Web3, Web5 & SSI

Timothy Ruff
11 min readSep 7, 2022

--

Why the SSI community should escape Web3 and follow Jack Dorsey and Block into a Web5 big tent, with a common singular goal: the autonomous control of authentic data and relationships.

TL;DR

  • As a ten-year veteran of the SSI space, my initial reaction to Jack Dorsey’s (Block’s) announcement of Web5 — which is purely SSI tech — was allergic.
  • After further thought and discussion with SSI pros, I now see Web5 as an opportunity to improve adoption for all of SSI and Verifiable Credentials, not just for Block.
  • SSI adoption would benefit by separating from two things: 1. the controversies of Web3 (cryptocurrency, smart contracts, NFTs, Defi, blockchain); 2. the term “self-sovereign identity”.
  • Let ‘crypto’ have the “Web3” designation.
  • SSI will be bigger than crypto/Web3 anyway and deserves its own ‘WebX’ bucket.
  • Web5 can be that bucket, bringing all SSI stacks — Ion, Aries, KERI, etc. — into one big tent.
  • Web5 should be about “autonomous control of authentic data and relationships” and it should welcome any and all technical approaches that aim for that goal.
  • I think a strong, inclusive and unifying designation is “Web5 technologies”.
  • I love the principle of self-sovereignty and will continue to use the term SSI in appropriate conversations, but will begin to use Web5 by default. I invite others to do the same.

Web5 Resistance

Jack Dorsey, of Twitter and Block (formerly Square) fame, has recently introduced to the world what he calls Web5, which he predicts will be “his most important contribution to the internet”. Web5 appears to be purely about SSI, and Dorsey’s favored approach to it. He leaves Web3 focused on crypto — cryptocurrencies, NFTs, Defi, etc. — and nothing more. Web5 separates SSI and verifiable credentials into their own, new bucket, along with the personal datastores and decentralized apps individuals will need to use them.

Sounds okay, but when I first heard about Web5 I had a rather allergic reaction…

Where’s Web4?

Isn’t SSI already part of Web3? What’s wrong with Web3, that SSI isn’t/shouldn’t be part of it?

The initial Web5 material is too centered around Block and their favored technical approach…

Web5 just sounds like a rebranding/marketing ploy for the BlueSky project Jack launched at Twitter…

And so on. I’ve since learned the thinking behind skipping Web4: Web2 + Web3 = Web5 (duh), but that question was the least of my concerns.

As I began to write this piece in a rather critical fashion, my desire to have a ‘Scout Mindset’ kicked in and I started to think about Web5 in a new light. I floated my new perspectives by several people I respect greatly, including Sam Smith (DTV); Stephan Wolf (CEO of GLEIF); Daniel Hardman and Randy Warshaw (Provenant); Nick Ris, Jamie Smith, Richard Esplin and Drummond Reed (Avast); James Monaghan; Dr. Phil Windley; Doc and Joyce Searls; Nicky Hickman; Karyl Fowler and Orie Steele (Transmute); Riley Hughes (Trinsic); Andre Kudra (esatus); Dan Gisolfi (Discover); Fraser Edwards (cheqd); the verifiable credentials team at Salesforce; and dozens of fine folks at the Internet Identity Workshop. Everyone seemed to nod heads in agreement with my key points — especially about the need for separation from the controversies of Web3 — without poking any meaningful holes. I also confirmed a few things with Daniel Buchner, the SSI pro Jack nabbed from Microsoft who leads the Block team that conceived the Web5 moniker, just to be sure I wasn’t missing anything significant.

The result is this post, and though it’s not what I originally intended — a takedown of Web5 — it presents something far more important: an opportunity for all SSI communities and technologies to remove major impediments to adoption and to unify around a clear, singular goal: the autonomous control of authentic data and relationships.

Controversies Inhibiting SSI Adoption

While I disagree with some of the specifics of Block’s announced Web5 technical approach to SSI, I really liked how they’d made a clean separation from two different controversies that I think have bogged down SSI adoption for years…

Controversy #1: “Crypto”

By “crypto” I mean all the new tech in the cryptocurrency (not cryptography) space: cryptocurrencies, smart contracts, NFTs, Defi, and… blockchain.

To be sure, what Satoshi Nakamato ushered in with his/her/their 2008 bitcoin white paper has changed the world forever. The tech is extraordinary and the concepts are liberating and intoxicating, there’s no doubt about that. But there is doubt about how far crypto could or should go in its current form, and about what threats it represents to security, both monetary and cyber, and the overall economic order of things.

I’m not arguing those points one way or the other, but I am asserting that cryptocurrency remains highly controversial and NFTs and ‘Defi’ are comparably so. Even the underlying blockchain technology, once the darling of forward-thinking enterprises and governments the world over, has quietly fallen out of favor with many of those same institutions. IBM, which once declared blockchain one of their three strategic priorities, has apparently cut back 90% on it, not seeing the promised benefits materialize.

The term Web3 itself is becoming increasingly toxic, as even the ‘inventor of the word-wide-web’ prefers to distance himself from it.

Again, I’m not jumping on the anti-crypto bandwagon or speculating about why these awesome technologies are now so controversial, I’m simply making the point that they are now controversial, which harms the adoption of associated technologies.

Controversy #2: “Self-Sovereign”

When properly defined, SSI shouldn’t be controversial to anyone: it’s the ability for individuals to create direct digital relationships with other people, organizations, and things and to carry and control digital artifacts (often about themselves) and disclose anything about those artifacts if, when, and however they please. The “sovereignty” means the ability to control and/or carry those artifacts plus the liberty to determine disclosure; it does not mean an ability to challenge the sovereignty of authority.

But many ears in authority never hear that clarification, and to those ears the words “self-sovereign identity” sound like a challenge to their authority, causing them to stop listening and become unwilling to learn further. In the EU, for example, critics use the term SSI literally in their attempts to scare those in authority from considering it seriously. Their critique is logical; the impetus behind Web3 has been decentralization, self-determination, and a lessening of governmental power and control. The raw fact that SSI technology doesn’t accomplish those ends — despite both its name and its association with Web3 implying that it attempts precisely that — becomes lost in the noise.

Large enterprises who’ve aggressively delved into SSI and VC technologies, such as IBM and Microsoft, have avoided the term altogether, preferring “decentralized identity”. Why? Because they perceive “self-sovereign identity” as benefitting the individual and not the enterprise, whereas “decentralized identity” leaves room for both.

Regardless of the specifics behind any controversy, if it’s controversial, it’s a problem. If broad adoption by the very places we’d want to accept our verifiable credentials — government and enterprise — is inhibited by a term they find distasteful, it’s time to look for another term.

It’s Not Just About Identity

Another issue I see with “SSI”, though more confusing than controversial, is the laser focus on identity. What does “identity” even mean? The word is harder to define than many realize. To some, identity is your driver’s license or passport, to others it’s your username and password or your certificates, achievements and other entitlements. Dr. Phil Windley, the co-founder of IIW, persuasively argues that identity includes all the relationships that it’s used with, because without relationships you don’t need identity.

Who am I to disagree with the author of Digital Identity? He’s probably right, which kinda proves my first point: the definition of identity is an amorphous moving target.

My second and larger point is this: many use cases I now deal with have an element of identity but are more about other data that may be adjacent to it. Using SSI technologies, all data of import — identity and otherwise — can be digitally signed and provably authentic, both in transit and at rest, opening a broad swath of potential use cases that organizations would pay handsomely to solve.

One example: a digitally signed attestation that certain work has been performed. It could include full details about the work and every sub-task with separate sub-signatures from all involved parties, resulting in a digital, machine readable, auditable record that can be securely shared with other, outside parties. Even when shared via insecure means (e.g. the Internet), all parties can verify the provenance and integrity of the data.

Other examples: invoices that are verifiably authentic, saving billions in fraud each year; digitally signed tickets, vouchers, coupons; proof-of-purchase receipts; etc. The list is practically unending. My bottom line: SSI tech is about all authentic data and relationships, not just identity.

(If you’re still thinking “SSI” technologies are only for individuals, think again… the technologies that underlie SSI enable authentic data and relationships everywhere, solving previously intractable problems and providing arguably more benefits for organizations than for individuals…)

Let ‘Crypto’ Have “Web3”

If you ask most people who’ve heard of Web3 what it is, they’ll likely mention something about cryptocurrency. A more informed person might mention smart contracts, NFTs, Defi and blockchain. A few might even mention guiding principles like “decentralization” or “individual control of digital assets”. Almost no one, outside of the SSI space, would mention SSI, decentralized identity, or verifiable credentials as part of Web3. Andreessen Horowitz, the largest Web3 investor with $7.6 billion invested so far, recently published their 2022 outlook on Web3 without mentioning SSI or “identity” even once.

The bald truth: at present the SSI community is on the outside looking in on Web3, saying the equivalent of “hey, me too!” while Web3 crypto stalwarts sometimes respond with, “yes, you too, we do need identity.” But the situation is clear: SSI and VCs are second- or even third-class citizens of Web3, only mentioned as an afterthought upon the eventual realization of how critical accurate, secure attribution (sloppily, “identity”) really is.

Web5 says — and I now agree — let ’em have it. Let the crypto crowd own the Web3 moniker lock, stock, and barrel, and let’s instead use an entirely separate ‘WebX’ designation for all SSI technologies, which are more impactful anyway.

SSI is Bigger Than Crypto

If crypto is big enough to be worthy of its own WebX designation, SSI technologies (VCs, DIDs, KERI, etc.) are even more so; my crystal ball says that SSI will be bigger than crypto will be. It’s not a competition, but the comparison is relevant when considering whether SSI should be a part of crypto or separate from it.

Having SSI as a bolt-on to Web3 — or Web2 for that matter — severely under-appreciates SSI’s eventual impact on the world. One indicator of that eventual impact is that AML (Anti-Money Laundering) compliance will continue to be required in all significant financial transactions anywhere on the planet, crypto or otherwise; every industrialized nation in the world agrees on this. The only technologies I’m aware of that can elegantly balance the minimum required regulatory oversight with the maximum possible privacy are SSI technologies. Web3 simply cannot achieve its ultimate goals of ubiquity without SSI tech embedded pretty much everywhere.

Another, even larger reason why SSI will be more impactful than crypto: SSI technologies will pervade most if not all digital interactions in the future, not just those where money/value is transferred. In sum: Web3 is about the decentralized transfer of value; SSI/Web5 is about verifiable authenticity of all data and all digital interactions.

Enter Web5

“Web5 Technologies”

SSI is about autonomous control of authentic data and relationships; this is the endgame that Web5 should be about, regardless of which architecture is used to get there.

Block‘s preferred SSI/Web5 architecture relies on Ion/Sidetree, which depends on the Bitcoin blockchain. Fine with me, as long as it results in the autonomous control of authentic data and relationships. My preferred approach does not rely on shared ledgers, it utilizes the IETF KERI protocol instead. As long as the result is self-sovereignty, the autonomous control of authentic data and relationships, Block should be all for it.

I’ve spoken with Daniel Buchner about this, twice, just to be sure; they are.

But Ion and KERI aren’t the only games in town; there are also Hyperledger Aries-based stacks that use W3C Verifiable Credentials and DIDs but eschew Decentralized Web Nodes, and use blockchains other than Bitcoin/Ion. I understand that other approaches are also emerging, each with their own tech and terminology. To each I say: if your aim is also the autonomous control of authentic data and relationships, Welcome! The point here is that every Web5 community would benefit from separation from Web3 and SSI controversies, and from closer association and collaboration with sibling communities with which they’ll eventually need to interoperate.

Can’t We All Just Get Along?

Though I’m not directly involved in the SSI standards communities, I’ve heard from several who are that tensions over technical differences are rather high right now. I’ve found in my life that when disagreements get heated, it helps to take a step back and rediscover common ground.

One big, overarching thing that unites the various approaches to SSI is the sincere desire for autonomous control of authentic data and relationships. Indeed, the different approaches to SSI are sibling technologies in that they aim for the same endgame, but with the added pressure that the endgame cannot be reached without ultimately achieving interoperability between competing actors.

Not only should we get along, we must get along to reach our common goal.

Sometimes families need reunions, to reconnect over shared goals and experiences. Perhaps reconvening under the guise of “Web5 Technologies” can help scratch that family itch, and reduce the temperature of conversation among friends a few degrees.

S̶S̶I̶ Web5

As a word, I see Web5 as neutral and with little inherent meaning — just something newer and more advanced than Web3. I’m aware that Web5 was originally conceived as a meme, a troll-ish response from Jack to the Web3 community to convey his disappointment in what he asserts is a takeover of Web3 by venture capitalists. Regardless of those light-hearted origins, Jack and company ran with Web5 in all seriousness, throwing their considerable weight and resources behind its launch and the development of their preferred architecture.

As an evolution, however, Web5 could represent something far more powerful than a catchy new label, it could help organize, distill, propel, and realize the ultimate aspirations of the SSI community. My friend Kalin Nicolov defines Web5 forcefully, especially how he sees that it differs from Web1/2/3:

“Web5 will be the first true evolution of the internet. Web3, like those before it, was seeking to build platforms on top of the internet — centralized walled gardens, owned and controlled by the few. Web5 is harking back to the true spirit of TimBL’s vision of the web. Having learned the hard way, the Web5 /digital trust/ community is trying to create protocols that are complementary and symbiotic, interoperable and composable.

While Web1/2/3 were web-as-a-platform, Web5 is the first to be web-as-interoperable-set-of-protocols, i.e. serving agency to the edge as opposed to the ridiculous concentration of Web2 (hello AWS) and the aspiring oligopoly of Web3 (hello CZ, hello Coinbase and third a16z fund)”

To me, switching my default terminology to “Web5” is simply pragmatic; it creates useful separation from Web3/crypto technologies and controversies and the problematic perception of the phrase “self-sovereign identity”. Any term that doesn’t start with “Web” leaves the impression that SSI is still part of Web3; the only way to make a clean break is with a new WebX designation, so it might as well be Web5. A subtle switch to using Web5 won’t be some whiz-bang exciting change like an announcement from Jack or some new Web3 shiny thing, but greater industry clarity and collaboration could still be useful toward two critically important ends: adoption and interoperability.

So while I’ve used and loved the term SSI for the better part of a decade now, and will continue to use it in conversation, I’ll now begin to use the term “Web5 Technologies” instead more often than not. I’ll also use both terms in tandem — “SSI/Web5” — until it catches on.

A change in terminology can only happen through use, so I invite you to join me. Thanks to those who’ve already begun.

--

--

Timothy Ruff
Timothy Ruff

Responses (15)