The concept of DID has a long history and is confusing. Entering the era of the metaverse, what is the WEB3 DID we need? OPENAVATAR today officially announced the release of the OpenAvatar SDK, and brought us a clear definition of the revolutionary new paradigm of WEB3 DID. , If you want to know the past and future of WEB3 DID, please don't miss this article! --YieldDAO Labs
■ DID is the abbreviation of "Decentralized Identity". It is a digital identity without the final guarantee of a centralized organization. It is an extension and expansion of the Web2 "user portrait" concept in Web3.
■ DID-related tracks are mainly divided into three layers: application, identity, and credentials. The credential layer is the component of DID, the identity layer is the specific form of DID, and the application scenario is the value embodiment of DID.
■ In the future of DID, each user may have a unique master management identity and application identities for multiple scenarios. Users remember and identify DIDs through domain names, manage DIDs through wallets and interact with application projects, and integrate different credentials and application identities on multiple chains through various protocols in wallet integration.
■ The development of DID is still in its infancy, and the iteration is relatively slow. So far, no DID system has accumulated a certain network effect (except for ENS, MetaMask and other applications).
Preface: DID Concept
1. W3C DID
In the beginning, the full name of DID was "Decentralized Indentifiers", which literally translates to "Decentralized Identifiers". It is a set of standards led by the World Wide Web Consortium (W3C), the most influential international Internet technical standards body. This concept of DID has no direct correlation with blockchain/Web3 at first, but if you search for "DID" directly, you can still see that the DID discussed in many articles is this specific standard
2. WEB3 DID
In the current mainstream context of blockchain and Web3, DID is more often seen as the abbreviation of "Decentralized Identity", which generally refers to "Decentralized Identity". Unlike W3C DIDs, WEB3 DIDs lack a common standard definition; this is also the reason why the concept of Web3 DIDs is confusing at present.
The focus of this paper is Web3 DID. In the following discussion, DID will be used to refer to the concept of "Decentralized Identity" of Web3 DID, and W3C DIDs will be used to refer to the Decentralized Indentifiers standard of the International Internet Technology Standards Organization W3C to avoid confusion.
In the era of traditional Internet (Web2), digital identity is platform-centric, and different products on the same platform are connected through an account system. For example, Tencent, Google, Facebook and other leading Internet companies also have their own account systems. Although this kind of identity system is convenient to construct, its drawbacks are also widely known: the accounts of the platforms do not communicate with each other, and users cannot control their own identity data.
In the emerging new generation of decentralized Internet (Web3) era, user interaction is mainly based on wallet addresses, so a series of activities around addresses constitute the most native digital identity of Web3. But the cost of creating a new address is negligible, and few people will bind themselves to an address. This leads to the fact that users can give up the "identity" represented by an address at any time, and can also create a large number of address "identities" at zero cost, which limits the application scenarios of this digital identity.
The problem that Web3 DID hopes to solve is to build a description of a person's identity in the decentralized digital world, so Web3 DID is also called the "identity infrastructure" of Web3 applications.
I. W3C DIDs
As the initial definition of the concept of "DID", let's first look at the standard definition of the traditional W3C DIDs and its relationship with the current Web3 DID system.
After years of research and discussions, the W3C finally released the official standard v1.0 for DIDs Decentralizedidentifiers in July 2022.
In the decentralized identifier architecture of the W3C standard, the user directly controls the identifier and the corresponding document. The APP can read the document linked by DID under the user's permission to realize the specific application business. The document contains information related to digital identity, such as signature, encrypted data, etc. The user proves ownership of the DID through a cryptographic signature. The user's data is stored in a trusted database (such as the blockchain), and the identity data does not depend on the APP.
W3C DIDs have three main elements:
● DID scheme, similar to method declarations such as http and ipfs
● DID Method is an identifier of a specific method. Every project that wants to build a DIDs identity system can apply for one. For example, Tencent can apply for a tencentqq identifier for QQ
● DID Method-Specific Identifier, is a specific id, its use depends on the definition of the specific project party
The detailed technical details of W3C DIDs are relatively complicated and will not be introduced in detail here.
W3C DIDs are to some extent competitive with Web3 DIDs. In general, the W3C DIDs standard system is a standard with comprehensive design and better compatibility. There are many blockchain projects that use the DIDs route to realize digital identity, such as DIF-Universal Resolver.
However, the complexity of W3C DIDs and the lack of user readability are difficult for users to accept in the long run, and since large Internet companies rarely develop applications based on DIDs, W3C DIDs have not been widely used and promoted.
II. Web3 DID：Main Composition Credentials
Let us turn our attention to the more promising WEB3 DID. In the increasingly prosperous application scenarios of WEB3.0, different digital identities refer to different content, but they can all be called (WEB3) DIDs. There are two key factors here:
■ What are the "Web3 DID" credentials: for example, NFTs held by users, on-chain interaction records, or off-chain identity information
■ What are "Web3 DID" identifiers (IDs): for example, an address, an NFT, or an ENS to represent an identity?
The current Web3 DID credentials mainly include three categories: Proof of Personhood, Soul Binding Token (SBT) and Verifiable Credentials (VC). Next, we will briefly introduce them one by one.
1. POP Certificate（KYC）
Proof of Personhood, the purpose of the POP protocol can be said to be quite simple, trying to prove the uniqueness of the digital identity by binding with the real person information off the chain. Proof of Humanity, BrightID, and IDENA are among the representative projects.
Proof-of-Personhood projects are often designed to establish unique user identities. Therefore, it often passes traditional authentication methods, mainly through KYC and video face recognition. KYC is a classic authentication method popular in exchanges. Through KYC, a digital identity will be bound to your legal entity information (name, nationality, etc.) under the chain; face recognition, such as BrightID, mainly uses your face information. Enter into the database to ensure that a person can only register one ID in a project ID system.
It can be seen that the most direct application scenario of PoP authentication is anti-sybil attack. In addition, under the background that countries are considering cryptocurrency regulation, KYC may become a necessary condition for the formation of a "legal identity".
These projects are undoubtedly quite effective in establishing unique identities, but there are also quite obvious flaws in this approach. They do not map against rich, contextual identities on the social graph. And social identities are not meant to exist in isolation.
Hence, Soulbound Tokens and Verifiable Credentials came into being.
2. Membership Certificate (NFT PASS)
Since 2017, with the establishment of the EIP721/EIP1155 global de facto technical standard for digital asset ownership confirmation, NFT has gradually become the best comprehensive carrier in many decentralized application fields around the world, including but not limited to: DAO digital certificates and income Credentials, metaverse social identity ID, encrypted digital assets, game liquidity assets, digital copyright, visual image/digital avatar...
We believe that the Web3.0 world only needs an identity system to open up all applications: we need to clearly propose standard protocols to form consensus and accelerate the arrival of a unified identity in the metaverse
NFT PASS can be understood as a Web3 membership card, which is launched by each application project party. Users obtain membership rights by purchasing NFT PASS, which can also be understood as a transferable digital certificate of NFT identity rights. It can be distributed in various forms; it can be distributed by anyone. NFT PASS is based on the blockchain EIP721/EIP1155 standard, which can realize user identity and rights confirmation. NFT PASS has various application forms, such as NFT Tickets, VIP membership card, DAO member digital certificate...
3. Soul Bound Token (SBT)
In May 2022, Glen Weyl, Puja Ohlhaver and Vitalik Buterin first elaborated the concept of soul-bound tokens in the article "Decentralized Society" jointly published.
SBT can be understood as a permanent, non-transferable token on the public blockchain. It can be distributed in various forms; it can be distributed by anyone. The biggest purpose of SBT is to formalize the interaction between users on the public blockchain so that the world can witness and verify. In this model, in principle, a person's digital identity can be shaped according to the social context simply by constant public interaction.
Since SBT does not currently have a general clear standard, in fact, the current SBT can be simply understood as NTT , that is "Non-Transferable Token". In fact, credentials in the form of such tokens already exist, such as those issued by POAP, Project Galaxy.
The problem that is trying to be solved with SBT is to remove the dependency on the Web2 infrastructure by introducing native Web3 identities.
This can include (but is not limited to) employment, work experience and academic credentials, thus providing a way to build a reputation on Web3.
Essentially, SBT is the conversion of reputational capital into formal property ownership. By "baring the soul," people can publicly bet their reputation on the veracity of who they claim to be.
SBT provides a publicly visible, non-transferable (but potentially revocable by issuer) token that can help promote a decentralized society by creating an "immutable" record.
The grand vision of SBT is that one day in the future, when Web3 has penetrated into mainstream society, SBT will be everywhere, and a reliable and comprehensive digital identity can be provided only by an individual's wallet address.
4. Verifiable Certificate (VC)
When people intend to conceal negative behavior, the utility of SBT will be fully realized. But its persistence and publicity can also make it easy for anyone to associate and infer about a person, leading to a complete loss of privacy and some forms of negative discrimination.
To alleviate this problem, the idea of verifiable credentials (VC: verifiable credentials) is proposed.
Like SBT, VCs can be posted by anyone and can represent any information. The key difference between the two is that VCs have adopted the idea of selective disclosure. It operates privately by applying zero-knowledge proof technology. The entire verification process is private, and users do not need to disclose their other information to the other party.
The main problem with VC is that it is part of a standard defined by W3C, which requires the support of DIDs within the W3C system, and the advancement of W3C DIDs is slow. The project party or the Web3 community needs to set a set of VC operation process standards, so it will be a huge difficulty to promote this standard.
III. Identity Layer: Main Form of DID
There are various application scenarios for Web3 DID, and there are also specific components--credentials. What connects the use case to the credentials is what the identity layer does. For example, ENS , addresses, wallets…
People generally equate the identifier of Web3.0 with the wallet address. A person can only have a unique identity, but can apply for countless wallet addresses, and users can also apply for multiple ENS domain names. At present, the industry's exploration of identifier-identity is still developing, and the competition of identity unicorns has just begun
1 Information Aggregation Protocol
The user's on-chain data is often scattered in multiple public chains and multiple project smart contracts, so they need to be processed and aggregated to form an identity. Many projects do just such an information aggregation protocol.
These protocols often do not have direct user-oriented products. They are mainly oriented to project parties and other protocols, and can cooperate with each other for information aggregation. An example is as follows:
■ Cyberconnect hopes to build an on-chain social graph that aggregates users' social relationship data
■ KNN3 Network hopes to build user social relationship graphs on multiple chains by integrating Footprints association analysis, Cyberconnect and other social graphs
■ RSS3 hopes to be an aggregation of content and social information on the chain, and may develop in the direction of Web3 information distribution and recommendation system later
Wallet is directly facing users and is currently recognized as the "Web3 portal". Although it can't be said to be a DID application scenario, it is the best high-frequency application entry.
An ideal "DID wallet" may look like this: first, it can aggregate addresses of all mainstream public chains, and integrate users' fragmented data on different chains while having basic signatures, transfers and other transactions; second, it can Displays various SBT/VC/PoP credentials owned by the user. When interacting with the application project, the user can independently authorize which data to be disclosed to the project, thereby helping the user to achieve data sovereignty. Many wallets will refer to the DID narrative, such as Unipass, ABT Wallet, Selfkey, etc.
However, the current mainstream wallets such as Metamask do not have these functions. An important reason is that they are basically EOA ordinary wallets, and such wallets basically only support the most primitive operations of addresses on the chain - query and transfer. The smart contract wallet is expected to achieve more expansion in the wallet function. There are actually many challenges in the implementation of DID wallet-related technologies, but it is also worth our expectations.
3 Domain Name
Although each of us has a unique ID number, in daily life, we generally use "name" as an identifier for a person's identity (although there may be duplicate names), because it is more convenient for daily communication.
The Web3 world also has the same problem: Although people's current interactions are mainly based on wallet addresses, no one wants to remember that long string of strings. If the digital identity of Web3 needs a "name", then what the domain name project does is to hope to become this "name".
ENS is the most well-known project in domain names. It is officially supported by the Ethereum Foundation and provides registration services for domain names with .eth suffixes. Now it has nearly 1.8 million registrations. Notably, SpruceID is working with ENS to advance EIP-4361: Sign In With Ethereum. If the proposal is successfully implemented, this will replace Connect Wallet, allowing the domain name to be on top of the wallet address and become the entry point of Web3. In addition, ENS also hopes to complete its vision of "Web3 Name" through the integration of a series of identities in the domain name.
Another noteworthy domain name project is Space ID, which is officially supported by Binance and provides registration services for domain names with .bnb suffixes. Space ID also hopes to id the .bnb domain name with the user's multiple addresses on different chains, the user's Twitter and other Web2 accounts, and become a Universal name in the Web3 field. Compared with ENS, Space ID's product iteration speed and landing speed will appear faster.
In addition to ENS and Space ID, .bit and Unstoppable Domain have also recently completed larger financing. The narratives they tell about DID are basically the same.
It is worth noting that although both domain names and wallets can be used as identity management tools, their roles are very different. They do not conflict in theory, but can work closely together: wallets can use a domain name as a replacement for the wallet account name, and use it as the "name" when interacting with the application side; domain names can also integrate multiple on-chain addresses or even Multiple wallet accounts.
4 DID Manageability
The aggregation characteristics of DID identity application tags lead to thinking about identity management and applicability:
If the system cannot aggregate all digital identities of users, your identity system may become part of a larger identity management product. For example, DIDs are aggregated by the .eth domain name. In some cases, a single wallet address can also be said to be an "application identity".
Application identities have important practical value and can create more functions for specific application scenarios, which cannot be achieved by global management of identities. For example, in a social Dapp application, users can add players with the same interests in the game as friends based on the SocialID information display, but if a wallet Dapp wants to achieve such a subdivision function, it will greatly increase the complexity of the product and limit the Product scalability and openness.
IV. Web3.0 DID New Paradigm
Digital identity company Spruce was launched in August 2020, and its founder, Gregory Rocco, was previously the head of strategy at ConsenSys. Spruce is committed to advancing digital identity authentication while protecting user privacy, and attempts to re-create trusted interactions between businesses and governments.
The company is still creating open-source software products that it hopes will help users move from untrusted data exploitation to verifiable information that can be shared privately. To do this, Spruce links with existing identity and data devices in enterprise environments, including identity servers, internal resource APIs, key management systems, ERP and cloud services, and more.
In September 2021, the Ethereum Foundation (EF) and the Ethereum Name Service (ENS) officially announced their support for Spruce's proposed system for secure login using Ethereum. The system has a standardized "Login with Ethereum" functionality that is interoperable with the Web2 identity system. Allowing users to log in using a cryptographic identifier, such as their Ethereum wallet address, is intended to give users control over the scope of information that the platform can collect when they log in, rather than automatically handing over data to the platform as it has done in the past.
Since then, Spruce has maintained close cooperation with ENS and the Ethereum Foundation to ensure that its solutions are compatible with existing standards used throughout the Ethereum ecosystem, and oriented towards the end result being implementer friendly, while maintaining supply at all times Business neutrality.
Spruce's system was selected after EF and ENS submitted a request for proposal in July 2021 that encouraged developers and software companies to propose login packages using Oauth, an open standard for access authorization.
BrightID is a decentralized anonymous social identity network dedicated to solving the problem of identity uniqueness by creating and analyzing social graphs. With BrightID, users can prove their uniqueness to the app without having to use multiple accounts. At the same time, the application does not need to collect personally identifiable information or cooperate with centralized organizations, which can ensure the privacy and security of users to a certain extent.
By using BrightID, any personal information of users, including text, photos, etc., will be encrypted and sent in a P2P way, and will not be stored in the network.
BrightID's official Token is BRIGHT, its maximum supply is 100 million, the initial supply is 25 million, and BrightDAO supplies a maximum of 10 million each year. Its specific distribution is as follows:
● 6% for project management;
● 6% is used for communication;
● 64% for project development;
● 8% is used for start-up capital financing and project research.
Specific use cases for Bright Token include: liquidity mining, governance and voting, hacker bounties, faucet test rewards, etc.
In the coming Web3 era, AVATAR/PFP NFT has become a fact that the global users are widely used Web3.0 ID social identity, but the lack of interoperability, application technical standards and consensus is still restricting AVATAR NFT to become a Web3.0 DID killer Huge barriers to adoption
YieldDAO has launched the OPENAVATAR PROTOCOL open virtual avatar DID standard protocol, which promotes the optimal integration of NFT and DID from the dual levels of organizational structure and technical standards, promotes the determination of the best scalable technical framework, and expands the OPENAVATAR standard organization based on the open community Practical work such as application, operation and promotion.
At present, OPENAVATAR PROTOCOL has issued the OPENAVATAR SDK
OPENAVATAR PROTOCOL STACK
● IPFS_EAC （IPFS Enterprise Autonomous Cell）：Fully controllable and manageable IPFS enterprise-level and autonomous organization management service unit, and public domain IPFS to achieve fully controllable communication and release management. -- L1 Managed Storage Ties
● WEB3_DID: Web3.0 decentralized identity standard identification, based on the latest mainstream asymmetric key system, fully compatible with EVM Ethereum virtual machine, and gradually supports L2 extension, Solana, HashHydra... -- L2 Interoperability Standard Layer
● MetaDATA: Metadata standard information of OPENAVATAR, providing the basic identity information and extensible identity information standard framework of Web3.0 ID. -- L3 metadata standard
● OPENAVATAR SDK + API: Build DAPP's decentralized verification and authorization SDK & API, realize fast WEB3.0 DAPP application identity authentication and verification, support ERC1155/ERC721/ERC20 and other Wallet Token-based identity authentication. --L4 Open API/SDK
● OPENAVATAR NOS (NFT Operating System) Providing one-stop decentralized support application systems such as standard contract deployment, IPFS configuration, NFT casting and distribution, and contract management. -- L5 NFT Credential Operating System
● OPENAVATAR SNS （Avatar NFT Social Network）-- L6 Web3.0 Social Networks based on Avatar NFT
● OPENAVATAR NNS (NFT Name System) -- L6 decentralized NFT-based Name Services system, benchmarking ENS
From the technology stack design of "OPENAVATAR PROTOCOL", we have seen a number of highlights of extraordinary innovation,
1. OpenAvatar NOS, NFT operating system, which provides a good and convenient foundation for standardization and enterprise promotion
2. OpenAvatar SDK/API provides unified tools and standards for decentralized identity verification and authorization promotion
3. OPENAVATAR SNS, due to the fact that NFT has become a social ID stander to a certain extent, building a decentralized social network based on PFP/Avatar NFT will becomes the best way for a new Web3.0 social network
4. OPENAVATAR NNS, a simple analysis from the description of the technology stack, OpenAvatar uses flexible NFT standard issuance tools and NFT’s Holder address query capabilities. A standard name services process can be established, which may build a revolutionary and innovative NFT Name Services system, which greatly simplifies the name system complexity and improves the decentralization capability. Compared with ENS, Bit and other domain name-based systems, it is more likely Become the next-generation DID System with domain name/address binding capabilities....
V. The Future of DID
In the future, everyone will have a DID master digital identity:
■ Everyone has a master DID, which can be used in the entire Web3 network, and may even be bound to the user's real identity through KYC and other methods, so as to better interact with the off-chain world.
■ Web3 domain name, which is the unique readable identifier of this DID, that is, the user's name in Web3.
■ The user manages this DID through a wallet DAPP with far more powerful functions than the current one; in the wallet, multiple identity aggregation protocols may be integrated to realize the data aggregation of users' multi-address and multi-contract, and comprehensively show the user Credentials, local identities, relationship graphs, etc. on each chain and each address, as a whole user portrait.
■ Users interact with WEB3 application scenarios such as social networking, recruitment, and DAO governance through wallets. Through encryption technology, users can independently control the project party's access to data, so that data sovereignty is owned by users.
OPENAVATAR PROTOCOL combines the existing massive PFP/Avatar NFT to create a new Web3 Social DID platform service based and NFT Name Services on NFT PASS, SBT, POP, which represents a new paradigm of Web3 DID in the future. We hope to see more such innovative forces
■ "A&T View: The Most Detailed Review of the DID Track in the Whole Network", author: Ling.Chuan, Senior Analyst, A&T Capital