OpenAvatar: a new generation of Web3 DID system
OPENAVATAR PROTOCOL- A New Paradigm for Decentralized Identity
The concept of DID has been around for a long time and is confusing. In the metaverse era, what kind of WEB3 DID do we need? OPENAVATAR officially announced the release of OpenAvatar SDK today, and brought us a clear definition of the revolutionary new paradigm of WEB3 DID. If you want to know about the past and future of WEB3 DID, please don't miss this article! — YieldDAO Labs
Summary
- DID is the abbreviation of "Decentralized Identity". It is a digital identity without the final guarantee of a centralized organization. It is the extension and expansion of the concept of "user portrait" in Web2 in Web3.
- DID-related tracks are mainly divided into three layers: application, identity, and credentials. The credential layer is a component of DID, the identity layer is the specific form of DID, and the application scenario is the value embodiment of DID.
- The future development of DID may be that each user has a unique main management identity and application identities for multiple subdivided scenarios. Users remember and identify DIDs through domain names, manage DIDs and interact with application projects through wallets, and integrate different credentials and application identities on multiple chains through various protocols in wallet integration.
- The development of DID is still in its infancy, and the iteration is relatively slow. So far, no DID system has accumulated a certain network effect (except ENS, MetaMask and other applications)
Preface: DID concept
DID is a hot concept in the Web3 field. On Twitter, there is a Twitter Space where DID is discussed almost every week; in various offline Web3 sharing sessions, DID is also one of the enduring hot topics; on the project financing deck, whether it is social, GameFi, DeFi, Application projects such as NFT, wallets, domain names, and Infra public chain middleware projects may all add DID to their narratives. Such a high popularity makes the word DID easy to abuse. Let us first clarify the two main objects that DID actually refers to.
1. W3C DID
At the beginning, the full name of DID was "Decentralized Identifiers", literally translated as "Decentralized Identifiers". It is a set of standards led by the World Wide Web Consortium (W3C), the most influential international Internet technical standards organization. The concept of DID was not directly related to the blockchain/Web3 at the beginning, but if you search for "DID" directly, you can still see that the DID discussed in many articles is this specific standard
2. WEB3 DID
The focus of this article is Web3 DID. In the following discussion, DID will be used to refer to the concept of "decentralized identity" of Web3 DID, and W3C DIDs will be used to refer to the Decentralized Identifiers standard of W3C, the international Internet technology standard organization, to avoid confusion.
In the traditional Internet (Web2) era, digital identity is centered on the platform, and different products on the same platform are connected through the account system. For example, Tencent's mailbox, games, finance, etc. can all use the same account; Google, Facebook and other leading Internet companies also have their own account systems. Although this identity system is convenient to construct, its disadvantages are also well known: accounts between platforms are not interoperable, and users cannot control their own identity data.
In the emerging era of a new generation of decentralized Internet (Web3), user interaction is mainly based on wallet addresses, so a series of activities around addresses constitute the most original digital identity of Web3. But the cost of creating a new address is almost negligible, and few people will bind themselves to an address. This has led to the fact that users can give up the "identity" represented by an address at any time, and can also create a large number of address "identities" at zero cost, which in turn limits the application scenarios of this digital identity.
The problem that Web3 DID hopes to solve is to construct a description of a person's identity in the decentralized digital world, so Web3 DID is also called the "identity infrastructure" of Web3 applications.
2. W3C DIDs
As the initial definition of the concept of "DID", let's first look at the traditional W3C DIDs standard definition and its relationship with the current Web3 DID system.
After years of research and discussion, W3C finally launched the v1.0 official standard of decentralized identifiers (DIDs Decentralized identifiers) in July 2022.
In the W3C-standard decentralized identifier architecture, users directly control identifiers and corresponding documents. APP can read DID-linked documents with the user's permission to implement specific application services. Documents contain digital identity-related information, such as signatures, encrypted data, and so on. Users prove ownership of DID through cryptographic signatures. User data is stored in a trusted database (such as blockchain), and identity data does not depend on APP.
W3C DIDs have three main elements:
- DID scheme, similar to http, ipfs and other method declarations;
- DID Method is an identifier for a specific method. Every project that wants to build a DIDs identity system can apply for one. For example, Tencent can apply for a tencentqq identifier for QQ;
- DID Method-Specific Identifier is a specific id. Its use depends on the definition of the specific project party. For example, Tencent can use did:tencentqq:123456789 to refer to your QQ number 123456789.
The detailed technical details of W3C DIDs are relatively complicated, so I won't introduce them in detail here.
W3C DIDs competes with Web3 DID to some extent. Overall, the W3C DIDs standard system is a standard with comprehensive design and better compatibility. There are many blockchain projects that adopt the DIDs route to realize digital identities, such as DIF-Universal Resolver.
However, the complexity and lack of user readability of W3C DIDs are difficult to be accepted by users in the long run, and because large Internet companies rarely develop applications based on DIDs, W3C DIDs have not been widely used at present.
2. Web3 DID: the main constituent certificate
Let us turn our attention to the more promising WEB3 DID. In the increasingly prosperous application scenarios of WEB3.0, different digital identities refer to different content, but they can all be called (Web3) DID. There are two key factors here:
- What is the "Web3 DID" certificate: for example, NFT held by the user, on-chain interaction records, or off-chain identity information?
- What is the "Web3 DID" identifier (Identifiers, ID): For example, an address, an NFT, or an ENS to represent an identity?
The current Web3 DID credentials mainly include three categories, namely: Proof of Personhood, Soul Binding Token (SBT) and Verifiable Credentials (VC). Next, we will give a brief introduction one by one.
1. Proof of POP (KYC)
Proof of Personhood, the purpose of the POP protocol can be said to be quite simple. It tries to prove the uniqueness of digital identity by binding the real person information under the chain. Proof of Humanity, BrightID, and IDENA are representative projects among them.
Proof-of-personality projects are usually designed to establish a unique user identity. Therefore, it often uses traditional identity verification methods, mainly through two technologies: KYC and video face recognition. KYC is a classic authentication method popular in exchanges. Through KYC, a digital identity will be bound to your legal entity information (name, nationality, etc.) under the chain; face recognition, such as BrightID, mainly uses your face information Enter the database to ensure that a person can only register one ID in a project ID system.
It can be seen that the most direct application scenario of PoP authentication is anti-Sybil attack. In addition, under the background that all countries are considering cryptocurrency regulation, KYC may become a necessary condition for the establishment of a "legal identity".
While these programs have undoubtedly been quite effective at establishing unique identities, this overemphasis on individuality also has fairly obvious flaws. They do not map to the rich, contextual identities on the social graph. And social identity is not meant to exist in isolation.
Hence, Soulbound Tokens and Verifiable Credentials were born.
2. Member ID (NFT PASS)
Since 2017, with the establishment of EIP721/EIP1155 as the global de facto technology standard for digital asset confirmation, NFT has gradually become the best comprehensive carrier for multiple decentralized application fields around the world, including but not limited to: DAO digital certificates and benefits Credentials, metaverse social identity ID, encrypted digital assets, game liquidity assets, digital copyright, visual image/digital avatar...
We believe that the Web3.0 world only needs one identity system to connect all applications: we need to clearly propose a standard protocol to form a consensus and accelerate the arrival of a unified identity in the Metaverse
NFT PASS can be understood as a Web3 membership card, which is launched by various application project parties. Users obtain membership benefits by purchasing NFT PASS, which can also be understood as a transferable digital certificate of NFT identity rights. It can be distributed in various forms; it can also be distributed by anyone. NFT PASS is based on blockchain EIP721/EIP1155, which can realize user identity and rights and interests confirmation. NFT PASS has various application forms, such as NFT Tickets, VIP membership card, DAO member digital certificate...
3. Soul Bound Token (SBT)
In May 2022, Glen Weyl, Puja Ohlhaver, and Vitalik Buterin first explained the concept of soul-bound tokens in the article "Decentralized Society".
SBT can be understood as a permanent, non-transferable token on the public blockchain. It can be issued in various forms; and it can be issued by anyone. The biggest purpose of SBT is to formalize the interaction between users on the public blockchain so that the whole world can witness and verify it. In this model, a person's digital identity could, in principle, be shaped according to social context, simply through constant public interaction.
Since SBT currently does not have a common clear standard, in fact, the current SBT can be simply understood as NTT — Non-Transferrable Token, that is, "non-transferrable token". In fact, credentials in the form of such tokens already exist, such as those issued by POAP, Project Galaxy.
The problem that SBT tries to solve is to remove the dependency on Web2 infrastructure by introducing native Web3 identity. This can include (but is not limited to) employment, work experience, and academic credentials, thus providing a way to build a reputation on Web3.
Essentially, SBT is the conversion of reputational capital into formal property ownership. By "barring their soul," people can openly stake their reputations, proving the truth of who they claim to be.
SBT provides a publicly visible, non-transferable (but potentially revokable by issuer) token that can help facilitate a decentralized society by creating an "immutable" record.
The grand vision of SBT is that one day in the future when Web3 has penetrated into the mainstream society, SBT will be everywhere, and a reliable and comprehensive digital identity can be provided only with a personal wallet address.
4. Verifiable Certificate (VC)
SBT is most effective when people intend to conceal negative behavior. But its persistence and publicity can also make it easy for anyone to associate and infer about a person, leading to a complete loss of privacy and some forms of negative discrimination.
In order to alleviate this problem, the idea of verifiable credentials (VC: verifiable credentials) was proposed.
Like SBT, VC can be issued by anyone and represent any information. The key difference between the two is that VC adopts the idea of selective disclosure. It works in private by applying zero-knowledge proof technology. The entire verification process is private, and users do not need to disclose their other information to the other party.
The main problem with VC is that it is part of the standards defined by W3C. This set of standards needs the support of DIDs within the W3C system, and the advancement of W3C DIDs is slow. If the project party or the Web3 community has to set a set of VC operation process standards, it will be a huge difficulty to promote this standard.
3. Identity layer: the main form of DID
Web3 DID has various application scenarios, and also has a specific composition - credentials. What connects use cases and credentials is what the identity layer does. For example, ENS domain names, addresses, wallets...
People generally equate the identifier of Web3.0 with the wallet address. A person can only have a unique identity, but can apply for countless wallet addresses, and users can also apply for multiple ENS domain names. At present, the industry's exploration of identifier-identity is still developing, and the competition for identity unicorns has just kicked off
3.1 Information Aggregation Protocol
The user's data on the chain is often scattered in multiple public chains and multiple project smart contracts, so they need to be processed and aggregated to form an identity. Many projects are doing such an information aggregation protocol.
These agreements often do not have products directly oriented to users. They are mainly oriented to project parties and other agreements, and can cooperate with each other in information aggregation. Examples are as follows:
- Cyberconnect hopes to build an on-chain social graph, aggregating users' social relationship data
- KNN3 Network hopes to build user social relationship graphs on multiple chains through the integration of Footprints association analysis, Cyberconnect and other social graphs
- RSS3 hopes to be an aggregation of content and social information on the chain, and may develop in the direction of Web3 information distribution and recommendation system
3.2 wallet
The wallet is directly oriented to users and is currently recognized as the "Web3 entrance". Although it cannot be said to be a DID application scenario, it is the best high-frequency application entrance.
An ideal "DID wallet" might look like this: first, it can aggregate the addresses of all mainstream public chains, and integrate users' fragmented data on different chains while having basic signatures, transfers and other transactions; second, it can Display the various SBT/VC/PoP credentials owned by the user. When interacting with the application project, the user can independently authorize which data to disclose to the project, thereby helping the user realize data sovereignty. Many wallets will mention the narrative of DID, such as Unipass, ABT Wallet, Selfkey and so on.
However, the current mainstream wallets such as Metamask do not have these functions. An important reason is that they are basically EOA ordinary wallets, and these wallets basically only support the most native operations of addresses on the chain — query and transfer. The smart contract wallet is expected to achieve more expansion in wallet functions. There are actually many challenges in the implementation of DID wallet-related technologies, but they are also very worth looking forward to.
3.3 Domain name
Although each of us has a unique ID number, in daily life, we generally use "name" as an identifier of a person's identity (although there may be duplicate names), because it is more convenient for daily communication.
The world of Web3 also has this problem: Although people's current interactions are mainly based on wallet addresses, no one is willing to remember that long string of strings. If the digital identity of Web3 requires a "name", then what domain name projects do is to become this "name".
ENS is the most well-known project in the domain name. It has the official support of the Ethereum Foundation and provides registration services for domain names with the .eth suffix. Now there are nearly 1.8 million registrations. It is worth noting that SpruceID is working with ENS to promote EIP-4361: Sign In With Ethereum. If the proposal is successfully implemented, it will replace Connect Wallet, allowing the domain name to become the entrance of Web3 above the wallet address. In addition, ENS also hopes to complete its vision of "Web3 name" through the integration of a series of identities in the domain name.
Another domain name project worthy of attention is Space ID, which is officially supported by Binance and provides registration services for domain names with the .bnb suffix. Space ID also hopes to id the .bnb domain name and the user's multiple addresses on different chains, as well as the user's Twitter and other Web2 accounts, to become a Universal name in the Web3 field. Compared with ENS, Space ID's product iteration speed and landing speed will be faster.
In addition to ENS and Space ID, .bit and Unstoppable Domain have also recently completed a relatively large amount of financing. The narratives they tell about DID are basically the same.
It is worth noting that although both domain names and wallets can be used as identity management tools, their roles are very different. They do not conflict in theory, but can work closely together: the wallet can use a domain name as a substitute for the wallet account name, and use it as the "name" when interacting with the application; the domain name can also integrate multiple addresses on the chain or even Multiple wallet accounts.
3.4 Manageability of Web3 DID
DID identity application tags can be aggregated, which leads to thinking about identity management and applicability:
If the system cannot aggregate all digital identities of users, your identity system may become part of a larger identity management product. For example, DIDs are aggregated by .eth domain names. In some cases, a single wallet address can also be said to be an "application identity".
Application identities have important practical value, and can create more functions for specific application scenarios, which cannot be achieved by global management identities. For example, in a social Dapp application, users can add players with the same interest in the game as friends according to the SocialID information display, but if a wallet Dapp implements such a segmentation function, it will greatly increase the complexity of the product and limit Enhanced product scalability and openness.
4. The New Paradigm of Web3.0 DID
1. Spruce
Digital identity company Spruce was founded in August 2020, and its founder, Gregory Rocco, previously served as ConsenSys' head of strategy. Spruce is committed to promoting digital identity authentication while protecting user privacy, and trying to rebuild a trusted way of interaction between enterprises and governments.
For now, the company is still creating open-source software products that it hopes will help users move from untrusted data exploitation to verifiable information that can be shared privately. To do this, Spruce links with existing identity and data appliances in the enterprise environment, including identity servers, internal resource APIs, key management systems, ERP, and cloud services, among others.
In September 2021, the Ethereum Foundation (EF) and the Ethereum Name Service (ENS) officially announced support for Spruce's proposed secure login system using Ethereum. The system has a standardized "login with Ethereum" functionality that is interoperable with the Web2 identity system. Allowing users to log in with encrypted identifiers (such as their Ethereum wallet address) is intended to give users control over what information the platform can collect when they log in, rather than automatically handing over the data to the platform as in the past.
Since then, Spruce has been working closely with ENS and the Ethereum Foundation to ensure that its solutions are compatible with existing standards used throughout the Ethereum ecosystem, and that the end result is implementer-friendly, while always maintaining supply Business neutral.
Spruce's system was selected after EF and ENS submitted a request for proposal in July 2021, which encouraged developers and software companies to propose login packages using Oauth, an open standard for access authorization.
2. BrightID
BrightID is a decentralized anonymous social identity network dedicated to solving the problem of unique identity by creating and analyzing social graphs. Through BrightID, users can prove the uniqueness of their identity to the application, without having to use multiple accounts. At the same time, the application does not need to collect personally identifiable information or cooperate with a centralized organization, which can ensure the privacy of users to a certain extent.
By using BrightID, any personal information of the user, including text, photos, etc., will be encrypted and sent in a P2P manner, and will not be stored in the network.
The official token of BrightID is BRIGHT, its maximum supply is 100 million, the initial supply is 25 million, and BrightDAO supplies a maximum of 10 million per year. Its specific distribution is as follows:
- 6% for project management;
- 6% for communication;
- 64% for project development;
- 8% will be used for start-up capital financing and project research.
The specific use cases of Bright Token include: liquidity mining, governance and voting, rewards for hackers, faucet test rewards, etc.
3. OpenAvatar
In the coming Web3 era, AVATAR/PFP NFT has become a fact widely used by users around the world. Web3.0 ID social identity, but the lack of interoperability, application technology standards and consensus still restricts AVATAR NFT from becoming a Web3.0 DID killer huge barrier to adoption
YieldDAO launched the OPENAVATAR PROTOCOL open virtual avatar DID standard protocol, which promotes the best integration of NFT and DID from the dual levels of organizational structure and technical standards, promotes the determination of the best scalable technical framework, and expands the organization of the OPENAVATAR standard based on the open community Practical work such as landing application and operation promotion.
OPENAVATAR PROTOCOL STACK
- IPFS_EAC (IPFS Enterprise Autonomous Cell) : IPFS controllable enterprise alliance autonomous service unit, fully controllable and manageable IPFS enterprise-level and autonomous organization management service unit, and public domain IPFS to achieve fully controllable communication and release management. — L1 manageable storage layer
- WEB3_DID : Web3.0 decentralized identity standard identification, based on the latest mainstream asymmetric key system, fully compatible with EVM Ethereum virtual machine, and gradually supporting L2 extension, Solana, HashHydra... — L2 interoperability standard layer
- MetaDATA : Metadata standard information of OPENAVATAR, providing the basic identity information of Web3.0 ID and the extensible identity information standard framework. — L3 metadata standard
- OPENAVATAR SDK + API : Build DAPP's decentralized verification and authorization SDK & API, realize fast WEB3.0 DAPP application identity authentication and verification, support ERC1155/ERC721/ERC20 and other Wallet Token-based identity authentication. — L4 Open API/ SDK
- OPENAVATAR NOS (NFT Operating System) is a distributed NFT standard operating system that provides one-stop decentralized support application systems such as standard contract deployment, IPFS configuration, NFT casting distribution, and contract management. — L5 NFT identity certificate operating system
- OPENAVATAR SNS (Avatar/PFP NFT Social Network) — L6 Web3.0 social network based on Avatar NFT
- OPENAVATAR NNS (NFT Name System) — L6 NFT-based decentralized domain name system benchmarking against ENS
From the technology stack design of "OpenAvatar Protocol", we have seen several highlights of extraordinary innovation,
-OpenAvatar NOS - NFT operating system, which provides a good and convenient foundation for standardization and enterprise promotion
-OpenAvatar SDK/API provides unified tools and standards for decentralized verification and authorization promotion
-OPENAVATAR SNS, due to the fact that NFT has become a social ID to some extent, building a decentralized social network based on PFP/Avatar NFT naturally becomes the best way for a new social network of Web3.0
-OPENAVATAR NNS, from a simple analysis of the technology stack description, OpenAvatar can establish a standard name service process with the help of flexible NFT standard issuance tools and NFT holder address query capabilities, which may build a revolutionary and innovative blockchain Compared with address-based name systems such as ENS and Bit, it is more likely to become the next generation Web3 DID system with domain name/address binding capabilities.
5. Future development of DID
In the future, everyone will have a DID master digital identity:
- Everyone has a master DID, which is used in the entire Web3 network, and may even be bound to the user's real identity through KYC and other methods, so as to better interact with the off-chain world.
- The Web3 domain name is the unique identifier of this DID, which is the name of the user in Web3.
- Users manage this DID through a wallet DAPP that is much more powerful than it is now; inside the wallet, multiple identity aggregation protocols may be integrated to realize the data aggregation of users with multiple addresses and contracts, and comprehensively show the user's status. Credentials, partial identities, relationship graphs, etc. on each chain, each address, as a whole user portrait.
- Users interact with WEB3 application scenarios such as social networking, recruitment, and DAO governance through wallets. Through encryption technology, users can independently control the authority of the project party to obtain data, so as to realize that data sovereignty belongs to users.
OPENAVATAR PROTOCOL combines the existing widely used PFP/Avatar NFT to create an integrated new social Web3 Social DID platform service and NFT name service system based on NFT PASS, SBT, and POP, which represents a new paradigm of Web3 DID in the future. We hope to see To more such innovative forces of Web3.
refer to:
- OPENAVATAR.XYZ official website https://www.openavatar.xyz
- "A&T View: The most detailed analysis of DID track on the whole network", author: Ling.Chuan, senior analyst of A&T Capital
Like my work? Don't forget to support and clap, let me know that you are with me on the road of creation. Keep this enthusiasm together!
- Author
- More