Web3 Identity Primitives
On-chain identity mechanisms have often lagged behind innovation in other sectors of crypto including DeFi, infrastructure, and gaming. Recently, Vitalik even noted that web3 is so lacking in social identity primitives that it has simply defaulted to becoming dependent on web2 identity infrastructure. Despite this, the space is still seeing exciting (even if slow) progress: new primitives have emerged that attempt to solve the issue of connecting one’s real-life identity to the world of web3.
These primitives have many implications for on-chain self-expression, and after that, community. It’s my belief that before we can have web3 social, we must have robust web3 identity. Users can’t properly interact with each other without first being able to represent themselves on-chain in a comprehensive way. And further, they won’t feel confident interacting with crypto protocols unless identity can be authenticated on-chain. The primitives discussed below are just that: budding proposals for a more equitable and thorough representation of self. Some may never even be used in practice as de facto identity standards. But first steps are still steps — and above all, these primitives are shaping one of the most critical and grassroots parts of the web3 ecosystem.
Soulbound tokens
Soulbound tokens (SBTs) were originally introduced by Vitalik as a way to be able to verify one’s identity on-chain. SBTs are non-transferable NFTs granted to an individual’s private wallet (called a “Soul”) and hold identity data like medical records and educational certificates. The underlying token standard guarantees non-transferability and is not designed to be financialized — SBTs do not accrue value in the way a traditional NFT would in financial markets.
These credentials can guarantee affiliation with an organization, certify governance participation, prove attendance, and more. Soulbound tokens themselves are not necessarily 1:1 with a person, and if this primitive becomes standard, it would not be uncommon for individuals to have many tokens in a given Soul wallet.
As NFT markets become saturated with projects with little to no underlying value, utility NFTs are becoming much more pronounced. The vision for SBTs (niche utility NFTs) is that they will be used to navigate all of web3 and act as “accredited social tokens” — mechanisms by which users can enter ecosystems, participate in communities, and prove identity data to protocols.
Tracking on-chain behavior and aggregating identity data in this synthesized and accurate way is a much-needed tool for protocols involving lending, governance, and KYC. Despite this though, there are some negative unintended consequences around SBTs:
- Privacy is eliminated since all data in a user’s wallet is hosted on a public blockchain.
- Unwanted token transfers could become an issue because of the permanency of tokens sent to Souls. Because the token transfers are permissionless, an issuer could send an SBT to a subject without consent.
- Integrity could be compromised as there is no streamlined way to connect on-chain behavior of an SBT to a person in the real world.
- Users cannot start a new account or recover tokens in the event of a hack because of non-transferability.
Though SBTs are a very new primitive and have not yet become mainstream, many interesting protocols have formed that leverage the NFTs in new ways. Otterspace, for example, provides infrastructure to allow DAOs to generate SBTs as non-transferable badges for their members. Masa Finance created an entire identity protocol around SBTs that creates on-chain credit scores linked to wallet addresses. Noox’s reputation protocol distributes web3 achievement badges as soulbound NFTs to its users. There are also protocols integrating SBTs into their existing product for KYC purposes. Web3 companies are increasingly leveraging on-chain loans, but reputation remains an issue: as Vitalik notes, customers may want to prove that they haven’t taken out any other loans or that they haven’t taken out over a certain amount in loans. Soulbound tokens can be used as a (permanent) stamp to prove each time you’ve taken out a loan and thereby verify that a customer hasn’t borrowed excessively.
Decentralized identifiers
Decentralized identifiers (DIDs) are an identity standard also introduced by W3C and are described as a component to the larger Verifiable Credential ecosystem. A DID is an identifier in the form of a URI that can be used as the underlying identity data stored within a verifiable credential. For example, the subject or issuer of a verifiable credential can be represented in the form of a DID. While verifiable credentials themselves act as the entire “proof” that the information a person is representing on-chain is trustworthy, DIDs contain resolvable information about the subject.
Verifiable credentials
Verifiable credentials (VCs) are an identity standard introduced by W3C that allow the private verification of on-chain identity data. VCs, which are formatted as JSONs, do not need to store all identity data directly — they just need to cryptographically prove to a protocol that the data is true. This mechanism is much more privacy-preserving than the way SBTs work since users can verify one aspect of their identity without having to disclose other parts.
Verifiable credentials differ from soulbound tokens in that they are:
- Potentially revocable: while SBTs are permanent, verifiable credentials can be revocable by issuers. Holders can also delete VCs; this property solves the issue of removing spam / unwanted tokens potentially being sent to a wallet.
- Transferable: holders can transfer VCs to other holders.
- Inherently private: the VC standard was designed in a way that allows users to prove information to a protocol without revealing other identity data. In addition, verification shouldn’t reveal the user’s identity to any protocol.
- Recognizable across protocols: this standardization allows VCs to be useful and relevant in a variety of ecosystems.
Critical components operate within and alongside a verifiable credential: issuers (the entity that provides the claim), holders (the owner of the claim), subjects (what the claim is made about), verifiers (how an entity processes a claim), and verifiable data registries (a system that manages user data). Each of these entities work together to form a secure and private system that can communicate identity data in an extremely quick way.
DIDs and VCs do not depend on one another as identity mechanisms. In practice though, they commonly are used in conjunction: URLs containing DIDs that express information about a subject are associated with verifiable credentials. A VC is usually cryptographically signed by a DID about another DID and contains the proof about the user (Disco).
Like SBTs, when these standards were introduced, many companies began integrating their technology into protocols. Disco is a chain-agnostic portable credential service for users to communicate identity information to protocols. Other companies, like Orange Protocol, use verifiable credentials and decentralized identifiers in an embedded reputation layer. Some protocols even emerged just around being a verifiable credential and decentralized identifier management platform, such as Dock Network. Clique Social leverages creator economy engagement and in turn produces on-chain credentials.
Identity inherently influences so many factors of digital life including reputation, social status, friendships, and community involvement. More importantly, the primitives built around identity set the standard for how we interact with one another at a core level. This isn’t specific to crypto — it’s just especially top of mind for web3 because it so sorely needs good identity infrastructure. Many emerging projects are incredibly promising and it’s exciting to see the sector start to flourish. As it’s developed, individuals will be able to interact with platforms — and each other — in a much more comprehensive, seamless, and authentic way.
Thanks to Sophie Fujiwara for feedback on this piece.
