logo-green.png
Is SSI needed for Web3

Is SSI needed for Web3?

The illustration below, trying to explain Web 3 identity, is from an article published on Medium about efforts to develop a new European digital wallet. Interestingly, it makes a connection between wallets and Web 3 that I think deserves discussion. This diagram asserts that a wallet will be used for both authentication (control of a wallet proves that I am associated with a previously registered account) and for claims (wallet presents my name, email address, etc). But must I use a digital wallets  to present claims in order to engage in Web 3? In other words, does Web 3 necessitate Self Sovereign Identity (“SSI”), or decentralized identity, if you prefer that jargon.

Before we start, perhaps we should define Web 3. Wikipedia has a pretty good definition:

Web 3 is an idea for a new iteration of the World Wide Web based on blockchain technology, which incorporates concepts such as decentralization and token-based economics.

This definition mostly aligns with my personal definition, which is that Web 3 is our current Internet infrastructure plus the introduction of a new capability: decentralized addressable persistence. Blockchains provide a way to store data, and decentralized identifiers enable us to reference that data. Tokenization is made possible by this new infrastructure, and I agree it is the key to Web 3.

But the idea that Web 3 “incorporates concepts such as decentralization”–that’s just silly. Recently I tweeted an article titled “Web inventor Tim Berners-Lee: Screw Web3 — my decentralized internet doesn’t need blockchain.” Whether or not you think Web 3 needs blockchain, Tim is right–the Web is already decentralized.   What worries people today is that the Web is controlled disproportionately by hegemonic American tech giants. Google has so many web servers, it shows up pushing 5% of the Web in the Netcraft web server market share report:

However, the Netcraft report from April 2022 received responses from 1.2B sites across 272M unique domains and 12M web-facing computers. Not decentralized? 

But let’s just say Web 3 is a next generation of the Web where people can take advantage of new services made possible by distributed ledger (i.e. blockchain) technology. I see three Web 3 applications today: (1) crypto currencies, (2) Non-Fungible Tokens (NFTs); (3) decentralized autonomous organizations (DAOs). I think many more Web 3 applications will exist in the future. But for each of these existing applications, let’s consider if we need SSI. Or perhaps more importantly, could we even use SSI if we so desire.

First: crypto currency ownership. Do you need a wallet? Obviously, the answer is no. You could use a wallet, but it is not required. Most holders of crypto currency use a custodial service, like Coinbase, which operates like a Web 2 online brokerage. This makes perfect sense from a compliance standpoint–lest crypto currency marketplaces become a haven for money launderers. No crypto currency brokerage accepts self-sovereign identity claims. So even if they use a service like Spruce to allow you to login with your Ethereum wallet — a process which lacks the usability advantages of many modern authentication techniques — you are still not using your wallet to present claims during the KYC process or for anything else. Arguably, crypto currency is the killer application for Web 3. So the lack of wallet support is telling–crypto currency marketplaces are not going to wait around for SSI.

Second: NFTs. Do you need a wallet? Similar to the crypto currency, most people don’t have a wallet. This article posits that around 10% of NFT owners have wallets: 3,000 wallet addresses for 30,000 unique buyers. In fact to drive the sale of NFTs, companies like Click are using Web 2 ecommerce strategies. The last thing Click wants to do is to add friction or reduce the size of their market by requiring you to have some weird wallet-based identity solution–for authentication or claims.

Third: DAO’s. Do you need a wallet? Finally, the answer is yes! To own a DAO token, and benefit from smart contracts, you need a wallet address. However, do DAO’s leverage this wallet and token for identity or authentication? Sorry, but the answer is no. The most common type of DAO is a Discord group, where the DAO token is presented for access–used more like an authorization token then as proof as identity. Discord mostly requires you to have a username / password, or other existing Web 2 authenticators, like an OATH TOTP token. And similar to crypto currency and NFT ownership, there is no connection to claims. So while DAO’s are perhaps the most advanced Web 3 application, I would contend that wallet based authentication or claims–for identity–is not a requirement.

So net-net, I am left with the thought that the connection between Web 3 and SSI is aspirational. In practice, Web 3 is happening right now, and can’t wait for SSI to catch up. When decentralized identity technologies go mainstream, Web 3 will embrace them. So eventually they will collide. But probably at that point, Web 2 will also accept these new credentials. So support for SSI will not be a defining characteristic.