More than 9 in 10 submissions to the inaugural DIF Hackathon last October used Web5 and DWNs. There’s obviously a lot of interest in this! Did that surprise you?
In a way, no. There’s only so much you can do with Decentralized Identifiers and VCs on their own. The majority of use cases today are these stodgy things like government credentials or proving your humanness.
The IAM (Identity and Access Management) industry has a very dry view of identity. A human wouldn’t think “my login credentials are my identity”. A person thinks of their identity as more a reflection of a certain part or all of who they are.
For too long both the IAM and the Decentralized Identity communities were focused on boring stuff like government credentials. I don’t love it when I need to show my driver’s license. We’ve centrered the ecosystem around things that are done begrudgingly, they’re not fun for users. I think that’s maybe why the long tail of developers have not embraced DI yet.
What we’re trying for with Web5 is, go build the next Eventbrite or social network on this. It’s things that are more exciting for developers AND users. I think that’s what’s driving the interest in D-Web Nodes.
What was the journey that led you to be involved in working on the DWN specification?
My interest in this area grew while I was working at Mozilla. After researching Microsoft’s position in identity, I saw it as an opportunity to pursue what I was really interested in. I didn’t want to do another stint on browser stuff, so I was going to give it a year at Microsoft to see if I could work on what I really wanted to work on, coming in under the auspices of Browser.
After about six months Microsoft agreed yes, we should pursue some means of user-owned identity. None of the social oAuth is owned by Microsoft and if they could disintermediate the federated identity providers, that would be good for Microsoft. So they said, “let's take a shot”.
Solving identifiers in a decentralized way was necessary, in order to get onto more interesting problems. How would you create decentralized storage for apps, for instance, if you didn’t know how to store the data in reference to an identifier controlled by the data’s owner? You have to have the identifier before you can have the subsequent pieces.
So I had the opportunity to work on this stuff at Microsoft, to help get it pretty far along. But then there was this great opportunity to go work for Block, building out the piece that I’d actually wanted to work on back at Mozilla.
That’s where I think most of identity actually is. It's in people’s data. The content of your Tweets tells people more about you than your handle. Who cares how you’re logged in? What defines you is all the stuff you do after you log in. So the data store piece is huge and we’ve been contributing to that work at Block.
You helped establish DIF in 2016. Did you envisage back then the timescale for Decentralized Identity to get to where it is today?
I naively thought “we’ll just work with some browser vendors and be done with identity in a few years, then get onto the fun stuff”. It didn’t happen like that! I got a lot of Nos, a lot of people said “nothing needs to be decentralized”. But I was intentional about what I was doing, and I don’t like giving up. I wanted it to work so badly, and still do.
Then we got stuck in a rut with the IAM crowd, where they were using DIDs that were just keys. They thought, I don’t need to find content. It really neuters what you can do. I don’t think the world moves forward just because we have a couple of proofs we can pull out of our digital wallet instead of our physical wallet.
It might not be anything I’ve worked on that ends up being The Thing. That’s not important. What’s important is that Decentralized Identity comes to be, in some form. I do think it’s an idea whose time has come. I see all the signs. Like social media cancellations, deprivations of service, spam bots everywhere. It’s not stopping, it’s only accelerating. People are becoming concerned and they need something to turn to.
Who knows if DWNs end up being The Thing? I think it’s a good candidate / first pass approach, and I hope people like it. As long as options are there, someone’s going to pick up these tools and make them well-known. There’s going to be that break out moment. I’ll just keep working on it until either we get there or I can’t work anymore.
How long will it take for that breakout moment to arrive? Are there still big obstacles to adoption, in your view?
Getting DID resolution and DID-relative resources as standard functions of the browser, like DNS resolution is today, would be the single greatest thing for this entire ecosystem. Support for non-DNS origins has been a real sticking point historically. We need to get browser vendors to recognise other sorts of URIs aligned to the same-origin security model. The IPFS crowd has got this started. IPFS addresses have their own origin. It’s slowly happening.
DIDs being seen as first-class origins is THE thing. Once you convince them that’s ok, resolution of content follows. I don’t think the tech is mature enough yet, but I do think we have the beat on some candidate DID methods that browser vendors would be more inclined to adopt, that still have a full range of features.
On the data stores side, it’s great to have Tim Berners-Lee involved with Solid. I might not love every single technical decision of that project, but it’s a great thing that he is spearheading it.
I think we’re probably still five years from a breakout. We need to convince browser vendors that this is worthwhile. Until everyone has a browser that can resolve DIDs and show something visual, you’re looking at one-off use cases. It’s such a simple but important piece.
It sounds as though DWNs can help bridge to a world where browsers are able to resolve DIDs and find DID-linked resources?
Absolutely! We’ll be presenting some demos soon that show browsers finding DID-related data, even without an extension. Being able to click DID-relative links on the internet and have the data be visually rendered from someone’s personal data store is awesome! It’s by far the most interesting piece, and the number one thing that will make it real for people.
Where do Big Tech, social media and the Web3 community stand on Decentralized Identity?
When I started at Microsoft it was years before the spam problem really blew up, with all these crypto bots on Twitter and so on. They didn’t believe it was going to be a problem. Then AI came along. Now, bots are better at being human than some humans. I suspect these services are being overrun and if they don’t figure it out soon, there’s going to be a dramatic loss of quality on their platform and it will start to hit revenues. Recruiters don’t want to see a bunch of fraudulent profiles, so it makes sense for LinkedIn to make them verifiable. There’s probably a premium you can put on that, on certain services.
Decentralization isn’t something that’s unheard of in the social sphere. People understand it. 12 years ago it was this kookie conspiracy theory that you’d be concerned about who controls your twitter account. Ironically, centralized services and authoritarian regimes have been the best spokespeople for decentralization. By carrying out these bans, by suppressing people’s ideas and opinions, they have sold the world on the fact that they should not be in control of our data. Hats off to them!
If you’re talking about global social networks, it’s a harder economic question. One of the common arguments I hear against decentralization is, “how is it going to be paid for?” My response is “you'll pay for it, if you care about it”. People pay for Google Drive and all sorts of other services with a storage component. It’s not weird. People will pay to protect what’s theirs. From there out, you can work on models for services with an aggregation component.
Re Web3, there’s a blockchain crowd that wants to insert tokenization everywhere. Some do it because the way they make money is if there’s a token in the middle. Others don’t know there might be a better way that’s faster and cheaper and doesn’t require tokens. There are almost zero drawbacks to using a personal data store, versus putting things on a blockchain.
Where do DWNs fit into the larger SSI tech ecosystem?
I think with all three components of DIDs, VCs and personal data stores together in one platform, we’ll be able to see people really for the first time create apps that are respectful of users, that put you more in control. It’s not about decentralization for its own sake. There are real benefits that make it different from what’s available today. For example, imagine a social media platform that lets you choose your own algorithm.
That’s the journey we’re on. It’s not one that’s unique to me, there are lots of other people working on this, including lots of data store projects in the DID & VC space.
Final thoughts?
There’s going to be more delivered that we’ve long been working on from the TBD side, all open source, that gives more to users finally, than just developers. That’s what I’m looking forward to. I hope we get to have a much different conversation towards the end of 2024, having seen these things roll out, the standards stabilize and starting to have these discussions with the larger entities that are needed to get this to the mainstream.