Once you obtain the corresponding identity, it will be permanently stored and verifiable on the blockchain.
The goal of the RSS3 project is to create an RSS specification for the Web3 world. The project envisions allowing users to control content ownership and subscription rights, aggregating and presenting content in a way that does not rely on centralized platforms. RSS3 stores user-generated content on Arweave, achieving decentralization at the storage level and user control over content.
These projects are not what everyone thinks of as developing DID standard protocols; they are more about developing application scenarios based on existing Web3 DID led by Metamask. They ensure that users have real application scenarios in the field of Web3 cryptographic identity verification and control over content.
Of course, many projects are still deeply researching DID technical solutions, seeking greater breakthroughs in security and technology. However, this may lead to a scenario similar to the public chain wars of 2017. Although DID technical solutions are diverse and varied, they may not be compatible with each other. The portability of DID is crucial; it cannot be that if I switch to another Web3 application, my DID identity becomes invalid.
Currently discussing DID technical solutions, I would compare it to discussing the differentiation of consensus algorithms in public chains back in the day. Regardless of the technical solution, the products that can truly shine will undoubtedly be specific application products.
In the current situation, the account system of EVM-based Web3 wallets is a perfect DID framework at this stage. Based on this, implementing more real and usable products for users is the development direction of Web3 DID. The vast majority of users will not use or study DID standards, but they can directly use applications based on DID.
Author: Liu Ye Jing Hong
WeChat Official Account: Weisman Notes
Personal WeChat ID: liuyejinghong_
RSS3 Personal Homepage: liuye.rss3.bio
ETH Donation Address: liuyejinghong.eth
Discord: https://discord.gg/6tu2hpwvUh\
Reply “web3” in the official account backend to receive free Web3 learning resources.
Reply “Industry Report” in the official account backend to receive the 2022 industry report for free.
Reply “DID” in the official account backend to receive the decentralized identity industry report for free.
Weisman Notes has now opened a WeChat community; you can get the QR code in the official account menu.
Recommended past content: