Table of Contents
Fetching ...

Aggregating Digital Identities through Bridging. An Integration of Open Authentication Protocols for Web3 Identifiers

Ben Biedermann, Matthew Scerri, Victoria Kozlova, Joshua Ellul

TL;DR

This work addresses the fragmentation between Web2 OpenID Connect-based identities and Web3 identities by proposing a privacy-preserving digital identity bridge that aggregates centralised credentials with Web3 provenance. It details a two-workflow architecture—bridging claims and presenting claims—built atop core components (Bridging Client/Server/Database/Library) and an on-chain Identity Logging contract, enabling verifiable, privacy-aware attestations without exposing sensitive data. A WIDE proof-of-concept with the RaidGuild DAO demonstrates practical aggregation of off-chain credentials and on-chain reputation, offering a path toward interoperable digital identities across platforms. The study highlights trade-offs between centralised infrastructure and decentralised sovereignty, emphasizing future work on bidirectional bridging, governance, and compliance with eIDAS 2.0 to mature the approach for broader Web3 adoption.

Abstract

Web3's decentralised infrastructure has upended the standardised approach to digital identity established by protocols like OpenID Connect. Web2 and Web3 currently operate in silos, with Web2 leveraging selective disclosure JSON web tokens (SD-JWTs) and Web3 dApps being reliant on on-chain data and sometimes clinging to centralised system data. This fragmentation hinders user experience and the interconnectedness of the digital world. This paper explores the integration of Web3 within the OpenID Connect framework, scrutinising established authentication protocols for their adaptability to decentralised identities. The research examines the interplay between OpenID Connect and decentralised identity concepts, the limitations of existing protocols like OpenID Connect for verifiable credential issuance, OpenID Connect framework for verifiable presentations, and self-issued OpenID provider. As a result, a novel privacy-preserving digital identity bridge is proposed, which aims to answer the research question of whether authentication protocols should inherently support Web3 functionalities and the mechanisms for their integration. Through a Decentralised Autonomous Organisation (DAO) use case, the findings indicate that a privacy-centric bridge can mitigate existing fragmentation by aggregating different identities to provide a better user experience. While the digital identity bridge demonstrates a possible approach to harmonise digital identity across platforms for their use in Web3, the bridging is unidirectional and limits root trust of credentials. The bridge's dependence on centralised systems may further fuel the debate on (de-)centralised identities.

Aggregating Digital Identities through Bridging. An Integration of Open Authentication Protocols for Web3 Identifiers

TL;DR

This work addresses the fragmentation between Web2 OpenID Connect-based identities and Web3 identities by proposing a privacy-preserving digital identity bridge that aggregates centralised credentials with Web3 provenance. It details a two-workflow architecture—bridging claims and presenting claims—built atop core components (Bridging Client/Server/Database/Library) and an on-chain Identity Logging contract, enabling verifiable, privacy-aware attestations without exposing sensitive data. A WIDE proof-of-concept with the RaidGuild DAO demonstrates practical aggregation of off-chain credentials and on-chain reputation, offering a path toward interoperable digital identities across platforms. The study highlights trade-offs between centralised infrastructure and decentralised sovereignty, emphasizing future work on bidirectional bridging, governance, and compliance with eIDAS 2.0 to mature the approach for broader Web3 adoption.

Abstract

Web3's decentralised infrastructure has upended the standardised approach to digital identity established by protocols like OpenID Connect. Web2 and Web3 currently operate in silos, with Web2 leveraging selective disclosure JSON web tokens (SD-JWTs) and Web3 dApps being reliant on on-chain data and sometimes clinging to centralised system data. This fragmentation hinders user experience and the interconnectedness of the digital world. This paper explores the integration of Web3 within the OpenID Connect framework, scrutinising established authentication protocols for their adaptability to decentralised identities. The research examines the interplay between OpenID Connect and decentralised identity concepts, the limitations of existing protocols like OpenID Connect for verifiable credential issuance, OpenID Connect framework for verifiable presentations, and self-issued OpenID provider. As a result, a novel privacy-preserving digital identity bridge is proposed, which aims to answer the research question of whether authentication protocols should inherently support Web3 functionalities and the mechanisms for their integration. Through a Decentralised Autonomous Organisation (DAO) use case, the findings indicate that a privacy-centric bridge can mitigate existing fragmentation by aggregating different identities to provide a better user experience. While the digital identity bridge demonstrates a possible approach to harmonise digital identity across platforms for their use in Web3, the bridging is unidirectional and limits root trust of credentials. The bridge's dependence on centralised systems may further fuel the debate on (de-)centralised identities.
Paper Structure (13 sections, 8 figures, 1 table)

This paper contains 13 sections, 8 figures, 1 table.

Figures (8)

  • Figure 1: General Architecture of a digital identity bridge on the example of WIDE
  • Figure 2: OIDC Data Export
  • Figure 3: Plain Text Data Review
  • Figure 4: Data Encryption
  • Figure 5: Log-in with WIDE at Verifier
  • ...and 3 more figures