Decentralized identity, often used interchangeably with “self-sovereign identity” (SSI), is gaining ground as an alternative to today’s centralized and federated infrastructures. In short, it allows individuals to manage their own identities. In a decentralized framework, the user receives credentials from a number of issuers (e.g., government, education, employer) and stores them in a digital wallet. The user presents those credentials to the relevant issuing authority, who then verifies their identity through a blockchain-based ledger that does not store the user’s data. That’s what decentralized identity is, so why do we need it?
For many, today’s personal identity model (how businesses create identities based on the information they gather from their users) doesn’t always work in their favour. Organizations need to collect sensitive and personal data from their users to authenticate their identities—but as long as companies continue to experience data breaches or mishandle information, this is not a model that represents their users’ best interests.
Most of us have a fragmented identity experience online, authenticating separately with a sprawl of service providers; but some are openly disenfranchised. Around 1 billion people worldwide are unable to claim physical or digital ownership of their identity, leaving them unable to actively participate in public services and society's most basic technical advances.
While still in its nascent stages, the decentralized approach to identity promises to give users much more independence, enhance privacy, and inspire digital transformation across organizations. In this post, we’ll explore how decentralized identity works in detail, who benefits from it, and where things stand with its development.
As an emerging field within identity and access management (IAM), decentralized identity has its own set of particular terms that help define the roles and interactions within this model.
- Credentials: Information that distinguishes each subject.
- Holder/Wallet: A software repository that manages credentials on behalf of a subject and protects their privacy.
- Issuer: A party that issues access credentials, similar to an identity or OpenID provider.
- Subject: The user or individual who authenticates their identity.
- Verifier: The party or service provider that verifies the validity of a credential. The verifier issues a presentation request to the wallet, which, after gathering user consent, presents the credential to the verifier.
Like with any IAM structure, these components come together to securely facilitate access to critical information while helping to verify a user’s identity.