7 O’Clock Capital: Understanding the Importance of Decentralized Identity (DID) in the Web3 World in One Article

Author: Sally, 7 O'Clock Capital

01 Introduction

From an anthropological perspective, identity is shaped by culture, and the most fundamental identity can be gender. When we talk about men and women, we are not only describing biological differences but also our expectations regarding the moral standards, social functions, and behavioral patterns that should accompany these identities.

In real life, society is organized by numerous specific individuals, and people actively or passively join different organizations based on their identities, thereby forming class and cultural attribute labels.

In the era of Internet Web 2.0, a networked society has emerged, and society is no longer limited by geographical boundaries. People enter the Internet and join different platforms based on their interests and hobbies, creating new Internet identities. However, due to the lack of interoperability among Internet platforms, individuals need to constantly register and verify their identities, and even their identity information may be uploaded multiple times by unauthorized platforms, leading to privacy breaches and labeling issues. As a result, individuals' Internet identities appear fragmented and incomplete, and their rights gradually diminish.

The arrival of Web 3.0 has given users the opportunity to regain control over their rights through Decentralized Identity (DID).

The role of DID aligns with the fundamental principles of identity, with only the form changing:

• On platforms, users join a system where their identity is verified through encrypted wallets, and through on-chain data and soul-bound NFTs, users' data is authentic and comprehensive;
• For others, DID brings a brand new form of DAO organizations, allowing people to easily find DAO partners and organizations that meet their requirements;
• For oneself, outside of real life, individuals possess a new/free/anonymized/self-sovereign identity.

Wall Street financial mogul Jim Rogers once said: "In the next 10 or 20 years, having one identity is dangerous because the world will face many problems, including financial, political, and military issues… Therefore, you must have a PLAN B, as having a second identity will give you a chance to survive."

In the era of Web 3.0, DID will be everyone's PLAN B.

02 Table of Contents

1. What is the decentralized identity you need in the Web 3.0 world?
2. Why is decentralized identity (DID) needed in Web 3.0?
3. What are the segmented tracks and quality projects in decentralized identity?
4. Challenges and reflections faced by decentralized identity

03 Main Text

1. What is the decentralized identity you need in the Web 3.0 world?

Decentralized Identity (DID) is a trust invention that combines blockchain technology, serving as the identity credential in a future decentralized society. Specifically, it is an address on the blockchain that a person owns and controls, used to connect documents related to the DID, such as wallet addresses, encrypted accounts, dAPP interactions, social logins, etc.

The key point is that decentralized identity verification does not require any centralized third party to participate; the user's identity identifier is entirely controlled by the owner, while also addressing other identity requirements—user data rights confirmation, verification, storage, management, and usage.

(1) Standards and Implementation of DID

Currently, decentralized identity standards are mainly divided into two types: W3C standards and DIF standards.

W3C: Used to denote people, organizations, and things while protecting security and privacy. It mainly consists of the "base layer DID specification" and "application layer verifiable claims."

DIF:

Here, we will mainly introduce the W3C DID standards and implementation methods. The DID system mainly includes two levels of elements: the base layer and the application layer.

1. Base Layer ------ DID Specification, including DID Identifier and DID Document

1) DID Identifier

DID is a type of Uniform Resource Identifier (URI), a permanent and immutable string that globally identifies your identity, similar to an ID number.

The first part is always "DID," indicating that this is a "Decentralized Identifier."

The second part is the method, used to indicate which set of schemes (methods) defines and operates this DID identifier. This DID method can be customized and registered on the W3C website.

The third part can be any string, a specific identifier within the DID method that is unique within the entire DID method namespace, serving as a unique identifier for individuals.

2) DID Document

Each DID identifier corresponds to a DID document. This document is a JSON string containing six pieces of information (optional):

a. DID Identifier, proving global uniqueness

b. Public Key: A set of cryptographic materials used for identity verification or interaction with the DID subject

c. Authentication: A set of cryptographic protocols for interacting with the DID subject

d. Service Endpoint: Describes the location and method of interaction with the DID subject

e. Timestamp: Document creation and update time

f. JSON-LD Signature

2. Application Layer ------ Verifiable Claims (or Verifiable Credentials, abbreviated as VC)

This layer is where the value of the entire DID system lies. A verifiable claim is a descriptive statement issued by one DID to endorse certain attributes of another DID, accompanied by its own digital signature to prove the authenticity of these attributes, which can be considered a form of digital certificate.

In the VC system, there are the following four participants:

1) Issuer: Entities that possess user data and can issue VCs, such as governments, banks, universities, etc.;

2) Verifier: Accepts VC certificates and performs authentication, such as hotel front desks checking our ID cards during check-in;

3) Holder: The entity (the user themselves) that requests, receives, and ultimately holds the VC;

4) DID Identifier Registration Authority (Verifiable Data Registry): The place where we store DID identifiers and DID documents, maintaining the DID database, such as a blockchain or distributed ledger, where the corresponding DID document can be queried through the DID identifier.

Specific relationship diagram

When a user obtains a VC proof, it will contain three types of information:

1) VC Metadata: Issuer, issuance date, type of claim, etc.;

2) Claim: One or more statements about the subject. For example, an ID card issued by the public security authority as a VC will include: name, gender, date of birth, ethnicity, address, etc.;

3) Proof: The issuer's digital signature, ensuring the verifiability of the VC.

Understanding the operational principles of DID allows us to easily grasp the DID operational process:

Verifiable Presentation (VP)

VC can also be presented as a Verifiable Presentation. A verifiable presentation is the data that a VC holder presents to a verifier to indicate their identity. Generally, we can directly show the full VC, but in some cases, for privacy protection, we may not need to present the complete VC content, opting to selectively disclose certain attributes or not disclose any attributes at all, only needing to prove a specific assertion.

This is how DID holders can demonstrate part of their data.

In summary, this is a complete framework for DID composition.

DID architecture and the relationships between related components

(2) What are the characteristics of your Decentralized Identity (DID)?

Decentralized identity has three main characteristics: Security, Controllability, and Portability.

Characteristic 1: Security

User Protection - Users' rights must be fully protected. When the demands of the identity network conflict with individual users' rights, the network should prioritize protecting the user's freedom and rights. Using DID can achieve this.

Identity Permanence - Identity must be enduring, ideally perpetual, or at least continue until the user desires, thus avoiding the "right to be forgotten." During this period, users have the autonomy to decide on the deletion and cancellation of their ID.

Minimal Exposure - Users only need to provide the minimum data necessary to prove their identity, without needing to provide other private information.

Characteristic 2: Controllability

Independent Existence - Users exist completely independently of identity providers and networks.

User Control - Users have control over all operations related to DID registration, usage, updates, information disclosure, deletion, and cancellation.

User Permission - Any network participant using the user's identity and related data must obtain the user's permission.

Characteristic 3: Portability

Interoperability - DID needs to be widely used. If it is limited to a narrow niche market, then the identity has no value.

Portability - Users can migrate and move their corresponding identities based on their needs.

Data Access Rights - Users must be able to access their own data and easily retrieve all claims and other data from their identity at any time.

2. Why is Decentralized Identity (DID) needed in Web 3.0?

As mentioned earlier, decentralized identity is a crucial piece in the Web 3.0 world—creating a unique "ID card" for users on-chain, rather than the various APP accounts that can be repeatedly applied for in Web 2.0.

Reliable identity management and applications based on this system will foster new use cases and scenarios.

(1) Real Identity Verification, Reducing Costs

1. Authenticity of NFTs verifiable, reducing fraudulent activities

Whether in Web 2.0 or Web 3.0, there are numerous organizations that engage in fraud through websites, links, etc., with fake NFT minting and sales being a major issue. Through DID infrastructure, creators can prove that the NFTs representing digital or physical assets are created by them, and buyers and sellers will also be able to verify the provenance of digital artworks.

2. Lowering the difficulty of airdrops, accurately delivering benefits

Once DID is established, projects can more accurately airdrop to real users, allowing genuine users to enjoy more benefits and rights.

(2) Establishing a Credit System, Quantifying Contributions

1. Opening the next chapter of DeFi:

Currently, DeFi lacks a credit system, leading to over-collateralization as a common practice among most projects, which actually violates fundamental financial rules. With the application of DID identity verification, various borrowing-related operations will accumulate as users' "positive" or "negative" behaviors, ultimately forming a credit scoring system. Various protocols can then analyze borrowing limits based on users' credit scores, encouraging users to develop good on-chain borrowing behaviors.

2. Expanding the possibilities of DAO organizations:

Currently, the governance token-based voting rights system is easily manipulated by capital, while those who truly add value and contribute to the organization are often overlooked. Therefore, through badges, certificates, and other reputational proofs, the contributions of DAO members can be measured, presenting a more complete community user profile and granting voting rights to those who are genuinely contributing.

3. What are the segmented tracks and quality projects in Decentralized Identity?

Currently, the classification of decentralized identity tracks varies widely. From the perspective of a venture capital institution, 7 O'Clock Capital categorizes them into three types based on market research and understanding: Identity Authentication and Management, Identity Applications, and Underlying Support and Data Identification.

(1) Identity Authentication and Management

This category focuses on the authentication and management methods of decentralized identity, ensuring users' DIDs through certain technical means, and making management more systematic and convenient for users to perform various on-chain actions using DID.

1. Identity Authentication:

BrightID is a decentralized anonymous social identity network that does not collect personal privacy information but confirms the uniqueness of user identity through biometric methods. Users need to authenticate their identity through video meetings with administrators online. Currently, the BrightID Beta version app is available on Android and iOS platforms, with 65,000 users and compatibility with 15 apps.

After downloading the application, users can register directly without any identity information, only needing a profile picture and name. When connecting with friends, they can securely share through P2P (peer-to-peer) transmission. Applications verified by BrightID can also be displayed on the page.

Currently, BrightID's use cases include identity verification, application user verification, event verification (airdrops, etc.), trust and reputation building, and others, and it is also developing IDChain. Due to the project's outstanding performance, it received praise from Vitalik Buterin during Gitcoin's seventh round of donation activities.

2. Identity Management Tools:

ENS

ENS was established in 2017 as a decentralized domain name project based on Ethereum, supported by the Ethereum Foundation, allowing users to display lengthy Ethereum public addresses in a simplified text-based manner, making it easier to share, use, and remember addresses and other data.

At the same time, ENS also allows users to bind their email, Twitter, NFT avatars, etc., to their domain names, which can be read and displayed by third-party platforms. Currently, the vast majority of Ethereum applications support displaying ENS domain names, making it the most widely used identity project. There are already 1.12 million unique domain names and 504 supported projects.

Spruce

Spruce is a cross-chain digital identity authentication system that provides signing, sharing, and verification of trusted information. On April 20, 2022, it completed a $34 million Series A financing round, led by a16z, with participation from Ethereal Ventures, Electric Capital, Y Combinator, Protocol Labs, and others.

Spruce, in collaboration with the Ethereum Foundation and ENS, has built a standardized identity verification system called Sign-In with Ethereum (EIP-4361), allowing users to connect their encrypted wallets directly with Web 2.0 or Web 3.0 applications and control their identity data.

The Spruce ID ecosystem consists of four parts: DIDKit for signing and verifying W3C verifiable credentials; Rebase for user data credentials; Keylink for linking existing system accounts to cryptographic key pairs; and Credible for credential wallets.

3. Identity Aggregation Tools:

Litentry

Litentry is a decentralized identity aggregator in the Polkadot ecosystem, supporting user identity linking across multiple networks. Users can manage their identities through the secure tools it provides, and DApps can obtain real-time DID data from identity owners across different blockchains. This is also one of 7 O'Clock Capital's portfolios. Currently, decentralized identity projects based on this project include My Crypto Profile, Web3Go, Polkadot Name System, PokaSignIn, etc.

Litentry has established a three-layer credit calculation infrastructure to support DID management:

1) Source Data Layer. Identity analysts obtain data from source platforms such as Etherscan, The Graph, Onfinality, and other data providers.

2) Address Analysis Layer. Mainly serves as an external server providing data analysis, such as Nansen, Chainalysis, and the upcoming Litentry whitelist address analysis platform.

3) Identity Aggregation Layer. Litentry generates address relationships belonging to the same identity and then retrieves corresponding address analysis data from the address analysis layer for weighted calculations.

Unipass

Unipass is a multi-chain unified cryptographic identity, essentially a universal passport for the metaverse. Users can aggregate multiple social (Web 2.0) accounts through a Unipass ID, providing user ratings, tags, displaying users' NFTs, supporting email-based social identity recovery, and enabling access to Token-based communities, Zoom meetings, and forums. It supports messaging specific Token holders.

.bit (formerly DAS)

.bit is an open-source, decentralized cross-chain account system based on the Nervos CKB blockchain, providing a globally unique naming system with the suffix .bit, applicable in various scenarios such as cryptocurrency asset transfers, domain name resolution, identity authentication, etc.

Any application can read the data within, but only users can decide which data to write. Users have absolute ownership and control. Currently, registering an account requires an annual fee of $5 and a storage fee of $0.77.

(2) Identity Applications

1. Decentralized Social

CyberConnect

CyberConnect is a multi-chain decentralized social graph protocol that builds a scalable standardized social graph module. Through a search engine, it can find followers, POAP, and Galaxy credentials for specific addresses. Its data is stored on IPFS via Ceramic, providing a universal data layer for DApps.

Although social graph data is open to everyone, only users can fully control their social graphs, including adding, deleting, and updating relevant DApp links.

Lens Protocol

Lens Protocol is a composable decentralized social graph developed by the Aave team on Polygon, featuring general social media functions such as profile editing, commenting, and reposting posts. What sets it apart is that Lens Protocol supports NFTs, allowing users to own and control all the content they create.

Users can view their historical footprints and published artistic content through Profile NFTs (Profile NFTs), and by following others on the platform, they receive Follow NFTs (Follower NFTs).

The protocol also allows developers to build their own social applications on Lens using modular components, encouraging the development of new components that enhance product experience. Other external applications can also connect to Lens and share the advantages of the Lens ecosystem.

2. Bounty Tasks:

DeWork

DeWork is a Web3-native project management platform featuring Token payments, authentication, and bounty functions. It is currently used by multiple DAOs, including OpenDAO, AragonDAO, CityDAO, and ShapeshiftDAO.

Contributors can create personal Web3 profiles, find suitable bounty tasks from DeWork, and earn rewards by completing tasks.

Project teams can share project updates on the platform and set tasks and bounties to attract more participants.

3. Credit/Reputation Credentials:

POAP

Proof of Attendance Protocol (POAP) is a digital souvenir aimed at creating a reliable way to record life experiences, issuing NFT badges to participants of various activities and events to prove their participation, whether the event occurs virtually or in the real world. It is the prototype of Web3 credit/reputation credentials.

Arcx.money

Arcx.money currently offers DeFi Passports to users for free and establishes credit scores for holders by processing and referencing a large amount of data. Credit scores are determined by analyzing the historical activities of holders' Ethereum addresses, ranging from 0 to 999 points, which determine the collateral rates offered to users by the protocol. After applying for a Passport, users are incentivized to maximize their scores through participation in various "games" to improve their on-chain reputation, allowing them to enjoy various benefits, such as borrowing at lower collateral rates.

Project Galaxy

Project Galaxy is a Web3 credit credential system. After users connect their wallets, they can generate a "Galaxy ID," which is tagged based on the historical behavior of their addresses. The "Galaxy ID" records the activities, reputation, and achievements of users' digital identities. Builders can use Galaxy credentials to target audiences, reward communities, calculate credit scores, establish voting systems, and incentivize participation. It supports both on-chain and off-chain credentials.

Currently, Project Galaxy has over 3,000 credential tags and has completed over 3,000 credit-based activities.

(3) Underlying Support and Data Identification

Data and Public Chains:

Ceramic

Ceramic is a decentralized, cross-chain database service built on IPFS that manages dynamic content data. It addresses some shortcomings of IPFS in terms of variability, version control, access control, and programmable logic.

DID is used to log into Ceramic applications. Each transaction or update to the data stream is authenticated by the user's (account's) DID. On top of DID, Ceramic has developed the IDX standard to aggregate various cross-chain data types associated with DID-related user data.

Many DID and Web 3.0 social platform projects are currently being developed on Ceramic, such as CyberConnect, Web 3.0 Twitter's Orbis, and the instant messaging platform The Convo Space.

Idena

Idena is the first Proof-of-Person blockchain based on democratic principles. Joining Idena requires obtaining an invitation code from an existing member and verifying identity through a Turing test, after which one can become a node and participate in validation mining. Each mining node has equal voting rights and mining income, ensuring fairness.

Idena employs periodic checkpoint rituals—synchronized verification sessions—to prove participants' authenticity. Verification requires solving flip puzzles that are easy for humans but difficult for robots. Verification nodes and new users needing verification must solve the puzzles simultaneously to ensure new users do not verify themselves multiple times.

Once the puzzle-solving time is up, the network confirms the users who passed and decides the time for the next collective verification session; the more participants, the longer the interval. Nodes must continuously participate in verifying new users to ensure their node identity does not expire.

Currently, Idena has 12,892 verified identities, 11,586 miners, and 1,129 nodes. Partners include Gitcoin, COSMOS, Amasa, Hackernoon, and others.

4. Challenges and Reflections Faced by Decentralized Identity

(1) Can the Impossible Triangle Dilemma be Overcome?

After understanding DID, we can see that decentralized identity also faces a triangular dilemma: privacy, decentralization, and resistance to Sybil attacks. Today's crypto projects still need to choose two out of the three.

Today's blockchain ecosystems almost universally sacrifice resistance to Sybil attacks in exchange for decentralization and privacy, as seen with Bitcoin, Ethereum, etc. They do not rely on central authorities to record identities, and users do not need to disclose any personal information when creating wallet addresses. However, the result is that projects using these addresses as unique identifiers are vulnerable to Sybil attacks.

However, when people try to solve the issue of Sybil resistance (such as KYC), they sacrifice privacy in the process and increase reliance on other forms of identity verification, which neither protect privacy nor decentralize.

(2) Product Forms of DID

Currently, the product functions of the DID track are relatively scattered. Will the future develop towards a Web 3.0 entry point like Unipass, integrating with wallets? Or will it serve as a hub, providing services such as user authentication and credit scoring to facilitate the operation of upper-layer applications? Or will it strengthen reliability and effectiveness through short-term integration with Web 2.0 platforms, coexisting with Web 2.0?

While there is no clear answer at present, it is undeniable that it will play an important role in the Web 3.0 world. We also look forward to more innovative forms emerging.

(3) Balancing Digital Humans and Real Humans

Should the service providers of Web 3.0 applications be real humans off-chain, or digital humans created by real humans in the digital world? The latter seems to align more with the original ideals of Web 3.0, but considering global regulatory compliance and public adoption, verification of real humans may be unavoidable. Perhaps in the future, unverified accounts will face certain restrictions, while accounts verified by real humans will enjoy more rights.

04 Conclusion

The DID field remains in a chaotic state, which not only provides opportunities for heroes but will also be a stage for adventurers to showcase their talents.

Twitter CEO Jack Dorsey discussed in his proposed Web 5 concept: "Will data and identity management rights ultimately return to users?" Perhaps we cannot provide an answer now, but global users will continue to strive for this power, especially those in the blockchain industry.

7 O'Clock Capital will also be part of this journey, waiting with you to see what unfolds!