Web3 Identities & Credentials
Web3 is the next generation of the Internet, where users have more control, privacy, and security over their online identity and data. Web3 is powered by advanced technologies like blockchain, cryptography, and token-based economics. One of the key innovations of Web3 is the concept of Web3 identity, which enables users to create and manage their own digital identities without relying on centralised authorities or intermediaries.
In order for a decentralised and trustless future of identity to even happen, there were two innovations that had to happen first; decentralised identifiers (DIDs) and verifiable credentials (VCs) – these will be defined below.
Web3 identity aims to solve the current problems with digital identity in the Web2 world, where users have to rely on centralised platforms and intermediaries to create and manage their online identities. These platforms often collect and store users' personal data without their consent or knowledge, exposing them to privacy breaches, identity theft, fraud, and manipulation. Users also have limited control and ownership over their online identities and data, as they can be revoked, suspended, or deleted by the platforms at any time.
Web3 identity offers a new paradigm of digital identity that empowers users to be in charge of their own online identities and data. By using blockchain and other infrastructure innovations, Web3 identity enables users to create and manage their own DIDs and VCs that can be used across different domains and contexts. Web3 identity also enables users to achieve true sovereign identity - the ability to control their own identity without depending on any external authority or intermediary. This would then enable a decentralised and trustless identity and credentialing system that we have been hoping for… (right?)
The value-add this can potentially bring is huge, such as making it easier to create capital, increasing the openness and security of applications, and giving people access to financial services without needing permission. However, Web3 is also at risk of becoming too focused on money—a situation where those who have the most money have a lot of power over how the ecosystem evolves, operates, attracts attention, and other important aspects. This can be seen in DeFi protocols where a VC whale may assert control over the direction of the protocol based on what makes most sense for their books. We have seen this in GameFi too, where users are no longer focusing on the “fun” aspects of the game as they are too distracted with the potential financial gains of the NFTs or tokens they hold and focusing on charts (sometimes more than the game).
To move forward optimally, Web3 needs a tech stack that allows interactions based on end users’ financial and social capital. This would allow on-chain relationships to go beyond transactional exchange—personal ties, culture, reputation, identity, and trust could also facilitate interactions between people. In the past few years, Web3 has primarily introduced innovation by implementing tokenization on blockchain networks, where tokens represent certain values or rights. These tokens are then utilized within decentralised applications (dApps) that are built on smart contracts – mainly focusing on decentralised finance. This has led to a growing number of tokens that have different functions, such as utility, governance, and asset-backed tokens which allowed platforms to perform novels ways in innovating business models and social interaction. This way, on-chain relationships could go beyond just exchanging value—personal ties, culture, reputation, identity, and trust could also play a role in how people connect. This requires a layer of identity on Web3 that can add more information to on-chain addresses than just their balances, such as unique personality traits, social groups, past reputations, and more.
Web3 Identities
Web3 identities would have to connect an accessible account that can be controlled by users to a wallet on-chain. Similar to how your name represents your identity in terms of values, ethnicity, profession, views, interests and hobbies - and how emails and usernames are your web2 identity, representing a proof of you not being a bot, values, background and interests. In the Web3 world, every on-chain information is connected with wallets which are just mere strings of random letters and numbers. How does web3 make this easier for users to use and experience? Introducing Decentralised Identifiers (DIDs) - They are a way of creating unique and verifiable identities on the internet without relying on a central authority or intermediary. DIDs are based on blockchain technology, which means they are secure, transparent and immutable. DIDs can be used to prove who you are, what you can do and what you own online. For example, you can use a DID to log in to a website, sign a document, access a service or own a digital asset.
This happens to be a pillar to a self-sovereign identity (along with blockchains and verifiable credentials), a vital prerequisite to web3 credentialing. Let’s define these 3 aspects:
(1) Self-sovereign identity: This is a concept that allows users to create and manage their own digital identities without relying on centralised authorities or platforms. Users can store their identity data on distributed ledgers or peer-to-peer networks and use cryptographic keys to sign and verify their claims. Users can also choose which aspects of their identity they want to reveal and to whom, and revoke access at any time. The dynamic usage of a self-sovereign identity would not be bound by any borders – for example, you can get web3 insurance and claim it anywhere, even in countries with poor infrastructure in place. The potential use cases are exciting to think about!
(2) Verifiable credentials (VCs): These are digital documents that contain claims about a user's identity or attributes, such as name, age, education, skills, etc. They are issued by trusted entities, such as governments, universities, employers, etc., and can be verified by anyone who has access to the public keys of the issuers. Verifiable credentials can be stored and presented by users using self-sovereign identity systems or other web3 protocols.
(3) Decentralised identifiers (DIDs): These are unique and persistent identifiers that can be used to reference any entity on the web, such as users, organisations, devices, services, etc. They are generated and controlled by the entities themselves, and can be resolved to obtain information about them, such as public keys, endpoints, services, etc. Decentralised identifiers can be used to establish secure and verifiable connections between entities and enable interoperability across different web3 systems.
(1) is only possible with (2) and (3).
Some big-name examples of DIDs are ENS (Ethereum Name Service) domains and Unstoppable Domains. Names registered under ENS are done so on the Ethereum blockchain leveraging a specific smart contract and can be verified. The names are distributed to their owners as a non-fungible-token (NFT) and serves as proof of ownership. The ENS domains each have a unique string, are stored under one verifiable contract and have a valid entry into the W3C repository. DIDs enable dApps to interoperate with any decentralised systems, which is especially beneficial for decentralised social platforms. Users can register an easily readable unique domain name on ENS and associate it with their wallet address, making it easier for others to send them cryptocurrency. Once the domain name is registered, it can be used to receive payments and messages, similar to an email address. ENS can be integrated with various crypto wallets, such as MetaMask and MyEtherWallet, allowing users to easily interact with dApps and other services on the Ethereum blockchain. This makes the whole crypto experience more accessible and user-friendly.
An interesting innovation conjured up from DIDs are non-transferable non-fungible tokens (NFT) aka “soulbound tokens” (SBTs). It’s a new type of digital asset that represents what is earned and not what is bought such as achievements, skills and affiliation. They are linked to a decentralised identifier (DID) and cannot be transferred to another wallet. A cool thing to keep an eye on is that DIDs can be verified by other DIDs, creating a trust network. This could lead to more ways for projects to use them in the future for implementing new business models, marketing and brand awareness, education (onboarding), and many more. One example of SBTs enable the formation of decentralised societies, where people can interact online in a more meaningful and authentic way – an example of this would be Proof of Attendance Protocols (POAP) where DAOs could give tokens to those who attended three out of the last five conferences or hold tokens like POAPs that show attendance a reward or exclusive rights in future events. Other strong use cases would be education certificates, participation in projects, driver’s licence, insurance, proof of age, etc).
Web3 Credentialing
Web3 credentials are a way of proving your identity and achievements on the blockchain. They are like digital badges that you can earn by doing certain tasks or participating in certain events in the Web3 space. Web3 credentials are signed by the issuer and can be verified by anyone. We are witnessing exciting innovations that are being tested and validated in the Web3 space right now.
Web3 credentials can take many forms, such as tokens, badges, NFTs, DAO memberships, social proofs, or reputation scores. Web3 credentials are designed to be interoperable, verifiable, and self-sovereign, meaning that people can own and control their own credentials without relying on intermediaries or gatekeepers. The credentials can be shared dynamically through several ways, such as through personal websites, new social platforms and even digital portfolios.
This is possible thanks to how crypto works - credentials are based on public-key cryptography, which means that users have a pair of keys: a public key that can be shared with anyone (to prove identity or achievements), and a private key that must be kept secret by the user (control over your credentials). The public key can be used to verify the identity and integrity of the user, while the private key can be used to sign transactions and messages. To illustrate further, there are several core components of Web3 credentials:
- Issuers: The entities that create and sign the credentials using cryptographic methods. Issuers can be individuals, organisations, smart contracts, oracles, or any other entity that can generate verifiable statements about a user or a resource.
- Holders: The entities that own and store the credentials. Holders can be users, wallets, devices, or any other entity that can manage cryptographic keys and tokens.
- Verifiers: The entities that request and validate the credentials. Verifiers can be applications, services, platforms, or any other entity that needs to verify some information about a user or a resource.
- Registries: The entities that store and index the credentials. Registries can be blockchains, decentralised networks, databases, or any other entity that can provide persistent and accessible storage for credentials.
Web3 credentials are part of the broader vision of Web3, which is a new paradigm for the internet that aims to create a more open, decentralised, and user-centric web. Web3 is powered by blockchain technology, which is a distributed ledger that records transactions and data in a transparent and immutable way. Blockchain technology enables it to run on a network of peer-to-peer nodes, without requiring a central server or authority. Web3 credentials are one of the key components that enable users to access and benefit from the Web3 ecosystem.
Balaji Srinivasan tweeted in 2021 predicting a future where NTFs are a household name, non-transferable fungible tokens. On-chain credentialing that proves what has been earned such as solving single exercises in an education course or a real-world project for a business. Proving actual work done without needing an intermediary.
Web2 vs Web 3 Credentials
How much of a step-up is web3 credentials from its traditional counterpart? Web3 differ from traditional web2 credentials, such as passwords, OAuth tokens, certificates, etc., in several aspects:
First, web3 credentials are issued and verified through a web3 medium, such as a blockchain or a decentralised storage network. This means that web3 credentials are not stored or controlled by a single entity, but rather by a distributed network of nodes that follow a common protocol. Web3 credentials are also immutable and verifiable, as they are cryptographically signed by the issuer and can be checked against the public ledger or the distributed hash table. Web3 credentials can also leverage smart contracts to encode complex logic and rules for credential issuance and verification.
Second, web3 credentials are often represented as tokens, such as non-fungible tokens (NFTs), fungible tokens (FTs), and maybe NTFs in the future. These tokens can be transferred, exchanged, or used as a form of value or access. Web3 credentials can also be composed or aggregated to create more complex or higher-level credentials that reflect the user's identity, reputation, achievements, affiliations, etc. It is especially useful in creating social capital (read: for content creators and brands) and incentives for users to participate in web3 communities and ecosystems.
Third, web3 credentials are more user-centric and user-controlled than traditional web2 credentials. Web3 credentials allow users to have more ownership and sovereignty over their data and identity, as they can choose which credentials to share, with whom, and for what purpose. Web3 credentials also enable users to have more privacy and security, as they can use decentralised identifiers (DIDs) to create pseudonymous or anonymous identities that are not linked to their real-world identity or personal information. Web3 credentials also empower users to have more agency and choice over their online interactions, as they can use different credentials for different contexts and purposes.
What does Web3 Credentialing Solve?
Authentication: Web3 credentials can be used to authenticate users without relying on centralised intermediaries or passwords.
Use-case:
Ceramic Network is a platform that allows users to create and manage their web3 identities and data streams using DIDs and VCs. Users can use their Ceramic identities to log in to various web3 applications and services without needing to create separate accounts or passwords.
Authorization: Web3 credentials can be used to grant or revoke access to resources or services based on the user's attributes or claims.
Use-case:
uPort is a web3 identity and access management system that enables users to share their VCs with trusted parties and request access to specific resources or services. Users can also revoke access at any time by deleting or updating their VCs.
Verification of Participation: a process that allows users to prove their involvement in a web3 project or community. It uses verifiable credentials, which are digital documents that contain claims about the user's identity, attributes, or achievements.
Use-case:
POAP is a protocol that creates unique NFTs to represent the attendance of users in various events related to Web3 communities. These NFTs serve as verifiable credentials that showcase the involvement and contribution of users in the Web3 ecosystem. POAP NFTs are based on public data that can be accessed and verified by anyone.
Access control: Web3 credentials can be used to enforce fine-grained access control policies based on the user's context or situation.
Use-case:
NuCypher is a web3 encryption service that allows users to encrypt and share data with authorized recipients using proxy re-encryption (PRE). Users can use their web3 credentials to specify who can access their data, under what conditions, and for how long.
Reputation: Web3 credentials can be used to build and verify the user's reputation and trustworthiness across different domains and platforms.
Use-cases:
SourceCred is a web3 reputation protocol that measures and rewards the user's contributions to open-source projects using a graph-based algorithm. Users can use their web3 credentials to showcase their skills and achievements and earn rewards for their work.
Galxe is another example, a Web3 credential data network that aims to help Web3 developers and projects leverage on-chain credential tracking to build products and communities.
RabbitHole, a platform that allows users to explore and earn rewards from various decentralised applications on the blockchain. Users can complete quests, such as signing up for a dApp, making a transaction, or providing liquidity, and earn tokens, badges, and reputation points
Interoperability is Key in Unlocking Mass Adoption
Mass adoption of Web3 Credentialing can only happen if it is interoperable across different systems and standards. Interoperability means that different credentials can be understood, exchanged, and verified by different parties, regardless of the underlying technology or protocol.
A few examples of efforts to achieve Web3 credentials interoperability are:
The development of standards and specifications by the World Wide Web Consortium (W3C), the international organization that sets the rules for the web using DIDs and VCs.
Sidetree: a protocol for creating scalable decentralised public key infrastructure (DPKI) systems that can support any number of DIDs and VCs. Sidetree leverages existing blockchain platforms as anchoring layers, while using off-chain storage and replication networks for efficiency and scalability.
DIDComm protocol: a secure and privacy-preserving way of communicating messages between entities that have DIDs, such as requests and responses for credentials and proofs. The Presentation Exchange specification defines a format and a process for requesting and presenting verifiable information from one party to another, such as proofs of identity, qualifications, or membership.
OpenID Connect (OIDC): This is an authentication protocol that enables users to securely access online services using their existing accounts from identity providers such as Google or Facebook. OIDC extends the OAuth 2.0 framework with additional features such as identity tokens, discovery mechanisms, and standardized scopes and claims.
Final Thoughts
Web3 identities and credentials are a promising way to empower users with more control, privacy and security over their online interactions. They enable users to create and manage their own digital identities, without relying on centralised authorities or intermediaries. They also allow users to share verifiable claims about themselves or others, without disclosing unnecessary or sensitive information. Web3 identities and credentials are based on decentralised technologies, such as blockchain, distributed ledgers and peer-to-peer networks, that provide trust, transparency and interoperability. We are excited to delve deeper into this space, as we see it as a promising field that can positively influence society in the future.
Thank you for reading our first article on web3 and social media. If you enjoyed this article, consider giving our author, Za’im Zainudin, a follow.