The recent paper “Decentralized Society: Finding Web3’s Soul” (the DeSoc Paper), by Glen Weyl, Puja Ohlhaver and Vitalik Buterin, has attracted a lot of attention and controversy with its idea of “soulbound” tokens (SBTs) as a new type of Web3 primitive. The basic idea of the DeSoc Paper is that SBTs “representing the commitments, credentials, and affiliations of ‘Souls’ [i.e. Web3 accounts or wallets] can encode the trust networks of the real economy” and enable “Decentralized Society” (DeSoc).
We agree that there is a huge opportunity for a new paradigm of Internet authentication based on blockchain technology. And while we like the idea of SBTs, we believe the way forward is to use the ideas of the DeSoc Paper to improve existing protocols for blockchain-based authentication – notably self-sovereign identity, decentralized IDs and verifiable credentials.
Before explaining how that can and should work, a little history is helpful.
The Internet TCP/IP protocol does not include endpoint authentication as a feature, including because the early precursors to the Internet like ARPANET (which went live in 1969) were designed to connect trusted government and academic networks. But as usage of the Internet expanded, particularly after the World Wide Web was released to the public in 1991, the dangers of lack of authentication rapidly became clear. This is perhaps best encapsulated by the 1993 New Yorker cartoon “On the internet, nobody knows you’re a dog”.
In the 1990s and early 2000s, work on Internet authentication focused on public key infrastructure (PKI) and X.509 certificates. Although theoretically very powerful, PKI involves major complexity that doomed most applications. Companies like CyberTrust tried to become a single source of trust, but not surprisingly it was difficult then to convince the world to trust one entity, as it is now for the leading Internet companies (although Apple has done better than others to build a reputation for privacy and trust).
The only PKI application that is in widespread use is SSL/TLS to validate the identity of websites and other Internet resources. SSL/TLS has generally been robust and effective, with some notable exceptions like the Heartbleed bug in the popular OpenSSL library. But it is limited to confirming that a connection has been made with a specified Internet server or other resource, without establishing any broader trust for the resource or its users.
The result is a default Internet architecture that looks something like this:
Of course, there are ways to do better than this with existing architectures, such as VPNs to secure connections and software for authentication and management of devices. But the overall picture for many users is an insecure mess.
There is an opportunity for blockchain to do much better. A core reason for this is the main innovation of blockchain – a public ledger whose integrity can be trusted – can replace much of the complexity of PKI. However, there is much work to do before blockchain can solve the problem of Internet authentication. For example, the DeSoc Paper points out that Web3 has so far been dominated by trust-less applications like cryptocurrencies, DeFi and NFTs, and that much more work is needed to enable the decentralized trust required by DeSoc. What blockchain does offer now is a secure platform for relatively simple (compared to PKI) solutions to these challenges.
Most of the existing work on Web3 authentication has been under the paradigm of self-sovereign identity (SSI), using decentralized identifiers (DIDs) and verifiable credentials (VCs). While SSI remains in its infancy, much work has already been done, through entities like the Decentralized Identity Foundation, the Sovrin Foundation and the World Wide Web Consortium (W3C). For example, the authentication activities of LearnerShape on the Cardano blockchain, described below, use the W3C VC data model.
The DeSoc Paper acknowledges that VCs and SBTs have similar functions and that “VCs and SBTs can be seen as natural complements” (DeSoc paper, p. 27), but suggests that VCs have problems of:
We agree that these are potential issues with basic SSI implementations. However, addressing them is well within the scope of potential extensions to SSI, rather than requiring new fundamental protocols to replace SSI.
The authors of the DeSoc paper say this about “unilateral privacy”:
“[W]e are skeptical that unilateral shareability is usually the right privacy paradigm. Rarely does one party in a multi-party relationship have the unilateral rights to disclose the relationship without the consent of the other. Just as unilaterally transferable private property is not a rich property regime, simplistic unilateral shareability is not a very rich privacy regime.” (DeSoc paper p. 27)
This reasoning makes superficial sense, but it is based on attacking the strawman that SSI allows only “simplistic unilateral shareability”. In fact, there are many approaches to flexible community sharing that can be enabled using DIDs and VCs. To take a few examples:
Many other variations are possible.
The SSI-based options for credential recovery can be equally flexible. The DeSoc Paper proposes “community recovery”, whereby “recovering a Soul’s private keys would require a member from a qualified majority of a (random subset of) Soul’s communities to consent.” (DeSoc paper, p. 5).
It bears noting that any “community recovery” mechanism would also allow the same actors to access and potentially misuse private keys even when their holder has not lost them. This is the same deficiency that has long existed with proposed government schemes to be able to access individual encryption keys for law enforcement purposes. You can’t have your cake (private key security) and eat it too (broad recoverability of private keys).
But assuming such a recovery mechanism is desirable, there is no obvious reason why it should differ between private keys for VCs and private keys for SBTs. Indeed, one would expect a flexible key recovery mechanism with multiple applications (e.g. for VCs, SBTs and other purposes) to be more attractive than one that works only for SBTs.
To illustrate how these enhancements to SSI can develop, we can take a look at one SSI ecosystem – Cardano.
My company LearnerShape builds infrastructure to enable learning applications, focused on skills. A key current focus of these activities is adding blockchain functions for skills authentication.
We have chosen to develop these functions on Cardano because of the substantial investments being made in SSI infrastructure in the Cardano ecosystem. Most important among these is the Atala PRISM protocol and SDK for implementing SSI operations, which is being developed by Input | Output, the technical arm of Cardano.
Although Atala PRISM is in its early days – for example, it is not yet open source and currently runs on the Cardano testnet blockchain rather than mainnet blockchain – it is already serving as the basis of a rapidly growing ecosystem of SSI applications. For example, Input | Output is using Atala PRISM to build authentication solutions for major customers like the and leading US satellite television provider DISH.
LearnerShape has recently delivered a proof of concept for LearnerShape SkillsGraph, which extends basic SSI functionalities by providing an open framework for authentication of skills using DIDs and VCs. We are currently working on two pilot projects using SkillsGraph – the first will deliver a Cardano community credential (likely for ‘scribes’ who record progress on Card) and the second (in cooperation with ProofSpace) will bring the DevOps qualifications of global certification company PeopleCert to the Cardano blockchain.
Another leading SSI project on Cardano is the RootsWallet project, which is delivering the first open-source identity wallet for the Cardano ecosystem. There are many others.
While these SSI projects have not yet reached the level of sophistication necessary to deliver functions like those suggested in the DeSoc paper, they are clearly on the right track. There is no reason why the energy of SSI innovators on Cardano and elsewhere cannot deliver such functions, and much more.
The DeSoc paper acknowledges: “As ambitious as we have been in imagining what DeSoc could enable, in many ways the above are just first steps.” Indeed, this is true of the Internet authentication ecosystem generally. Notwithstanding the more than half a century since the earliest versions of the Internet were built, there are still many online circumstances where no one can know whether or not you are a dog.
But progress is being made. SSI standards, protocols and code have developed hugely over the past decade, and progress is accelerating.
While there is certainly a role for competing approaches to Internet and Web3 authentication, globally effective authentication methods will need to be ones that work across many different applications and blockchain protocols. This is particularly so for the emerging vision of the metaverse, which proponents hope will allow interaction of diverse applications in a shared digital environment.
The aim (and it’s an ambitious one) is for the default authentication picture shown in the above diagram to look instead like this:
In pursuing this vision of decentralized, global interoperability and authentication, the sensible way forward for blockchain authentication is to build on existing ideas – using and combining ideas from many sources, including SSI and new innovations like SBTs – rather than seeking to build parallel or competing computing paradigms. A key goal of this integrated approach must be simplicity, to avoid the confusing complexity that led to many of the failures of the PKI / X.509 paradigm.
The future online society continues to construct itself, and to function properly it should be simple, authenticated and interoperable.
Maury Shenk, Founder & CEO, LearnerShape