Web3's decentralised infrastructure has upended the standardised approach to digital identity established by protocols like OpenID Connect. Web2 and Web3 currently operate in silos, with Web2 leveraging selective disclosure JSON web tokens (SD-JWTs) and Web3 dApps being reliant on on-chain data and sometimes clinging to centralised system data. This fragmentation hinders user experience and the interconnectedness of the digital world. This paper explores the integration of Web3 within the OpenID Connect framework, scrutinising established authentication protocols for their adaptability to decentralised identities. The research examines the interplay between OpenID Connect and decentralised identity concepts, the limitations of existing protocols like OpenID Connect for verifiable credential issuance, OpenID Connect framework for verifiable presentations, and self-issued OpenID provider. As a result, a novel privacy-preserving digital identity bridge is proposed, which aims to answer the research question of whether authentication protocols should inherently support Web3 functionalities and the mechanisms for their integration. Through a Decentralised Autonomous Organisation (DAO) use case, the findings indicate that a privacy-centric bridge can mitigate existing fragmentation by aggregating different identities to provide a better user experience. While the digital identity bridge demonstrates a possible approach to harmonise digital identity across platforms for their use in Web3, the bridging is unidirectional and limits root trust of credentials. The bridge's dependence on centralised systems may further fuel the debate on (de-)centralised identities.
翻译:Web3的去中心化基础设施颠覆了由OpenID Connect等协议建立的标准数字身份方法。当前Web2与Web3处于相互隔离的状态:Web2利用选择性披露JSON Web令牌(SD-JWT),而Web3去中心化应用则依赖于链上数据,有时仍依附于中心化系统数据。这种碎片化现象损害了用户体验并阻碍了数字世界的互联互通。本文探讨了在OpenID Connect框架内集成Web3的可行性,系统审视了现有认证协议对去中心化身份的适应能力。研究深入分析了OpenID Connect与去中心化身份概念的交互机制,揭示了现有协议(如OpenID Connect在可验证凭证签发方面的局限性)、可验证呈现的OpenID Connect框架以及自发行OpenID提供者的不足。基于此,本文提出了一种新型隐私保护数字身份桥接方案,旨在回答"认证协议是否应原生支持Web3功能"及其集成机制的研究问题。通过去中心化自治组织(DAO)用例验证表明,这种以隐私为核心的桥接机制能够通过聚合不同身份来改善用户体验,从而缓解现有碎片化问题。尽管该数字身份桥接方案为跨平台统一数字身份以适配Web3应用提供了可行路径,但其桥接过程具有单向性且限制了凭证的根信任。该桥接方案对中心化系统的依赖性可能进一步激化关于(去)中心化身份的争论。