DAO series part 2: How to use Decentralized Identity to build trusted communities.
Digital Identity is the prerequisite for improved participation in digital organizations and DAOs. As long as you can’t identify users, all users are equal. More sophisticated governance systems rely on the reputation and experience of stakeholders. That's why many decentralized organizations share a challenge today. How to build governance on members' reputation instead of relying solely on token ownership. Because governance purely on token ownership will not lead to the success of the DAO concept. The use of decentralized identity solutions is an obvious choice here. In this article, I want to introduce three possible decentralized identity solutions as a prerequisite to better governance.
Decentralized Identity — a short overview
Why decentralized identity
Knowledge of a user’s identity is a prerequisite for participation in organizations. In contrast to Meatspace where we have the eID, driving license, or a health pass, there is no shared concept of a user’s identity in the digital space. Today, verification of authorization and access is therefore usually carried out by identity providers, who continually penetrate deeper into our private lives through the personal data generated in the process and already know us better than we do ourselves. The so-called “decentralized identity” is intended to stop this misuse of personal data. Such a decentralized identity is intended to enable participation in digital life by providing identity data while protecting one’ s privacy at the same time. As with many technological innovations, decentralized identities are already available in various forms. This does not make the already complicated topic any easier. I would like to give a brief overview of four different types of decentralized digital identity in this article.
What is a decentralized identity?
An identity is the sum of all the attributes of an individual (or an object) that is to be described. In the digital identity known today, the data of these attributes are managed by an identity provider. With a decentralized digital identity, the data should be able to be owned and managed by the user. If the identity attributes are used to prove the identity, ideally only the data that is necessary for precisely this proof is used. This is in the interests of data minimization and privacy protection. To the outside world, therefore, a user does not have a single identity, but a multitude of identities that always consist of exactly the attributes required in each case. It is important, however, that the authenticity of this information can be proven by the verifier. This verification is one of the major challenges in digital business. The article “Trust Infrastructure for digital business models” provides a more in-depth overview of that topic.
How decentralized identity works
To enable users to own their data, we use digital wallets. Identity data is stored or at least referenced in such digital wallets. These identity wallets should not be confused with crypto wallets, which do not store the crypto-assets themselves, but only the private key required to access them. In an identity wallet, the user’s data is stored. This data is referred to as a user’s credentials. Credentials can later be used to prove one’s identity.
Three types of decentralized identity
As already mentioned, there are technically very different ways of reflecting a decentralized identity. The approaches described here are therefore neither exhaustive nor comprehensive. My main intention is to provide an initial overview and, above all, to promote the idea that not every means has to be right or wrong for every purpose. For example, an identity that identifies the members of a DAO governance may have different privacy and trust requirements than a governmental-issued eID or a driver's license.
Let’s start with something that doesn’t even exist yet. Nevertheless, there has been some rumor about NFTs as proof of one’s identity, at least since Vitalik Buterin’s article on “Soulbound NFTs”. For a large part of the NFT-community, NFTs are per se proof of ownership and thus also part of an identity. In my opinion, this is at least problematic, but this shall not be the core of today’s article. Interested readers are recommended to read What do you actually own when you buy an NFT?
The idea of the Soulbound-NFT or more generally of a non-transferrable NFT is to bind the token to its owner. For example, if you attend an event, you can receive an NFT that personally identifies you as a member of a certain community. The same could now be used for members of a DAO to personally identify themselves as members. Vitalik also envisions the concept being used for things outside of cyberspace. For example, proof of vaccination could be issued as a Soulbound-NFT. Or it could identify you as a resident of a particular city, allowing you to participate in city-specific decision making.
At first, this sounds like a good concept. Due to the increasing acceptance of NFTs in the broader public, the necessary infrastructures such as wallets are just being created and are becoming popular. But if Soulbound-NFTs were to be used as comprehensive proof of identity, even less experienced data protection experts would be alarmed, since there are numerous problems. For instance:
- The NFT can be seen by anyone who knows your public key. Once you have identified yourself with a Soulbound-NFT and disclosed your public key, your communication partners can now also see all the other contents of your wallet.
- Because transparency is the basic concept of the blockchain, most users try to keep the human identity behind the wallet secret. And that’s even for a normal crypto token, which should be far less critical than most of our identity data. Thus, most users have different keys and wallets for different business relationships. This of course then begs the question, to which of these wallets will the Soulbound-NFT then be bound?
- Identity features can also be temporary. This is difficult to implement, especially if the temporal limitation is not known from the beginning. This is the case, for example, with the revocation of what is an unlimited driver's license in the event of a traffic violation. Also, if you leave a city or no longer want to participate in the DAO, your attributes change. How is this change carried out via an NFT? Once minted, it can no longer be changed.
Sure, Vitalik has listed many suggestions for anonymization of identity data. However, this considerably loses the lightness of this concept. For more personalized community management of crypto applications and DAOs, however, we will certainly see non-transferable NFTs in practice soon. The advantage of simple applicability in the already familiar technological environment speaks for itself here.
ENS — Ethereum Name Service
The Ethereum Name Service is a name service on steroids. Based on the Ethereum Blockchain, the ENS is a distributed, open, and most importantly extensible name service.
This is gaining a lot of popularity, as you can see from the current state of registrations on Etherscan. The initial goal of the ENS was to map the complicated and thus error-prone public keys of Ethereum wallets to human-readable strings. However, the service is designed in such a way that mapping is possible with all kinds of identifiers such as addresses (including non-Ethereum wallets), URLs, or simply hashes of documents. Thus, a user can make their wallet address, social media addresses, and documents accessible via the ENS address. Undoubtedly, this is much more like an identity than simply being the public key of one of a user’s numerous wallets. ENS names could therefore be used as identities for data that is publicly available anyway and especially within the crypto- and DAO community. However, ENS, like Soulbound-NFTs, is not suitable as a universal digital identity. We have almost the same privacy problems here. Since the ENS is managed by the owner of the name, the data is of course only as trustworthy as the owner himself. And establishing trustworthiness is a big problem in the digital world. Above all, ENS offers a bridge to the Soulbound-NFT and the SSI explained below. In particular, public data of a user can be kept easily referencable with ENS. I expect ENS-based identity proofs to become more common for scenarios where privacy is not that much important.
Self Sovereign Identities (SSI)
The most comprehensive developments for a decentralized digital identity are taking place in the area of self-sovereign identity led by the decentralized identity foundation dif. The topic is so comprehensive on its own, that I cannot give a fundamental introduction here. For those who want to dig deeper into the SSI Rabbit Hole, I recommend this “Where to begin” article. I would like to only roughly explain the very basic concepts here. The basic concepts behind SSI are the Decentralized Identifier (DID) and the associated Verifiable Credentials (VC).
A DID is resolvable via a URL, similar to the ENS case outlined. Unlike the ENS, however, there is no 1:1 relationship between a single person and a DID. For example, you can use a separate DID for each communication relationship. Verifiable Credentials are provided by an Issuer and can now be used by the holder to prove certain attributes. In doing so, the verifier can check who issued the credentials. This is of great importance for trustworthy data. Using so-called Zero-Knowledge Proofs, it is possible to verify the properties of a credential without having to obtain the credential itself. An illustrative example is age verification, where you can prove that you are over 21 without disclosing your date of birth to the verifier. In this combination, SSI is a very powerful, but also very complex concept. There are several problems here as well. For example, privacy protection is very dependent on the use of advanced techniques, such as Zero-Knowledge Proofs. As with many of the other crypto applications, the benefits outside of the crypto bubble have yet to be shown. For SSI, moreover, this technology has yet to make its way into the crypto bubble as well, because there are hardly any real use cases there either. Because there is so much demand for digital identity verification, that will certainly change soon.
Decentralized identity without blockchain
In the general view, decentralized identity is always directly associated with blockchain or distributed ledger technology. Blockchain, by its architecture of transparency and distribution of data, is unsuitable when it comes to storing data that needs to be protected. I don’t know anyone in the identity community who disputes this. Therefore, not every Identity approach is suitable to manage personal data. ENS and NFT in their current and planned form certainly are not. And caution is also required with SSI, although blockchain plays no or only a subordinate role here. An identity wallet, even if the name suggests it, has nothing to do with a blockchain wallet. Nor does SSI store any data per se on a blockchain. However, using blockchain can be quite useful, especially when it comes to building trust. In a decentralized identity system, there is no central authority that determines who is trustworthy and who is not. For example, if you receive a driver's license or a birth certificate as a VC, you must be able to verify that it was issued by the responsible government office. Trust registries in the blockchain that are publicly visible and cannot be manipulated can serve this purpose. In this case, there is data in the blockchain that is public anyway and, above all, must be protected from manipulation.
It’s all about trust
Building trust is and remains the biggest problem of decentralized identity systems. Whether for a DAO, for a vote of the residents of a city, for governmental tasks, or for financial services you have to be able to trust the data of the users. This is not possible without trusting the issuer of the data. A DAO that wants to use a digital identity as a membership badge must therefore answer the question of building trust in the authorization of the members in addition to the technology to be used.
Even if it sounds chaotic and contradictory at first, all three concepts offer certain advantages. Above all, they are not completely comparable. It is difficult to imagine an NFT as an eID or an identity technology for financial services. But access to a DAO governance is very well. You will not publicly bind the eID to your ENS address. But your social media profile can be because you want the information to be seen. ENS, in turn, can be easily connected to the world of SSI via a DID. In this way, the pieces of the puzzle come together to form a colorful picture — in line with the principle of decentralization.