Identity is essential. Wherever we go, whatever we do, we need to identify ourselves to be able to do just about anything in the real world.
Identity is the gateway to interacting with the $400T+ global financial market – for millions of individual banking users and for regulated institutional investors.
Identity is the reason that Google, Apple, and Microsoft have spent 8 years working on Passkeys – a slightly improved method for users to log in to websites.
Identity defines our ability to get jobs (using diplomas), secure loans (using credit scores), attend concerts (with tickets) or travel from place to place (with passports and driver’s licenses).
Assets and finance have always gone hand-in-hand with identity – and without tightly integrated blockchain-native identity, Web3 and DeFi will remain stuck inside today’s tiny crypto bubble. For example, Waiting just outside the crypto bubble today is a crowd of huge institutional investors worth over $60 trillion alone. As much as they want to, they cannot bring their capital and know-how into the space until there is a platform that can provide the kind of integrated identity that allows them to meet their compliance requirements.
The blockchain platform that finally provides the right developer experience, user experience, and scale needed for both mainstream-ready digital ownership and digital identity will be the platform the world adopts.
Current blockchains aren’t close – their tools to create identity are simplistic and limited. However the design of the Radix Network has always included identity, integrated directly with Radix’s revolutionary approach to tokenized assets and smart contracts.
In this article, we’ll cover what kinds of identity are needed to break Web3 and DeFi out of the crypto bubble, and how Radix provides the right solutions out of the box.
What is identity?
It’s tempting to think of identity as a single thing – my identity is just… me, right?
But identity actually takes many forms – for very good reason. For example:
You wouldn’t want to use your social security number to get into a concert. You wouldn’t want to tie your bank account forever to a single phone number. You might need to prove your real name and passport number to board a flight, but you don’t want the whole world to know those things about you. And if you’re an institutional investor, you can’t prove your legally-required credentials to regulated financial systems with just an email and a password.
That’s why each of us has many very different forms of identity that are suited to very different types of usage.
For example:
- If we simply need to log in to a website, we typically use a name and password – preserving anonymity while still having a unique identity for use on the website.
- When we connect to a financial institution like a bank to access our money, we often use things like the devices we own and secrets that only we know to prove to the bank “this is still really me, not an impostor”.
- Sometimes businesses need to limit access to certain authorized individuals, and so we use forms of identity that we can carry around with us and can present on demand, like ID cards or (in single-use form) tickets.
- And when businesses have special requirements based on real-world credentials, we sometimes have to provide special proof provided by a trusted authority. For example, an SMS verification can help prove that we are a unique person without revealing anything else; or a passport issued by a government can help prove our name and where we live.
The need for these different kinds of identity doesn’t go away when we move into the Web3 era and start using decentralized platforms and apps. We need to take these four different kinds of identity from the traditional world, and translate them into a world of Web3 and DeFi.
In Web3…
We still need to log in – but now to dApp websites that can interact with our wallets where we have our digital assets.
We still need to prove we’re the same person – but now it’s to control our own blockchain accounts rather than use centralized financial institutions.
We still need to prove our authorization – but as part of transactions with dApps and smart contracts.
We still need to prove real-world credentials – but do it in an on-ledger form so that dApps and smart contracts with special compliance requirements can use them.
In short, we need new blockchain-native ways of representing identity, in all its forms, so we can use identity seamlessly and securely with powerful Web3 dApps running on open networks.
The problem with blockchain identity today
The standard blockchain ways of creating these different kinds of identity today are quite narrow due to the technical limitations of current L-1 networks. In short, the assumption of Ethereum and other networks is “you are your account, and you prove it with a single private key”.
That means a pretty one-size-fits-all approach:
Want to log into a dApp website? Sign a proof with your account’s private key.
Want to authenticate to your account? Sign a transaction with your account’s private key.
Want to prove you’re authorized to use a dApp? The smart contract has to recognize you by your account and the signature of your private key.
Want to prove special credentials, like “proof of human” or AML/KYC status, to a dApp? Well… there is a lot of debate about the right way to do that using a private key.
Looking at it through a purely technological lens, this might seem to make sense. If you have your seed phrase (private key) for your account, you can identify yourself anywhere as your account! Simple!
But this approach ignores the realities of why we have different forms of identity today.
When we log in, we want to be able to separate who we are from what we own – not lock them together by using a single account for both.
To control our accounts and assets, we don’t want a single easily-lost-or-stolen key that we can’t change. We want the same sorts of multi-factor control that we’re used to today with banks, with the ability to use different kinds of personal proof to reliably control and regain access to our money.
When we need to authenticate to dApps, we don’t want to lock our access to a single account address. We want to hold and present application-specific forms of identity – like ID cards – and we may want that identity to be transferable from person to person – like a ticket.
When dApps need specific forms of proven credentials, we want to be able to provide that proof right on the network when we want to do a transaction – but without sharing private information with the world. That’s a difficult problem to solve in the “you are your account” model.
So when it comes to identity, are we stuck with choosing between decentralization or robust features? Self-sovereign control or great user experience?
Radix believes you can have both, without compromise, if identity is baked into the design of the platform.
Radix’s platform-native forms of identity
We need ways of expressing different forms of identity on a decentralized network that are secure and reliable enough to be used by individuals and institutions, and do it in a way that is user-friendly enough for mainstream usage.
The Radix Network has tools built right into the platform to do exactly that, for the four classes of identity that are essential.
Each form of identity is supported with a specific solution that is suited to the purpose – and is integrated with the Radix Wallet and Radix’s dApp development tools to ensure a great user experience.
Let’s go through them one by one.
Personas
Logins to websites and apps aren’t going away. Web3 dApps often interact with assets and smart contracts on a blockchain, but they still have a user interface that is a regular old website or native desktop/mobile application. And that user interface still needs to identify its users securely.
Personas are Radix’s system to provide a secure password-free login to dApps. Any website can use Personas as its login mechanism – from finance applications to social media. You can create as many Personas as you like, and use them wherever you like. They are secure and recoverable, with no password to remember or write down.
Personas are used for “off-ledger” user verification, but they make use of the Radix Network to enable its password-free user experience. Each Persona you create in your Radix Wallet is represented on the network by a unique platform-native component called an Identity. Only you and your Radix Wallet can prove to a dApp that you are the true owner of that Persona and its Identity component. No on-ledger transaction is required to login with a Persona, but the on-ledger component check means that Personas can use the same Access Controller technology as Radix accounts for fully decentralized multi-factor control and recovery (more on that in a moment) – meaning that Personas don’t have to resort to centralized storage of a private key like the Passkeys that Google and Apple are trying to convince you to use.
Personas are also designed to be used right alongside digital accounts and assets. When you’re logged in with a Persona using the Radix Wallet, dApps can request a list of accounts to use with that dApp, and you can choose what you want to share in your Radix Wallet. The wallet will keep track of which accounts you want to share with that particular dApp, when logging in with that particular Persona. Basically, you choose who you want to be, and what you want to bring with you, when you enter the world of each dApp.
The Radix Wallet already uses Personas, and a host of dApps built on Radix let you log in with them today with a click.
Click here to learn more about Personas.
Access Controllers
Today our money is locked inside the silos of banking institutions, putting limits on what you can do, and how you can use your own assets. DeFi lets you take back control, letting you directly own accounts on a blockchain that can security hold all sorts of tokenized assets – and letting you use them wherever you want. But those advantages shouldn’t come at the cost of the terrifying user experience of controlling it all with a single seed phrase.
Access Controllers are Radix’s platform-native multi-factor technology that integrates directly with Radix accounts to let you control your assets with the same sort of user experience you’re used to from a bank. That’s why we call them “smart accounts” on Radix. With smart accounts, signing transactions can be as simple as a biometrics check on your phone – or be configured to require multiple factors for extra peace of mind. Lose your phone? No problem; the access controller lets you “change the locks” on your accounts to migrate control to your new phone. And nowhere are you forced to write down and protect a seed phrase that controls everything.
Unlike many multi-factor systems being applied to blockchain accounts, there is no centralized party behind access controllers, no custodian you have to trust. They are platform-native components on the Radix Network, and the Radix Wallet can make use of their features to deliver a mainstream-ready experience without sacrificing personal control.
Access Controller technology is already available on the Radix Network. Upcoming updates to the Radix Wallet will add full support for usage of these features for account control and recovery in the form of “Security Shields”.
Click here to learn more about Access Controllers and Smart Accounts.
Badges
Smart contracts (or, as they are called on Radix, components) can create powerful systems to interact with digital assets – from finance to games, stablecoins to memecoins, perpetuals markets to NFT storefronts. In many cases, smart contract logic needs to limit access to only those who are authorized. Tying access strictly to “what account is calling me” doesn’t get anywhere close to the sorts of role-based authorization systems that are typically used in the traditional development world – leading to many multi-million-dollar “hacks” in the DeFi space caused by auth failures.
In the real world, authorization is often based on proving your role or permissions with a physical ID card or ticket you hold. Badges on Radix are essentially tokenized ID cards or tickets; in fact any asset can be a badge used for auth. Using the built-in auth capability of Scrypto and the Radix Engine, components can easily define what badge (or combination of badges) must be presented in a transaction to access certain features. A proof of a given badge can be presented as a command in any Radix transaction.
This lets dApps quickly and intuitively define secure and flexible auth logic without custom code. Maybe known users of your system have a special badge for access. Maybe some of your employees have a different badge for administrative functions. And because badges are Radix assets, you can choose if those badges can be transferred, if your system can recall them, and more.
The user experience of badges in the Radix Wallet couldn’t be more simple. A dApp that requires authentication simply requests that a “proof” of the badge be produced in the transaction; the badge never leaves your account. What you see in your Radix Wallet is your normal transaction summary but with an extra bit: “Presenting: SuperDEX User ID Badge”. Just like flashing your ID card or ticket at the door.
Badge-based auth has been a part of the Radix Engine and Scrypto since v1.0, with a vibrant community of developers relying on them. And the Radix Wallet already shows its users whenever they are presenting badges for auth.
Click here to learn more about Badges.
DID Badges and VCs
As DeFi expands, there is no question that real-world credentials will become more and more necessary. A dApp might need a simple “proof of human” check, a check on AML/KYC status, a check on qualified investor credentials, or a thousand other types of credential to limit access according to the dApp’s needs.
In all circumstances, the dApp needs to know that an authority that it trusts is willing to make the claim “yes – this user has proven that they have this credential”.
This is an extremely difficult problem to solve on an open network. Make credentials directly available on-ledger to smart contracts and all privacy is lost. Keep credentials off-ledger and smart contracts lose the ability to check credentials on a composable transaction-by-transaction basis.
Radix provides the perfect tools to give dApps atomic access to credential-based authorization, without giving up privacy. The solution is a unique and powerful implementation of the W3C’s standard of DIDs (decentralized IDs) and VCs (verifiable credentials), making full use of Radix’s badge-based auth.
In short, a DID badge is like a special ID card that you can present “at the door” of a dApp to get in. When the dApp examines the badge, it can see who issued it (do I trust them for the credential I need?), what credentials have been checked (has the check I need been done?), and information to let the dApp check if the credential is still valid. The privacy-sensitive information, however, is recorded separately in a special package of data called a VC (verifiable credential). The VCs are all kept off-network where they belong, but the DID badge indicates who to ask to get it. Only the user can grant permission to a dApp to view that privacy-sensitive information off-ledger before the dApp will accept their DID badge at the door.
The result is that after a user onboards into a dApp, the dApp’s component logic on the network can check their credentials on a truly atomically composable, transaction-by-transaction basis.
That is exactly the kind of identity system that regulated financial entities and institutional investors need dApps to be built around before they can bring their capital and applications to the new world of DeFi.
The DID Badge and VC system makes use of features already present on the Radix Network. It is being developed as an open standard that will be proposed this year, with credential issuers already committed to supporting it. More information is coming soon.
Click here to learn more about the DID Badge and VC standard proposal for Radix.
Conclusion
Radix is already demonstrating that it is the only L-1 network with a full-stack technology approach that can break DeFi past the barriers of unacceptable developer experience and user experience that are holding back its growth.
Identity is the next barrier for DeFi that Radix is breaking through. As DeFi becomes bigger, more relied on, and more interesting to institutional capital, robust forms of on-ledger identity will become more and more necessary. Radix is ready to be the home for that new generation of dApps that take DeFi to the next level of real-world impact.