What is decentralized identity?
Decentralized identity is an approach to identify and authenticate users and entities without a centralized authority.
Identity management uses attributes such as name, birth date, Social Security number or email address to verify a person or entity to interact and transact with an online service. A digital identity is an online persona and representation of a person acting online.
With centralized identity systems, identity management is often siloed by a single authority where user identity is stored and authenticated. Centralized identity can be controlled and created by a government entity. For example, a state's department of motor vehicles controls a person's driver's license identification. Centralized identity may be as basic as a username and password created on an online service.
In contrast, decentralized identity lets users and organizations manage and control their identity in a distributed approach. Rather than relying on a siloed identity provider, the decentralized model relies on a Web 3.0 approach, using distributed ledger technology (DLT), including blockchain, and storing information in a digital wallet.
Decentralized identity should not be confused with federated identity or single sign-on approaches to identity and access management. With those approaches, a centralized identity service enables a user identity to be shared across multiple applications in different locations. The decentralized identity does enable the single user identity to be accessed by different sites and services to authenticate an identity stored in a digital wallet.
How does decentralized identity work?
Like all Web 3.0 technologies, decentralized identity has blockchain DLT at its foundation.
Decentralized identity systems rely on public key infrastructure (PKI) cryptography to secure and manage identity. With PKI, there is a public key and a private key to encrypt data. All transactions in the blockchain are immutable so they cannot be tampered with and are distributed to all nodes in the distributed ledger.
With blockchain, there is an entry that represents a user identity. That is where the concept of decentralized identifiers (DIDs) comes into play. With all forms of identity, there is a need for identifiers -- pieces of information about a given entity, such as a name or date of birth. Decentralized identifiers are different, as they are not issued by a central authority. Decentralized identifiers are controlled by individuals.
There are several emerging approaches for defining and developing decentralized identifiers. Among the most prominent is the DID core specification from the World Wide Web Consortium (W3C). Each DID is converted into cryptographic data to manage.
The DID is a three-part text string:
- Uniform Resource Identifier (URI) scheme.
- Method identifier.
- DID method-specific identifier.
Here is an example of a DID using the W3C method for "DID:example:123456789abcdefghi:"
- URI scheme: DID.
- Method: example.
- Method-specific identifier: 123456789abcdefghi.
The Decentralized Identity Foundation is also active in the space working on a set of identifiers and discovery mechanisms for decentralized identity.
Verifiable credentials complement DIDs in a decentralized identity model enabling a degree of integrity and additional authenticity for identity elements. W3C is actively working to help specify standards, with the Verifiable Credentials Data Model specification.
Verifiable credentials are a form of attestation, which is information or data that affirms the validity of an assertion about a given statement, such as a certain identity belonging to a specific user. A verifiable credential can be associated as an attestation for a digital identifier as part of a user's decentralized identity.
Backed by verifiable credentials and cryptographically secured on the blockchain, a user can create and manage a decentralized identity. The identity stored on the blockchain can then be provided to organizations and other users to verify. The decentralized identity is verified by finding the public key on the blockchain where the decentralized identifier information is located.
Why is decentralized identity important?
Identity is the cornerstone of the modern digital economy as it enables users to interact with organizations, governments and online services.
The critical importance of identity has also made it a target for criminals, with identity theft being a growing problem that negatively affects the lives of individuals. Centralized identity relies on personally identifiable information (PII) that, when lost or stolen in a data breach, can enable identity theft.
Decentralized identity can potentially be more resistant to identity theft attempts. It offers a highly resilient approach because of the distributed nature of blockchain.
Decentralized identity vs. self-sovereign identity
The idea of a decentralized identity is an emerging concept.
Self-sovereign identity (SSI) is another concept that is similar to decentralized identity. Even though they are used interchangeably, SSI and decentralized identity are not the same.
SSI is a form of identity management where the user identity is not stored in a centralized location by a provider. In the SSI approach, users store identity information on their own devices instead of an external network. The SSI approach can potentially make use of decentralized identifiers, as well as verifiable credentials.
In contrast, decentralized identity doesn't have to be entirely self-sovereign. The entire identity isn't completely managed or under the direct control of individual users. In the decentralized identity approach, the actual user identity is stored across a distributed ledger instead of the user's own system.
Benefits of decentralized identity
There are many benefits to adopting a decentralized identity approach that affects developers, individuals and organizations. Primary benefits include the following:
- User-focused application development. Decentralized identity can help developers build applications that don't rely on insecure passwords to verify users.
- Improved privacy. PII can be minimized and secured.
- Improved data security. Blockchain relies on PKI and provides an immutable ledger for identifiers.
- Tamper-proof. Blockchain provides an immutable ledger that is tamper-resistant.
- Identity control. Users have more individual control over their own identity information and how it is used.
- Fast identity lookups. Decentralized identity offers the promise of fast checks for organizations to validate an identity.
- Removes single point of failure. In a centralized approach, there can be a single point of failure, which is removed in the highly distributed decentralized model.
- Identity portability. Identity isn't tethered to a single provider and is more portable.
- Reduces certificate fraud risk. Centralized systems often rely on digital certificates for cryptography issued by certificate authorities that can potentially be misused or altered.
Challenges of decentralized identity
While there are many benefits to decentralized identity, there are also challenges that impact usage and wider deployment. Key challenges include the following:
- Complexity. Decentralized identity is potentially more complex for both users and organizations to implement than traditional forms of centralized identity.
- Interoperability. Different decentralized identity systems may not interoperate with each other or with other non-Web3 technologies.
- Regulatory compliance. It is not clear how decentralized identity fits into various regulatory compliance requirements for government or industry use cases.
- User adoption. Adoption of a decentralized identity is lower than centralized identity, so there are fewer users.
- Security. Users must keep their private encryption key secure.
- Governance. Decentralized identity systems generally rely on community-driven governance models to manage updates and changes, which can lead to standardization and accountability challenges.
Decentralized identity use cases
There are several uses for decentralized identity in scenarios where there is a need to securely identify an individual or entity:
- Online authentication. Identity is critical to being able to authenticate and gain access to online services.
- Decentralized social media. A decentralized identity could help access a decentralized social media service, such as Mastodon and Steemit, built on a blockchain.
- Supply chain management. Identity is not only being able to identify humans, but also products. A decentralized identity system could be useful for identifying items in a supply chain.
- Voting and online communities. In Web 3.0 communities, a decentralized autonomous organization manages activities and coordinates voting.