DEV Community

Cover image for "Another identity L1?" — answered with standards, not whitepaper
Solidus Network
Solidus Network

Posted on

"Another identity L1?" — answered with standards, not whitepaper

#opensource #identity #blockchain #web3

The first question any informed observer asks Solidus is: another identity L1?

It is a fair question. There is a graveyard of self-sovereign identity projects from 2018-2022 — Sovrin, uPort, and others — that built credible architectures, attracted talented teams, and ran out of runway before adoption could fund operations. The skepticism toward yet another chain with the word "identity" in it is well-earned.

This is our answer.

We invent exactly one thing

Solidus composes from roughly 44 open standards and protocols. Some of them are obvious — W3C DID Core, W3C Verifiable Credentials Data Model 2.0, BBS+ signatures, SD-JWT VC, OpenID for Verifiable Credential Issuance (OID4VCI), OpenID for Verifiable Presentations (OID4VP), DIDComm v2, eIDAS 2.0, ISO mDL (mobile driver's license), NIST SP 800-63 identity assurance levels.

Some are less obvious — DID URL syntax (W3C), Status List 2021 for revocation (W3C), Verifiable Credential API (W3C), DID Method Registry process (W3C), the ISO 18013-5 mobile credential standard, the OpenID Federation framework. We adopt the standards as-published. We do not invent parallel implementations.

What we invent is exactly one thing: the chain that anchors the issuer trust and the revocation events that the rest of the stack has to verify against.

The reason we invent that one thing is that the existing options — anchoring on Ethereum, Polygon, or any general-purpose L1 — give identity operations the wrong gas economics, the wrong throughput profile, and the wrong validator incentive model. Verifying a credential is a signature check plus a revocation lookup. It is not contract execution. The EVM cost model is wrong for it by roughly two orders of magnitude.

So we build a purpose-built chain, with HotStuff BFT consensus optimized for finality (not throughput-maximalism), and we pay for it with the network's own economics. Everything above the chain layer — the credential format, the verification API, the selective disclosure cryptography — is the standard, as-shipped, integrated honestly.

What this means for "another identity L1?"

It means we are not in the same category as the SSI projects that failed.

Those projects, including the ones we admire most, made one of two structural mistakes. Either they built proprietary credential formats that diverged from W3C ahead of W3C reaching consensus (and then had to migrate later, losing years), or they built on Ethereum and lost to the gas-economics problem before they ever got to product-market fit.

We waited. The W3C Recommendation status for DID Core arrived in 2022. The VC Data Model 2.0 followed. BBS+ shipped at multiple production implementations before we depended on it. We are not gambling on the standards stabilizing; we are building after they stabilized.

And we are not building on a chain that prices us out. The cost of a credential verification on Solidus is on the order of fractions of a cent. On Ethereum mainnet, it would be measured in dollars. Identity operations at internet scale require the dimensions of throughput and cost that a purpose-built chain provides.

What "standards-native" means in practice

It means our SDK uses W3C VC Data Model 2.0 as the on-the-wire format, not a proprietary variant. If you implement a Solidus verifier and later need to verify a credential issued by a different W3C-compliant issuer, the cryptographic verification path is the same.

It means our DID method, did:solidus, conforms to W3C DID Core. We have submitted it to the W3C DID Method Registry as PR #713. It is under review, not merged; the registry process takes months, and we describe the status honestly at every stage.

It means we ship BBS+ as the production selective disclosure scheme. We ship SD-JWT VC for environments that prefer JWS-based credentials. We do not ship a proprietary ZK scheme that no one can audit.

It means our chain client uses OpenID Federation patterns for verifier-issuer trust establishment, which is what the EU eIDAS 2.0 framework will require by late 2026.

The opposite of standards-native is NIH — Not Invented Here, building your own version of every standard component. NIH lets you ship faster in the short run. It also locks you into a single-vendor ecosystem where no third party can verify your credentials, no other issuer can interop with you, and no acquisition path other than full takeover exists.

We are not building for that exit. We are building for the layer position.

Why this matters to a skeptic

If you are evaluating Solidus from the perspective of "another identity L1, why should I care?", the answer is in two parts.

First, the question of whether identity converges on an open layer or fragments forever into proprietary silos is already decided. eIDAS 2.0 mandates the wallet architecture. The agent stack consolidates around credential-aware payments. The W3C standards reach Recommendation status. Some chain will anchor this. The question is which.

Second, the chain that anchors it has to be honest about what it invents and what it composes. A protocol that claims to invent twenty new things at the identity layer is either lying or doomed. We claim one invention: the chain. Everything else is the standard.

If that resonates, look at the SDK. If it does not, the answer is in the public W3C DID Method Registry: PR #713.

solidus.network

Top comments (0)