While crypto companies adjust to the changing market conditions in the DeFi space, Web3 innovators continue to build new infrastructure for the decentralized internet. That work took a step forward earlier this month when Dock Labs released their Auth0 Marketplace Integration, Web3 ID, to unlock sign-in with Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) and enable privacy-preserving user verification for Web3.
Using Web3 ID, developers can grant access and verify end-user eligibility by requesting private data from users' non-custodial identity wallet apps with the users' consent.
The DID and VC W3C standards are core building blocks to enable Decentralized Identity scenarios. The Auth0 Lab team has been following the space closely, and we're excited to support Dock with this important work.
The Genesis of Decentralized Identity
The 2010s saw a stream of news on the misuse of identity information (1, 2, 3). Governments responded with new regulations, like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Technologists started thinking about their own solutions for how to design a web ecosystem that doesn't rely on large centralized players to arbitrate identity across the web. While Decentralized Identity won't solve every privacy concern, it will hopefully represent a move towards user control of their data.
One of the core tenets of Decentralized Identity is that users own and control their identity information. In Web2, users sign in with centralized identifiers like email addresses and social media profiles. Web3 users want decentralization, to own their assets and identifiers, and to preserve their privacy while accessing apps and services. Web3 introduced the ability to sign in using cryptocurrency wallets. But with crypto wallets, all the user data that a developer can verify is on the blockchain, like assets owned or transaction history. Putting personal user data on the blockchain can be a major privacy issue, as a public blockchain is immutable and… public.
Dock Lab's Approach to Decentralized Identity
The need to have a Web3-native system that enables organizations to verify private user data led Dock Labs to build Web3 ID, a blockchain-based Authentication and Authorization system that puts user privacy first. With Web3 ID, users' private data is stored on their non-custodial wallet apps.
However, this notion poses all sorts of challenges. Users need both security and convenience. Traditionally, they offloaded these responsibilities to the major social IDPs, like signing in with Google, which provided both very well, but sacrificed user privacy and control as Web3 organizations realized that getting a user to successfully handle a private key with a wallet can prove to challenge.
Another challenge of Decentralized Identity is that it's an ecosystem play; a lot of independent actors need to adopt similar standards so the identity can operate between systems. To ensure that DIDs and their associated public keys are always available for verification, Dock publishes DIDs to a public blockchain that anyone can reference. Even though blockchains aren't required for DIDs to work, blockchains solve ecosystem problems by making the data publicly available for anyone to build against.
In the meantime, the standards for Decentralized Identity are evolving and being solidified. The World Wide Web Consortium (W3C) recently finalized the DID Core standard. The W3C's working on Verifiable Credentials continues to evolve the standard to fit industry needs. Dock Lab's evolving toolset is keeping apprised and applying these developments.
Dock in Depth
Dock Labs, the team behind Web3 ID, has been in the decentralized identity space since 2017. "We started Dock to enable organizations and individuals to create and share verified data," says Elina Cadouri, co-founder of Dock.
While Web3 ID allows developers to verify user data in Verifiable Credentials, Dock's Decentralized Identity Platform, Certs, provides a highly secure and scalable solution to issue these credentials through a no-code dashboard or a simple-to-use API.
And it's all built on top of the Dock blockchain. A Proof of Stake distributed ledger purposely created by Dock Labs for identity use cases, with high throughput, energy, and cost efficiency.
"It's incredibly exciting to see other industries, not just Web3, realize what Decentralized Identity enables. With Verifiable Credentials, sectors like Supply Chain Management or Health & Safety can now issue fraud-proof certificates and instantly verifiable documents. We're helping them eliminate certificate fraud, prove the origin of goods and greatly reduce the time it takes to verify a document." says Nick Lambert, Dock's CEO.
Dock Lab's Auth0 Marketplace Integration
DIDs are cryptographically-verifiable pseudonymous identifiers created by the user, owned by the user, and independent of any organization. When a user creates an account in the Dock Wallet app, a DID will automatically be created for them.
DIDs contain no personal data about the user. An example of a DID store on the Dock blockchain could look like this:
Each DID is supported by one or many Public-Private cryptographic key pairs.
When a user scans the QR Code generated by the Dock Web3 ID Auth0 integration, the user's Private Key associated with the DID digitally signs a Verifiable Credential. The user signs the VC to prove that they control the DID.
This Verifiable Credential contains:
- Any data the organization requests from the end-user during the sign-in process (i.e., name, email address, etc.)
- A challenge (a unique, one-time use identifier provided by the auth server to prevent replay attacks)
- Expiration for the Credential
- A cryptographic hash that ensures that the Credential wasn't modified since it was created and signed.
This Verifiable Credential is sent to Dock, who verifies that the Credential was indeed cryptographically signed by the correct user and grants the user access to the app.
To add the Dock Web3 ID Integration to your tenant, head over to Auth0 Marketplace integration, and check out the installation guide! Like with any integration, some claims about the partner's system aren't controlled by Auth0/Okta and are subject to changes by the partner.
The Auth0 Lab team is actively exploring the best ways to enable developers to build applications that rely on Web3 identity constructs and help bridge the Web2 and Web3 worlds. You can follow our progress on Twitter. If you're interested in speaking with the team, join our Discord and start a thread.