Why Decentralized Identifiers Are Just the Starting Point

DIDs need a standard format for attestations. Without it, every issuer builds a custom, non-portable system. The solution is W3C Verifiable Credentials (VCs).

• Interoperability: A VC from Circle for KYC can be reused by Aave for underwriting.
• Selective Disclosure: Prove you're over 21 without revealing your birthdate or name.
• Revocation & Expiry: Critical for real-world compliance, handled via status lists or accumulators.

VCs are only as trustworthy as their issuer. On-chain protocols need a decentralized, Sybil-resistant way to accredit real-world entities (governments, universities, employers).

• Delegated Attestation: Platforms like Ethereum Attestation Service (EAS) allow any entity to become an issuer.
• Reputation Graphs: Projects like Gitcoin Passport aggregate scores from multiple issuers to mitigate single points of failure.
• Cost: Issuing a VC on-chain today costs ~$0.05-$0.50, still prohibitive for mass-scale.

Users won't manage a DID for its own sake. Utility requires applications that demand it. The current landscape lacks apps where a DID/VC is the most efficient solution.

• On-Chain Credit: Protocols like Cred Protocol and Spectral Finance use VCs for undercollateralized lending.
• Governance: Gitcoin Passport uses aggregated credentials for Sybil-resistant voting.
• Compliance: Fractal ID and Verite provide KYC/AML VCs for DeFi access without doxxing wallets.

DIDs are empty shells without trusted attestations. The gap between a DID and a usable credential (e.g., proof-of-humanity, KYC) is filled by centralized issuers, creating a single point of failure and censorship.

• Sybil Resistance Depends on Issuers: Projects like Worldcoin or Civic become the de facto trust anchors.
• Revocation is Centralized: If an issuer's key is compromised or goes offline, the entire credential graph breaks.
• No Standard for On-Chain Verification: Each protocol (e.g., Gitcoin Passport, Orange) implements its own validation, fragmenting the ecosystem.

Signing a transaction is binary consent. Modern dApps require continuous, granular consent for data sharing and automated actions, which static signatures cannot capture.

• Replay Attacks & Scope Creep: A signature for a DeFi swap could be replayed to drain a wallet if not context-bound.
• No Built-In Revocation: Users cannot 'un-sign' a malicious smart contract interaction without migrating wallets.
• Session Keys as a Risky Workaround: Protocols like Argent and Safe use session keys for UX, but these are often over-permissioned, creating a ~$1B+ attack surface for key compromise.

Consent often relies on real-world data (identity, credit score, location). Bringing this on-chain reintroduces oracle centralization risks, negating the decentralization of the DID itself.

• Data Authenticity Risk: Oracles like Chainlink or API3 are trusted not to feed manipulated data.
• Privacy Leakage: Querying an oracle for a user credential exposes correlation data to the node operators.
• Cost Proliferation: Each verifiable check requires an oracle call, making continuous consent models like those in ERC-4337 account abstraction prohibitively expensive at scale.

Shift from transmitting credentials to verifying properties. Networks like Sismo, Polygon ID, and Aztec allow users to prove claims (e.g., 'I am over 18') without revealing the underlying credential or DID.

• Selective Disclosure Minimizes Leakage: Prove only what's necessary for the application.
• Break Issuer-User Linkage: The verifier cannot correlate the proof back to the original issuer event.
• On-Chain Verifiable: ZK proofs are cryptographically cheap to verify on-chain, moving trust from oracles to math.

Replace all-or-nothing signatures with policy engines. Users express intents ('pay max $100 in fees') and specialized solvers (like those in UniswapX or CowSwap) compete to fulfill them within bounds.

• Revocation by Design: Intents have built-in expiry and conditions; they are not replayable transactions.
• Reduced Cognitive Load: Users approve outcomes, not complex transaction calldata.
• Solver Accountability: Solvers can be slashed for misbehavior, aligning incentives without requiring user vigilance.

Mitigate centralized issuer risk by building credential graphs where trust is distributed. Projects like Ethereum Attestation Service (EAS) and Verax allow anyone to issue attestations, with reputation weighted by the attester's own credibility.

• Sybil Resistance via Staking: Attesters bond value, making false attestations economically punitive.
• Credential Portability: Attestations are stored on-chain or decentralized storage (IPFS, Arweave), owned by the user.
• Composable Reputation: A credential becomes more trusted as it's endorsed by other reputable DIDs, creating a web of trust.

A DID is just a container. Its value is zero without verifiable credentials (VCs). Without a rich ecosystem of attestations from Ethereum Attestation Service (EAS), Verax, or Gitcoin Passport, your DID is a username with no reputation.

• Key Benefit 1: VCs turn static IDs into dynamic, portable reputational graphs.
• Key Benefit 2: Enables sybil-resistance for airdrops, governance, and access control.

Infrastructure like Ethereum Attestation Service and Verax provide the schema registry and on-chain proof layer. This creates a universal, composable data layer for trust.

• Key Benefit 1: Developers can build on a shared truth source, avoiding fragmented silos.
• Key Benefit 2: Enables complex logic (e.g., "prove you hold a credential from A and B") for DeFi, DAO governance, and access gating.

On-chain VCs leak data. ZK-proofs for credentials (e.g., Sismo, zkEmail) allow users to prove a claim (e.g., "I am over 18") without revealing the underlying data (their birthdate or email).

• Key Benefit 1: Enables regulatory compliance (KYC) without doxxing.
• Key Benefit 2: Unlocks high-value, privacy-sensitive use cases in institutional DeFi and enterprise.

Static DIDs don't work for dynamic dApps. ERC-4337 Smart Accounts and session keys (via Privy, Dynamic) bundle identity with programmable transaction logic. Your identity becomes your wallet's policy engine.

• Key Benefit 1: Enables gasless UX, batch transactions, and social recovery.
• Key Benefit 2: Session keys delegate specific permissions (e.g., "this game can move my NFT for 24 hours"), blending identity with intent.

The endgame is a portable, cross-chain reputation graph. Projects like Orange Protocol and Rhinestone are building modular attestation frameworks that work across EVM, Solana, and Cosmos.

• Key Benefit 1: Your on-chain credit score from Goldfinch can be used to underwrite a loan on Aave.
• Key Benefit 2: Breaks down liquidity and user silos between ecosystems, creating network effects at the identity layer.

The space is a mess of competing standards (W3C VCs, EIP-712, EIP-5792). Winning requires solving the issuer adoption problem—getting credible entities (governments, universities, corporations) to issue VCs at scale.

• Key Benefit 1: Focus on infrastructure that is standard-agnostic and issuer-friendly.
• Key Benefit 2: The first protocol to onboard a major traditional issuer (e.g., a bank or government) wins the market.