business

Identity and Web3

How Auth0 is Investigating Decentralized Identity and Blockchains

Web3, the concept that makes smart contracts and Decentralized Finance possible, continues to grow, having gained the support of tens of millions of users and around $30 billion in VC investments as of late 2021. The Auth0 Lab team has been monitoring and experimenting with Web3 and adjacent technologies.

From our research and the flurry of interest from consumers and investors alike, it appears that Web3 is moving towards a user-centric web experience. We recognize that it's still early days for Web3. There will be stumbling blocks as the space matures. As the Web3 ecosystem evolves, we are looking for opportunities to bridge the gap between Web2 and Web3 technologies.

The Auth0 Identity Platform is the backbone of many conventional Web2 applications, leading us to dive into how we can allow our customers to interact with the "on-chain" identity data of their users. Over the course of our research, we've established relationships with Web3 partners to expand our ecosystem and offerings, and we're excited to share them with you today.

What Is Web3?

Web3 is based on the idea that users should have control over their data, money, and identities without relying on central gatekeepers. In a speech at Web3 Summit 2018, Juan Benet, Co-Founder of Protocol Labs, described it like this:

"Web 2.0 was about linking programs to that content and building rich, dynamic applications across their devices. And what's going on now is that the relationship is getting inverted. We're linking content and programs directly to each other, bypassing intermediary organizations, removing intermediaries, and gaining public verifiability."

Blockchains and decentralized networks run through the heart of Web3. This new digital economy relies on public ledgers and private wallets to keep track of who owns what. They hold the public addresses and private cryptographic keys necessary to conduct transactions. This growing public key infrastructure adds a potentially valuable new security layer to the web.

What Are the Hesitations around Web3?

A major hurdle in the Web3 space is the lack of mass-market momentum. Web3 technologies are largely used by those invested in crypto and developers looking to build for the future.

Criticisms of Web3 include:

  • Potential data protection risks
  • The environmental costs of mining and transacting
  • The length and complexity of completing a transaction.

We're aware of the challenges in this space. Web3 is still largely unregulated, and its decentralized nature makes it difficult to add the consumer protections found in the traditional economy. Unlike your credit card, you can't reverse fraudulent transactions.

Knowing this risk, big players in the Web3 space, such as Coinbase, have taken additional steps to protect customer assets and data. Coinbase Wallet, for example, allows you to authenticate with biometrics or a PIN. It has partnered with other companies to provide hardware wallets that store your private keys in a secure, air-gapped physical device.

The environmental impact of Web3 also remains a pressing concern for organizations. Cryptocurrencies have a steep carbon footprint, particularly when it comes to mining and transacting. To address this, blockchains like Ethereum have switched to "proof of stake" from "proof of work," replacing the mining-focused mindset of crypto.

Aside from the above consumer-level concerns, organizations are heavily invested in Web2 architectures. Many are reluctant to abandon those systems. Organizations need an easy way to bridge their existing Web2 infrastructure and investments with the growing Web3 ecosystem. Unfortunately, blockchains are technically complex to build upon from a developer's perspective. Threat actors can exploit poorly-written or insecure smart contracts to steal funds.

Web3 leaders must address these problems for it to enter the mainstream, as each is individually big enough to inhibit adoption. For many, these downsides can outweigh the potential upsides.

Opportunities with Web3

Web3 is young, but it has already asserted its place in the identity space, with users creating a single digital wallet to authenticate across multiple applications. Many businesses are starting to reap the benefits of decentralized identity for SSO.

Identity on the blockchain offers powerful interoperability opportunities. Some Web3 entities use blockchains and digital wallets alongside traditional authentication methods to manage user and application data. For the end user, they can potentially use the same wallet to authenticate their identity across multiple Web3 applications for seamless login experiences.

Digital wallets previously focused on storing assets, but with the growth of Web3 and decentralized identity, they are used as a tool to verify identity. From a user's perspective, they work much like traditional federated authentication.

Opportunities with Web3t

A key opportunity Web3 presents in the identity space is the ability to interact with a user's blockchain data. This presents two benefits: enriching user profiles and streamlining the login process with federated logins using storage wallets.

Organizations can gather blockchain data from users as they interact with their applications, storing it in a unique portable user profile that any organization can use. Services like Ethereum Name System and Unstoppable Domains offer these universal profiles as a service to users and organizations. Once enough data is committed to the chain, organizations can infer individual user preferences or make fundamental changes to their applications based on broader user behavior. While this is possible in the Web2 world, the decentralized approach removes the need for siloes. Within Web3, control belongs to the person who is the address holder on the blockchain.

We don't know what the future holds for Web3. However, adopting Web3 technologies early can help you prepare for changes in consumer patterns and attitudes. We'll continue to share our analysis of the Web3 space with our community, so you can make informed choices about where you invest your developer time and budget.

Growing Blockchain Business Use Cases

The number of business uses for blockchain technologies continues to grow. Many leverage private permissioned blockchains shared between industry members. Unlike public blockchains like Ethereum, Solana, and others, these private blockchains are invitation-only. This element creates an authentication and authorization layer between the user and the blockchain data.

An example of an established private blockchain is Canada's verified.me. Individuals can share data from know-your-customer (KYC) flows within financial and health institutions. A government-supported tool, it lowers the cost and friction for businesses by allowing them to offer self-service registration and identity verification for verified.me users signing up for new services. Verification is based on encrypted data previously shared with banks and other financial institutions, offering a simple way to validate user information based on trusted sources. Using this secure digital profile, users can choose to connect their data with other applications or institutions, like a credit bureau or an insurance application. Verified.me is free for the end user, so they don't have to pay to share their information.

It's just one of many instances we've seen popping up. Others include:

  • IBM's Food Trust, which helps fight food fraud on a global scale
  • Risk Stream, which helps insurers settle complex claims faster
  • Mediledger, which helps settle contracts and ensure pharmaceutical quality

This is not an exhaustive list. Managing identity across these blockchains will present a challenge for businesses. They will need to navigate which smart contracts hold valuable identity data, how to use that data meaningfully in authorization decisions, and how to bridge the gap between a user's identity in the digital and physical worlds.

What Does Web3 Mean for Your Company?

It depends. For many organizations, the best course of action is to simply wait and see. Monitor the ecosystem, read blogs and technical whitepapers, watch talks from industry leaders, and attend conferences and meetups to stay up to date with the latest trends and be ready to join the Web3 world when the time is right.

For others, it might be worth investigating if industry-specific blockchains are solving previously-unsolvable problems in your sector. You can also explore some of our Web3 integrations in the Auth0 Marketplace, and check back to hear about the new ones coming out soon.

If you're a Web3 organization looking to solve identity issues, we'd love to hear from you! You can join the Auth0 Lab Discord and join the conversation. We're also on Twitter, too, if that's more your thing.