With the addition of the Web3 category to the Marketplace, we made progress in that direction.
Why Web3?
First, let’s define what the term “Web3” means. We’re not talking about cryptocurrencies or decentralised banking. These are particular Web3 applications.
For us, the term “Web3” refers to ideologies, ideas, and technologies that place an emphasis on user control and ownership and that can be used to create decentralised services. Some (but not all) of the components that make up Web3 include blockchains, tokens (fungible or non-fungible), protocols, services, decentralised applications, and users’ keys.
Web3 marketplace development is fundamentally about user choice. As NotBoring’s founder, Packy McCormick, put it:
Some users will prefer centralised services, while others will prefer wholly decentralised ones. Many users will opt for places on the spectrum in between that suit their needs at various times and for various purposes. We contend that Web3 affords them that option.
Based on our research, we think Web3 can assist application developers in creating personalised user experiences and addressing use cases related to compliance and privacy. However, in order for the space to really take off, it must provide a positive user experience and safeguard customer information and assets.
Numerous businesses depend on the Okta Customer Identity Cloud to assist them in achieving their UX and security objectives. We are eager to provide our services to businesses and developers wishing to use Web3 constructs in the identity area, particularly the Web3 Marketplace category is our first step toward that goal.
A New Set of Building Blocks for Identity
A new set of “decentralised identity” building components are introduced by Web3 structures. With them, users can control their login information and decide what information to share and keep private.
Let’s discuss those components in more detail.
Private key authentication. Private keys of users can be used as credentials to authenticate with services, enabling password-free login for users.
For instance, SIWE (Sign-in with Ethereum) offers sign-in capabilities for Ethereum accounts. More generally, Decentralized Identifiers (DIDs), a recently approved w3c (World Wide Web Consortium) open web standard, propose identifiers based on asymmetric cryptography and owned by users. Techniques such as:Using addresses/keys from decentralised networks like Bitcoin, Ethereum, Solana, etc., pkh or did:ethr implement DIDs. You can see in this video how we implemented SIWE in a model app.
Public, approachable usernames. These can be put into practise by using smart contracts to link familiar names like jane.eth or gary.wallet to blockchain addresses. These usernames would serve as a single username across all applications that use the account’s private key for authentication as well as a convenient way for users to refer to blockchain addresses.
Users’ public profiles. To map properties (other than usernames) to a blockchain address, these can be implemented utilising the aforementioned smart contracts. Some people might openly divulge their email address, avatar or profile photo, or other private information.
These profiles can then be used by applications to offer users customised experiences without the need to create application-specific profiles. Watch this video to see how we used usernames and public user profiles in a sample app.
Attestations in public. These can be implemented using either nft marketplace development solution for “ownership attestations” or “soulbound tokens” (SBTs) for non-transferable attestations.
These could be used for token gating, where access to particular features is restricted to users who own tokens on a blockchain. Shopify is developing token-based commerce. You can see in this video how we implemented token gating using NFTs in a sample app.
Private User Information. Verifiable Credentials (VCs) and Zero-Knowledge Proofs (ZKPs) can be used to build Privacy-Preserving Attestations for this data that is linked to a user’s identify (this works with and without DIDs).
Verifiable Credentials, digital credentials that can be cryptographically verified, can be acquired and saved on a user’s phone app (sometimes known as a “wallet,” which adds to the ambiguity surrounding the term).
Users can later display them (the full credential or a subset of its features) wherever they wish. The fact that issuers are not required to be aware of the presentation location of these Verifiable Credentials is a plus. You can see in this video how we used Verifiable Credentials in a sample app to assist establish a user’s age.
Introducing the Web3 Category in Our Marketplace
Developers can browse and install integrations for a variety of use cases into their identity infrastructure through the Marketplace. With just one click, you may, among other things, enable risk-based MFA, allow Identity Proofing, and send application activity to your logging infrastructure.
Web3’s open standards and modular design give developers flexibility in how they architect and create their apps. We aim to offer the same extensibility and composability. To debut the Web3 category on the Marketplace, we’ve teamed up with top Web3 organisations that are creating developer tooling.
Cases of Use
As we began collaborating with Web3 businesses to create integrations for Okta, we learned that most integrations fall into one of three use cases:
Using a Web3 account or private key to log in: proving your ownership of a specific blockchain address or private key to an application. Users are given a password-free login experience with this, enabling them to control their own identity without relying on external parties like social login services.
Making a user’s Web3 wallet: provides the option to create and link a wallet (custodial or non-custodial) to an Okta user who has logged in with any Okta connection (social, enterprise, database, etc.). This strategy is comparable to various gaming platforms and centralised exchanges. They use it since there is no necessity that users have a wallet before signing up, preventing users from abandoning the process due to that restriction.
For app logic, use Web3 public constructs: Developers can use a user’s blockchain accounts in their applications once their accounts have been discovered. Displaying profile details, identifying a user’s NFT marketplace development service and restricting access to content depending on NFT ownership are examples of potential scenarios.