Table of Contents
In a significant move, Identity.com, a proud member of the Decentralized Identity Foundation, has recently joined forces with the World Wide Web Consortium (W3C). For those unfamiliar, the W3C serves as the leading authority in establishing web standards, encompassing vital elements such as HTML, CSS, HTTP, XML, and, notably, the development of the W3C DID.
What is The W3C?
The W3C, also known as the World Wide Web Consortium, is the primary governing body responsible for setting the standards that shape the World Wide Web. From the fundamental building blocks like HTML and CSS to the underlying protocols like HTTP and XML, the W3C plays a crucial role in ensuring interoperability and universal access across all web browsers.
An integral part of the W3C’s mission is to cultivate an inclusive and decentralized web ecosystem. This aligns perfectly with the principles outlined by Tim Berners-Lee, the visionary behind the Web’s inception in 1994. His principles champion simplicity, modularity, decentralization, tolerance, and the Principle of Least Power.
Decentralization: A Cornerstone Principle
Tim’s emphasis on decentralization is not only applicable to the architectural design of the Web but also holds true for digital identity systems. Traditional centralized identity models, familiar to us through government-issued passports, email accounts, and social media handles, suffer from a single point of failure. Whether it be governmental authorities or technology corporations, the centralized nature of these systems poses inherent risks.
Even federated identities, which offer the convenience of sign-in with platforms like Facebook, rely on centralized identity databases, leaving users vulnerable to disruptions caused by a single point of failure. The October 4, 2021 Facebook outage exemplified the impact of such centralized dependencies, leading to service disruptions and hindering access to a myriad of supported platforms.
Decentralized identity systems, on the other hand, eliminate the risks associated with single points of failure.
Addressing Honeypots and Surveillance
Centralized identity systems demand users to create multiple accounts, burdening them with the challenge of managing numerous login details. Consequently, users often resort to weak passwords, undermining their security. Additionally, these centralized systems store sensitive user data in large identity repositories, commonly targeted by hackers. The frequency of identity breaches, such as those experienced by CAM4, First American, LinkedIn, Twitch and many others, serve serves as undeniable evidence of the vulnerability inherent in centralized identity solutions.
While federated identity systems enhance user experience, they still rely on centralized services and fail to address the issue of secure password management. Moreover, the involvement of intermediaries, known as identity providers, compromises user privacy and provides additional points of exploitation. Even modern Know-Your-Customer (KYC) requirements encounter similar vulnerabilities as they rely on centralized storage of credentials.
To overcome these challenges, decentralized identifiers (DIDs) serve as a transformative solution, rendering identity honeypots obsolete.
Exploring Decentralized Identifiers (DIDs)
Decentralized identifiers, also known as DIDs, are a type of identifier that enables a verifiable and decentralized digital identity. Between the Decentralized Identity Foundation and the W3C DID Working Group, the foundational standards are being designed and developed, with our very own CTO, Martin Riedel, participating in the Claims and Credentials Working Group.
At the most basic level, a DID is a type of globally unique identifier, which is simply a string of characters that identifies a resource, which is anything that can be identified: a person, organization, product, computer, car and so on. The string looks like any other web address, except it begins with did rather than http, as seen below:
did:sol:WRfXPg8dantKvUBe3HX99
This URL, a string of characters, can ultimately identify any resource, on or off the web, secured by the Public Key Infrastructure (PKI). While no Personally Identifiable Information is stored on the blockchain, it references your credentials, stored securely on your phone (or some other device). In order to access or view any aspect of your credential data, you need to first approve. Importantly, this access can be revoked at any time and any access is documented.
This brings us to the concept of Self Sovereign Identity (SSI).
Empowering Self Sovereign Identity (SSI)
Self-Sovereign Identity (SSI) represents the paradigm shift towards giving individuals full control over their digital identities. Within the internet identity industry, SSI has emerged as a pivotal acronym. Christopher Allen, a prominent figure in this field, has written the Path to Self Sovereign Identity and outlined ten essential principles that underpin this concept. At its core, SSI emphasizes user control, including securing personal information (PII) and granting individuals the authority to choose what information to disclose and to whom.
DIDs and Verifiable Credentials (VC) play a pivotal role in the realization of SSI. These technologies form the foundation for decentralized identity and hold immense promise for the future, particularly in the context of Web3.
The Significance of Web3
Web3 encompasses a wide range of definitions, but it can be succinctly described as a decentralized, blockchain-inspired web architecture that prioritizes user control over digital content and currency. Unlike its predecessor, Web2, which introduced centralization and dependence on trusted authorities like banks and tech platforms, Web3 aims to shift the power dynamic back to users. It embodies values such as decentralization, open-source collaboration, data privacy, ownership, and permissionless innovation. In the Web3 landscape, developers design applications to be composable, fostering seamless integration and blurring the boundaries between products.
As you read this article, you are currently accessing it through a Web2 browser. However, Web3 represents a return to decentralization, this time with a focus on ownership, privacy, and the inclusion of an identity layer.
The Significance of the Identity Layer
It is worth highlighting that the Internet was initially created without a native identity layer. Early use cases did not require identity verification, and the limited number of users did not necessitate such functionality. Consequently, the burden of identity verification fell on individual websites and applications, eventually leading to the rise of centralized identity providers. These providers not only own user data but often exploit it for their business models. The lack of ownership and control over one’s online identity exposes individuals to the risks of hacking, manipulation, censorship, or even permanent loss.
Web3 presents an opportunity to rectify this flaw by establishing a native identity layer. A native identity layer empowers users to access services using their DIDs, facilitate seamless economic transfers, and transfer ownership of digital or physical assets across services, among other capabilities. It is precisely this vision that drove Identity.com to join forces with the W3C, ensuring that the future of the internet incorporates a robust and inclusive native identity layer.
Why did Identity join the W3C?
The journey towards the W3C began on September 1, 2021, when the Mozilla Foundation raised formal objections to block the approval of the Decentralized Identifiers (DIDs) v1.0 specification. This objection came after the Mozilla Foundation’s Internet Health Report emphasized the growing concerns around centralized control exerted by a few dominant technology giants. Subsequently, both Google and Apple also filed formal objections, resulting in three out of the four major browser vendors voting against the DID 1.0 Specification.
These objections stem from the fear of the transformative future Web3 holds. Web3 challenges the control that these entities have over user data and disrupts their long-standing practices of surveillance and data acquisition.
Witnessing these objections and realizing the need for change, Identity.com decided to join the W3C to actively contribute to the fight for the future of the web. With Web3 as the driving force, we are committed to advancing decentralized identity and ensuring that a native identity layer becomes an integral part of the internet’s evolution.
By collaborating with the W3C, Identity.com aims to shape the development and adoption of decentralized identity standards. The W3C provides a platform for industry leaders, experts, and stakeholders to come together, share knowledge, and establish consensus on critical aspects of web standards. Our participation in the W3C DID Working Group allows us to contribute to the design and development of foundational standards for DIDs and verifiable credentials.
Together, with other members of the Decentralized Identity Foundation and the W3C DID Working Group, we are paving the way for a future where individuals have control over their digital identities, eliminating the risks associated with centralized systems and empowering users with privacy, security, and ownership.