This article is an edited transcript of the identity panel hosted by Lit Protocol, with Ceramic, Spruce ID, and Disco, at CyberConnect 2023 New Year Summit. Learn more about the Summit here. You can see the highlights in quotes and italics.
A collectible version of this article is available on Link3. You will also be able to comment, like, and subscribe to the author on Link3.
Identity is a fascinating and nebulous topic. It encompasses our sense of self, personality, values, and personal experience. We go about everyday social life with identity as the underlying foundation. Yet we find it extremely hard to explain what the idea specifically consists of. There is one thing that we are sure of:
For our digital existence to be humanly meaningful and fulfilling, self-sovereign identities and the underlying infrastructure are critical.
That’s why we have our friends over from Lit Protocol, Ceramic, Disco, and Spruce ID over here today on the topic of identity, reputation, and Web3.
Lit Protocol’s Link3: https://link3.to/litprotocol
Debbie - Lit Protocol: Hi, I'm Debbie and I lead developer relations at Lit Protocol. I'll be the moderator for this panel. And so we're joined with Val from Ceramic, Rocco from Spruce, David from Lit then Evin from disco.
Ceramic Network’s Link3: https://link3.to/ceramicnetwork
Val - Ceramic: I'm one of the software engineers working on the 3Box Labs team and building Ceramic. I've been doing that work for about two and a half years now. Basically saw Ceramic through before we had our test net, launching the testnet, and launching the mainnet. And then prior to that just worked as a dev.
David - Lit Protocol: We are building a distributed key management network and for the folks of you who have learned something about public key cryptography, which is also known as a crypto wallet, you have a public key and a private key.
The core capacity of that key is to be able to encrypt things and sign things. And so what we've built at Lit is:
A distributed network that uses multi-party computation to provide the services of encryption and signing to developers.
Evin - Disco: At the Disco, we are your identity for the metaverse, we make it easy for you to own and control data written about you so that you never have to fill out a form again.
We make it easy to use the keys that you already use to manage your tokens on-chain and extend those capabilities with what we call the disco data backpack. So that includes your ability to start to accrue your own reputation and carry it across chains from Web2 to Web3 environments and into physical spaces as well.
SpruceID’s Link3: https://link3.to/spruce
Rocco - Spruce ID: At Spruce we're primarily focused on allowing users to bring their identity and data across the web. Specifically starting with a lot of our work on sign-in with Ethereum, namely how users sign into sites and services with the keys they already own and bring their identity with them and data. So these services, instead of them holding it on the user's behalf, the service has to log in to the user's data vault.
David - Lit Protocol: The way that I think about identity on the web is basically like an avatar that each of us has where each of us has multiple avatars and multiple identities. And each of those identities potentially has a reputation.
We can see this notion of having avatars on the web today in the same way that somebody is a different persona on Facebook versus LinkedIn versus Twitter. So that's what I mean about avatar in terms of how you behave, who you interact with, and then the reputation that then emerges from that.
The avatar is not you per se, but it is a representation of you in different social contexts.
Evin - Disco: At Disco, we think about the particular flavor of identity a lot, the self-sovereign identity, that the subject of data has the most control of that data. The approach that we have for data storage is the ability of the subject to maintain control and to require logically centralizing data around the subject or the individual and physically decentralizing the places where it is stored. So ensuring that data is stored wherever it’s going to make the most sense for its use and who needs to see it and who needs to be able to interact with it. But ensuring that you, as an individual have the latest and greatest information about yourself. So we create a single source of truth that is related to what the data is written about, as opposed to relying on third-party services to trade data behind our backs and our knowledge in order to serve up personalized experiences to us, which is where we are in the status quo today.
Val - Ceramics: At Ceramic we're building the infrastructure to support self-sovereign identities.
So it's all about allowing a single entity to control the data that's attached to the given identity. And so when it comes to the way that we practically do that, it's really about composability. If you have a single identity and you wanna attach information to it, you need to ensure that the data you're attaching has a composable nature so that you can create this richer set of information about a single entity. Ceramic right now, we're building Compose DB that sits on top of the ceramic protocol which takes this to the next level.
Allowing different applications to look at a single entity and collectively or collaboratively add more data to that entity, and helping you build a reputation across different contexts.
So I think the second guiding principle is really the contextual piece - identity looks different depending on where you're standing.
A single person has an identity that they self define, but other people will see that in different ways based on the relationships that they have with that person, the interactions, and experiences.
Once we have this layer of interoperability with all this information, then we can actually make that real. In real life, in meat space, we have the ability to see that, we have our own point of view for every person and every situation that we're in. And today, as Evin was talking about, a lot of the reputation and identity that we use even online is just so static and it's coming from a single person or a single company's point of view, rather than a collection of everyone on the web.
And that's what I think the Web3 space is going towards and what we're trying to build towards.
Rocco - Spruce ID: I see identity more as the very core basics of who you are and what can you do based on certain facts about yourself or certain self-issued or self-attested information. It could be any level of assurance and the what-you-can-do part based on that. So, for example, having a license means you can drive a car, but that doesn't mean you're a good driver though. And that's when the reputation part comes in.
Identity is contextual, and reputation is contextual to each scenario.
So the identity portion and you controlling and owning your identity is super important to that. But just wanna break it down to the core basics. Having the license and driving the car, but a reputation could be you crashed the car 20 times and you got your license revoked.
It's just each scenario merits its own context there and how identity is handled in each different situation.
Evin - Disco: The way we think about it at Disco is very literal, sort of to our name. We are called Disco because we believe that you are the multifaceted center of the party and you should reflect your data and your identity to the world however you decide.
And so, to Rocco's point, you are the same disco ball no matter where, what app you're showing up to, what service you're showing up to, but you just show different facets of yourself. The more control that we give an individual to decide which facet to reflect, and which parts of themselves to bring to a given interaction, the more nuanced personalization we'll be able to enjoy.
And so the guardrails and the best practices that we think about a lot in addition to that self-sovereignty is also minimum disclosure. So something that I think is really important for us to contemplate as builders are how we keep user data, especially individual data on a need-to-know basis and how we prioritize informed consent and participation given that data availability to feed our apps is something that we take for granted when we publish data on-chain.
Rocco - Spruce ID: That's been a big part of even our architectural decisions here - that each side of service can have a different form of you because you've chosen to give that form to that service.
A good example is if you're having a social media account for your family members, it might reflect differently than a social media account that you share with your friends.
There's a sociological concept from the fifties called social dramaturgy where you have these different personas interacting with different people in different social contexts.
It happens every day in real life even with centralized identities. It should play out with even more user control and consent in a world with decentralized identity, where you're in fact controlling exactly what you're disclosing with each interaction.
Rocco - Spruce ID: Going from a world where you first start with logging in, where you just first authenticate that session with applications and services, you'll log into wherever you're logging in. The second step in the process is how do you actually tell that service: come read data from my data vault or have access to this stuff from my disco backpack. This has to do with the informed consent of users. The way we do this is through a system called capabilities. You give someone an assigned thing that says, you can do this one action and this one action only and that's the end of it. It operates on what's called the principle of least privilege. So you just have the authority to do this one thing.
How does a user tell a service: I signed in, and now I wanna give you access to this data? Some of the work we're doing beyond sign-in with Ethereum is what's called ReCaps, readable capabilities. Namely, how do we take the existing wallets that users are using and help them better use them for these interactions that include identity and data? How do we make sure the wallet is telling the user exactly what it is doing in a plaintext and readable way? So make sure the users have everything they need to have informed consent of what they are doing. How do you go from authentication to authorization? Because the authorization part, the consent part, is how we actually bring user data to these sessions and apps.
David - Lit Protocol: What we've been doing in the distributed key space is building out a system following through that capability to ensure that individual application has decryption rights over some information. We're trying to wave the flag as hard as we can around independent of where you're storing it, encrypted client-side ahead of time in the context of when a capability has been passed on, how can that application get the rights from a technical point of view to decrypt some data or access some data.
Rocco - Spruce ID: Decentralized identity and data is never an easy problem and there are a lot of moving parts and components that all the folks on this panel are working very deeply on to make it all possible. There has been a lot of foundation work that has been done for years. Each step requires a lot.
Rocco - Spruce ID: Now it’s exciting that users control all these credentials, we have different systems that speak the same language and have users come with all their data. But eventually, you realize that you gotta just heavily target very specific use cases for users. There’s always a dance between high-assurance cases and low-assurance cases.
The hardest part, especially in the beginning with decentralized identity, is diving into which area to tackle and which parts of it to tackle. Then you realize a lot of the foundational stuff still has to be built out, too.
Val - Ceramics: That’s like the origin story of Ceramic. We need to think about the infrastructure that underlies this and make sure that we have a system that can actually support this to scale. There are many pieces. You either have to build it yourself or work with others who are building those pieces and interoperate with them.
I think another challenge is figuring out what area you're going to get into and not going too broad. That's because the dataset becomes really large - picking the wrong dataset is actually a very easy thing to do.
Everyday users of Web2 don't really understand what data’s being collected about them and how much, and then when you cross into Web3, you realize everything is tracked. It's very transparent and very open. But the downside is that once you have the awareness of the data that's being collected about you, your behavior changes.
You have to be very careful about making sure that the dataset you're picking and the feedback loops that drive that data are actually helpful for what you're trying to achieve, and not just giving you a false picture of reality.
David - Lit Protocol: Certainly there is a number of technical challenges that we are all focusing on, whether it's around storage, privacy, standards, and many other things.
But the collective problem that we have is: why should you care? What is the idea around this? And the thing that emerges for me is we can see what the end game looks like: a sovereign web where you travel around with a backpack.
One of the interesting questions for me and the challenges for me is what are the most powerful initial use cases around sovereign data? Can they have social and viral loops associated with them so people that really don’t care can still have real tangible benefits?
New applications with materially better new benefits such as social search can help us make that leap over the chasm between web2 and a self-sovereign web.
Val - Ceramics: There's some light right at the end of the tunnel, large adoption towards its application that is built on top of some of the shared principles of Web3.
It could just be like someone who has the skills, who is influential, and who pushes out a product that they believe in. So there are different ways for us to get there though we have to take that step in a big way.
Evin - Disco: We have a serious Cold Start problem because we need to have parties such as communities or applications and services that are issuing verifiable data. We need individuals who are taking control of that data and carrying it to other applications that can then rely upon or verify it.
So we need to contemplate the experience of all three of those parties and be able to provide use cases, to David's point, that is meaningfully better than the Web2 alternative of what those user journeys would be.
So we need to measure success in terms of what friction we remove from existing journeys. And how do we add value and delight? How do we make the experience of applications built on a decentralized backend meaningfully better than the alternative? Because nobody is going to pay for privacy as a main selling point outside of the zealots.
Rocco - Spruce ID: One of the goals at the end of the day is to get very traditional users to use this stuff, even if it means figuring out ways in which the experience could be abstracted in different ways.
One of the core philosophies that we're always trying is designing with an eject button. If a user ever wanted to fully eject from a system, and go into pro mode where they're fully controlling their data and their identity, knowing that everything they have is interoperable with other sites and services they may use, they have the takeout option. And trying to make that experience as great as we can.
Evin - Disco: I will note that if you end up with a bunch of messy data from a service that you've exported, ChatGPT is a really great way to restructure it.
Val - Ceramics: Especially for us at Ceramic, because we're encouraging app developers right now to run these nodes and build on top, we have to create some of those safeguards when we push the thing, to begin with. And that makes it easy also for us to continue to collaborate with the rest of the space as we collectively learn more about what we should be doing, what types of protocols we should be using, what works, and what doesn't, and making sure that we don't lose the network effects that are already there in the system.
Debbie - Lit Protocol: There's no playbook in the ways that we're building. Either we're building fully decentralized systems, or we're thinking a lot about decentralized identity in ways that before our current iteration, technology just wasn't possible before.
So thinking about using a data backpack with another system, not just in the Web2 to Web3, but the Web3 to Web3, where very much like we're entering this very different landscape.
Evin - Disco: We are the same human being regardless which chain ecosystem our apps are built on and regardless of whether we're interacting in physical spaces or digital spaces. Ensuring interoperability is the name of the game. And that’s the moat for primitives we are talking about. We're really excited to be partnering with folks who are based in other chain ecosystems such as Bitcoin, to allow users to take custody of credentials that are signed by non-EVM Keys. Additionally, we're collaborating with folks from the Web2 ecosystem to allow for that data to be passed via API packaged up in credentials and taken with users on their adventures in the metaverse. And this includes everything from receipts to KYC credentials. We don’t put opinions to those data.
But the nuance of interoperability is that it really is predicated on the ability to have some client-side resolution of credentials and shared schema, ensuring that everybody is talking about the same data in the same way.
So having a public dialogue I think is a core underpinning when we talk about what the actual structures of these credentials are. Because that needs to be roughly standardized in addition to the specs of the primitives themselves.
Rocco - Spruce ID: If you have a world truly where decentralized identity is the norm, then you'll have multiple issuers in this world. One of the core things is making sure we can agree on these schemas or the way we structure this credential, regardless of issuers.
A lot of this work on decentralized identity is bringing a number of folks to the table and agreeing on a certain set of schema standards, just because we're all trying to work on this interoperable world, and if it's not interoperable, then we've lost the plot.
Evin - Disco: If losing the plot looks like building, slower, more expensive silos, and that's what we have in terms of Web3 apps today where we're slinging decentralized assets in a centralized app environment, and the only data that can move with us from one space to another is our money.
If we want to be able to bring more of ourselves to the table than just the tokens we hold, we need to build out infrastructure for a web of trust, for the ability to discern whose keys are whose and to decide the authority that we might think that particular signer has over a given subject matter or type of credential.
David - Lit Protocol: The thing that aligns both interoperability and sovereignty is the enabling technology here is public key cryptography that in turn to allows us to explore the interoperability through the schemas.
A lot of the work that's happening around key provisioning generally becomes an enabling force for self-sovereign data and for interoperability, which we absolutely have to get the schemas and standards right on top of.
Rocco - Spruce ID: That's one of the core foundational bits of all this because a lot of what we do here with decentralized identity is predicated on users having identifiers that they control. And if users can't control keys, then that's another thing that's really wrong. A lot of the stuff we work on is predicated on users having wallets and shouting out to the whole wallet space. Key management is an unsolved problem, but there are a lot of good folks in the ecosystem working on this problem. Still a very difficult onboarding process.
Val - Ceramics: Thinking about interoperability and schema. That's like one of the huge collaboration challenges that we have in the space. Figuring out what these schemes should be, what is the mechanism by which you create and utilize the schema and incorporate that into your application.
ComposeDB is really the package that allows developers to do that. I can pull this into my application and then read all of the data that adheres to that schema. Our framework for this is what we call composites, which are basically like schemas. They allow you to index different data that matches that schema and then compose on top of it for your application to create this single view of what my app can read all of these different data sets together.
Evin - Disco: Say in the exciting near future that all of us are building together in a few years from now, you'll be invited to a Disco disco at the Louvre in Paris. The only thing that you'll need to take with you is your Disco data backpack. You'll be able to move through the doors of your building into a ride share playing your favorite music set to your preferred temperature. Rolling through airport security and border screenings and health screenings prioritized through the VIP line because you are an OG Disco data backpack user. And you'll be getting free drinks at the bar because you are of age and are able to present that information to your environment.
So we imagine a future where you can seamlessly move from one environment to another, digital to physical and you can enjoy those personalized experiences catered to your preferences and enabled around your accomplishments and traits. Seamlessly moving into your adventure and off the screen.
Rocco - Spruce ID: In this future world, I think what we'll also find is that the cost of certain services, which exist mostly due to a lot of the trust portion of the transaction, namely the services that charge you for verifying certain information, being reduced to next to nothing.
For example, if Uber doesn’t have to do verification but only the arbitration part of the platform service, the cost will be much lower. The same goes for airplanes, Airbnb.
Val - Ceramics: I am not really an active social media user and I would like to be but right now I can't in Web2 because it is just not practical and doesn't feed into the type of web that I hope to see.
I wanna be able to have different contexts for those different groups of people. Just having different social applications in a way that a single person can manage and has control over their data, their sign-in experience, and they can go to any app that they want and have different types of user experiences in those different contexts. Then they can eject and go somewhere else.
David - Lit Protocol:
The thing that I'm really excited about is the felt sense of agency in owning one's own data as like a psychological effect in a world where many people feel just totally a part of the machine in the midst of late-stage capitalism.
If you think about what are the types of things that are valuable, you have things that are materially valuable, and things personally yours and immaterial valuable, like the feeling that you get when you look your child in the face and all of those related things.
This idea of the psychological shift of moving from Web2 to Web3. The knock on effects of having that be something that anybody with an internet connection can feel. And then they know that I have something of value even if nobody likes me and my bank account is at zero. There's still something by virtue of the fact that I am me. A material value to you as an individual that you cannot trade to somebody else.
And then the knock-on effects around I'm feeling agency. Maybe I should have more agency in my county, in my state, in my country. This could not be more exciting to see what the current unknown effects of that are across the planet when that's happening at a large scale.
Rocco - Spruce ID: What Web3 brought is agency, beginning with finances. When we hand someone cash in exchange for goods and services, you have that sense of agency that this is yours. You were fully making this transaction. The digital world kind of abstracted that away and we've seen over time how easy it's stripped from people especially some of the most vulnerable. So the sovereign identity we are working on is like giving back people’s sense of agency just like what cryptocurrency did for finances.
Evin - Disco: We're gonna see new kinds of trust-minimized coordination games. We will be able to access experiences or content based on a collection of your non-financial effort, a collection of more than just those on chain representations of value. The outcome in terms of experiences not only solving the phone home problem to ensure that your data can be relied upon but also diminishing the compliance labor and effort that enterprises will have. And our Web2 data silos, of course, were not built for individual user records to be analyzed or deleted. And so the cost of compliance with laws like GDPR and CCPA is becoming prohibitive.
So I think we have a perfect storm right now of market dynamics. We have crypto that informed the distribution of cryptographic key material and public key cryptography. And so that can succeed where PGP failed, we have decentralized identifiers that can rotate their keys. We have more methods of recovery now. We've reached that ceiling of fun and utility that we can play around with tokens and there's an appetite in this market for something more than just Ponzis. And we have things like EIP-712 that extend the capabilities of our existing keys and allow us to sign data like a personal notary stamp.
And fortunately we've got incredible partners building out the underlying infrastructure layers required to take custody of these kinds of credentials and present them and issue them and manage them in a manner that works with the way that we organize as human beings.
So the conditions are, in my estimation, a perfect storm for this to be the year that we start to bring more of ourselves to the table in Web3.
Evin - Disco:
I wanna encourage everybody to get hands-on. This step is really cool to talk about, but it feels incredibly magical to try it yourselves.
I definitely think that playing around with this yourself and starting to imagine other ways that it could be integrated into your life is a great way for us to operationalize these new primitives.
Rocco - Spruce ID: Building on that, I would say getting involved, getting your hands dirty, and also reaching out. If there's one subject that's always extremely intimidating, it's Decentralized Identity just because of how horizontally it goes and also how vertically it goes. We're always just a DM away. More than happy to have a conversation, point you in the right direction, and help you get started, whether you're an individual developer or someone who's just super passionate about this stuff and wanna see how it's been evolving over time.
All of us here can probably attest to how long it took to really grasp decentralized identity. Months, years, and really like hone in on it. So it could always be intimidating for new folks trying to get started. So reach out, get involved, get in touch. Just dive right in.
David - Lit Protocol: My DMs are open. Would love to hear from you. If you have the desire to do development, there are a lot of really interesting things to build. We have a grants program and are really interested in funding projects related to decentralized identity and verifiable credentials. It’s super early. We’d love to meet you.
Val - Ceramics: One thing we didn't talk about that we'll have to save for another day: anonymity and civil resistance. That's another thing that I'm excited to see, like real solutions to real problems that people have when it comes to needing to protect and hide their identity, but also needing to show their reputation online.
If you are looking to get more hands-on, you can come to ceramic.network. We have our developer guides there but also feel free to use ceramic as a route to all of these people and others in the ecosystem.
Wenyi - CyberConnect, Host: Thank you to all of our amazing friends in the decentralized identity space for such a great discussion on a topic that is very near and dear to the CyberConnect heart.
This is a lot bigger than just startups in the Web3 space. It is truly a new way of looking at human existence, of looking at how we want to portray ourselves in the world. A new way of looking at agency and a new way of looking at identity.
CyberConnect is a decentralized social graph protocol with identity sovereignty for mass adoption and network effects. It enables users to create profiles as the anchor of users’ decentralized identities. With CyberConnect, users own their social graph, content, monetization channels, and social data allowing them to travel across several dApps seamlessly without having to recreate their network on every new platform.
CyberConnect protocol was launched in November 2021, as the first social graph protocol published. As of Mar 23rd, 2023, CyberConnect has 692k user profiles and 676k monthly active users who have done more than 4.1M transactions.
A collectible version of this article is available on Link3. You will also be able to comment, like, and subscribe to the author on Link3.