Basics
An introduction to Decentralized Identity
Last updated
An introduction to Decentralized Identity
Last updated
Decentralized identity is a system where individuals control and manage their own personal data through digital wallets. This approach enhances privacy, security, and user control by allowing people to share only the necessary information directly from their wallets, reducing the risk of data breaches and misuse.
Imagine this:
Normally, when you sign up for a website or app, you have to create an account by giving them your personal details, like your name, email, and maybe even more sensitive information. That company then stores your data on their servers. This system has a few problems:
You don’t fully control your information—the company does.
If the company gets hacked, your personal info could be stolen.
Each service you interact with maintains its own copy of your data, leading to redundancy and a lack of interoperability.
Now, here’s how decentralized identity works:
Instead of companies storing your personal data, you store it yourself in something called a "digital wallet." This wallet is like a secure app on your phone.
When a website or app needs your information, you can share just what’s necessary directly from your wallet, without giving them full control over your data. The information is automatically verified using advanced cryptography.
Here's an example in the Higher Education sector:
A. For Organizations
Increased Security: ID wallets use biometrics, strong encryption, and distributed storage for maximum security. Personal information is never stored in the blockchain.
Fraud Protection: Verifiable credentials are cryptographically secured to automatically verify data authenticity, ensuring they cannot be altered or forged. This ensures that only verified individuals can access your organization's services.
Enhanced User Experience: Users can enjoy passwordless access to online services by simply scanning a QR code with their ID Wallet to share their credentials. This reduces onboarding abandonment rates and increases user retention.
Operational Savings: Organizations can reduce operational expenses related to identity verification, compliance, and data storage, making the system more cost-effective.
B. For Users
One-Click Sharing: Users have instant access to digital and physical services with just one click, making it easier to share their credentials for identity verification and authentication.
Portability: Digital credentials enable individuals to securely store and carry their credentials on their phone app, allowing them to share their information anywhere at any time.
Global recognition: Verifiable credentials adhere to international standards, ensuring they are recognized and accepted globally.
Robust Protection: Verifiable credentials are fortified with cryptographic security so they can trust that their personal information remains secure.
Digital Credential
Digital credentials are, in simple terms, the electronic counterparts of physical documents. They provide information about a person or entity, such as qualifications, achievements, or other claims.
Verifiable Credential
Verifiable credentials are a type of digital credential designed to be highly secure and easily verified using advanced cryptography, and that guarantee privacy by enabling methods such as minimum disclosure.
Digital ID Wallet
A digital ID wallet is a secure app on your phone where you store verifiable credentials. Instead of carrying around physical cards, you can use this wallet to prove who you are or share specific information when needed. You’re in control of what you share protecting your personal information.
DIDs
Decentralized identifiers (DIDs) help users represent who they are in any context without referring back to centralized identity registries such as the government for identity attributes. More specifically, a DID is a globally unique identifier that:
does not require a centralized authority for their generation or registration;
is unique globally and for all contexts regardless of where they are to be used (as opposed to a username only used for the service in question).
Trust Framework
Trust Registries
Trust registries are like the "who's who" lists in a decentralized identity system. They help everyone in the ecosystem know which organizations can be trusted to issue or verify credentials.
These trust registries are typically stored on blockchain ledgers due to their enhanced traceability and immutability properties, and hence the trust they provide when multiple unknown/untrusted entities are in the ecosystem. However, it is important to note there is no technical limitation or constraint to storing these trust registries in alternative storage systems.
Verifiable Credentials
Schemas
Verifiable credentials schemas are like templates that define what information goes into a verifiable credential in a standardized form. For example, a schema for a digital diploma might include fields for the name, the degree earned, and the date of graduation.
Schemas ensure that everyone understands what the credential should contain and how the information is organized, making it easier to issue, share, and verify the credentials across different systems.
The decentralized identity sector is formed by a complex and dynamic ecosystem involving different stakeholders:
Issuers
These are trusted organizations, like government agencies and organizations, that provide verifiable credentials to users. For example, a university might issue a digital diploma to a graduate.
Users
These are individuals who own, store and manage their own digital identity credentials using a secure app called a digital wallet. They control their personal information and decide who can access it.
Verifiers
These are entities or organizations that need to validate the authenticity of the credentials users present. For instance, an employer might verify a job applicant’s qualifications by checking the digital diploma issued by the university.
1. Issuance
2. Presentation and Verification
When applying for her master’s program, Sarah can easily share her digital diploma and transcripts. She scans a QR code on the admissions office website through her ID wallet and shares the requested information with a single click.
3. Management
Sarah keeps her credentials in her ID wallet. She can view and manage them, including choosing when to share them and stopping a service from accessing them.
Legal Compliance: ID Wallets achieve legal compliance with data protection and eID regulations by giving users greater control over their data, including in Europe.
Data Control: Individuals have greater control over their data. They can choose what data to share and with whom, increasing data protection and reducing the risk of privacy breaches. They can also opt to , such as sharing just their name and last name without revealing their address when sharing a National ID.
This technology ensures that the credentials cannot be altered or forged and allows organizations to automatically verify their authenticity without relying solely on trust in the issuer. It's important to note that the term "Verifiable Credentials" adheres explicitly to the .
This framework is like a set of rules or guidelines that explain who can be trusted and how credentials should be handled. These frameworks are usually provided by reliable sources like government agencies, industry groups, or other recognized authorities ( is one example). Consulting about the validity of a specific credential implies knowing the trust framework it is anchored on.
After graduating, Sarah receives her digital diploma and transcripts directly in her ID wallet () from her undergraduate university. These credentials are cryptographically signed.
The admissions office then verifies the credentials' authenticity in real-time using a verification platform (), which checks the cryptographic signature to confirm the data’s authenticity and the issuer's legitimacy.
