Why We Issue Identity Tokens

“We learn who we are in practice, not in theory.”

David Epstein, Range: Why Generalists Triumph in a Specialized World

I love when different spaces come together. There are so many opportunities to challenge assumptions, learn from each other, and find common ground. And if you happen to be sitting right in the middle at the time, suddenly you have the opportunity to unify and bridge seemingly unbridgeable gaps.

It’s been a busy month for decentralized identity. Led by Vitalik Buterin, the Web3 community joined the party with a proposal on Soulbound Tokens (SBTs), culminating in an excellent debate on Bankless between Vitalik and Evin McMullen from, about the risks and rewards of the “public by default” identity tokens over the “private by default” Verifiable Credential (VC) standard recommended by the W3C and DIF.

Meanwhile, TBD and Jack Dorsey published their equally tongue-in-cheekily-named Web5 proposal, essentially coming down firmly in the VC camp, stating that nothing should be put on chain, and if it should, then it should be on bitcoin (because who needs smart contracts anyway)?

We at Civic find ourselves sitting in the middle of a debate that we are extremely familiar with. We’ve been negotiating this dichotomy since our inception. In 2017 we published Chainauth, a mechanism for anchoring verifiable credentials on Bitcoin, and in 2021 we released Civic Pass, a multi-chain token protocol, in conjunction with

I, for one, feel like a Berlin resident in 1990 tapping away at the Berlin Wall as others on each side pick up pick-axes around me, suddenly realising that a wall that shouldn’t exist anyway can, in fact, be toppled.

Why, if we had Chainauth, based on verifiable credentials, did we release Civic Pass, a token protocol very similar to SBTs? Why do we, at Civic, think that, all in all, SBTs are a good thing? After all, we share the privacy concerns of SBTs that were eloquently enumerated by Evin McMullen. Alongside the benefits of shared state for revocability and “negative reputation” listed by Vitalik, the main driver for us is flexible and uncomplicated integration into smart contracts, be they DeFi, DAOs, NFT mints, or others. Essentially we believe that there is benefit for an individual in circumspectly registering aspects of their identity on-chain.

There are right ways and wrong ways to achieve this (and watch this space for an upcoming post about the four pillars of identity-based tokens), but what Civic is doing is building the bridge between SBTs and VCs. Civic strongly believes that the future of decentralized, reusable identity is verifiable credentials. We issue VCs behind the scenes. We have an identity wallet that allows users to store and present those credentials, and we are building a web portal to replace it (keep an eye on However, smart contracts never see them, because we allow users to “tokenize” them on whatever chain they are using. In this way, an SBT is really more of a decentralized access-control layer, which is why we decided to call it Civic Pass. Combining these two concepts, off-chain verifiable credentials and on-chain passes, is immensely powerful, allowing seamless integration with on-chain projects, an identity that is portable across multiple chains, while still allowing users to provide their credentials off-chain to organizations that need them for regulatory, or other, purposes.

Vitalik opened the debate with Evin by stating that the two sides have more they agree with than they disagree with, and we at Civic certainly agree with that. We have been operating in both worlds for several years now, and have lived the debate internally several times. Essentially it comes down to figuring out a common language, so that the Decentralized Identity world can integrate into Web3, their biggest ally to wide-scale adoption, and the Web3 world can truly kick-off with a robust, secure and self-sovereign identity model.


Get the latest updates from civic

Receive the latest news from civic

Learn how we collect your information by visiting our Privacy Policy.