Web3: Self-Sovereign Authority and Self-Certifying Protocols


When we dine at a restaurant in the physical world, we do not do so within some administrative system. Rather, as embodied agents, we operationalize our relationships by acting for ourselves. Web3, if built correctly, can help people to act as full-fledged participants in the digital realm.

Bison calf suckling

I stumbled across Web3 is Self-Certifying from Jay Graber. Jay's post resonated with me on several points. First, her tweet about the article said "You might notice I wrote this whole post on the 'decentralized web' without using the words 'decentralized' or 'distributed' even once. I am tired of defining the things we want to build through negatives. That doesn't say what it is." This has been a sticking point for me for some time. For example, in an answer I authored on Quora about Web3, I said:

First things first: while people often talk about decentralization as an unalloyed good and the answer to every ill, the truth is that decentralization is just an implementation strategy. The goals of Web3 include self-sovereignty (autonomy and independence) and censorship resistance. Decentralization is a good way to achieve these things, but I can imagine decentralized services (in the technical sense) that don’t achieve either of these. It’s ok to use “decentralization” as short hand for these goals, but recognize the goals, not the implementation technique.

Decentralization isn't the goal. The goals are much more grand and include nothing less than a digital world that respects human dignity and autonomy.

Jay defines Web3 as user-generated authority, enabled by self-certifying web protocols. I like "self-sovereign" better than "user-generated" because I think it better speaks to the the source of our authority to act. Besides, user makes me think of a druggie dependent on someone for their next fix. Sovereign is the right word for describing the essential distinction between our inalienable self and the administrative identifiers and accounts endemic in Web2. But still, her work to define Web3 in terms of sovereign-source authority and self-certifying protocols gives me hope.

Following up on this, Jay distinguishes Web 1.0 from Web 2.0 from Web 3.0. I've tried to capture her thoughts, briefly, in this graphic:

Web 1.0 vs 2.0 vs 3.0
Web 1.0 vs 2.0 vs 3.0 (click to enlarge)

In this figure, a "host" is some server, somewhere. In Web 1.0, it was just the machine under my desk with no notion of users other than me. Web 2.0 separated the need to host the content from the desire to generate it. Blogging on a platform like Radio, Typepad, or Wordpress was one example. Later, Twitter, Facebook, and other social media platforms filled this role and became behemoths. In Web 3.0, people (a word I like better than "user") can return to generating content (broadly defined) under their own authority.

The term "self-certifying is also something that caught my eye because it's a core feature of autonomic identity systems which I believe must form the basis for any future web where people have the tools to act independently—what I've called digital embodiment. An easy way to think about self-certification is that it describes systems (and protocols) that don't rely on third parties. Peer DIDs and KERI are self-certifying because they rely solely on self-sovereign authority.

Closely related to the idea of self-certification is self-administration. Self-administration means that something is independently administered by the controller. Again, no third party needed. I wrote about an example of this, NoFilter.org, that provides self-certifying and self-administered blogging using Metamask, some Javascript, and IPFS. No third parties (hosts or platforms) to say what can or can't be posted, censor me, surveil me, or otherwise intermediate me and my post.

A self-certifying protocol is based on a self-certifying, cryptographic identifier (I call them autonomic identifiers), but uses content addressable data. Content addressable data is any data that can be located based on its cryptographic hash. Using the private key associated with an autonomic identifier to sign the hash of the data provides a way to claim control of that data. This is self-sovereign authority and makes data portable because it's authenticity is not based on where its found, but the signature. This is in contrast to Web 2.0 where the authenticity of data (say a tweet) depends on its particular place on the Twitter servers in a hierarchy controlled by Twitter. Goodbye client-server. Note that in all of this blockchains and other decentralizing technologies are just implementation strategies, not end results.

Web3, self-sovereign authority enabled by self-certifying protocols, gives us a mechanism for creating a digital existence that respects human dignity and autonomy. We can live lives as digitally embodied beings able to operationalize our digital relationships in ways that provide rich, meaningful interactions. Self-sovereign identity (SSI) and self-certifying protocols provide people with the tools they need to operationalize their self-sovereign authority and act as peers with others online. When we dine at a restaurant or shop at a store in the physical world, we do not do so within some administrative system. Rather, as embodied agents, we operationalize our relationships, whether they be long-lived or nascent, by acting for ourselves. Web3, built in this way, allows people to act as full-fledged participants in the digital realm.

Photo Credit: Bison calf suckling from Frank Schulenburg (CC BY-SA 4.0)

Please leave comments using the Hypothes.is sidebar.

Last modified: Mon Feb 7 13:24:10 2022.