Web5: The Decentralized Web Platform [link]
[ ... ]
2. What is Web5? How to Web5?[link]
What is Web5?
- completely open source decentralized web platform containing various components based on open source (W3C, DIF) specs & standards
- provides new identity layer for the web
- identity layer enables decentralized apps and protocols
- Web2 + Web3 => Web5
- its like the TCP/IP of identity
Todays Web vs. The Web We Want
What is Web2?
- read & write
- convenient access to data on servers on the web
- ability to write data to servers
- enhanced user experiences
- unprecedented access to new, shareable content
- E.g. signup for social media, use credentials to access UX, read content, write content (posts)
What are the problems with Web2?
- users do not own their data
- PII + user content stored with company, not with user
- no built in support for identity
- web2 companies store identity data on users' behalf
- users given access to app/service including content created by that user
- single point of failure; data breaches leave user identity data vulnerable
- user data business model; web2 companies profit off of user data, provide no added value bacj to user
- Web2 companies have all the control
What is Web3?
- read + write + own / control
- decentralize web2 model providing more control back to the user
- takes data off centralized servers run by small group of companies
- continues to provide rich and convenient user experiences of web2 (read + write)
- E.g. setup wallet with tokens, use wallet to connect to dApps p2p, use dApp tokens to access services, keep all PII / info in wallet
What are the problems with Web3?
- good idea, poor execution
- popular culture around web3.0 focuses on Ethereum and Eth-based dApps
- a seemingly unlimited number of token-based economies
- mis-guided use of incentive structures providing false sense of value / perception of value
- tokens gate access to dApps & services; requires users to obtain a never-ending set of valuless tokens
- rampant with scam tokens / dApps (rug pulls, pump & dumps)
- decetralization for the sake of it (i.e. mis-use of blockchains)
- even including bitcoin, there is still no inherent identity layer to web3
- misses the "point" by trying to decentralize everything via overly complex token economies
- provides same access as Web2 via new model for owning the access to dApps / services
- leads to an unlimited market of useless tokens required to access apps / services ultimately degrading UX gains of Web2
Web5 Example Use Case
- Social media platform signup
- connect with social media (SM) platform p2p using wallet DID comm
- wallet already contains an identity cerdential meeting requirements for social media platform signup
- user already has a personal DWN data store setup with info like followers, profile info, content posts, etc.
- user scans QR code on SM platform landing page with wallet
- SM platform challenges users wallet asking to access all/part of that user's data (ID credential &/or content in DWN data store)
- user accepts the challenge and responds by providing access to the credential and the data
- SM platform checks credetials issuer and holder signatures to ensure authenticity
- SM platform accepts credential and uses data in DWN store to setup the user with a profile
- user gains access to platform, sees all their data and followers and can now interact with their network as expected
- in a decentralized Web5 env, this same process can be reused over and over again across any Web5 compatible app platforms
What are the components of Web5?
- collection of W3C defined technical standards for implementation of the details of a decentralized identity platform
- World Wide Web Consortium (W3C): an international community where Member organizations, a full-time staff, and the public work together to develop Web standards
- three main pillars
- Decentralized IDentifiers (DIDs)
- Verifiable Credentials (VCs)
- Decentralized Web Nodes (DWNs)
What are Decentralized IDentifiers (DIDs)? [link]
- ID unique to a user that is owned and controlled by that user
- W3C mechanism specifing DID syntax, common data model, core properties, serialized representations, DID operations, and an explanation of resolving DIDs to documents [link]
- DIDs essentially link you (via your DID) to your information (stored in your DWN)
- not owned by central authority, issued via blockchain, issuance can be found and attested to on-chain
- removes the dependency on centralized entities to authenticate and represent us
- long, 3 part string:
did:example:1234567890abcdefghijkdid: URI scheme identifier (i.e. did scheme)example: DID Method identifier (example)1234567890abcdefghijk: DID method-specific identifier
- DIDs are the only component of Web5 that touch a blockchain (anchoring to a blockchain is NOT a requirement)
- standardized DID formatting allows for DIDs to be anchored anywhere or not anchored at all
- where to anchor => varying levels of decentralization
- e.g. on a blockchain vs. in a single server => fully decentralized vs. fully centralized
- TBD prefered design decision for DID storage => ION
- ION => Layer 2 DID network that runs on top of Bitcoin => decentralized replacement for DNS for identity identifiers => no authorities, coordinators, tokens, or other centralized bottleneck => https://identity.foundation/ion/
- examples of different DIDs all using the same format
DID-scheme:DID-method:DID-method-specific-identifier
# bitcoin
did:btcr:xyv2-xzpq-q9wa-p7t
# ethereum
did:ens:some.eth
# web
did:web:example.com- no personal data stored on chain
- DID acts as URI associating DID subject (person, company, etc.) with DID document off-chain
- DID documents are JSON files stored in decentralized storage systems (IPFS)
- DID docs describe how to interact with DID subject
- DID doc includes pubkeys, auth & verification methods, service endpoints
{
"@context": "https://www.w3.org/ns/did/v1",
"id": "did:ion:EiClkZMDxPKqC9c-umQfTkR8",
"verificationMethod": [
{
"id": "did:ion:EiClkZMDxPKqC9c-umQfTkR8",
"type": "Secp256k1VerificationKey2018",
"controller": "did:ion:EiClkZMDxPKqC9c-umQfTkR8"
}
],
"authentication": ["did:ion:EiClkZMDxPKqC9c-umQfTkR8"]
}What are Verifiable Credentials? (VCs) [link]
- W3C standard [link]
- W3C spec provides mechanism to express everyday credentials on the Web that is cryptographically secure, privacy respecting, and machine-verifiable
- e.g. credentials: driver's licenses, university degrees, government-issued passports
- VCs interoperate with DIDs to enable trustless interactions between DID subjects
- e.g. interactions: consumer and bank, merchant and shopper, lender and borrower, seller and buyer, etc.
- VCs allow two parties to interact w/out the need to trust one another
- claims made about a DID subject can be verified cryptographically
- E.g. Alice needs to prove she has a bank account at Acme Bank
- PFI (the verifier) does not need to trust Alice (the subject) but does need to trust ACME (the issuer) who vouches for Alice via digital signature on VC
What are Decentralized Web Nodes? (DWNs) [link]
- Decentralized Identity Foundation (DIF) standard [link]
- DIF: a registered 501(c)(6) membership organization that exists to advance the interests of the decentralized identity community, including performing research and development to advance “pre-competitive” technical foundations towards established interoperable, global standards.
- DIF spec defines a data storage and message relay mechanism that entities can use to locate public or private permissioned data related to a given DID
- a mesh-like datastore construction that enable an entity to operate multiple nodes that sync to the same state across one another,
- current model: centralized entities act as data stores on behalf of users; apps hold all of your content and preferences on their servers
- Web5 DWN model: decentralized data stores allowing users to decouple their data from the applications they use; instead users host their own data in their own data store
- Real world example: BlueSky: decentralized version of Twitter
- can hold public vs. private (encrypted) data --> tweets vs. DMs
- do not live on-chain
- are self-hosted, can be hosted on any device (your phone, computer, etc)
- replicate them across your devices and clouds and all data will be synced
- however, self-hosting not required, can outsource hosting for convenience
- TBD vision: DWN vendors offering to host web nodes for users
- in this case, can encrypt data; service provider becomes host-only, cannot read your data (unlike current cloud storage solutions)
- associateds with DID, listed in DID doc as
serviceEndpoint
{
"@context": "https://www.w3.org/ns/did/v1",
"id": "did:web:example.com:u:alice",
"service": [
{
"id": "#dwn",
"type": "DecentralizedWebNode",
"serviceEndpoint": {
"nodes": ["https://dwn.example.com", "00:11:22:33:FF:EE"]
}
}
],
"verificationMethod": [
{
"id": "did:web:example.com:u:alice",
"type": "Secp256k1VerificationKey2018",
"controller": "did:web:example.com:u:alice"
}
],
"authentication": ["did:web:example.com:u:alice"]
}- apps can resolve DID => DID doc and use service endpoint listed for the DWN in DID doc to request access to data
- example request from app to user DWN to obtain all objects that follow the
SocialMediaPostingschema
POST https://dwn.example.com/
BODY {
"requestId": "c5784162-84af-4aab-aff5-f1f8438dfc3d",
"target": "did:example:123",
"messages": [
{
"descriptor": {
"method": "CollectionsQuery",
"schema": "https://schema.org/SocialMediaPosting"
}
},
{...}
]
}- DWN data objects are JSON objects following a universal standard
How can non-technical users access all of this functionality? [link]
- Identity Wallets
- a well designed identity wallet to manage DWN data, DIDs, DID methods / context, VCs, and authorizations
Progressive Web Apps (PWAs)? How about Decentralized Web Apps (DWAs)? [link]
- Web 5 enables developers to build DWAs on top of the Web5 decentralized identity platform bc it’s all open source
- a well designed identity wallet to manage DWN data, DIDs, DID methods / context, VCs, and authorizations
- Web5 : DWAs :: cloud servers : app servers
