Decentralized Identifiers – the internet’s “missing identity layer”
DIDs represent an important innovation because they give us the ability to establish digital identifiers that are persistent, secure, and globally resolvable, yet their creation does not require a central authority or intermediary.
A decentralized identity or identifier (DID) is nothing more than a scheme with several attributes that uniquely defines a person, object, or organization. Conventional identity management systems are based on centralized authorities, such as corporate directory services or certificate authorities. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority.
The emergence of blockchain technology provides the opportunity to implement fully decentralized identity management (DIDM). In DIDM, all identity owners share a common root of trust in the form of a globally distributed ledger.
Each DID record is cryptographically secured by private keys under the identity owner’s control. It is believed to be the missing link to redefine the security values of the Internet, as it can become the identity layer of the Internet. The specification for DIDs is being created by the World Wide Web Consortium (W3C).
Advantages of DIDs
Markus Sabadello, co-author of the DID spec and CEO of Danube Tech, explained the general benefits of using DIDs:
“DIDs are an important innovation because they give us the ability to establish digital identifiers that are persistent, secure, and globally resolvable, yet their creation does not require a central authority or intermediary.”
DIDs are controlled exclusively by the entity they refer to and therefore are a fundamental building block for what is generally known as “self-sovereign identity” or “decentralized identity”.
Imagine having a phone number that is not assigned to you by your mobile operator, but instead, you choose it yourself. Anyone in the world can still call you, and no one could ever take that phone number away from you – DIDs are similar to this situation.
Technically, DIDs are valid Uniform Resource Identifiers (URIs), therefore they are compatible with many general-purpose web technologies. They are not limited to a single use case or protocol.
Another benefit is that DIDs are designed to work with different blockchains and other target systems, therefore providing interoperability.
What are the uses of DIDs?
DIDs can be used to identify any digital or real-life resource, such as a document, an individual, a company, or a physical object. Generally, a DID by itself doesn’t prove uniqueness, or anything else about its owner. A DID is merely an identifier. You can, and in many cases should, have multiple DIDs for different purposes, relationships, and transactions.
However, even though a DID by itself doesn’t provide much information about the owner, you can use protocols on top of DIDs to verify a number of things. To simply prove that you control a certain DID, and to use it (e.g., to log in to a website), you can use a challenge/response protocol called DID Auth. This fulfills a similar function for “decentralized identity” as OpenID Connect and others do for “federated identity”.
In order to prove more complex facts about a DID’s owner, such as one’s age, possession of a valid driver’s license, or membership in an organization, you can use Verifiable Credentials, which are being standardized by the W3C.
Verifiable Credentials are claims attested to by an issuer about a DID. They can then be used as a proof by the DID’s owner during a transaction. There is no limit to the scope and semantics of claims that can be associated with a DID; they can be as rich as all of our real-life human and organizational identities that make up our societies.
Example DID Structure
Many variants are possible for a DID. The complete specifications file can be found at W3C. Below is one possible way to define a DID. What we see here is a simple definition of a DID with the creation date, the date on which document has been updated for the last time, signature field (optional), and “authorizationCapability”. This last field contains objects referring to other DIDs who get a specific permission over this DID. For example, DID with ID 215cb1dc-1f44-4695-a07f-97649cad9938 receives the permission to update this DID.
Source: W3C – https://w3c-ccg.github.io/did-spec/#requirements-of-did-method-specifications
The “signature” field is often misunderstood. The “signature” field only proves that the DID Document has not been tampered with and that the signer controlled a certain private key at the time it was signed. However, the signature does not prove that the signer is the actual DID owner. So, while it can be an additional security feature, it cannot be relied on by itself when working with DIDs. It’s similar to the process of staking a PGP key publicly on the Bitcointalk.com forum to prove you owned that key linked to your Bitcointalk account.
Markus Sabadello has stated that the “permission” field is the unstable element in the DID spec and will probably be removed. Its intention is to express permissions regarding who can update the DID Document. However, there are a few problems with this:
- Different kinds of DIDs (DID methods) have very different ideas and possibilities regarding how to manage updates. Any authorization information about DID updates should be specified by those specific DID methods, rather than mandating this in a universal way for all DIDs.
- Instead of traditional access control lists for expressing permissions, we have been looking at an alternative model called object capabilities. This is an example of this specification which is very similar to DIDs.
Source: W3C – https://w3c-ccg.github.io/ld-ocap/
The simplest example is logging into websites. You would have a digital wallet that stores your DIDs and associated keys, and you could use a browser plugin or app that pops up and asks for confirmation when you are logging in. The idea is a bit comparable with the MetaMask plugin, but less advanced.
Another example is “Bring Your Own Identity” when shopping online. You could buy a book at an online store and when checking out, you just supply your DID (again using a plugin or app). This way you would be able to share your shipping address and payment information without even having to create an account with the store’s website. We can even draw the line to the physical world where we link a customer loyalty card, which we get in every store to obtain a small discount, to the ID field of our Decentralized Identifier.
Finally, a more advanced example is a distributed address book. You could stay connected to your friends, as well as businesses you care about, and share your personal address and other profile information with them, with full control, transparency, and data portability. Every time your profile information changes, your connections can be automatically notified. DIDs enable lifelong connections between DID owners that no one can take away from you.
DIDs enhance security
To understand how DIDs enhance security, we first need to get familiar with what a Public Key Infrastructure (PKI) is. A PKI is used primarily for encrypting and/or signing data. Encrypting data refers to scrambling it in a way that makes it unreadable except to authorized persons. The PKI is based on a mechanism called a digital certificate, also referred to as X.509 certificates. Think of a certificate as a virtual ID card. A PKI is also referred to as a certificate authority (CA). For example, VeriSign is a well-known CA for creating a web of trust by offering SSL/TLS certificates signed by them.
As a PKI uses a centralized database for storing this info, we can then think of DIDs as a decentralized variant of PKIs. DIDs form the basis for a Decentralized Public Key Infrastructure (DPKI).
This means that all data sharing and messaging between DIDs is authenticated and encrypted using cryptographic keys associated with a DID, similar to traditional PKIs, but without the drawbacks of traditional certificate authorities.
There are numerous examples where, in the past, the existing TLS certificate architecture used by web servers has turned out to be vulnerable to censorship and manipulation. With DIDs, this threat of intermediaries can be eliminated, as every DID represents its own “root of trust”. This means that they don’t have to be controlled and issued by central authorities in order to be trusted.
Another important security feature is that DIDs are persistent. This means that the cryptographic keys associated with a DID can be securely rotated and revoked through various mechanisms, without having to create a new DID. We will delve more into this “revoking” aspect under the next subheading.
Delete or revoke DID
The latest version (v0.7) of the W3C spec on Decentralized Identifiers discusses the different DID operations under which we can find “Delete/Revoke”. This is pretty strange as decentralized ledger technologies (DLTs) are immutable by nature. Let’s explore this aspect further.
Once an initial transaction has been issued to create the DID, further transactions can update, and also “revoke” or “terminate”, the DID. Even though the history of a DID may be append-only and exist infinitely, the current state of the DID is defined by the cumulative sum of all transactions.
If a special transaction is added to that history, then that marks the DID as “revoked”. Also, note that while DLTs have useful properties that make them suitable for DID creation and storage, DLTs are not the only possible technology for DIDs. DIDs can also be created using decentralized hash tables (DHTs), distributed file systems (IPFs), databases (BigchainDB), or other decentralized networks.
Status of DID specification
There are still some open issues, but the W3C workgroup for DIDs expects to publish a relatively stable Implementer’s Draft by March or April of 2018. Arriving at a finished W3C standard is a much longer process that they cannot predict yet.
In addition, W3C are also developing tools, like the Universal Resolver, that acts as an identifier resolver and works with any decentralized identifier system. Implementations are available for Java and Python3 programming languages.
Future and final thoughts:
Markus Sabadello stated “Those of us who are working on DIDs are experiencing an incredible amount of interest in this technology from all over the world. We think of DIDs as nothing less than finally having the opportunity to realize the “missing identity layer” of the Internet.” DIDs have the potential to replace much of the current Internet identity infrastructure, including things like usernames, domain names, certificate authorities, and centralized identity services like “Log in with Facebook”. It may take some time to adapt to this “decentralized identity” paradigm, but it will become a better basis for how authentication, data sharing, and messaging will work.
An Overview of Security Token Exchanges Expected to Launch in 2019
The year 2018 has definitely witnessed the breakthrough of security tokens. The blockchain technology has permitted the tokenization of various forms of securities and assets. It is inarguable that security tokens have made it possible to tokenize almost everything that bears a value including equities, goods, real estate, fundraising, futures, credit, time based rentals, service leases, creative products such as music, art, and literature, credit, futures, and more.
Security tokens are revolutionizing security markets and mitigating most of the problems associated with conventional security trading. The blockchain technology promotes transparency as all trades and ownership records are stored on public ledgers which cannot be tampered with. Security tokens make it possible to tokenize securities, so financial assets such as stocks, bonds, futures, equities, swaps, and forwards can all be managed via distributed ledgers.
However, where will security tokens be traded? Presently available cryptocurrency exchanges are not equipped to support security token trading. Moreover, most exchanges don’t have the necessary licenses to permit the trading of securities. As such, licensed security token exchanges have begun to emerge to fill this gap and provide liquidity for the security token market.
Obviously, security tokens will attract an enormous share of Wall Street’s money during 2019. This expected shift has urged many venture capitalists and entrepreneurs to invest in the establishment of security token exchanges during the past couple of years. Throughout this article, we will take a look at security token exchanges that are expected to launch in 2019 and 2018’s fourth quarter.
Before we get started, let’s explore the most important security token exchanges that have been already established and are currently promoting liquidity of the security token market.
Current Security Exchanges
BTF is a crypto security investment platform that is only open to professional investors. To qualify to join BTF, investors have to have an annual income of over $200K, and should be able to invest at least $1,000 with them.
BTF is trying to establish itself as a market for blockchain-based projects that issue security tokens, shares, conventional bonds, futures, and other forms of tokenized securities.
By issuing their native token, BFT, they have taken a big step towards bringing together the highest net worth investors interested in tokenized securities, cryptocurrencies, and other forms of Fintech solutions.
tZero is the brainchild of Overstock which has been established to serve as an exchange for security tokens. The greatest thing about tZero is its user interface which is extremely friendly and easy to use. The platform boasts front-end integration of a risk management system, an order management system, an order matching engine, place orders, market orders, proprietary technology, and full support for security token trading.
tZero has partnered with Polymath to simplify the legal process of issuance and trading of security tokens. Polymath has innovated a new Ethereum based token standard, the ST20, which can only be owned and held by a list of authorized Ethereum wallet addresses, which have completed KYC verification procedures, which enforces compliance with government regulations.
tZero recently concluded the private sale phase of its security token (TZRO) which lasted til the end of August; that’s when the trading platform went live.
Bancor has innovated the Smart Token protocol which is the seed for a decentralized cryptocurrency exchange. Smart Tokens can be continuously and autonomously converted to other tokens on the network using a technology that operates in a manner that is somewhat similar to Atomic Swaps.
Bancor has joined the world of Security Token exchanges. Literally, the Bancor protocol is fully compliant with security token trading and the BNT token will act as a connector token, or a bridge token, that can intermediate the exchange between any pair of security tokens.
Now, let’s take a look at the security token exchanges that are expected to launch during Q4 2018 and 2019.
Forthcoming Security Exchanges
Gibraltar Stock Exchange
The Gibraltar Stock Exchange (GSX) is a Gibraltar based stock exchange. GSX was the first fully licensed stock exchange in Gibraltar. The exchange was fully operational in 2015’s first quarter. In October 2017, the CEO of GSX announced the establishment of a new subsidiary for the exchange, the Gibraltar Blockchain Exchange (GBX), which aimed at the establishment of a regulated utility token marketplace. Soon after the GBX announcement, GSX Group Ltd. confirmed that it was planning to revamp the group’s stock exchange (GSX) to become the world’ first ever regulated security token exchange.
Even though trading of security tokens was planned to kick start by the fourth quarter of 2018, delay in regulatory approval by the Gibraltar Financial Service Commission (GFSC) led to adjournment of the process to the first quarter of next year. The launch of security token trading on GBX will mark a big moment for the crypto community as security tokens become recognized by an EU licensed stock exchange.
Coinbase, the popular US-based cryptocurrency exchange, has announced that it is on track to enable security token trading on its platform. Being based in the US, acquiring the necessary banking licenses and brokerage statuses can take years. To overcome this, Coinbase has decided to merge with companies that already have the required licenses and registrations. That’s why Coinbase has successfully purchased three financial institutions: Venovate Marketplace Inc, Keystone Capital Corp, and Digital Wealth LLC.
Approval of these acquisitions by the government will help Coinbase acquire the legal standing of a full brokerage, which will enable the exchange to launch security token trading on its platform. It is expected that users will be able to trade security tokens on Coinbase in 2019, yet a specific date for the launch of Coinbase’s security token exchange hasn’t been announced.
Templum is another US based security token exchange that is planned to launch in 2019. Templum Markets LLC is a subsidary of Templum that is established to permit issuance and trading of various forms of tokenized assets.
Last February, Templum acquired Liquid M Capital, which gave the company access to an ATS, enabling a secondary market for the institution. Via the ATS, Templum will be able to offer security token trading on its platform in compliance with the US SEC regulations.
Even though Templum’s trading platform is live, the listed tokens are very few. So far, BanQu was the only company to conduct a TAO, and BCAP is the only secondary trade successfully completed. Templum has just partnered with CUSIP Global Service to be able to bring the standardized identification number to ICO security tokens.
The platform is expected to be completely developed in 2019, enabling security token trading that is fully compliant with the US SEC regulations.
In 2009, SharesPost was established to open the door for online private equity secondaries. Today, SharesPost has over 50k accredited investors and has executed more than $4 billion worth of shares transactions for over 200 technology companies.
Last May, SharesPost announced that it would revamp its current ATS to be able to offer security token trading on its platform. Thereafter, the company announced in June that it managed to close a $15 million Series C round that had been led by LUN Partners and Kinetic Capital to expand their ATS and open markets in Asia. SharesPost’s CEO aims at creating a global marketplace for trading of both conventional and tokenized security assets of various private companies.
Australian Securities Exchange
The Australian Securities Exchange (ASX), Australia’s primary stock exchange, announced in 2017 that it was working on becoming the world’s first stock exchange to develop an infrastructure for its trading platform based on the blockchain technology. ASX planned to use public ledger technology to replace its clearinghouse framework, known as Clearing House Electronic Subregister System (CHESS) to offer traders improved system efficiency, security, and reliability. Australia’s top stock exchange is actually developing their own blockchain, i.e. “permissioned blockchain”, to tokenize securities for the equity market in Australia.
Even though ASX planned on launching its security token trading platform in Q4 2020, the exchange’s board has announced recently that the launch date was adjourned to March/April 2021. ASX started exploring various applications of the blockchain technology in 2015, in order to be able to replace the exchange’s settlement, registry, and clearing system with a blockchain based system developed via collaboration with Digital Asset (DA), a software company specializing in the development of distributed ledger based solutions for financial institutions.
The new trading platform will operate on a permissioned blockchain where registered account holders will have to obtain clearance to be able to use it, while ASX will represent the only party with the ability to commit financial transactions to the ledger. As such, the new platform will represent a centralized network for trading of tokenized securities.
Malta Stock Exchange
Malta Stock Exchange has just inked a number of deals aiming at enabling MSX, the fintech arm of the exchange, to launch a trading platform for tokenized securities. These deals will see MSX partner with Neufund, a platform for the issuance of security tokens, to build a decentralized, fully regulated, stock exchange for trading of tokenized securities in addition to security tokens.
The partnership is planning a pilot during the next few month, which will include an ICO hosted on Neufund’s primary market, and the ICO tokens will later on be listed and traded on Binance (via means of a separate agreement with Neufund).
MSX is working closely with the regulators in Malta to comply with the Malta Financial Services Authority Act. Malta has emerged as a haven for blockchain investors, with big businesses like OKEx and Binance relocating to the country, which has been referred to as the “blockchain island” during the past few years.
SIX Swiss Exchange
SIX Swiss Exchange, Switzerland’s primary stock exchange, announced last July that it is developing a fully operational trading, settlement, and custody platform for security tokens and tokenized securities. The exchange’s new project, which has been named “SIX Digital Exchange” (SDX), is intended to be the world’s first end-to-end exchange for tokenized asset markets. SDX will tokenize existing conventional securities and other forms of non-bankable assets to boost the liquidity of illiquid assets. Furthermore, SDX’s services will include the issuance, listing, and trading of security tokens. SDX will be fully compliant with the regulations of the Swiss financial regulator FNMA, and endorsed by the Swiss National Bank, similarly to the SIX Swiss Exchange.
London Stock Exchange
London Stock Exchange, one of the world’s earliest stock exchanges, announced last July that it is collaborating with UK’s main financial regulator, the Financial Conduct Authority (FCA), in addition to two UK based firms; 20|30 and Nivaru, to issue tokenized equities in a UK based company in full compliance with the regulations of UK’s Financial Conduct Authority.
The planned partnership will utilize LSEG’s Turquoise platform, a hybrid exchange that offers a broad universe of European equities. The equities will be based on Ethereum’s blockchain and will be mainly comprised of ERC20 standard tokens. Later this month, 20|30 will be the first platform to test the process. Following a one year lock-up period, the service will be launched to the public, enabling startups and corporations to tokenize their shares. Interestingly, a large number of companies are awaiting to test out the process.
Finally, it is worth mentioning that all these emerging security token exchanges and trading platforms for tokenized equities represent just the beginning of a new era that will take equity markets to a whole new level. Blockchain based security tokens offer traders a myriad of efficiencies and advantages that promote transparency and security. Even though a considerable percentage of the world’s conventional financial institutions are resisting utilization of the blockchain technology, the market has just begun to adapt, as we’re witnessing the emergence of many trading platforms for security tokens and tokenized equities during the upcoming year. As more and more people are beginning to realize the advantages of the public ledger technology, the market will definitely start moving towards a new model based on tokenization of assets.
I wouldn’t be surprised if all of the world’s equity markets shift to the blockchain within the next few years. Who knows? Let’s just wait and see!
Quick way to spot an ICO scam
Everybody knows that it’s important to perform your due diligence before any investment in the ICO industry. But few people seem to understand what that actually means. One of our missions is to teach people how to spot a scam, rather than relying on others to do it for them. In the interest of increasing your own self-reliance and ability to outwit the scammers, we’re presenting a new tutorial on how to validate image authenticity on ICO websites.
Know your templates
As we’ve mentioned before in our above-linked guide, many ICOs use ready-made website templates as a way to both present the ICO without a lot of effort and save money on web design. While some of these templates give ICOs a base structure and allows them to use it to create a very personalized page, others offer a completely generic pack with very few possible changes.
Becoming familiar with the most common ICO templates, and what they look like in their unmodified forms, is a valuable tool in your scam-prevention arsenal. One common red flag is when the ICO has not changed the default images that come with the scheme. Let us demonstrate.
In this case, we searched for the image of the mobile application presented on the website of Referpay Network, a known scam. This image was originally used in the template from which this website was created.
By simply searching this image, we found that more than 70 ICO websites had never changed this image and are still presenting it as their “app-to-be-developed” on their website. It didn’t stop there.
We went through each one of these websites to confirm that the actual image is still there. As we discovered two very interesting things:
- The vast majority of these sites were scams. Luckily, about 90% of these scams had already ended in February. Unfortunately, there are 7 scams that are still active (which we will be publishing in the coming week). All initially connected by the same image. One of these scams has actually created a wallet app that looks exactly like the image, yet does nothing.
- Although the majority of the websites had a false link to the various application stores, some of the sites had links for the HB Wallet app on all the stores. We followed up with HB Wallet, and they stated that there is no connection between them and these wallets.
Image searching: quick, easy, necessary
This is a great example of how important it is to Google the images used on an ICO’s website. This wasn’t a team member’s profile picture or something buried in the whitepaper, it was prominently displayed as the mobile app image.
But how do you search for an image? It couldn’t be easier! Simply right click on the image, and click on “Search Google for image”. See many results, from different sources, containing that image? Congratulations, you have found a stock picture.
Not sure which image to Google? Since it’s so quick and easy, we recommend searching every image that presents information about the ICO. Team members, apps, charts, and graphs should all be investigated. And remember, you can save yourself a lot of search time by familiarizing yourself with the most common ICO templates and the images they use, so that you’ll recognize them when you see them later. The more you research and investigate ICO websites, the more you’ll start to develop a hunch about what images have been carried over from the default or stolen from other sites.
We hope that this guide will help you in your efforts to spot ICO scams!
Where should you publish your crypto blog?
It is very common for crypto and blockchain companies to publish content on Medium from time to time. Many go a step further and publish their company’s blog entirely on Medium. While the intellectual property rights are retained by the company, publishing a blog on Medium does not strengthen the SEO of the company’s website. In fact, the SEO power of the content is harnessed entirely by Medium, leaving the company at a disadvantage.
Some crypto companies choose to link from their website to Medium. In this situation, users start off on the company’s website, and then migrate over to Medium to read their blog. This really benefits Medium in many ways, from an SEO perspective, as Medium receives more SEO power from the link. For the company, on the other hand, this can do more than just simply not allow the website to benefit from the blog’s SEO power. The website’s SEO strength may be lowered by linking to an outside website, such as Medium, for their blog.
Keeping Users on Your Website
When users come to your crypto company’s website, they are there for a reason. They may have heard about your project from a friend. Better yet, your SEO efforts may have paid off and the user came to you via a Google search. No matter how they got to you, once they are on your website the goal is to have them stay for as long as possible. When users stay on your website for a longer period of time, this strengthens the website in the eyes of Google. The average time spent on a website is one of the parameters that Google looks at when determining the relevancy of a website.
For companies that host their blog on Medium, users only spend a short amount of time on the company’s website. Instead of staying to read blog articles, users are sent off to another website. If a user arrived to a company’s website via a Google organic search, sending the user to another website may actually hurt that website’s ranking.
By now you should be convinced that the best place for your company’s blog is on your company’s website. The next step is to incorporate some basic SEO tips to craft strong content for your blog.
SEO Guidelines for Writing Your Blog Posts
There are many guidelines that can be beneficial to you and guide you in crafting strong content to boost your website’s SEO strength. First, you’ll want to consider the topic and the associated keywords. Choose one of the keywords to be the main keyword. You’ll see how it is used in the coming paragraphs.
When deciding on length, you want to make sure that the article is a good length. Too short, and Google will consider it irrelevant. Too long, and readers will be intimidated (although for complex topics or interesting stories, a long-form blog is acceptable). Ideally, a blog post would be about 1-2 pages long if it was printed.
After you have finished writing your content, create strong meta tags. A meta tag consists of a few parts. It is important that all the different tags are unique and none of them are exactly like any of the others.
First, write your meta title. This should be around the same length as a newspaper headline, and just as informative. It is important to include the keyword you consider to be the main keyword in your meta title. The meta title is the title of the blog post that will appear in a Google search result list.
Then, write a meta description. This is the short description of your blog post that will appear under the meta title in a Google search result list. Don’t make your meta description too long, or it will be cut off.It is important to include the main keyword in the meta description as well.
Finally, write an H1 title. This is the main title of your blog post that will appear on the actual page of the blog post. The title’s length can vary but should be of a similar length as a meta title. Be sure to include the keyword you consider to be the main keyword in the H1 title as well.
There are a few other smaller details to consider when writing your blog post. You will want to make the URL different from the H1 title or the meta title. You will also want to include the main keyword at least three times in the body of the article. You can include a few other fitting keywords at least one time in the body of the article as well.
The best of both worlds
If you still want to have your content available to the large audience on Medium, there’s good news for you. Medium has an easy-to-use importing tool that will allow you to migrate any content from your own website. The tool will even back-date it so that the publishing date on Medium matches the one on your own site.
Duplicating content across multiple sites can be damaging for your SEO in some instances, but Medium takes that into account, too. The import feature automatically includes a canonical link reference to your site. “A canonical link element is an HTML element that helps webmasters prevent duplicate content issues by specifying the “canonical” or “preferred” version of a web page as part of search engine optimization.” (Wikipedia)
Medium is a great website and the benefits from publishing content on Medium should not be ignored. There is a lot of valuable content on Medium as well as the opportunity to spread your company’s message and increase brand awareness. However, publishing your blog on your own website may increase the amount of organic traffic you receive. This may not happen immediately, but the long-term benefits are worth it. Companies should never forget the power of SEO. It is important to publish your company’s blog on your website in order to fully benefit from the SEO power optimized blog posts can provide to your website. Finally, by using Medium’s import tool, you can choose to share some or all of your blog content on both platforms, and enjoy the SEO benefits of having content on your own site, and the exposure benefits of being on Medium!