Decentralized digital identity is an emerging digital identity model that is enabled by the development of the blockchain technology. The decentralized identity model is at the core of self-sovereign identity (SSI), which grants individuals full control of their own personal data. A decentralized identity platform for SSI consists of three essential components, namely an identity trust fabric, an identity wallet and an identity management system.
- Identity Trust Fabric (ITF) — a distributed ledger for immutably recording proofs of digital identity and managing cryptographic public keys. It enables a decentralized, common trust point without an intervening central authority.
- Identity Wallet — an application for generating, binding, maintaining and presenting digital identity of an individual user. It also provides an interface to a device’s local secure environment that stores and manages cryptographic keys. An identity wallet could be installed on a mobile device, a workstation or a cloud platform.
- Identity Management — a decentralized system for providing management, availability and protection of decentralized digital identity. This includes identity proofing and authentication for service providers and identity wallet recovery for individual users.
A decentralized identity platform facilitates interaction between three parties: an individual user (holder), a service provider (verifier) and a trusted third party (issuer). It provides the following core functionality:
- Registration — a user registers with a trusted third party through an identity proofing process.
- Issuance — the trusted third party approves the registration and issuer a verifiable credential to the user. A cryptographic proof of the verifiable credential will also be recorded in the ITF.
- Presentation — the user generates a verifiable presentation from the verifiable credential and presents it to the service provider.
- Verification — the service provide verifies the presentation by comparing it with its cryptographic proof in the ITF.
- Access — the service provider approves the presentation and grants the user access to its service
- Security — a traditional, centralized service provider keeps record of digital identity for verification and authentication of their users. This presents a single point of failure, which can be exploited by malicious hackers. A decentralized identity platform reduces this risk by enabling credential verification with the ITF.
- Privacy — an identity wallet allows users to control and manage their personally identifiable information (PII) on their personal devices. This help reduce the role of central repositories for PII storage.
- Interoperability — the ITF provides a common trust point and promotes collaboration between different organizations. An organization could seamlessly verify a credential from another organization through the ITF.
- Resilience — the decentralized and distributed nature of the blockchain technology provides great resilience against arbitrary system failure including power outages and malicious attacks.
- H. Farahmand, Blockchain: The Dawn of Decentralized Identity, Gartner Research (2018).
- J. Care and A. Khan, Market Guide for Identity Proofing and Corroboration, Gartner Research (2019).
New : 2020 Guidance for Decentralized Identity and Verifiable Claims Get the guide