What is Web5?

Timothy Ruff
6 min readSep 16, 2022

--

Last week I published “Web3, Web5, & SSI” which argued “why the SSI community should escape Web3 and follow Jack Dorsey and Block into a Web5 big tent, with a common singular goal: the autonomous control of authentic data and relationships”.

In this short post I’m proposing a definition for Web5 and providing an example list of Web5 Technologies that I think satisfy the definition. There is no naming authority to appeal to for WebX definitions, they materialize from how they’re used, so since Web5 is still quite new, a lasting definition is still to be determined (pun intended).

TBD’s Definition of Web5

I should first give credit where it is due: the TBD initiative at Block, headed up by Daniel Buchner and initiated by Jack Dorsey, coined the term Web5. On the front page of their website introducing Web5 to the world, here is how they define it:

WEB5: AN EXTRA DECENTRALIZED WEB PLATFORM

Building an extra decentralized web that puts you in control of your data and identity.

All true and all good, but I would aim for a definition that captures more of the desired results of Web5, not its implementation methods. To me, “an extra decentralized web” is foundational to Web5 but it is a means, not an end. The word and principle “decentralize” is a means toward the end of greater empowerment of individuals.

The phrase “puts you in control of your data and identity” is accurate and speaks to that empowerment, but IMO is lacking crucial references to “authenticity” and “relationships” that I think are equally important for the reasons explained in the next section.

Kudos to the TBD team for the phrase “data and identity”, because I also believe Web5 is about all authentic data, not just identity data. (In last week’s piece there’s a section titled “It’s Not Just About Identity” that elaborates on this point.)

My Proposed Definition of Web5

After discussion with dozens of SSI pros (listed in last week’s post), I’ve discovered a surprising amount of agreement — though not unanimity — with this proposed definition for Web5:

The autonomous control of authentic data and relationships.

It’s not perfect. It’s too long for some uses, too short for others, and undoubtedly some will take issue with my word choices (and already have). Sometimes there’s just not enough words in the dictionary for all this new tech, but I think this definition captures the key desired objectives of Web5 and meaningfully separates us from all other “Webs”.

Each word was chosen carefully for its depth, accuracy, and importance:

Autonomous has a hint of “self-sovereign” but with more of an air of neutrality and independence than authority or defiance. It is accurate while less provocative than “self-sovereign”. It implies decentralization without using the word (which is also a tad provocative). It works well for IoT applications. Critically, autonomy is the element that makes it difficult for big tech platforms to be part of Web5, at least until they allow users to migrate their data and their relationships away to competing platforms.

Control is also a neutral but accurate term, and important that those in the decentralization camp begin to use in place of “own” when referring to “our” data. Data ownership is a trickier topic than most realize, as expertly explained by Elizabeth Renieris in this piece¹. Having “control” in a Web5 context implies a right to control, regardless of where lines of literal ‘ownership’ may be drawn. When coupled with “autonomous”, “control” can be exercised without the invited involvement of or interference from third parties, which is precisely what’s intended. “Control” also means the power to delegate authority and/or tasks to other people, organizations and things, and to revoke delegation when desired.

Authentic We simply cannot achieve the aim of individual autonomy without verifiable authenticity of our data and relationships, indeed it is that authenticity that can break the chains of our current captivity to Web2. The intermediaries of Web2 and even Web3 provide the trust mechanisms — within their walled gardens — that enable digital interactions to proceed. Without a comparable or superior means of authenticating data and relationships when interacting peer-to-peer, we’ll not be able to escape the confines of these ‘trusted’ intermediaries.

I propose that, in the context of Web5, the word “authentic” always means two things:

1. having verifiable provenance (who issued/signed it);

2. having verifiable integrity (it hasn’t been altered, revoked, or expired).

When a piece of data is authentic, I know who issued/signed it and I know it is still valid. Whether I choose to trust the signer and what I do with the signed content — it could be untrue, not useful, or gibberish — are separate, secondary decisions.

Authentic relationships are similar to data: I know who (or what) is on the other side of a connection and I know that my connection to them/it is still valid.

Data conveys that we’re referring to digital things, not physical (though physical things will increasingly have their digital twins). With Web5 all data of import can be digitally, non-repudiably signed both in transit and at rest. Every person, organization and thing can digitally sign and every person, organization and thing can verify what others have signed. It’s ubiquitous Zero Trust computing. For privacy purposes, all the capabilities invented in the SSI community still apply: pseudonymity, pairwise relationships, and selective disclosure can minimize correlatability when needed.

Relationships means the secure, direct, digital connections between people, organizations, and things. Autonomous relationships are the ‘sleeper’ element of Web5, the thing that seems simple and innocuous at first glance but in time becomes most important of all. Authentic autonomous relationships will finally free people, organizations and things from the captivity of big tech platforms. (I’m working on a separate piece dedicated to Web5-enabled autonomous relationships, it’s an oxymoronic mind-bender and a very exciting topic for SSI enthusiasts).

Web5 Technologies

I originally grouped this list by tech stack (Ion, Aries, KERI, etc.), but since several items were used by more than one stack (VCs, DIDs, etc.), it’s now simply alphabetical.

Autonomic Identifiers (AIDs)

Authentic Chained Data Containers (ACDCs)

BBS+ Signatures

Composable Event Streaming Representation (CESR)

Decentralized Identifiers (DIDs)

Decentralized Web Apps (DWAs)

Decentralized Web Nodes (DWNs)

Decentralized Web Platform (DWP)

DIDComm

GLEIF Verifiable LEI (vLEI)

Hyperledger Aries

Hyperledger Indy

Hyperledger Ursa

Key Event Receipt Infrastructure (KERI)

Out-of-band Introduction (OOBI)

Sidetree/Ion

Soulbound Tokens (SBTs)

Universal Resolver

Verifiable Credentials (VCs)

Wallets

Zero Knowledge Proofs (ZKPs)

Some of these things are not like the others, and the list is only representative, not exhaustive. The point is, each of these technologies exists to pursue some aspect of the endgame of autonomous control of authentic data and relationships.

What About Blockchain?

Blockchain can enable “autonomous control of authentic data and relationships”, which is why we used it when we conceived and wrote Hyperledger Indy, Aries, and Ursa and built Sovrin. Blockchain underpins most of the Web5 Technologies listed above, so it certainly has its place within Web5. That said, with Web3 — which I define as the decentralized transfer of value — blockchain technology is required due to its double-spend proof and immutability characteristics, whereas with Web5 blockchain is useful, but not required. Therefore, I consider blockchain to be primarily a Web3 technology because Web3 couldn’t exist without it.

It’s Up to You

Anyone who reads my last piece and this one will get the clear feeling that I like both the label and vision of Web5, and my affinity for it has only grown as I write about and use it in conversation. It just works well in conveying a nice grouping of all these abstract concepts, and in ways that the comparable mess of prior terms did not.

But it won’t go anywhere if TBD and I are the only ones using it, it needs to catch on to be used, and be used to catch on. If you like the basic definition I’ve proposed above, even with a tweak or two, I invite you to consider using “Web5” to describe your activities in this space.

¹When a doctor writes down a note about my condition, who ‘owns’ that note… me, the doctor, or the hospital who employs the doctor? The fact is that all three have rights to the data; no party singly ‘owns’ it.

--

--

Timothy Ruff
Timothy Ruff

Responses (2)