Key and specific investment directions for future mass adoption of DID

Can DID lower the threshold for initial use and become the core layer of verification service providers?

Original title: "DID - Putting Control Back Into The Hands of Users"

Written by: Avant Blockchain Capital

Compiler: Qianwen

In the modern digital age, all kinds of data constitute everyone's digital identity. A person's identity can be viewed as legal identity, social identity, online identity, etc. Essentially, these identities form a network of unique data points, often stored in a centralized manner, interconnected across devices, applications, and third-party services. This setup deprives individuals of the right to selectively share personal data, increasing the potential risk of data breaches and cyber threats. Most importantly, individual users have no control over others' access to this data.

Web3 marks a major advance, inventing a new kind of user-centric online marketplace. This digital vision is built on the principle of blockchain technology, which can operate independently without any intermediary platform monopolizing user ID, paving the way for a truly decentralized Internet. Under such a new framework, everyone can have full ownership of their own data.

The beauty of Web3 is its ability to empower users to customize their profiles and securely store personal data within a single account. Imagine being able to use this account for all your online activities, whether it's participating in social media networks or accessing cryptocurrency wallets. It can provide a seamless, user-oriented experience, which is the future we are looking forward to.

Principle of DID

DID is a new digital identification method designed to provide a secure, decentralized and verifiable way to prove an individual's online identity - it enables users to selectively disclose information, provide verifiable credentials, and simplify online interactions. The mechanics of decentralized identity rely on some form of decentralized storage to contain an individual's decentralized identifier (DID)—think of it as a user-owned identity vault. This vault can take the form of an application, browser extension wallet, smart contract, enabling users to forge decentralized identities and determine the level of access that third-party service providers have. In this model, users have exclusive ownership of the associated public and private keys.

DID startups have developed different technologies to address the traditional problems of CID, but so far no consensus has emerged. Some wallets employ alternative authentication methods, for example, pairing a user's credentials with real-world verification data such as biometrics, and keeping them safe on the blockchain. When authentication is required in Web3, users can sign transactions with their private keys or biometric data on applications that support decentralized authentication. The service provider then finds the corresponding unique DID on the blockchain using the shared decentralized identity. This user-centric innovation puts power back in the hands of users, keeps personal data safe, and enhances the digital experience.

A DID is a unique identifier (URI) that enables entities to generate and control their identifiers in the digital world, with the following key properties:

• No centralized ID registration
• Decentralized ledger or network (although not required)
• is a permanent identifier
• Can be authenticated by encryption
• Concatenates a DID principal with a DID file
• Interoperable if compliant with W3C

These are the classic features of a DID (but there are other alternatives on the market).

DID acts as a Uniform Resource Identifier (URI) to mark the association of a transaction with a DID. "Methods" are the second part of the DID architecture. This involves a verifiable registry and enforcement protocol specifying a method for finding DIDs. This section contains many methods, mainly focusing on creating, reading, updating and deleting programs. The DID method works similarly to how DNS addresses work in a computing environment. DID methods are usually associated with a verifiable data registry, which is a system for unifying DIDs, DID files, and DID methods. Verifiable data registries can take many forms and can be trusted databases, decentralized databases, distributed ledgers, or government ID databases such as DigiLocker.

In short, a DID includes a unique identifier for retrieving a DID file associated with a DID subject. The file is stored on one or more decentralized storage platforms such as IPFS or STORJ. The workflow is as follows:

1. The DID subject decides to create a DID and share it with others (including the file itself);
2. A timestamp is created;
3. Metadata related to delegation and authorization;
4. Encryption proof of validity with public key;
5. Using the DID service list
6. Use JSON-LD signatures to verify the integrity of the file (off-chain proofs, ie JSON files or on-chain proofs held in smart contracts)

Here are the highlights of the difference between DNS and DID:

key to DID adoption

We believe that DID adoption will continue in the Web 3 world, but given the usage challenges users face in many current solutions, end users will not necessarily adopt pure on-chain DID solutions. In general, we believe DID adoption will be determined by the following key factors:

SDK

DID systems usually come with an SDK that makes it easy for developers to incorporate identity systems for users. In the past, the lack of interoperability and developer friendliness of many DID systems has hindered the adoption of these protocols. For example, the Lens Protocol, a composable, decentralized social graph protocol, has developed the LensClient SDK, which is built with TypeScript to make interacting with the API easier. Systems that can develop an intuitive and easy-to-use SDK will largely enjoy higher adoption rates.

Compliance and Regulation

Governments and regulators are increasingly acknowledging the importance of digital identity, privacy and security. For example, the EU General Data Protection Regulation is addressing the "right to erasure" or "right to be forgotten," allowing users to ask companies to delete all traces of their data from their systems. As a result, companies face significant costs in restructuring their data management systems to accommodate this requirement. If the regulation continues to develop in this direction, the sovereign DID identification method will be a key direction for companies to pay attention to, otherwise they may face the consequences of violating regulations.

artificial intelligence

AI users are able to own the customer experience both in terms of content and in terms of consumption. This data layer should be composable and open. With the development of deep fake technology and artificial intelligence, verifiable identity will become more and more valuable. The relationship between valid identities and content must be efficiently established.

The need for interoperability

DID systems are designed to be interoperable from the ground up, allowing seamless communication between different identity systems. The technology's ability to interface with various other systems increases in value. Various forms of reputation systems will emerge to accommodate more seamless integration, which will lead to greater adoption in real life.

Some common technical directions worth investing in

Authentication

Authentication involves using cryptographic methods to verify ownership and control of a DID. This process usually relies on a decentralized public key infrastructure (DPKI), not a centralized certificate authority. Instead, DID owners generate their own public-private key pairs, allowing them to securely prove their identity and be authenticated without relying on third parties. This approach enhances the security, privacy, and user autonomy of digital identity management.

Alias and ID aggregators

Alias and ID aggregators are an important part of the DID ecosystem. Aliases provide human-readable identifiers that can be associated with DIDs, making it easier for users to manage and share their decentralized identities. These aliases can be associated with DIDs while maintaining privacy and within the user's control. ID aggregators act as intermediaries that facilitate the discovery, exchange and verification of identity data and certificates in the DID ecosystem. They help users manage their various DIDs and related data across different environments and platforms. By using ID aggregators, users can maintain the privacy and security of their digital identities while simplifying their interactions with various online services and applications.

Proof of Personhood

Proof of Personality generally refers to cryptographic mechanisms that verify that someone is unique, ensuring that the person being verified is a single, unique person. This is usually done to prevent sybil attacks, where an entity creates multiple false identities to gain more influence or manipulate a system. Personality certification does not necessarily require revealing personal information, but instead focuses on ensuring that each participant is a unique individual.

There are two types of character certification programs:

• Federated Identity Projects: These solutions use a mostly trusted third party to issue valid identities. Current applications prefer to use existing identities rather than issue new identities, so the market prefers global federated identity projects.
• Emerging Identity Project: Emerging identities emerge from existing data structures such as social graphs or user behavior. Emerging identities can be derived from integrating pre-existing credentials from actions taken or computing connections between users in social groups.

Two types of proofs:

• Off-chain proofs: In this arrangement, proofs are converted to JSON files and stored off-chain (preferably on a decentralized cloud storage platform such as IPFS or Swarm). But the hash of the JSON file is stored on-chain and linked to the DID through an on-chain registry. The associated DID can be the DID of the issuer or recipient of the certificate.
• On-chain proofs: On-chain proofs are stored in smart contracts on the Ethereum blockchain. The smart contract (acting as a registry) will map the proofs to the corresponding on-chain decentralized identifiers (public keys).

Soul Bound Tokens

Soul-bound tokens are another solution that could potentially be used as a new way to represent and manage one's digital identity. Soulbound tokens should be unique and non-transferable, ensuring that each token is permanently associated with a specific individual identity. This will prevent tokens from being traded, sold or stolen. Soulbound tokens should be designed to work seamlessly with existing DID infrastructure, including decentralized identifiers (DIDs), verifiable credentials, and decentralized key management systems. Soulbound tokens have the potential to be used to represent aspects of a person's identity, such as interests, achievements or affiliations. This will enable users to personalize their digital identities and build meaning into them.

Wallet Alternatives

In the SSI community, there are many known DID methods, but most of them require the user to have a digital identity wallet and need to save a seed (private key). Using digital wallets can be cumbersome for newbies as they have to install the wallet software on their laptop or mobile phone. An alternative is to reduce reliance on wallets and facilitate the transition from Web 2 to Web 3 through smart contracts and other means.

DID's distribution and tools

DID issuance and tools refer to the processes and technologies used to create, manage and use decentralized identifiers (DIDs). DID issuance involves generating unique, durable, and verifiable identifiers that can be associated with individuals, organizations, or objects in a decentralized manner without reliance on a centralized authority. DID's tools include a range of software and hardware solutions that facilitate key management, authentication and interaction with a decentralized identity ecosystem. These tools can include wallets, SDKs, APIs, and libraries to simplify the integration of DIDs in applications and services. They enable users to securely manage their digital identities and interact with various Web3 platforms, bringing greater privacy, security and user autonomy to the digital world.

Outlook

We believe that DID adoption will continue in the Web 3 world, with the opportunities for certain key technologies (below) being the most compelling. We focus on the following two technologies: 1) can lower the threshold for initial use 2) have the potential to become the core layer of verification service providers. Specifically, we have the following recommendations:

New message distribution protocol

These tools can better define who we are through the analysis of DID data. Sovereign identity systems, powered by new IDPs, not only authenticate users, but also allow users to control how, when, and where their data is used. In an increasingly complex digital ecosystem, the ability of different systems to work together (interoperability) is critical. New IDPs that facilitate this interoperability are likely to gain significant traction. (eg, RSS3, 0xScope).

On-Chain Passport

On-Chain Passport provides a more comprehensive, secure and user-centric solution compared to other identity verification systems such as traditional authentication methods. Investing in this technology means investing in a technology that not only meets current security needs, but is also in line with where digital identity management is headed. Validation service providers like Gitcoin pass, link3.to are good examples.

Super ID

We should be looking for "Super IDs" in the DID world, which will encourage us to find the most widely recognized and adopted integrators. For example, SpaceID, Dmail, ENS, Worldcoin.

Tools and Wallet Alternatives

One of the main barriers to adopting a DID approach remains the high barrier to entry and the difficulty of connecting Web2 and Web3 users. Today, there are just over 200 million Web3 users, compared to Instagram's over 2 billion users. Teams building products that can simplify or skip the entire wallet onboarding experience (seed phrase or KYC) will help drive further adoption of DID and Web 3.

In addition, establishing a complete set of open source tools and interoperability standards, unbundling certification, and rebuilding it from first principles will allow new DID solutions to emerge. Tooling projects will enable more DID solutions to emerge.

Decentralized digital identity is a breakthrough technology that can further drive the Web3 revolution. This innovation enables users to seamlessly navigate through all their accounts without having to memorize multiple usernames and passwords, and gain greater security and data protection within Metaspace. At the same time, it enables businesses to provide personalized services to users while protecting user privacy. Adoption of the technology may be earlier than anticipated, with nascent startups and established companies alike integrating systems to oversee the verification, security and management of identities and access rights.