Announcing our public release & a free multi-chain wallet adapter! 🎉
Table of contents
Can you imagine being able to selectively share your personal information, like proving you’re a New York State resident without disclosing your home address or a university graduate without revealing your diploma? It has recently become increasingly difficult to navigate the web without having copious amounts of personal data collected and stored about us. It feels like over time, more and more of our information is out there. For the past few years though, the crypto space has been tackling these exact scenarios of our online identity and privacy — how can you interact with the web without revealing all of your information?
As companies and developers invent solutions for the use cases above, a debate is brewing on what technology will power this new landscape. This blog post delves into two potential (and at times non-mutually exclusive) paths forward - (1) Verifiable Credentials (VCs) & Decentralized Identifiers (DIDs) and (2) Soulbound Tokens (SBTs).
VCs are digital certificates that help prove an individual’s or system’s identity, similar to a physical passport or driver’s license. Digital certificates are not entirely new — they are used to authenticate login credentials, verify a website’s identity, and much more. VCs improve these safeguards by interacting with the blockchain to provide an inviolable and universally verifiable alternative. The W3C Consortium defines the VC standard.
There are three key abstractions in the VC Data Model that enable secure credentials:
Practically, a VC is a certificate containing a series of claims attested by an issuer and validated by a verifier.
A VC has three key components:
Decentralized Identifiers are globally unique references in a VC (also standardized by W3C) that can be used to verify a subject’s (an individual, corporation, or entity) identity — similar to license numbers, passport numbers, or telephone digits. However, unlike the examples above, DIDs are decoupled from any issuing authority, and each subject can create and revoke their own DIDs at will. The entity the DID refers to is called the DID Subject.
A DID is a string composed of three parts:
The verifier uses the DIDs in a verifiable presentation (detailed referenced below) to resolve the associated DID Document using the data registry. This document contains information on the DID Subject, such as their public key and instructions on how they can verify their identity. The organization of the DID Document can be created and modified by an entity known as the DID Controller.
The Verifiable Data Registry is a trusted intermediary maintaining the DIDs and VC schemas. It can be either decentralized and stored directly on the blockchain or closed and controlled by a centralized third party for some internal company use cases.
The registry will contain logic on resolving the DID to the DID Document. There can be multiple registries in an ecosystem, and they can leverage blockchains as a ledger system for storing and amending information.
Let’s explore an example to understand how VCs are issued and verified. Alice is currently a student at a university that issues her VC as a credential for her enrollment.
Now Alice would like to use her VC to access a student discount at a museum. To do this, she needs her VC verified.
The DID methods chosen provide the issuer and VC holder with different features or permissions. Some DID methods allow the issuer or recipient to revoke the VC at any time or replace it with a new one. In this example, the university can revoke the proof of enrollment VC it provides Alice if she graduates or takes a leave of absence.
Alice can hold multiple VCs issued by different organizations in her wallet and control which credentials to showcase. However, Alice has to ensure the security of the VC since the verifier cannot attest to the identity of the individual who provided the presentation. She must revoke access if she is aware her wallet has been compromised.
While digital certificates are not new, their web2 instantiations – login cookies and Facebook pixels – are controlled by centralized tech behemoths. Applications like Facebook and Google store credentials and user history that they then sell to third-party advertisers — a week of ads from Chipotle across all platforms will follow an innocent search about burritos.
The VC architecture gives individuals control over who their identity is shared with, and allows them to revoke access when necessary.
In a recent blog post, Vitalik Buterin outlined his vision for a decentralized society (DeSoc), powered by Soulbound Tokens (SBTs) and Souls. He defined SBTs as NFTs that are “publicly visible, non-transferable (but possibly revocable-by-the-issuer)” and the wallets that hold these SBTs as Souls. An individual can receive an SBT to signify an affiliation to a particular entity — for instance an educational institution, an employer, or a geopolitical state.
SBTs are motivated by what Buterin sees as the drawbacks to the current NFT system – since NFTs are transferable and cannot be permanently bound to any specific individual, they’ve become a commodity signaling wealth. SBTs, on the other hand, can’t be bought and sold. They are public, on-chain credentials that signal reputation and memberships that have to be earned.
The SBTs proposal has sparked a great deal of discussion and debate, in part because the concept of on-chain tokens representing personal identifiable information (PII) is controversial. This contrasts with the existing “off-chain” identity stack centered around VCs and DIDs that are inherently more private (one can argue information stored within SBTs can be made private over time).
Since the proposal of SBTs/Souls, there have been many discussions on Twitter and elsewhere in the crypto ecosystem regarding the difference between SBTs and VCs/DIDs. Many question the need for SBTs at all, given the existing work on VCs/DIDs.
While SBTs are mostly conceptual at the moment, and their implementation details haven’t been fully worked out, the main difference between them and VCs boils down to privacy:
Some advantages to VCs over SBTs include the following:
Meanwhile, the advantages of SBTs over VCs include the following:
While web3 first gained prominence for championing a trustless, permissionless, anonymous environment, it is working to redefine identity rather than reject it. Many players in the space have released VC-leveraging products into the market to capture a slice of the burgeoning new technology: Microsoft has introduced VCs into their Azure product suite; Verite.id and Quadrata use VCs to prove KYC and identity claims; Spruce, Disco.xyz and others help create and manage identifiers.
However, while VCs, DIDs, and SBTs are some of the most recent proposed frameworks that validate a need for a new credentialing system built on top of the blockchain, they likely won't be the last.
This article does not strive to cover all aspects of DIDs, VCs and SBTs. Here are a few great articles to dive into for further reading:
Share this article
(Oh, and we also offer a free multi-chain wallet adapter)