Skip to main content
JUST TECH SOLUTIONS
8 min read M.K.

Decentralized Identity (DIDs) and Verifiable Credentials in Practice

In the web3 ecosystem, we talk a great deal about decentralized finance, decentralized governance, and decentralized infrastructure. But we tend to stay quiet about the most fundamental problem of all: identity. Who are you in a system that is explicitly designed to function without central authorities? And, more importantly, how do you prove who you are without revealing everything about yourself?

This question has occupied me for years. Not as an abstract thought experiment, but as a very concrete technical problem that we encounter regularly at Just Tech Solutions when working with DAO projects. In this article, I want to provide an overview of where we stand technologically, what is practically usable today, and where the journey is headed.

The Identity Problem in web3

In the traditional web, identity is a solved problem, at least from a technical perspective. You sign up with an email address, a company verifies your identity, and from that point on your digital existence is mediated through that company. Google knows who you are. Facebook knows who you are. Your bank knows who you are.

In web3, this central authority disappears. An Ethereum address is pseudonymous. It proves possession of a private key, but it says nothing about the person behind it. This is intentional, because pseudonymity is a feature, not a bug. But a tension arises: DAOs need trust. Governance needs legitimacy. And legitimacy needs some form of identity.

The naive solution would be to simply import KYC (Know Your Customer) processes from traditional finance. But this would undermine the fundamental premise of decentralized systems. What we need is something more nuanced: the ability to prove certain properties about yourself without disclosing your entire identity.

DIDs: The Building Block

Decentralized Identifiers (DIDs) are an attempt to solve this problem at a fundamental level. A DID is a URI that uniquely identifies an entity without depending on a central registration authority. The associated standard (W3C DID Core) defines how these identifiers are structured and how the corresponding DID documents are resolved.

A DID looks like this, for example: did:ethr:0x1234...abcd. The first part (did) is the scheme, the second part (ethr) is the method, which indicates how the identifier is resolved, and the third part is the method-specific identifier itself. There are dozens of DID methods, from blockchain-based ones like did:ethr or did:ion to simpler ones like did:web or did:key.

What makes DIDs compelling is not the identifier itself, but what it enables: a cryptographically verifiable connection between an entity and a set of public keys, service endpoints, and metadata, without any central authority needing to establish or confirm that connection.

Verifiable Credentials: The Proof

A DID alone does not solve any problem. It is like an empty ID card: it identifies you but says nothing about you. This is where Verifiable Credentials (VCs) come in.

A Verifiable Credential is a digitally signed attestation that a certain property applies to a certain DID. The issuer signs the credential with their own DID, the holder stores it, and a verifier can check the signature without needing to contact the issuer.

In the DAO world, this immediately yields practical use cases:

  • Membership proof: A DAO issues a VC confirming that a particular DID is a member. This credential can be presented on other platforms without the DAO needing to be directly involved.
  • Reputation proof: A contributor can prove they worked on a specific project without revealing in what role or at what compensation level.
  • Qualification proof: An auditor can demonstrate they are certified without disclosing their full identity.

While working on a community platform in the DAO space, we examined exactly these scenarios. The question of how a member proves their affiliation without the platform itself needing access to the membership list is a concrete design problem we encounter regularly.

Zero-Knowledge Proofs: The Elegant Solution

Verifiable Credentials are a major advance, but they have a weakness: when you present a credential, the verifier sees the entire contents. If your credential states "Member of DAO X since 2023, Role: Treasurer, Votes: 150," then the verifier learns all of that, even if they only wanted to know whether you are a member at all.

Zero-knowledge proofs (ZKPs) solve this problem in a mathematically elegant way. A ZKP allows you to prove a statement without revealing the underlying data. You can prove that you are a member of a particular DAO without revealing since when, in what role, or with how many votes. You can prove that you are over 18 without disclosing your date of birth. You can prove that your account balance exceeds a certain threshold without naming the exact amount.

In practice, VCs are combined with ZKPs into so-called "selective disclosure" mechanisms. The holder of a credential can choose which attributes to reveal and which to present only as a zero-knowledge proof. This is no longer a theoretical construct. Frameworks like Circom, Noir, and Semaphore are making ZKPs increasingly accessible to developers.

Who Owns Your Identity?

Behind the technical discussion lies a philosophical question that preoccupies me: who actually owns your digital identity?

In today's system, it effectively belongs to the platforms. Your Google account exists on Google's servers, under Google's rules. If your account is suspended, you lose access to a substantial part of your digital existence. The same applies to Facebook, Twitter, or any other platform offering "Login with..." functionality.

DIDs and VCs promise a different model: Self-Sovereign Identity (SSI). Your identity data resides with you, typically in a wallet on your device. You decide who gets to see which information. No platform can revoke your identity because no platform owns it.

This sounds utopian, and in some ways it still is. The user experience of SSI wallets is still far from the simplicity of a "Login with Google" button. Key management is error-prone. Losing a private key can mean losing your entire digital identity. Social recovery and multi-device synchronization are not yet mature.

But I am convinced the direction is right. The question is not whether we need self-sovereign digital identities, but how quickly the technology becomes user-friendly enough for mainstream adoption.

Practical Challenges

From our experience at Just Tech Solutions, the biggest hurdles are not technical but organizational:

Standardization: There are too many competing standards and DID methods. A VC issued with did:ethr is not automatically compatible with a system that expects did:web. Interoperability is improving, but it is not yet where it needs to be.

Trust anchors: VCs only work if the verifier trusts the issuer. In a decentralized system, the question becomes: who determines which issuers are trustworthy? Trust registries and trust frameworks are an active area of research, but there is no industry standard yet.

Scalability: ZKPs are computationally intensive. On mobile devices, generating a proof can take several seconds. For a smooth user experience, this is still too slow. Hardware acceleration and optimized proof systems like PLONK and Groth16 are continuously improving the situation.

What This Means for DAOs

For the DAO projects we work with, my recommendation is: start with DIDs and VCs now, but do not expect perfection immediately. Concretely, this means:

  • Implement DID-based authentication as an alternative to WalletConnect. It is a small step, but it lays the foundation for everything that follows.
  • Experiment with VCs for membership proofs. The technology is mature enough for internal use cases.
  • Watch ZKP development closely. Selective disclosure will become production-ready within the next one to two years.
  • Consistently separate identity data from application data. This architectural decision pays off regardless of which standard prevails.

Decentralized identity is not a finished product. It is an evolving ecosystem of standards, protocols, and tools. But it is also the foundation on which everything else is built. Without reliable identity, there is no reliable governance, no reliable reputation, and no reliable trust. And without trust, there is no functioning DAO.

The technical puzzle pieces are on the table. It is up to us to put them together.

Back to Blog