3.1 X Identity

The Web3 Identity Protocol supports mutual recognition of identities among users, applications, and AI. Meanwhile, it is universally applicable across networks, platforms, and applications, ensuring a high level of privacy and security.

At the core of Web3 is to achieve minimal trust so that the processes unfold exactly as participants anticipate. The adoption of decentralization, economic incentives, and encryption technology in blockchain aims to achieve minimal trust, providing users with guarantees of computational accuracy, timeliness, resistance to manipulation, and tamper resistance. Executing code and storing data on the blockchain in a trust-minimized manner is referred to as “cryptographic truth.”

Before the rise of crypto and Web3, decentralized identity was already a collective effort. The overarching goal is to empower individuals to recoup autonomy over their identities without relying on centralized, singular gatekeepers. The misuse of customer data and a decline in trust in large corporations have made decentralization a central theme for the next era of Internet identity.

Decentralized Identifiers (DID) and Credentials are the primary building blocks of decentralized identity. DIDs are issued and stored in Verifiable Data Registries (VDRs) as independent "namespaces," free from central management. In addition to blockchains, decentralized storage infrastructure and P2P networks can also serve as VDRs.

In the DID ecosystem, entities (individuals, communities, organizations) can use decentralized Public Key Infrastructure (PKI) to authenticate, prove ownership, and manage their DIDs. Unlike traditional network PKI, it does not rely on centralized Certificate Authorities (CAs) as a trust root.

Identity data is written into proofs, essentially a "claim" by one identity about another (or about themselves). The verification of claims is achieved through PKI with encrypted signatures. Therefore, the DID Spec in X Identity in XOS defines four main components:

(1) Scheme: The prefix "did" signals to other systems that it is interacting with a DID rather than other types of identifiers like URLs, email addresses, or product barcodes.

(2) DID Method: It specifies how to interpret the identifier to other systems. There are over 100 DID methods listed on the W3C website, typically associated with their own VDR and having different mechanisms for creating, resolving, updating, and deactivating identifiers.

(3) Unique Identifier: A unique identifier specific to the DID method,such as, an address on a particular blockchain.

(4) DID Document: The three parts above can be resolved into a DID document that contains a way for entities to self-authenticate, any properties/claims about the entity, and pointers ("service endpoints") directing to additional data locations about the entity.