4D Explains the Web3 Identity Stack: The Road to Digital Sovereignty
Original title: "Towards Digital Self-Sovereignty: The Web3 Identity Stack》
Original Author: Nichanan Kesonpat, 1 kxnetwork
Compilation of the original text: The Way of DeFi
This article covers the core concepts of decentralized identity, the evolution of identity on the Internet, a layer-by-layer overview of the Web3 identity infrastructure stack, and related developments in privacy primitives. Proof-of-Personhood, compliance, and the application layer will be covered in future articles.
image description
Web3 Identity Infrastructure Ecosystem - December 2022
Identity is an emerging attribute consisting of data related to a person, entity or object. In the physical world, we store this data in our brains in the form of abstract reputations and mental associations. In the digital world, identity is formalized into two components:
Identifier: A unique set of characters or numbers that identifies a subject (eg, passport number, Twitter ID, student ID).
Data related to the subject (e.g. travel history, tweets and followers, academic achievements).
Creating an identity layer for the internet is difficult because of a lack of consensus on what it should be and how it should work. Digital identities are contextual, and we experience the internet through a variety of content that exists at least in many different contexts. Today, our digital identities are mostly fragmented and under the control of a few interested parties whose interest is to prevent us from spilling over from their environment to anywhere else.
Businesses view customer relationships as critical assets and are unwilling to relinquish control of those relationships. So far, none of the methods have served as an incentive to do so. Even a one-off temporary identity is better than a framework they have no control over.
Specific industries like finance have unique needs (such as compliance) when it comes to maintaining digital relationships with customers and suppliers.
Governments have needs that differ from other types of organizations. For example, jurisdiction over driver's licenses and passports.
This model creates an asymmetry of power between individuals and the parties who manage our identities and data. It limits our autonomy to consent, selectively disclose information about ourselves, and port our identities across different contexts for a consistent experience both online and offline.
Decentralized identity was a collective effort long before the rise of crypto and web3. The overall goal is to allow individuals to regain autonomy over their identities without relying on a centralized, single gatekeeper. The misuse of customer data and eroding trust in big corporations has put decentralization at the heart of the next Internet identity era.
Core Concepts of Decentralized IdentityVDRDecentralized identifiers (DIDs) and proofs are the main building blocks of decentralized identities. DIDs are issued and stored in verifiable data registries (
), as autonomous "namespaces", not subject to central management. In addition to blockchain, decentralized storage infrastructure and P2P networks can also serve as VDR.PKIHere, entities (individuals, communities, organizations) can use a decentralized public key infrastructure () to authenticate, prove ownership and manage their DIDs, unlike traditional network PKI, it does not rely on a centralized certificate authority (CA) as。
root of trust
Data about identities is written as proofs, the "claims" that one identity makes to another (or to themselves). Verification of claims is done through PKI-implemented cryptographic signatures.
Decentralized identifiers have 4 main properties:
Decentralization: Create without relying on a centralized institution. Entities can be created at will, maintaining their desired separation of identities, roles, and interactions across environments.Persistence: Once created, it is permanently assigned to an entity. (AlthoughSome DID
are designed for ephemeral identities).
Parsable: Can be used to reveal additional information about the entity.
Verifiable: Entities can prove ownership of a DID or claims about it (verifiable credentials) without relying on third parties, thanks to cryptographic signatures and attestations.
These properties distinguish DIDs from other identifiers such as usernames (non-verifiable), passports (non-decentralizable), and blockchain addresses (non-persistent, limited resolvability).
The World Wide Web Consortium (W 3 C) is an international community of organizations, workers, and the public working together to develop web standards. The W 3 C's DID Spec defines 4 main parts:
Scenario: The prefix "did" tells other systems that it is interacting with a DID rather than other types of identifiers such as URLs, email addresses, or product barcodes.
DID Method: Specifies to other systems how to interpret the identifier. There are over 100 DID methods listed on the W 3 C website, usually associated with its own VDR, and have different mechanisms for creating, resolving, updating, and retiring identifiers.
DID file: The above 3 sections can be parsed into a DID file, which contains the means by which the entity can authenticate itself, any attributes/claims about the entity, and pointers to locations of additional data about the entity ("service endpoints").
image description
Anatomy of a decentralized identifier and DID document
The Impact of Crypto
While public key infrastructure (PKI) has been around for a long time, Crypto accelerated its adoption through the incentive mechanism of the token network. What was once primarily used by privacy-conscious technologists is now a prerequisite for participation in the new economy. Users need to create wallets to self-custody assets and interact with web3 applications. Fueled by the ICO boom, the summer of DeFi, the NFT mania, and the tokenization community, users have more keys than ever before. With that comes a vibrant ecosystem of products and services that make key management easier and more secure. Crypto has been the perfect Trojan horse for decentralized identity infrastructure and adoption.
Let's start with the wallet. While wallets are still primarily thought of in the context of asset management in a financial sense, tokenization and on-chain histories already allow us to represent our interests (NFT collections), work (Kudos, 101) and opinions (governance voting) . Losing a private key is becoming less like losing money and more like losing a passport or social media account. Crypto blurs the lines between what we own and who we are.
However, what we do and hold on-chain gives a limited (and not privacy-preserving) view of who we are. Blockchain is just one layer of the decentralized identity stack. Other stacks also help to solve some important problems, such as:
How do we identify and authenticate ourselves in networks and ecosystems?
How do we prove things about ourselves (reputation, uniqueness, compliance) while maintaining privacy?
How do we grant, manage and revoke access to our data?
In a world where we control our identities and data, how do we interact with applications?
The next few sections walk through the Web3 identity stack layer by layer. i.e. verifiable data registration, decentralized storage, data variability and composability, wallets, authentication, authorization and proof.
image description
Decentralized Identity Infrastructure Stack
Web3 Identity Stack
Blockchain as a verifiable data registry
The distributed and immutable nature of the blockchain makes it suitable as a verifiable data registry upon which to issue DIDs. In fact, various public blockchains have W 3 C DID methods, such as:did:ethrEthereum,
Cosmos,did:cosmos:public key represents the identity of the Ethereum account.
:chainspace:namespace:unique-id represents assets compatible between Cosmos chainsdid:btcrBitcoin, of which
: btcr-identifier represents a TxRef-encoded transaction ID, referring to the UTXO-based transaction location in the Bitcoin blockchain.did:pkhIt is worth noting thatCAIP-10 :address - A ledger-agnostic generative DID method designed to enable interoperability of blockchain networks. according to
FractalThe standard is the account ID, which is used for cross-chain key pair expression.is an identity provisioning and verification protocol designed for applications that require unique and varying levels of KYC users. After completing validity and/or KYC checks, the Fractal DID is issued to the corresponding Ethereum address and added to the corresponding list. FractalIt is a smart contract on Ethereum, according to which transaction parties can query Fractal DID and its verification level.
is an application-specific blockchain for self-sovereign identity. As of this writing, they are primarily used by businesses to issue identities and credentials to end users. In order to participate in the network, nodes need to stake native tokens to process transactions such as issuance of DIDs/vouchers, define credential schemas, and perform revocation updates.
Decentralized Data Storage"While general-purpose blockchains can also serve as a data source for immutable user data, such as asset ownership and transaction histories (such as portfolio trackers and"DeFi Score
applications), but they may not be suitable for storing most data about users because of the high operational cost of writing and regularly updating large amounts of information and compromising privacy since data is visible by default.ArweaveThat said, there are some application-specific blockchains such as"*, are designed for permanent storage. Arweave pays miners block rewards and transaction fees in exchange for a copy of the information stored on the network. Miners need to provide"proof of visit, in order to add a new block. A portion of the fee is also paid to apermanent endowment fund
, the fund will be paid to miners in the future when storage costs cannot be covered by inflation and fees.
Ethereum and Arweave are examples of blockchain-based approaches to data persistence. On Ethereum, every full node must store the entire chain. On Arweave, all the data required to process new blocks and new transactions is recorded in the state of each individual block, allowing new participants to join the network simply by downloading the current block from their trusted peers.
IPFSContract-based persistence means that data cannot be permanently replicated and stored by each node. Instead, data is persisted through contracts with multiple nodes that agree to hold a block of data for a period of time and must renew their contracts whenever they run out to keep the data persistent."pinnin"Allows users to store and transmit verifiable, content-addressed data in a peer-to-peer network. Users can store the data they want on their own IPFS nodes, utilize dedicated node groups, or use third-partyPinata、Infuraservices such asweb3.storage. As long as there is a node storing data, the data exists in the network and is made available to other nodes when they ask for it. On top of IPFS is the cryptoeconomic layer, such asFilecoinandCrust Networkand
, which aims to incentivize storing data for the network by creating a distributed marketplace for long-term data persistence.GDPR/CCPAFor personally identifiable information (PII), permissioned IPFS can be used to comply withNuggetsThe right to be forgotten, as it allows users to delete their data stored on the network. identity wallet
Other contract-based decentralized storage solutions includeSiaandStorjand
, which encrypt and split individual files across multiple nodes across the network. Both use erasure coding (requiring only a subset of storage nodes to serve files) to ensure data availability even if some nodes go offline. They also have built-in incentive structures, using native tokens for storage.
Data change and composability
CeramicUniversal Blockchain, Arweave, and IPFS all guarantee immutability, a useful property for things like static NFT art and permanent records. However, our interactions with most applications today constantly update our data. The Web3 protocol designed for volatile data is designed to do just that, leveraging the underlying decentralized storage layer."is a protocol for decentralized data change and composability that works by converting immutable files in persistent data storage networks such as IPFS or Arweave into dynamic data structures. On Ceramic, these"data flow
Similar to its own variable ledger. Private data can be stored off-chain with schemas indexed on Ceramic attached to DID data storage leading to external private storage.
When users update their profile in a Ceramic-powered application, the protocol validates those updates as a stream, translating them into a new state while keeping track of previous state changes. Every update on Ceramic is verified by a DID that can be mapped to multiple addresses, paving the way for users to update their data without a server.
Today, Web2 entities own the UI and the backend, where they store and control user data. Google and Facebook use this data to algorithmically personalize our experience on their platforms, further productizing the data they collect. New apps have to be built from scratch and cannot provide a personalized experience from the start, making the market less competitive."Web3 democratizes data, levels the playing field for new products and services, and creates an open environment for experimentation and a competitive marketplace for applications. In a world where users can bring data from one platform to another, app developers don't need to start with a blank slate, they can give users a personalized experience right away. Users can log in with their wallets and authorize applications to read/write to their fully controlled"。
databaseComposeDBon CeramicGraphQLis a decentralized graph database that enables application developers to use
Discover, create and reuse composable data models. Nodes in the graph are accounts (DID) or files (data flow). Edges in the graph represent relationships between nodes.
A DID represents any entity that can write data into the graph, such as an end user, organization, application, or authentication service of any kind.model isCeramic flow
, which stores metadata about the document's data structure, validation rules, relationships, and discovery information. Developers can create, combine, and remix models to form data compositions that serve as databases for their applications. This replaces the traditional user table with centralized UIDs and associated data. Applications can be built on top of common data sets controlled by users, rather than managing their own independent tables.
TablelandSince applications can freely define the models they will use in a particular context, the curation market becomes very important as it provides a signal for the most useful data models (schemas defined for social graphs, blog posts, etc.) . With a marketplace for these data models, applications can signal these models to make them easier to consume. This will incentivize public datasets to generate better analytics and infographics so that products can build on them to innovate further.
is an infrastructure for mutable, structured relational data, where each table is minted as an NFT on an EVM-compatible chain. The owner of the NFT can set access control logic for the table, allowing third parties to perform updates on the database if that party has appropriate write permissions. Tableland runs a network of off-chain validators that manage table creation and subsequent mutations.
On-chain and off-chain updates are handled by a smart contract that points to the Tableland network using the baseURI and tokenURI. With Tableland, NFT metadata can be mutated (using access controls), queried (using SQL), and combined (with other tables on Tableland).
Decoupling the application from the data layer allows users to port their own content, social graph and reputation between platforms. Applications can tap into the same database and use it in their context, enabling users to have a composable reputation across different contexts.
wallet
wallet
Broadly speaking, a wallet includes interfaces and underlying infrastructure for key management, communication (data exchange between holders, issuers, and verifiers), and claim presentation and verification.
Examples of identity wallets includeONTO, Nuggets,andPolygon ID WalletandFractal.. Some identity wallets, such asverifiable credentialsandDIDCommand
WalletConnectimplementations and use cases beyond web3.
It is a communication protocol between wallets and wallets and dapps. Already serving millions of crypto users as a minimalist, unbiased protocol, WalletConnect may prove to be a strong alternative to DIDComm in accelerating the adoption of self-sovereign identity infrastructure. Unlike DIDComm, which requires a service provider to provide hosted mediator infrastructure, WalletConnect stores information in a "cloud mailbox" in the relay network, and pushes this information to the wallet when the wallet is back online.
certified
Authentication is the confirmation of a user's identity based on one or more authentication factors. Authentication factors can be something the user has (digital signature, ID card, security token), something they know (password, PIN, secret answer), or biometrics (fingerprint, voice, retinal scan).
In the decentralized identity paradigm, users can authenticate themselves using their wallets. Behind the scenes, the wallet uses its stored keys to generate a digital signature that serves as "proof" that the holder owns the private key associated with the account. Since encrypted wallets can generate signatures, apps that provide web3 logins can let users authenticate with their Metamask or WalletConnect.
For years, crypto users have interacted with dapps by connecting "wallets". The dapp has no memory of connected users and treats them as a blank slate every time they visit the site.
Today, users have a deeper interaction mode with dapps. Decentralized identity information becomes useful here, as it allows applications to gain more context around the user, allowing individuals to retain control over their own data while providing a personalized experience.
Sign-In with Ethereum(SIWE)For richer background interactions, such as loading user preferences, configuration files, or private chat messages, the application needs to first ensure that it is talking to the actual keyholder behind the account. While Connected Wallet does not provide this guarantee, the authentication standard does. Authentication establishes a session with the user and allows applications to read and write their data securely.Sign-In with X(CAIP-122 )is an authentication standard pioneered by Spruce, ENS, and the Ethereum Foundation. SIWE standardized a message format (similar to jwt) for users to use blockchain-based account login services.
On this basis, SIWE becomes the implementation of SIWx centered on Ethereum, generalizing the standard to operate across blockchains.
For individuals, this means being able to register or log in with their web3 wallet without having to create a username and password, a "just a few clicks" user experience that mimics social logins while maintaining authenticity to their online identity. sovereignty. Applications can use this as a go-to-market strategy for web3-native audiences to meet user needs.Peer DIDsIn the medium term, the ability to log into dapps and other web2 services using crypto wallets will be a web3 native UX improvement. However, this will expose users to correlation and tracking issues, which become very harmful in web2. pass
Authentication or self-certified identifiers can be used as an alternative solution.
Unlike the "normal" DIDs described above, Peer DIDs are designed to be used between 2 or N known parties. They can be used as a unique identifier for each service and/or interaction. The encrypted wallet address in this digital identity can be stored with the VC as proof of verification for each merchant or service interaction.
Authorization and Access Control
Authentication confirms the identity of a user, while authorization determines which resources an entity should be able to access and what they are allowed to do with those resources. These two processes are independent, but often go hand in hand in the UX process. After logging in to a third-party service using social login, the user may be prompted for some authorization requests, as shown in the following figure:
With the rise of the tokenized community, web3 token-gated products such asCollab.Land、GuildandTokenproofand
Litalso appeared. A major use of these tools is to provide access control to member-only Discord channels, with more granular access based on role and reputation. Instead of manually assigning access, the community can programmatically grant access based on token holdings, on-chain activity, or social validation."is a decentralized key management and access control protocol that uses MPC technology to distribute private keys among Lit network nodes"sharePKP. The public/private key pair consists of
(Programmable Key Pair) NFT means that its owner is the sole controller of that key pair. When arbitrarily defined conditions are met, the owner of the PKP can trigger the network to aggregate key shares to decrypt files or sign messages on their behalf.
KeplerIn the context of access control, Lit enables users to define on-chain conditions that grant access to off-chain resources. For example, a DAO could upload a file to Arweave or AWS, encrypt it with Lit, and define a set of conditions (such as NFT ownership). Eligible wallets sign and broadcast a message to the protocol nodes, which check the blockchain to make sure the signer is eligible, and if so, gather a key share for the signer to decrypt the file. This same infrastructure can also be used to unlock web2 experiences such as Shopify discounts, locked Zoom rooms and Gathertown spaces, live broadcasts and Google Drive access."Orbits"around a user-controlled database (") to organize data, these databases represent a list of designated hosts for the data, as a smart contract, only their keys can control. These databases can be managed by trusted parties, consensus mechanisms across hosts, resource owners, and permission validity. Anyone using SIWE can immediately utilize a private database to store their preferences, digital certificates and private documents. via multiple storage backends"self storage
Yes, users can self-host or use a hosted version.
Orbis Some examples illustrate how applications can use combinations of the previously mentioned building blocks:"web3 Twitter/Discord"is a social networking application (
), use Ceramic for data storage and update, private messages are first encrypted by Lit before storage
Use Lit as a decentralized encryption system to delegate who can decrypt your Tableland data
Kepler can use Ceramic documents as a beacon to route to private storage"Create Lit PKPs to allow applications"have
CACAOA Ceramic stream and grant Lit Actions (code on IPFS) the ability to sign and update the database under arbitrary conditionsIPLDis a standard for representing on-chain agnostic object capabilities (OCAP), created using Sign-in-With X. It defines a method to record the results of SIWx signed operations as based on
Object Capability (OCAP), not only creates authenticated event acceptance, but also composable and replayable authorization acceptance for verifiable authorization.
Authorization methods let users grant applications fine-grained, well-scoped, and verifiable capabilities to view/update their data. Also, it can be session-based so that instead of signing messages on every update, they have rich interactions on the app and sign once at the end of the session.
Certificates and Credentials
Here we reach the top of the decentralized identity infrastructure stack, as shown in the diagram.
Some terms:
Attestation means proving that a statement and signature are valid, arising from the need for independent verification of recorded events.
A credential is any document detailing information about an entity, written and signed by another entity or by themselves. Credentials are tamper-resistant and cryptographically verifiable and can be stored in a wallet.Verifiable Credentials (VC) areW 3 C Verifiable Credentials
The standard data model and representation format for encryptable digital credentials defined by the specification:
Issuer is the party that issued the credential (such as a university)
The holder owns the credential (eg, student)
Verifier Verification Credentials (eg Potential Employer)
Verifiable presentation is when users share their data with a third party who can verify that the credential was indeed signed by the issuer
Please note that the "issuer", "holder" and "verifier" here are relative. Everyone has their own DID and the credentials they collected.
Credentials are the cornerstone of reputation, and reputation is a social phenomenon that changes with changing circumstances. One or more credentials may be used as a proxy for an entity's qualifications, competence, or authority. Anyone can say to themselves that they graduated with honors from a prestigious university, but that means little to anyone else. Credentials held by universities are considered legitimate or prestigious.
Although the Web3-native Badge and X Proof projects do not both adhere to the W3C's VC standard, we can find similarities in the systems described above.DegenScoreThe most immediate example is non-transferable NFT badges, which can only be minted by wallets that have completed some on-chain activity. Because all transaction history is on-chain, it is verifiable and tamper-proof from day one."Quantify your ape attributes by summarizing your interactions with DeFi protocols and output a score using rules on smart contracts. You can mint coins and use them as a"DeFi Credentials
POAPsKeep it in your encrypted wallet. If there is a Degen DAO limited to those with a certain score, then you can present this NFT to the DAO, then the token gating protocol can verify that you hold it, and you can enter the DAO - Proof of Degen
Otterspace* Proof that you attended an event or met someone IRL -- Proof of Attendance/Proof of EncounterProvedAllow the DAO to decide what constitutes meaningful work and issue ntNFT badges to its members,
101 Requires the DAO to "sign" a claim before having its members mint a DAO-specific NFT badge for it - Proof of Contribution
Kleoverse At the end of their online course, once the student has passed the test, the ntNFT - Certificate of Learning is issued.
Issue Typescript, Rust, or Solidity competency badges to users based on GitHub data - Proof of SkillLit PKPsIn addition to the access control use cases outlined above,Lit ActionsCan also act as an encryption notary,
Check before signing the certificate. For example, a decentralized education platform could allow course creators to define what counts as passing a test, and deploy those conditions as Lit Actions against which to programmatically issue VCs using their PKP.
Orange2 questions arise here: which of these authentication data points are meaningful, and how do we aggregate them for reputation?
The protocol offers a solution to this: these data points are integrated into well-defined models via model providers. On Orange, MPs generally refer to platforms that have reputation evaluation measures within their system. "Data Providers" allow their data to be used as input to models designed by Model Providers. MPs then add calculation methods and assign reputation tokens to different entities and make these models available for others to use. Dapps can curate and plug into these reputation models for their use cases.Aave, Gitcoin, Snapshot, DAOHausso far,Dework, talentDAO, and Crypto Sapienset al. have provided their data to Orange. These data are composed of them and other items such asModeling, providing ntNFTs for members, which frees up Discord permissions from using CollabLand and Guild, to Snapshot'sReputation Weighted Governance
wide range of opportunities.
privacy
No discussion of identity infrastructure is complete without considering privacy concerns and the technical primitives that enable them. Privacy is a factor at all tiers in the stack. Over the past decade, blockchain adoption has accelerated the development of strong cryptographic primitives such as zk-proofs, in addition to its use in scaling techniques such as rollups that allow identities to make subtle changes to publicly verifiable information. , privacy statement.
Privacy guarantees help us avoid the negative externalities that come with using fully transparent data to produce credible claims. Without these guarantees, third parties can initiate out-of-scope interactions (e.g. advertising, harassment) unrelated to the original transaction. Using cryptography and zk technology, we can build identity systems where interactions and data sharing are "sandboxed" within well-defined, context-dependent boundaries."Ordinary" verifiable credentials usually come in JSON-JWT or JSON-LD format, each withexternal or embedded
A proof (digital signature) of the certificate, making it tamper-proof and verifiable, written by the issuer.Zk-proofs andnew signature scheme
It enhances the privacy protection features of W 3 C VC, such as:
Anti-association: Every time a holder shares a credential, this identifier is shared, so every time a credential is presented, it is possible for verifiers to collude to see where the holder presents their credential, and It triangulates to an identified person. With Signature Braille, you can share unique proof of the signature every time, without sharing the signature itself.
Selective disclosure: only share the necessary attributes of VC, and hide the rest. Both JSON-JWT certificates and JSON-LD LD-signed certificates require the holder to share the entire certificate with the verifier -- there is no "partial" sharing.
Composite Proof: Merge the properties of multiple VCs into one proof without going to the issuer or generating a new VC.
Predictions: Allow hidden values to be used in operations and have a value provided by a validator. For example, credential holders whose account balance exceeds a certain threshold without disclosing the balance, or the oft-cited case of proving you are of legal drinking age without disclosing your date of birth.A promising method isBBS signature schemeMATTR, initially by
Iden 3 Presented in 2020. This proposal allows BBS signatures to be used with the JSON-LD format commonly used by VCs. Holders can optionally disclose claims in the originally signed credential. The proofs produced by this scheme are zero-knowledge proofs of signatures, meaning that the verifier cannot determine which signature was used to produce the proof, eliminating a common source of correlation.zk framework for programmingandandopen source libraryBaby Jubjub, claims for zk identity primitives, authentication and proof generation. The protocol usesPolygonIDElliptic curves, which generate key pairs for each identity, are designed to work efficiently with zk-SNARKs used to prove identity ownership and claims in a privacy-preserving manner.
Currently using the protocol for its identity wallet.
Applied ZKPs are an active area of research and experimentation, and a lot of excitement has been built from the cryptographic community over the past few years. In web3, we have seen it used in the following applications:Stealthdrop
Private Airdrop:SismoPrivacy-preserving but trustworthy proofs:Semaphore(ownership),
(membership).heyanon
Anonymous voting/voting:Melo
in conclusion
in conclusion
Some general implications of this study:
Just like how Crypto catalyzed the growth and adoption of DPKI, composable reputation granting online/IRL access will be the catalyst for decentralized identity infrastructure. Currently, credential issuance (proof-of-x) protocols are fragmented across different use cases and blockchain networks. In 2023, we will see the aggregation layer of these (such as profiles) mature and gain adoption as a unified interface, especially if it can be used to unlock experiences outside of crypto, such as access events or e-commerce discounts.Key management remains a point of friction and prone to single points of failure. It's a clunky experience for most crypto-native users, and a completely inaccessible experience for most consumers. Identity federation is a user experience improvement over the web1.0 model, allowing single sign-on with per-app username and password. While the user experience of web3 authentication is improving, it still provides a poor user experience, requires a seed phrase, and offers limited recourse if the key is lost. along withMPC technology
We will see improvements in this area as it matures and rolls out among individuals and institutions.Cryptographic infrastructure is meeting user needs in web2. Web3 primitives start to integrate with web2 applications and services, bringing decentralized identity to the masses, e.g.Collab.Land integration with Nuggets, allowing Reddit users to stake their reputation as VC to unlock access. Auth 0 authentication and authorization middlewareIntegrated with SIWE
As an identity provider, their enterprise customers can now provide wallet logins in addition to SSO.
As data is democratized, sanitization mechanisms need to be validated. Just like indexing protocol The Graph uses a network of curators and delegators to signal the most useful subgraphs (APIs for on-chain data), data models around users and reputation for protocols like Ceramic and Orange require time and community engagement to mature beyond DAO and crypto use cases.
Privacy considerations. Projects should carefully consider the impact of public or persistent storage when choosing their stack. Relative to the combination of privacy-preserving VCs, ephemeral and PIDs, and ZKPs for on-chain/off-chain activities, "pure" public-data ntNFTs may be suitable for limited use cases (e.g. abstraction of some on-chain activities) that provide Features such as selective disclosure, key rotation, anti-correlation and revocation.
New cryptographic tools like zkSNARKs will be an important part of the next generation of identity infrastructure. While zkp is currently being applied to isolated use cases, it will require a collective bottom-up R&D effort to focus on application design patterns, ZK circuit implementations for cryptographic primitives, circuit security tools, and developer tools. This is something to watch closely.
Decentralized identity is a big project, and it will require an ecosystem-wide effort to converge on standards, iterate on primitives, and check each other on the impact of design decisions.
