Web3 and Self-Sovereign Identity

Challenges of Digital Identity

Since the Internet’s inception, there has always been a high-standard utopian view that this transformational technology would change everything about how we communicate, work, play, and socialize. There is no denying that this viewpoint has come to fruition on various grounds, materializing incredible possibilities. Today, in the ever-evolving journey of the Internet, we all are talking about a new beginning referred to as Web3. Web3 thrives on the idea of web decentralization, and as an umbrella concept, it interweaves with disruptions such as metaverse, NFTs, blockchain technology, cryptocurrencies, DAO, and others.

A shift to Web3 from Web2 is driven by the realization that the Internet we are so reliant on is not the safe haven we once thought it was. We know for sure that our reliance on the digital aspect of our lives will continue to grow in dominance, be it about socialization, occupation, communication, finance, entertainment, education, etc. As we continue to use the internet, we can’t and shouldn’t reconcile with third-party’s centralized authority over users’ data, unconsented data sharing, security breaches, and hacking. These roadblocks call for rebuilding the Internet into a new version that is secure, decentralized, and, most importantly, democratized to value user privacy and authority over personal data.

This is where Web3 comes in. But to render the value of decentralization and privacy without compromising on security and user experience, Web3 will need a resilient and improved identity management paradigm. Let’s understand how Web3 shapes the future of the web, what are the challenges to its adoption, the role of identity in Web3, and how NamaChain provides the ideal identity management solution for Web3.

What is Web3? 

Web3 refers to the new iteration of the World Wide Web, which includes the concept of web decentralization. and powered by cryptography, token-based economics and DLT technologies like blockchain. The term was coined by Ethereum co-founder Gavin Wood in 2014, but it has only recently gained traction among tech companies, cryptocurrency enthusiasts, and venture capital firms.
Web3 supporters claim that it will be an improvement over Web2. Web 2 has made the internet dynamic, as opposed to Web 1 (the static web where users were only readers). In Web2, users can contribute to content creation and distribution, but content and data are controlled by a handful of centralized companies known as Big Tech.
Web3 will overcome the limitation of users not having control over their personal data, which leads to careless sharing of sensitive information and uncontrollable exploitation for commercial purposes.
Web3 is expected to decentralize the web, ushering in a paradigm shift in which data owners are empowered to control their data. Web3 is said to be the enabler of user sovereignty, improved data security, and increased data privacy.

From Web2 to Web3

Web2 fails in data privacy because it is designed to store personal information on central databases. Data stored on centralized servers are exposed to complexities such as single point of failure, easy to hack, third-party interference, sharable without owners’ consent, and the domino effect, wherein one piece of compromised data exposes other data sets also.

While Web2 facilitated the sharing and connecting across a boom of social media, it has also exposed users to the exploitations of a handful of tech giants and third parties, who are pretty much controlling the entire data space. Over the years, web users have grown pretty liberal about sharing their personal information across multiple web applications, be it some banking software or a hotel booking site, or some gaming platform. Ignorance and lack of awareness on users’ end also accelerate privacy breaches and data exploitation. Users share personal information, wondering how risky it can get.

According to the FTC report, fraud losses were up 45% between 2019 and 2020, and Kaspersky states account takeovers were up by 20% in 2020; there are enough statistics to explain how cybercrimes, imposter scams, identity thefts, leaking or hacking, data selling without consent are demeaning the current state of the Internet.

Web3 is perceived as a security-prioritized and privacy-driven version of the Internet because its architecture decentralizes the data and its flow and gives users absolute authority over their personal data and its sharing. Web3 is decentralized, democratized, less hackable, and supports user sovereignty.

Self-Sovereign Identity in Web3

Like Web2, even access to Web3 services and apps require digital identities for registration and verification. But the use of third-party centralized single sign-on like “login with Facebook” or “login with Google” will not be in line with Web3 because that would require putting thrust on centralized servers of Facebook and Google, who have an economic interest in amassing such large databases. The idea of Single-sign is a great functionality for delivering better UX, but it needs reformation to ensure security, privacy and sovereignty of users.

Extension of the Web3 principles of privacy, user sovereignty, openness, and interoperability to digital identity lead to self-sovereign identity (SSI) – a fully private digital identity owned exclusively by the user. Only the user has hold of it, and only he decides who gets to see the identity. Blockchain technology, Verifiable Credentials, and Decentralized Identifiers are the three current standards of Self-Sovereign Identity.

SSI is a user-centric and user-controlled approach to exchanging authentic digital identity in a much more secure manner. This approach prioritizes user autonomy through ten foundational principles – Existence, Control, Access, Transparency, Persistence, Portability, Interoperability, Consent, Minimization, and Protection.

What is the ideal output expected from SSI?

Absolute data privacy

SSI removes the need to store personal information on a central database, safeguarding data privacy by giving individuals greater control over their personal information and its sharing.

Simplified onboarding

It eliminates the frictions during onboarding, the struggle of registering and signing up with different login credentials at different services, the hardship of managing multiple passwords, and the security risk of using the same password everywhere. Users just need to remember the password of their SSI digital wallet, and there is no need to manage multiple passwords.

No third-party control

Third parties have no control over what data is being shared and with whom. Not even the Self-Sovereign Identity system provider knows what data is being exchanged.

Tamper-proof

The use of cryptography makes SSI Credentials tamper-proof.

Less-hackable

Because the users’ data are not stored in any centralized servers, it is almost impossible for hackers to steal the information.

Use Cases of SSI in Web3

Metaverse

Existing metaverse projects are siloed ecosystems; one cannot simply jump from one metaverse to another. However, if Web3 is the future of the Internet, then metaverse worlds cannot exist as centralized and siloed ecosystems because that results in fragmented experiences. Users will need to have multiple avatars or identities for each platform, the value of their digital assets will be limited to a single metaverse, and they may need to keep track of several wallets or coins.

The concept of metaverse manifests the idea of multiple digital worlds, and for a unified experience, users will want to transition between different worlds (metaverses) seamlessly. This is where they require a self-sovereign identity—an identity controlled solely by users that enables identity authentication across multiple levels of metaverse worlds without taking away the benefits of a decentralized platform.

Verified and interoperable data will be paramount in the metaverse, whether it is initial identity verification for user profile setup or regular transactions such as buying and trading, or porting of avatar and digital objects/assets from one dimension of a metaverse to another.

One key advantage of SSI is that users can have their identities verified with different credentials. Thus they can have multiple identities to use selectively depending on the use case of the metaverse world they are accessing. For instance, for a casual metaverse, they can simply use an identity that is verified with their telegram handle. In contrast, for a more serious metaverse, they may use a passport-verified identity. So SSI enables metaverse users to have different identities for different metaverse worlds. This reduces the risk of being tracked through a single identity.

Gaming

NFT and SSI together unlocks new gaming experiences, giving gamers whole new opportunities to scale up the dynamics of games and even monetize their in-game assets. NFTs as tokens capture the uniqueness and scarcity of the assets, and SSIs perfectly store and update the unique characteristics specific to the player. SSI in NFTs can facilitate easy porting of level-progress and assets from one game to another. SSI will help NFTs replace DLC items and facilitate portability between games whilst maintaining in-game assets scarcity. Imagine gamers using their level-progress in one game to skip the initial tortuous grind of another.

NFTs

SSI aids in establishing the ownership of NFTs across their lifecycle with supreme accuracy. It is even more helpful in proving the fractional ownership of fractional NFTs. SSI solves the provenance problem regardless of which ledger NFTs are hosted on.

Another major advantage of SSI in the NFT space is that it facilitates fully decentralized content consumption by allowing for direct consumption of media/content from the creator without the need for a distribution channel. Creators and audiences interact directly, improving the compensation structure.

Crypto payments and transactions

Identity-tied payments are a use case of SSI in Web 3. Currently, the wallet address is the only way to verify the identity of the payment receivers in Crypto/ DeFi transfers. Crypto payments strive for the idea of anonymity, but there are occasions, like large volume payments, when receivers’ identities need to be verified. Test payments are made to check the receivers’ wallets. Here, SSI can help. With SSI, the receiver can share a small piece of verified identity information, maybe just a telegram handle, on a peer-to-peer network, avoiding disclosing their identity publicly.

DeFi

DeFi and CeDeFi lack satisfactory know your customers (KYC) solution that is also efficient and privacy-preserving. SSI is the perfect identity layer that aligns with the anonymity approach of DeFi while bridging with traditional data-heavy interactions. SSI eliminates the need for multiple, siloed identities in DeFi.

SSI in Web3 and Its Challenges 

SSI is a disruptive approach to tackling global digital identity challenges spread across points like authentication, authorization, key management, fragmented ID systems, regulatory standards, separable physical and digital identity, privacy, and security issues. Although SSI provides users better control over personal data and thereby efficiently supports the principles of Web3, yet it has critical limitations that still needs to be fixed.

Limitations in currently available SSI systems/solutions:

Key management

The most significant problem with the SSI system is the key management. Most of the times keys are being stored on the user’s device, and the onus is on the user to manage the keys securely.

KYC/AML-complex verification processes

There is a lot of complexity in verifying a self-sovereign identity for KYC and AML purposes. Nonetheless, it pulls in high cost, which deters adoption.

Portability

Another major issue with SSI is that in order to provide users absolute data privacy and security, it ends up binding the users to devices they created an account on. If users lose the device, they lose their identity as well.

Fragmented systems 

SSI uses an identity metasystem that allows users to verify their identity across multiple platforms, provided those platforms use the same metasystem. But SSIs are not interoperable across multiple blockchains and decentralized applications build on those, which is a major hurdle for the wide acceptance of SSIs.

Mass adoption

With all the limitations mentioned above, SSI is yet to gain mass adoption among average users. And this directly affects Web3 adoption. Users do seek Web3 decentralized platforms for its privacy and security benefits, but onboarding frictions and poor user experience deflate the fondness for Web3.

NamaChain Self-Sovereign Identity – promoting greater adoption of Web3

To redefine the paradigm of SSI, empowering it to resolve gaps in Web3, including key management, user experience, scalability, privacy, interoperability, and portability, NamaChain has built a blockchain-enabled Global Identity Gateway. Powered by disruptive key management protocols and practices, it revolutionizes the way people and organizations create, authenticate, and manage digital IDs to access online services, dApps, Apps, and IoT Devices.

NamaChain identity gateway has built-in safeguards to run authentications and verifications in a complete self-sovereign way that is beyond being custodial, non-custodial or device-centric. It provides absolute data privacy by giving users complete control over personal data, including decision rights over who has access to that data. Simultaneously, bridges the user experience gaps between Web2 and Web3, promoting greater adoption of Web3 services and apps.

SSI disruption with NamaChain phantom key management protocol

NamaChain identity gateway is a disruptor in self-sovereign identity and a huge improvement to the other competing SSI systems in the following ways:

Unparalleled security and privacy

NamaChain’s unique key management protocol compartmentalizes users’ data by securing each piece with unique keys. These keys are generated at runtime on the users’ end (browser or app), managed without being stored anywhere on servers or devices, and deleted once the user logs off. This way, the keys used to secure users’ data are only available to the users.

User data compartmentalization and its security through a key that is never stored anywhere, neither device nor server prevents the domino effect if one user gets compromised. Also, with no keys stored, users get absolute authority over their keys, PII data, and its sharing.

While other SSI systems provide data security by not storing the user’s data on any centralized servers, yet the keys are stored on users’ personal devices, so there still remains the scope of hacking if the device gets compromised. On the contrary, the NamaChain SSI solution is hack-proof because there are no keys to hack, neither on the server nor on the device.

Seamless user experience

Web2 is pretty mature in terms of user experience, though users want a transition for improved security and privacy, but not by compromising on UX.

One of the biggest advantages of the NamaChain key management protocol is that it helps bridge UX gaps between Web2 and Web3. It eliminates the hassles of wallet extensions, seed phrases, and PKI management. Rather facilitates username-and-password-based account access in Web3 platforms, and allows users to reset forgotten passwords, a feature currently missing from most Web3 platforms.

Portable and compliant

As mentioned earlier, SSI systems bind users to the device on which they have created an account. If the device is lost, identity is also lost. NamaChain tackles this problem because its SSI is device agnostic. Unlike other SSI solutions, it can be accessed from any device.

Web based access

NamaChain SSI facilitates web-based access rather than device-based access. It is a huge advantage if anyone wants to access their identity from a different device or if multiple users are accessing their identities from a single device. In the rural population, people don’t have sophisticated mobiles to support heavy SSI apps. Many times, the whole family uses a single device. For such use cases, web-based NamaChain SSI enables numerous people to access their accounts from one mobile.

Interoperable

Also, NamaChain resolves the limitation of non- interoperability in SSI. It is interoperable and integrable with any blockchain protocols, gaming, Web3 platforms, and marketplaces.

Data residency compliance 

Current standard SSI systems try to achieve data residency compliance by storing PII data not on their centralized servers but on users’ devices. The user PII data is secured with a key stored in their device. This binds the user to the device and creates the portability issue.

NamaChain achieves data residency compliance with a different approach. It stores PII data on users device, but secure them with a key that is never stored anywhere, neither on device or server. The key is generated at run time, that too on users’ end (browser or app), and once the user logs of the key gets deleted. Thus, the keys are only available to the users. This way, NamaChain SSI system is device agnostic. It can be accessed from any device.

Endnote 

The Web3 landscape requires reformation, including the removal of UX barriers such as wallet extensions, time-consuming logins, seed phrases, pop-ups that appear during every transaction, and PKI management. Many private key management systems that prioritize user experience succeed at the expense of reduced security. NamaChain’s SSI solution improves user experiences while maintaining security. Its underlying disruptive Phantom key management protocol manages keys without storing them anywhere, in devices or servers, allowing end-users to retain autonomy and control over their private keys.

Related Articles

Single Sign-on (SSO) Password Managers: Are they safe?

Single Sign-on (SSO) Password Managers: Are they safe?

The SSO password manager upholds one key IT security principle – the use of strong passwords. At the same time, it breaks another – relying on a single password for access creates a potential single point of failure.

NamaChain at World Polkadot Forum 2022

NamaChain at World Polkadot Forum 2022

At Polkadot World Forum 2022, a TedX- talk format discussion, NamaChain’s CTO and Chief Architect presented a detailed overview of NamaChain disruptive key management, explaining the technology of the underlying phantom key protocols and the reformation they can bring to the digital world.