Decentralized identity

Understanding decentralized identity is perhaps best done in contrast to traditional or centralized identity systems. In a centralized identity system, the individual has no control over who has access to their PII, which is required to use online services, open a bank account, vote in elections, buy property, and secure employment. Each of those requires the individual to prove their identity, and these systems store the identity and the PII, meaning the individual has to be concerned about the protection these services and companies take to ensure that PII is not accessed by unauthorized users. Centralized systems, in a traditional identity system, are also responsible for the issuance and control of an individual's identity.

In a decentralized identity system, the reliance on centralized third parties is removed, and an individual holds and controls their own identifiers and attestations. The individual is then able to manage all of their identity-related information, create identifiers, and hold attestations without relying on central authorities like service providers or governments. The individual is then is given the abilityoption to provide or not give consent to share their identity with third parties, such as presenting proof of their identity without revealing particulars or proving the individual is above eighteen without offering their actual date of birth. Further, in digital spaces, users are able to collect the data and marketing information about themselves in their decentralized identity, including their browsing or purchasing history, and only share that information when they choose to. In this case, decentralized identity could lead individuals to monetize their own data.

An identity, regardless of centralization or decentralization, works the same. But in a decentralized identity system, the identifiers are also decentralized. These decentralized identifiers (DIDs) are different than the centrally issued identifiers because they are not issued, managed, or controlled by a central entity. Decentralized identifiers, instead, are issued, held, and controlled by individuals. These DIDs are stored on distributed ledgers (blockchains) or peer-to-peer networks, which makes them unique and resolvable with high availability and being cryptographically verifiable. The key enabling technologies for DIDs are public-key infrastructure and decentralized datastores.

One concern with storing attestations on-chain is these attestations may include private or identifiable information, including information an individual may otherwise wish to keep private. The public nature of blockchains makes it unattractive to store such attestations. Often, the solution includes issuing attestations, held by users off-chain in digital wallets, but are signed with the issuer's DID stored on-chain. These attestations can be encoded as JSON Web Tokens with the issuer's digital signatures to allow for easy verification of off-chain claims.

Decentralized identity is an approach to identity management whichthat uses blockchain technology to allow individuals to control their digital identity. This approach to identity is intended to allow individuals to maintain control of their digital identity and keep their personally identifiable information (PII) in the individualsindividual's handhands. This reduces the risks associated with centralized identity, and reducereduces the risk organizations take, making audits easier and allowing organizations to check an individualsindividual's credentials through a click. A decentralized identity approach allows people, organizations, and things to interact securely and transparently without sharing sensitive information, and givinggives people control over their identity and credentials.

Especially in digital spaces, where more of people's private and work lives have moved to, decentralized identity allows an individual to keep control over that digital identity. This means an individual could use a connected identity wallet for signing in to various websites, rather than having several profiles and passwords to remember;. theThe identity wallet would offer these websites the necessary cryptographic credentials to prove the identity without sharing or requiring the websites to store PII; and. inIn the case of payments, a decentralized identity wallet can handle payments without sharing sensitive payment information.

Understanding decentralized identity is perhaps best done in contrast to traditional or centralized identity systems. In a centralized identity system, the individual has limited to no control over who has access to their PII, which is required to use online services, open a bank account, votingvote in elections, buyingbuy property, and securingsecure employment. Each requires the individual to prove their identity, and these systems store the identity and the PII, meaning the individual has to be concerned about the protection these services and companies take to ensure that PII is not accessed by unauthorized users. Centralized systems, in a traditional identity system, isare also responsible for the issuance and control of an individual's identity.

In a decentralized identity system, the reliance on centralized third parties is removed, and an individual holds and controls their own identifiers and attestations. The individual is then able to manage all of their identity-related information, create identifiers, and hold attestations without relying on central authorities like service providers or governments. The individual then is given the ability to provide, or not, give consent to share their identity with third parties, such as presenting a proof of their identity without revealing particulars, or proving the individual is above 18eighteen without offering their actual date of birth. Further, in digital spaces, users are able to collect the data and marketing information about themselves in thiertheir decentralized identity, including their browsing or purchasing history, and only share that information when they chosechoose to. In this case, decentralized identity could lead to individuals to monetize their own data.

It is perhaps important to identify what an identity is an identity. Identity seems obvious, as we deal with it in some ways almost every day,. itIt signifies an individual's sense of self as defined by characteristics, or, an identity refers to being an individual, although identity can also refer to some non-human entities.

An identity, however, has to be established for third parties through identitiersidentifiers. Identifiers are any piece of information whichthat can act as an attestation of a particular identity. Common identifiers include an individual's name, social security or tax ID number, a mobile number, date and place of birth, orand digital identification credentials. Traditional examples of identifiers are issued, held, and controlled by central entities; and those central entities, such as a government, have to give the individual permission to change the information about their identity, such as changing an individual's name or changing an individual's handle on a social media platform.

Part of this requires attestations, which are claims made by one entity about another. For example, many countries issue a driver's license, which attests the individual is legally allowed to drive a car. An attestation is different from an identifier, as an attestation works to reference a particular entity and make a claim about an attribute related to the identity; in this case, the driver's license has identifiers, but it is also the attestation about a legal right to drive, and in this way also works to prove the individual's identity.

An identity, regardless of centralization or decentralization, works the same. But in a decentralized identity system, the identifiers are also decentralized. CalledThese decentralized identifiers (DIDs) are different than the centrally issued identifiers in thatbecause they are not issued, managed, or controlled by ana central entity. Decentralized identifiers, instead, are issued, held, and controlled by individuals. These DIDs are stored on distributed ledgers (blockchains) or peer-to-peer networks, which makemakes them unique and resolvable with high availability and being cryptographically verifiable. TheyThe key enabling technologies for DIDs are public-key infrastructure and decentralized datastores.

Public-key infrastructure (PKI) is an information security measure that generates a public key and a private key for an entity. Public-key cryptography is already in use in blockchain networks to authenticate user identities and ownership of digital assets. The public key identifies the account's controller, while private keys can sign and decyrptdecrypt messages for an account, and PKI's can provide necessary proofs for entity authentication and prevent impersonation of fake identities, using cryptographic signatures to verify claims.

A blockchain can serve as a verifiable data registry as an open, trustless, and decentralized repository of information. The existence of the public blockchain essentially works to eliminate the need to store identifiers in centralized registers, as anyone hwowho needs to confirm the validity of a decentralized identifier can look up the associated public key on the blockchain, rather than traditional third parties for the authentication of identifiers.

There are various approaches to developing deecentralizeddecentralized attestations, which are similar to the attestations used in a traditional identity management system, with various approaches to issues, storing, and verifying attestations in decentralized identity systems. These include the following:

One concern with storing attestations on-chain is these attestations may include private or identifiable information, orincluding information an individual may otherwise wish to keep private. The public nature of blockchains makemakes it unattractive to store such attestations. Often, the solution includes issuing attestations, held by users off-chain in digital wallets, but signed with the issuer's DID stored on-chain. These attestations can be encoded as JSON Web Tokens with the issuer's digital signatures, to allow for easy verification of off-chain claims.

This arrangement transforms attestations into JSON files whichthat are stored off-chain, with most ideal scenarios including decentralized cloud storage platforms, but with a hash of the JSON file stored on-chain and linked to a DID through an on-chain registry. The associated DID could be that of the issuer of the attestation or the recipient. But, eitherEither way, this approach enables attestations to gain persistence through the blockchain while keeping claims information encrypted and verifiable, also allowing for selective disclosure.

As their name implies, on-chain attestations are held in smart contracts on the blockchain. The smart contract maps the attestation to its corresponding on-chain decentralized identifier, or public key. This allows verifications, or background checks, to occur faster than they currently do. And, inIn some cases, they can be used to screen individuals based on whether they are permitted to engage in an activity or not.

Soulbound tokens, or non-trasnferablenon-transferable NFTs, can also be used to collect information unique to a wallet, and create a unique on-chain identity bound to the particular wallet adressaddress. This could include tokens representing activity or, achievements, or community participation, and can be used as attestations for an individualsindividual's identity.

Behind decentralized identity (DID) is the idea that identity-related information should be self-controlled, private, and portable. This is built on decentralized identifiers and attestations, which offer tamper-proof, cryptographically verifiable claims made by the issuer, and every attestation or verificableverifiable credientialcredential issued can then be associated with the DID. And, sinceSince DIDs are stored on the blockchain, anyone can verify the validity of an attestation, allowing the blockchain to act like a global directory to enable the verification of DIDs of a given entity. Decentralized identifiers are self-controlled and verifiable, and even in the case wherein which an issuer does not exist, the holder still has the proof of the attestation's provenance and validity. Decentralized identifiers are also crucial to protecting the privacy of personal information, as the verifying party need not view a proof of an attestation, but only the cryptographic guarantees of the attestation's authenticity and the identity of the issuing organization to determine the proof's validity.

Self-sovereign identity is another important concept in decentralized identity. The notion of self-sovereign identity (SSI) refers to the use of distributed databases to manage personally identifiable infromationinformation (PII). Instead of having a set of identities across multiple platforms or a single identity managed by a third party, SSI users have a digital wallet in which credentials are stored and accessed through reliable applications.

Experts distinguish between components known often as the three pillars of SSI: blockchain, verifiable credentials, and decentralized identiifers. Blockchain offers a decentralized database which makes it difficult or impossible to change, hack, or cheat. The verifiable credentials which are built to be tamper-proof and cryptographically-secured that implement SSI and protect users' data. These are capable of represening information found in paper or traditional credentials, such as passports or licenses, and capable of representing digital credentials without physical equivalents. And decentralized identifiers enable users to have a cryptographically verifiable and decentralized digital identity. These are created by the owner and owned by the user and independent of any organization. SSI creates part of the identity architecture which developed decentralized identities.

Experts distinguish between components known as the three pillars of SSI: blockchain, verifiable credentials, and decentralized identifiers. Blockchain offers a decentralized database, which makes it difficult or impossible to change, hack, or cheat. The verifiable credentials are built to be tamper-proof and cryptographically-secured and implement SSI and protect users' data. These are capable of representing information found in paper or traditional credentials, such as passports or licenses, and are able to represent digital credentials without physical equivalents. And decentralized identifiers enable users to have a cryptographically verifiable and decentralized digital identity. These are created by the owner and owned by the user and are independent of any organization. SSI creates part of the identity architecture that developed decentralized identities.

Decentralized identity is based on the use of decentralized, encrypted, blockchain-based wallets. These decentralized identity wallets allow users to create their decentralized identifiers, store PII, and manage verifiable credentials instead of keeping identity information on numerous websites through intermediaries. Each identity wallet is encrypted, replacing passwords with non-phishiblenon-phishable cryptographic keys that do not represent a single weakness in the case of a breach. The decentralized wallet generates a pair of cryptographic keys, public and private. The public key distinguishes a wallet, while the private one, stored in the wallet, is used during tehthe authentictionauthentication process.

These wallets, which can be used to transparently authenticate an individual, also work to protect users' communications and data. These wallets allow users to give or revoke access to identity information in order to establish trust, prove eligibility, or otherwise complete a transaction. And, as the wallet presents a single source, it makes revoking or giving access faster and easier. Any information in the wallet tends to be, as noted above, verified or signed by multiple trusted parties to prove its accuracy.

There are various pros or benefits of decentralized identity. It can be trustworthy asbecause it uses a consensus approach to prove data authenticity, and each block contains the changes in the case someone attempts to or successfully tampers the data. In this way, it provides data integrity as the blockchain data storage mechanism is built to be immutable and permanent and therefore not capable of being modified or delteddeleted. A DID offers security, as the blockchain features data in a highly encrypted fashion, capable of catering to digital signatures, consensus algorithms, and cryptographic has functions to protect those identities from breaches and thefts. A DID system offers privacy as each identifier is pseudo-anonymous, which can increase the privacy. And it is simple, with individuals or identity owners able to store and manage their identities in an identity wallet, and verifiers are able to efficiently onboard users and conduct the information verification process.

As for cons, orDID drawbacks of DID, one of the most common, (and forto some, the only,) drawback to this type of identity verification is adoption. As governments and organizations attempt to figure out how to deploy decentralized identity at scale - ifscale—if they even want to, as many governments and organizations prefer to control the issuance of identification and identity data - manydata—many individuals also have not heard of, let alone understand, the difference between decentralized identity and centralized identity. Overcoming legacy systems, legacy interests, and regulations, while creating interoperable global standards and governance remain important concerns. Especially as one country whichthat uses and accepts DIDs may find these types of identities not accepted in other countries. Another issue is the data fragility, as identity data can be duplicated, confused, and inaccurate regardless of the identity management system, and centralizing or decentralizing the identity management system does not necessarily solve those issues.

Decentralized identity is an approach to identity management which uses blockchain technology to allow individuals to control their digital identity. This approach to identity is intended to allow individuals to maintain control of their digital identity and keep their personally identifiable information (PII) in the individuals hand. This reduces the risks associated with centralized identity, and reduce the risk organizations take, making audits easier and allowing organizations to check an individuals credentials through a click. A decentralized identity approach allows people, organizations, and things to interact securely and transparently without sharing sensitive information, and giving people control over their identity and credentials.

Especially in digital spaces, where more of people's private and work lives have moved to, decentralized identity allows an individual to keep control over that digital identity. This means an individual could use a connected identity wallet for signing in to various websites, rather than having several profiles and passwords to remember; the identity wallet would offer these websites the necessary cryptographic credentials to prove the identity without sharing or requiring the websites to store PII; and in the case of payments, a decentralized identity wallet can handle payments without sharing sensitive payment information.

Understanding decentralized identity is perhaps best done in contrast to traditional or centralized identity systems. In a centralized identity system, the individual has limited to no control over who has access to their PII, which is required to use online services, open a bank account, voting in elections, buying property, and securing employment. Each requires the individual to prove their identity, and these systems store the identity and the PII, meaning the individual has to be concerned about the protection these services and companies take to ensure that PII is not accessed by unauthorized users. Centralized systems in a traditional identity system is also responsible for the issuance and control of an individual's identity.

In a decentralized identity system, the reliance on centralized third parties is removed, and an individual holds and controls their own identifiers and attestations. The individual is then able to manage all of their identity-related information, create identifiers, and hold attestations without relying on central authorities like service providers or governments. The individual then is given the ability to provide, or not, consent to share their identity with third parties, such as presenting a proof of their identity without revealing particulars, or proving the individual is above 18 without offering their actual date of birth. Further, in digital spaces, users are able to collect the data and marketing information about themselves in thier decentralized identity, including their browsing or purchasing history, and only share that information when they chose to. In this case, decentralized identity could lead to individuals to monetize their own data.

It is perhaps important to identify what is an identity. Identity seems obvious, as we deal with it in some ways almost every day, it signifies an individual's sense of self as defined by characteristics, or, an identity refers to being an individual, although identity can also refer to some non-human entities.

An identity, however, has to be established for third parties through identitiers. Identifiers are any piece of information which can act as an attestation of a particular identity. Common identifiers include an individual's name, social security or tax ID number, a mobile number, date and place of birth, or digital identification credentials. Traditional examples of identifiers are issued, held, and controlled by central entities; and those central entities, such as a government, have to give the individual permission to change the information about their identity, such as changing an individual's name or changing an individual's handle on a social media platform.

Part of this requires attestations, which are claims made by one entity about another. For example, many countries issue a driver's license which attests the individual is legally allowed to drive a car. An attestation is different from an identifier, as an attestation works to reference a particular entity and make a claim about an attribute related to the identity; in this case, the driver's license has identifiers but is also the attestation about a legal right to drive, and in this way also works to prove the individual's identity.

An identity, regardless of centralization or decentralization, works the same. But in a decentralized identity system, the identifiers are also decentralized. Called decentralized identifiers (DIDs) are different than the centrally issued identifiers in that they are not issued, managed, or controlled by an central entity. Decentralized identifiers, instead, are issued, held, and controlled by individuals. These DIDs are stored on distributed ledgers (blockchains) or peer-to-peer networks, which make them unique and resolvable with high availability and cryptographically verifiable. They key enabling technologies for DIDs are public-key infrastructure and decentralized datastores.

Public-key infrastructure (PKI) is an information security measure that generates a public key and private key for an entity. Public-key cryptography is already in use in blockchain networks to authenticate user identities and ownership of digital assets. The public key identifies the account's controller, while private keys can sign and decyrpt messages for an account, and PKI's can provide necessary proofs for entity authentication and prevent impersonation of fake identities, using cryptographic signatures to verify claims.

A blockchain can serve as a verifiable data registry as an open, trustless, and decentralized repository of information. The existence of the public blockchain essentially works to eliminate the need to store identifiers in centralized registers as anyone hwo needs to confirm the validity of a decentralized identifier can look up the associated public key on the blockchain, rather than traditional third parties for the authentication of identifiers.

There are various approaches to developing deecentralized attestations, which are similar to the attestations used in a traditional identity management system, with various approaches to issues, storing, and verifying attestations in decentralized identity systems. These include:

One concern with storing attestations on-chain is these attestations may include private or identifiable information, or information an individual may otherwise wish to keep private. The public nature of blockchains make it unattractive to store such attestations. Often, the solution includes issuing attestations, held by users off-chain in digital wallets, but signed with the issuer's DID stored on-chain. These attestations can be encoded as JSON Web Tokens with the issuer's digital signatures, to allow for easy verification of off-chain claims.

This arrangement transforms attestations into JSON files which are stored off-chain, with most ideal scenarios including decentralized cloud storage platforms, but with a hash of the JSON file stored on-chain and linked to a DID through an on-chain registry. The associated DID could be that of the issuer of the attestation or the recipient. But, either way, this approach enables attestations to gain persistence through the blockchain while keeping claims information encrypted and verifiable, also allowing for selective disclosure.

As their name implies, on-chain attestations are held in smart contracts on the blockchain. The smart contract maps the attestation to its corresponding on-chain decentralized identifier, or public key. This allows verifications, or background checks, to occur faster than they currently do. And, in some cases, can be used to screen individuals based on whether they are permitted to engage in an activity or not.

Soulbound tokens, or non-trasnferable NFTs, can also be used to collect information unique to a wallet, and create a unique on-chain identity bound to the particular wallet adress. This could include tokens representing activity or achievements or community participation, and can be used as attestations for an individuals identity.

Behind decentralized identity (DID) is the idea that identity-related information should be self-controlled, private, and portable. This is built on decentralized identifiers and attestations, which offer tamper-proof, cryptographically verifiable claims made by the issuer, and every attestation or verificable crediential issued can then be associated with the DID. And, since DIDs are stored on the blockchain, anyone can verify the validity of an attestation, allowing the blockchain to act like a global directory to enable the verification of DIDs of a given entity. Decentralized identifiers are self-controlled and verifiable, and even in the case where an issuer does not exist, the holder still has the proof of the attestation's provenance and validity. Decentralized identifiers are also crucial to protecting the privacy of personal information, as the verifying party need not view a proof of an attestation, but only the cryptographic guarantees of the attestation's authenticity and the identity of the issuing organization to determine the proof's validity.

Self-sovereign identity is another important concept in decentralized identity. The notion of self-sovereign identity (SSI) refers to the use of distributed databases to manage personally identifiable infromation (PII). Instead of having a set of identities across multiple platforms or a single identity managed by a third party, SSI users have a digital wallet in which credentials are stored and accessed through reliable applications.

Experts distinguish between components known often as the three pillars of SSI: blockchain, verifiable credentials, and decentralized identiifers. Blockchain offers a decentralized database which makes it difficult or impossible to change, hack, or cheat. The verifiable credentials which are built to be tamper-proof and cryptographically-secured that implement SSI and protect users' data. These are capable of represening information found in paper or traditional credentials, such as passports or licenses, and capable of representing digital credentials without physical equivalents. And decentralized identifiers enable users to have a cryptographically verifiable and decentralized digital identity. These are created by the owner and owned by the user and independent of any organization. SSI creates part of the identity architecture which developed decentralized identities.

Decentralized identity is based on the use of decentralized encrypted blockchain-based wallets. These decentralized identity wallets allow users to create their decentralized identifiers, store PII, and manage verifiable credentials instead of keeping identity information on numerous websites through intermediaries. Each identity wallet is encrypted, replacing passwords with non-phishible cryptographic keys that do not represent a single weakness in the case of a breach. The decentralized wallet generates a pair of cryptographic keys, public and private. The public key distinguishes a wallet, while the private one, stored in the wallet, is used during teh authentiction process.

These wallets, which can be used to transparently authenticate an individual, also work to protect users' communications and data. These wallets allow users to give or revoke access to identity information in order to establish trust, prove eligibility, or otherwise complete a transaction. And, as the wallet presents a single source, it makes revoking or giving access faster and easier. Any information in the wallet tends to be, as noted above, verified or signed by multiple trusted parties to prove its accuracy.

There are various pros or benefits of decentralized identity. It can be trustworthy as it uses a consensus approach to prove data authenticity and each block contains the changes in the case someone attempts to or successfully tampers the data. In this way, it provides data integrity as the blockchain data storage mechanism is built to be immutable and permanent and therefore not capable of being modified or delted. A DID offers security, as the blockchain features data in a highly encrypted fashion, capable of catering to digital signatures, consensus algorithms, and cryptographic has functions to protect those identities from breaches and thefts. A DID system offers privacy as each identifier is pseudo-anonymous which can increase the privacy. And it is simple, with individuals or identity owners able to store and manage their identities in an identity wallet, and verifiers able to efficiently onboard users and conduct the information verification process.

As for cons, or drawbacks of DID, one of the most common, and for some the only, drawback to this type of identity verification is adoption. As governments and organizations attempt to figure out how to deploy decentralized identity at scale - if they even want to, as many governments and organizations prefer to control the issuance of identification and identity data - many individuals also have not heard of, let alone understand, the difference between decentralized identity and centralized identity. Overcoming legacy systems, legacy interests, and regulations, while creating interoperable global standards and governance remain important concerns. Especially as one country which uses and accepts DIDs may find these types of identities not accepted in other countries. Another issue is the data fragility, as identity data can be duplicated, confused, and inaccurate regardless of the identity management system, and centralizing or decentralizing the identity management system does not necessarily solve those issues.