Login With IOTA is Here
The full article was originally published by the IOTA Foundation on blog.iota.org. Read the full article here.
IOTA and walt.id Deliver Login Solution for Web2 and Web3
Identity and Access Management (IAM) has been a pivotal topic on the internet for the last couple of decades, enabling users to be on-boarded in systems ranging from e-commerce to social media and e-governance. Traditionally, IAM has had to navigate tradeoffs between security, centralization and privacy, often favoring centralization at the expense of privacy and, to a degree, security. For example, they have been known to create massive centralized user databases that are misused for advertisement targeting, present an attractive target for hackers and create a huge liability in case of accidental data leaks.
The emergence of a decentralized internet, often called “Web3”, has brought with it new IAM patterns centered around cryptographic keys used to manage crypto assets, which puts the user in control but largely falls short on capabilities like ease-of-use when compared to previous solutions.
At the beginning of last year, and following a Proof of Concept developed by Daniel Mader, the IOTA Foundation set out to find an IAM solution that improves on current versions while not compromising on privacy and security. At the heart of the new solution – which we call Login With IOTA – is SSI.
What is SSI?
Self-Sovereign Identity (SSI) is a concept that has been explored by the IOTA Foundation for the last five years. SSI allows people to control what information about themselves is shared with whom, while verifiers can be confident that they receive authentic and trustworthy information.
Recently, SSI has been getting increasing traction in governmental projects in the EU (such as EBSI and eIDAS) and beyond and has the potential to become the de-facto standard for exchanging identity information and credentials. (If you want to learn more about IOTA's work on digital identity, our wiki is a great place to start. The IOTA Identity library also recently received a complete overhaul for the upcoming Stardust upgrade of the protocol, offering exciting new capabilities).
For the IOTA Foundation, it was clear that incorporating SSI in IAM would solve the problem of private data becoming vulnerable by being kept in centralized silos. To create a complete and production-ready SSI-based IAM solution for the current internet (or Web2) and Web3, the IOTA Foundation issued a Request for Proposals in March 2022, which generated some amazingly creative and well-thought-out project plans and technical designs. The Login With IOTA project was ultimately awarded to walt.id and launched in June 2022. A complete summary of the project’s goals and design can be found in the accompanying blog post.
Since then, walt.id has been busy implementing and continuously improving on the initial ideas and recently delivered the full project scope. The next section gives an overview of what can be achieved with Login With IOTA and how you can integrate it into your projects today.
What Login With IOTA can do for you
Web2: To bridge SSI into Web2, walt.id developed the IDP Kit, an OpenID Connect-compliant identity provider that lets you extend existing legacy authentication and Customer Identity and Access Management solutions (such as Keycloak) with the ability to verify and process Verifiable Credentials.
Whenever a user wants to use identity credentials like Verifiable Credentials or NFTs to sign into a service (e.g. when prompted by a “connect wallet” button), existing IAM tools forward the user to the IDP Kit, which connects with the user’s wallet and requests credentials (SSI) or fetches NFT and metadata, both of which are then verified against customizable policies. The verification result is sent back to the IDP Kit and translated into a format (e.g. JSON Web token) that can be used by traditional IAM tools.
Web3: In Web3 and other decentralized applications, intermediaries (including the IDP Kit) are unnecessary. Instead, a direct connection between users and the app is established through the Self-Issued OpenID Connect Protocol (SIOP). Walt.id provides an implementation in its Wallet Kit and the SSI Kit that can be used to build SIOP-enabled applications. Because SIOP is an open standard, any implementation adhering to it will work, creating a highly interoperable and permissionless ecosystem.
In summary, the release of the IDP Kit and the integration of the IOTA Identity Framework into the walt.id stack allows developers to easily access functions through APIs and SDKs, including creating and registering a DID on the IOTA network and issuing and verifying Verifiable Credentials backed by IOTA Identity. This enables seamless integration of Login With IOTA into any Web3 or Web2 app, as well as other use cases that require DIDs or Verifiable Credentials, such as:
- Issuing Verifiable Credentials to your users for access management.
- Verifying Verifiable Credentials from users flexibly against dynamic policies, e.g. to verify attestations by third parties.
- Building identity wallets to store and manage Verifiable Credentials.
In short, Login With IOTA provides everything you need to build end-to-end solutions with Self-Sovereign Identity in the IOTA ecosystem and beyond.
If you’re interested in learning how the building blocks fit together on a technical level, check the walt.id documentation on the IOTA integration to learn how the IOTA Identity Framework was integrated with walt.id.
How to get started with Login With IOTA
Depending on your preferences, we recommend either starting hands-on with a tutorial or diving into the functionalities and the overall architecture.
- 3-minute demo – Showcasing Login With IOTA in a Web3 app.
- Tutorial – Set up a full project utilizing Login With IOTA.
- Documentation – Learn more about the IDP Kit to enable Login With IOTA in any Web2 app by extending your OpenID Connect-based authentication solution with SSI capabilities.
The complete Login With IOTA solution offers a best-in-class Identity and Access Management tool for both today’s Web2 and tomorrow’s decentralized Web3. It allows apps to utilize Self-Sovereign Identity to onboard users, meaning that there no longer needs to be a compromise on privacy and security when it comes to scalable and user-friendly Identity and Access Management.
walt.id offers open-source identity, NFT, and wallet infrastructure for developers and enterprises.
The company’s products are used by thousands of developers, governments, public authorities, enterprises, and decentralized autonomous organizations to build applications and use cases across industries fast and without much complexity.
What is Login With IOTA?
Login With IOTA is a login system that enables websites and apps to onboard users while respecting the user’s privacy, reducing friction, and offering enhanced security. Login With IOTA is based on IOTA Identity, a framework for decentralized or Self-Sovereign Identities (SSI). Login With IOTA is interoperable with existing standards like OpenID Connect, which is used by over 50,000 websites with more than one billion accounts.
What new benefits does Login With IOTA provide?
Current login solutions were designed to improve user experience but sacrificed user privacy (for example, by being consolidated around a handful of providers, whose commercialization of data can be detrimental to user privacy) and security (centralized identity data is a popular target for hackers). By using the IOTA Identity Framework, Login With IOTA enables users to choose which information they reveal and enter it only once in their SSI wallet, providing a smoother user experience that does not compromise security and is an ideal solution for the decentralized Web3.
What use cases can benefit from Login With IOTA?
In principle, any existing application in any domain already using or wanting to adopt OpenID Connect for Identity and Access Management can benefit from the solution by allowing their users to govern their data in a self-sovereign manner. Additionally, applications looking to embrace decentralized user management through Self-Issued Open ID Connect can benefit, as they can onboard users while avoiding intermediaries and respecting their users’ privacy and autonomy.