Decentralized Identity: Passport to Web3

Amber Group
Amber Group
Published in
16 min readNov 23, 2021

Introduction

The internet was created without a native identity layer for people. Because of this, the issue of digital identity was relegated to websites and applications. This siloed approach may have been appropriate for the early days of the internet, but with billions of people now online, its drawbacks are becoming more apparent. Usernames and passwords continue to be the dominant paradigm, despite being repeatedly demonstrated to be an insecure model. The average person has to juggle between 70 to 80 passwords, resulting in a decidedly inferior user experience. Indeed, there are multi-million dollar businesses built just around helping businesses and individuals manage their fragmented accounts, such as Okta, 1Password, and Dashlane. Most importantly, users do not actually own their online identity. Instead, they rent it from companies and centralized entities. Thus, they are prone to the risk of their digital identity being hacked, manipulated, censored, or simply lost.

The emergence of Web3, which fundamentally embeds economic transfers, has brought about a renewed emphasis on creating robust identity systems. Although decentralized identity (DID) has been a largely overlooked topic compared to DeFi, NFTs, and DAOs, we view it as a critical technological primitive that enables native Web3 applications. If we create a shared, flexible, and resilient identity layer, we can drastically unlock the pace of innovation by creating a wider design space.

In this report, we introduce key DID concepts and the current DID ecosystem on a high level and dive deeper into select projects that are at the forefront of building the identity foundation of Web3.

Decentralized Identity (DID)

The DID specification from the W3C is the widely-accepted standard, ensuring that identity systems can interoperate across different networks and platforms.

An overview of the DID architecture is illustrated below. A DID is an address on the internet that someone can own and control directly. It can be used to find connected DID documents, which contain information associated with the DID. DID documents contain relevant information to enable use cases, such as sign-in, data encryption, communication, etc. Cryptographic proofs, such as digital signatures, allow entities to prove control over these identifiers.

Basic Components of DID Architecture

In sum, the DID serves as the identity hub. Because users control their hub, they can decide when, with whom, and under what terms they reveal elements of their digital identity. And with greater adoption of the DID standard, individuals are not locked into a single ecosystem or siloed approach.

DIDs Provide Users with Control, Security, Privacy, and Portability

DIDs Enabling New Use Cases

In the physical world, identity is integral to a well-functioning society. Passports enable governments to identify their citizens, driver’s licenses allow citizens to claim rights to the road, university degrees confer qualifications, etc.

Similarly, DIDs will enable high-value internet economic activity. Below, we highlight some current Web3 pain points that DIDs could solve.

NFTs — Authenticity and Identity

Fraud and copyminting continue to plague artists and creators. For instance, Derek Laufman, a digital artist and designer of Marvel’s Super Hero Adventures, saw his works being auctioned off on NFT platform Rarible without his knowledge. Similar stories like this are common.

NFT Fraud Continues to Plague Artists

Source: Twitter

A strong DID infrastructure solves this. Applications can build off of DID to allow creators to provably sign off that an NFT, representing a digital or physical asset, was created by them. Buyers and sellers will be able to verify the provenance of the digital artwork too. DIDs could also help foster greater engagement between artists and their community, such as restricting NFT ownership to community members to limit speculation from scalpers or serving exclusive NFT content to select holders.

More broadly, NFTs could serve as one anchor for decentralized identity. Already, several users identify their online presence not merely with a username but also with an NFT project. As an example, co-founder of Manifold @richerd explained that he turned down a $9.5 million offer for his cryptopunk NFT because he identifies his cryptopunk as his identity and brand.

NFTs As Online Identities

Source: Twitter (@richerd)

Unlocking the Next Phase of DeFi

Collateralized loans have served as the backbone of DeFi growth so far. But because crypto finance protocols aim to be fully trustless and permissionless, they often required over-collateralization. For instance, loans taken out on ETH on MakerDAO require collateralization ratios of 130–170%. This has powered DeFi growth over the last year, but the collateral requirements restrict the use cases to mostly crypto traders looking to take on leverage. For most people, the reason they want to borrow is that they do not already have the money that they need.

Lowering or completely removing the collateral requirement is key to introducing DeFi to mass adoption. Having a strong DID layer could allow for “on-chain” credit scores, providing users access to credit-based lending. Furthermore, because users directly control their credit score, they can better monitor and adjust their borrowing/lending behavior. Thus, DID offers the chance of further democratizing decentralized financial systems.

In addition, having a strong identity layer to financial applications could solve other current problems in DeFi, such as:

  • Improving fair distribution of token airdrops by authenticating actual members and reducing the potential for bots to dilute airdrop events.
  • Using DIDs to gate access to DeFi pools to reduce spam/sybil attacks or enable institutions to participate by providing compliance tools to identify counterparties.
  • Guiding users through the dark forest of Ethereum by illuminating participants that can be trusted act in positive-sum ways.

Decentralized Autonomous Organizations (DAOs)

DAOs often use token-based governance for voting, influence, and priorities. This generally makes sense — large tokenholders have the most skin-in-the-game — but it can exclude or deprioritize active contributors who may not have large amounts of capital. And although members can build their reputation within a DAO, they may need to build credibility from scratch in a new context.

DIDs could preserve a user’s reputation across multiple DAOs. Porting over credentials from one DAO to another reflects the reputation portability that we already enjoy in the physical world, preventing active contributors from having to start from zero. Furthermore, other Web3 contexts, such as participation in Gitcoin, publications to Mirror, or code contribution to Radicle, could further help DAOs find qualified candidates.

The DID Ecosystem

The DID ecosystem can be broken down into layers, in which each layer on the top builds upon the underlying protocol. We leverage and slightly modify DIF’s 4-Layer Identity Model to map current DID projects by their primary focus, with the caveat that this is a simplifying model and most projects transcend one layer.

The Decentralized Identity Ecosystem by Layers

Source: DIF, Amber Group

Layer 1: Identifiers and Standards

Standards, identifiers, and namespaces create the public trust layer, ensuring standardization, portability, and interoperability. They also allow networks to register and govern DID methods, providing developers and users with the rules and context of the network’s ID system.

The Decentralized Identity Foundation (DIF) is the key player of this layer and the cornerstone of the ecosystem. It acts as the center for development, discussion, and management of all activities required to create and maintain an interoperable & open ecosystem for the DID stack.

Layer 2: Infrastructure

Infrastructure and agent frameworks allow applications to interact directly with each other and verifiable data registries. These solutions include communication, storage, and key management. We highlight Ceramic and ENS as projects at the front line of building DID infrastructure (although ENS’ categorization can be debated, we place it at the infrastructure layer as we foresee credentials and applications will be built on top of ENS in the future).

Layer 3 : Credentials

Credentials have to be managed, updated, and exchanged. This layer aims to address how DIDs can negotiate proof of control and authentication, as well as securely passing data between identity owners.

BrightID is a notable project in this area. It is a social identity network with over 30,000 users that allows people to prove to applications that they aren’t using multiple accounts, thus minimizing the chances of sybil attacks.

Vitalik Buterin on BrightID’s Potential Applications

Source: Twitter (@VitalikButerin)

Layer 4: Apps, Wallets, and Products

This layer is likely most familiar to readers and intends to provide real-world use cases and value to consumers. Some projects, such as Goldfinch (uncollateralized lending), use proprietary unique entity checks but aim to leverage decentralized ID solutions when they mature. In contrast, other applications already leverage existing DID technologies, such as TrueFi (uncollateralized lending with on-chain credit scores), Gitcoin (funding of public goods), and Ethsign (decentralized electronic agreements).

Layer X: Transversal

These projects largely transcend any individual layer and have consequences at multiple levels. For instance, Europe’s GDPR data protection law has ramifications across all areas of the ecosystem.

Token Valuations in the DID Ecosystem

Source: CoinGecko, Coinmarketcap as of 22 November 2021

Select DID Projects

Ethereum Name Service — Public Profile for Ethereum

The Ethereum Name Service (ENS) is a foundational tool that turns any Ethereum address into a public profile. Its primary job is to map human-readable names to machine-readable identifiers. Rather than transacting with “0x7fc7a9694A09077e137f953108265ad59cCF5ba3”, you can input “amberfin.eth” instead. And because of the hierarchical nature of ENS, anyone who owns the domain may also own subdomains. For instance, because Amber Group owns “amberfin.eth”, it can also create “pay.amberfin.eth.” ENS domains can also have text records, which allow users to store a wide range of data all tied to one identifier. No centralized entity or corporation is involved in this setup.

Amber Group’s ENS Records

Use cases for ENS continue to grow. Full DNS integration to ENS was launched this August, so you could send cryptocurrency to “example.com” instead of “example.eth”. Furthermore, .eth domain names can also be used to build decentralized websites. For example, Ethereum co-founder Vitalik Buterin leverages this DNS integration along with IPFS to create a robust and censorship-resistant website at https://vitalik.eth/.

ENS will likely play a pivotal role in the future of portable and decentralized identity. It is registered as a DID-representation, allowing ENS names to be wrapped as DIDs to facilitate interoperability. Many Web3 users already use ENS as their identifiers. A survey of ~300 Ethereum users found that ~64% already have an ENS, and on-chain analytics suggest that the average ENS user owners 2.5 domains. With additional features being launched (e.g., NFT avatar support) and growing adoption of ENS by dApps, it is likely that Web3 users will increasingly use ENS as their de facto public identity on Ethereum.

ENS Name and Avatar Support on Uniswap

ENS Ecosystem

On November 2, ENS announced that it is decentralizing governance by accepting applications for DAO delegates and airdropping $ENS governance tokens. The airdrop consisted 25% of total maximum supply; the balance is going to a community treasury and contributors. The distribution essentially provided half of total tokens to the past (prior contributors and users) and half to the future (community treasury).

ENS Token Distribution

$ENS tokenholders hold only governance rights to the DAO and do not receive additional monetary value. Uniquely, $ENS tokenholders were required to sign the ENS Constitution, which highlighted key principles — such as enforcing property rights, avoiding rent-seeking behavior, and integrating with global namespace — to claim their tokens. Thus, one of the most exciting aspects of $ENS tokens is that it is a grand experiment in how the market prices digital public goods.

ENS has generated almost $20 million in revenue, mostly from the registration of new domains, which will go to the DAO treasury.

ENS Monthly Revenue

Source: Dune Analytics (@makoto)

ENS revenue per transaction has also increased, suggesting that users are registering their domains for longer periods of time, securing higher-value domain names (i.e., shorter-length names), or both.

ENS Revenue per Transaction

Source: Dune Analytics (@makoto)

After hitting an intra-day high of ~$8.4 billion, ENS’ fully-diluted market capitalization is currently at [$4.2 billion], implying a price-to-revenue ratio of 236x based on the last twelve months.

ENS Market Capitalization (Fully Diluted)

Source: CoinGecko

Metamask — Gateway to Blockchain Apps

In new technological paradigms, the solution that users interact with most frequently often have an outsized influence on the industry’s future development. Similar to how browsers were the battlegrounds for Web1 (Netscape, Internet Explorer, Google Chrome) and apps for Web2 (Facebook, Instagram, Netflix, Spotify), wallets will likely be the battlefield for Web3.

If you have ever interacted with a Web3 application, you have most likely used Metamask. Launched in 2016 by ConsenSys, Metamask is a non-custodial cryptocurrency wallet that allows users to interact with the Ethereum blockchain and any Ethereum-compatible network (e.g., Polygon, Arbitrum, Avalanche).

Although not strictly focused on decentralized identity, Metamask serves as the de facto application for over 21 million monthly active users to access their Ethereum addresses. Paralleling Web2 single sign-on (SSO) options, almost all EVM-compatible Web3 applications will offer “sign in with Metamask.”

Sign Up Options for Augur (Left) and OpenSea (Right)

Metamask serves as a strong mental model of what a broader DID solution could look like, as well as highlighting the promise and perils of self-sovereignty. Because Metamask users hold their own private keys, they truly own the assets in their wallets. There is no need to trust third parties with security and custody. Furthermore, users can seamlessly move assets from one application to another. For example, an NFT purchased on SuperRare can be easily sold on OpenSea, limiting platform lock-in and enhancing portability. The customer experience is arguably improved too — instead of dealing with complicated sign-up procedures and managing multiple usernames/passwords, users need only to connect their Metamask wallets to try new applications. And although it looks like “Connect with Wallet” seems fragmented, it is important to remember that these wallets are only user interfaces that all use the same basic account system — you can import your Web3 account to other wallets.

Importing An Account to Metamask

However, hacks and scams abound. Web3 users have to be hypervigilant over the security of their wallets lest they lose control of all their assets. Even simply losing a wallet’s seed phrase may result in permanent loss of funds. As a result, some users may still prefer to delegate account security and management to a third-party custodian.

Metamask is expected to gradually transition to decentralized governance. Joseph Lubin, the founder of ConsenSys, has recently indicated that Metamask will launch a token in the near future. Erik Marks, senior software engineer at Metamask, stated that the project is “absolutely open to the idea of making the project community-owned,” though the team wants the use case for the Metamask token to be compelling. Several speculate that if Metamask does perform an airdrop, users that have used Metamask’s swap feature will be the primary determinant.

CEO of Consensys on Metamask Token Launch

Source: Twitter (@ethereumJoseph)

Metamask primarily monetizes through its embedded swap feature, which aggregates data from decentralized exchange aggregators, market makers, and DEXs and adds a 0.85% swap fee on top. Adoption of the swap feature has grown significantly since the beginning of the year — Metamask earned roughly $40 million in swap fees over the last month from its swaps.

Metamask Swap Daily Volume and DAUs on Ethereum L1

Source: Dune Analytics (@tomhschmidt)

In fact, revenue growth from Metamask’s swap feature significantly outpaced growth from Sushiswap’s and Curve’s revenue.

Metamask Revenue Relative to DeFi Protocols’ Revenue

Source: Dune Analytics (@momir)

Uniswap and 1inch, the leading Ethereum DEX and DEX aggregator, respectively, makes up the bulk of Metamask’s liquidity source.

Liquidity Sources for Metamask Swap

Source: Dune Analytics (@momir), November 21, 2021

The potential valuation range for Metamask tokens is wide. Equity valuations are not directly comparable, but ConsenSys’ recent equity fundraising ($200 million at a $3.2 billion valuation) could provide a rough estimate of what Metamask tokens could be worth (AXS tokens were worth ~$4 to $5 billion when Sky Mavis raised equity at a $3 billion valuation). Direct token comparables suggest a wide range too. Applying a multiple of $500 to $1,000 per MAU suggests a potential valuation range of $10.5 to $21.0 billion.

Benchmarking ConsenSys’ Valuation

Source: Public filings, Capital IQ, CoinGecko, Amber Group estimates

Ceramic

Ceramic is a public, decentralized data network for managing dynamic and mutable information on the internet. It provides developers the ability to build applications without databases or servers by creating a flexible primitive called Ceramic streams.

On Ceramic, each piece of information is represented as an append-only log of commits called a stream. Each stream is a directed acyclic graph (DAG) stored in IPLD, with an immutable name called a StreamID, and a verifiable state called a StreamState. A stream is similar in concept to a Git tree, and each stream can be thought of as its own blockchain, ledger, or event log. Tile Documents are one kind of a Ceramic StreamType and are frequently used as a database replacement for identity metadata (e.g., profiles, social graphs, linked social accounts), user-generated content (e.g., blog posts, social media), DID documents, verifiable credentials, and more.

The protocol does not rely on any specific blockchain. Instead, it can be conceptualized as a “doc-chain,” in which verifying the state of a particular document only requires the user to sync the data of the given document. The user does not need to sync the entire state of the network as is usually the case with most blockchain networks (e.g., Bitcoin, Ethereum). Hence, there is no global ledger of documents.

One of Ceramic’s key tools is IDX, a cross-chain identity protocol that provides a unified repository where all applications can register and discover data sources associated with a user’s DID. It can be thought of as a decentralized user table. Thus, IDX allows users to control their identities and data without lock-in from any single application and easily protect and port their data across applications. Simultaneously, it allows developers to build data-rich applications without forcing users to recreate the same data on every application.

Ceramic is a critical middleware in the DID technology stack. Some projects built on top of Ceramic’s network that already see traction and market fit include:

  • Boardroom: A governance management platform for DAOs, using Ceramic’s platform to store proposal commenting.
  • Rabbithole: Application that encourages people to use Web3 projects by allowing them to earn points and crypto. Rabbithole uses Ceramic’s network to link multiple Web2 and Web3 accounts into a unified, cross-chain DID, and allowing the user’s reputation to span across other Web3 applications.
  • ArcX: A decentralized app that provides on-chain credit score and identity through the issuance of a “DeFi passport.”

Conclusion

The internet is perhaps the most important invention of the century. Over the past twenty years, it has transformed the fundamental nature of information flows in society: media, politics, news, education, social interactions, etc. Yet even as economic activity increasingly moves from atoms to bytes, our online identities continue to lack true ownership and remain siloed within platforms.

With the emergence of the internet of value, robust DID solutions will be required to allow Web3 to go mainstream by enabling new use cases. We are still in early innings, but the future is bright. And because of the composability and interoperability of DID standards, momentum created from each new application compounds on another. We expect the prominence of DID solutions to continue to grow exponentially within the coming years and unlock the next major cycle of Web3 applications.

Appendix I: Beginner’s Guide to ENS Domains

First, connect your wallet to the ENS App.

Search for the domain name that you would like to register. The price for ENS domains vary by length — the shorter the domain name, the more expensive it is. If it’s available, you will be able to register it for multiple years. Each registration and renewal will cost gas, so its most cost-efficient to register for at least a few years. Click on “Request to Register”, wait for a minute, then complete registration to secure your ENS domain.

Go to “My Account” to set a reverse record. You can only have one primary ENS name per Ethereum address. Afterward, any party you transact with can refer to your .eth address instead of your public key.

You can also click on your ENS domain to modify your domain’s text records. The ENS Medium blog has published a guide if you would like to also connect a DNS registrar that you own with your ENS name.

Disclaimer

The information contained in this post (the “Information”) has been prepared solely for informational purposes, is in summary form, and does not purport to be complete. The Information is not, and is not intended to be, an offer to sell, or a solicitation of an offer to purchase, any securities. The Information does not provide and should not be treated as giving investment advice. The Information does not take into account specific investment objectives, financial situation or the particular needs of any prospective investor. No representation or warranty is made, expressed or implied, with respect to the fairness, correctness, accuracy, reasonableness or completeness of the Information. We do not undertake to update the Information. It should not be regarded by prospective investors as a substitute for the exercise of their own judgment or research. Prospective investors should consult with their own legal, regulatory, tax, business, investment, financial and accounting advisers to the extent that they deem it necessary, and make any investment decisions based upon their own judgment and advice from such advisers as they deem necessary and not upon any view expressed herein.

--

--