For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Defining decentralized identity

Decentralized identity is an identity framework that lets people own, manage and control their personal information without relying on a central authority. In traditional, centralized systems, like government-issued IDs or online accounts, we typically rely on a single entity to store and verify our identities.

In a decentralized identity system, identities are not stored inside centralized repositories or governed by identity providers. Instead, they are distributed across a network of nodes, granting users full control over the sharing and verifying of their personal identity data.

Decentralized identity is a fundamental pillar of Web3, built upon its core principles of decentralization, cryptographic security, user empowerment and data sovereignty. Think of decentralized identity as having a virtual wallet that securely stores your identity credentials. Instead of sharing your entire identity with every service you interact with, you can selectively share specific pieces of information, granting them only the access they need. Furthermore, you can simply verify a claim without sharing the actual data. For example, you can verify that you are over the age of 18 without sharing your date of birth, or verify that you have a valid driving license without sending a photo of your ID. There are several benefits to this approach:

  • It enables you to have greater control and governance over your personal information.
  • It improves data privacy. As identities are not stored in a central data store, it becomes significantly harder for attackers to access them.
  • It promotes portability. You can use your decentralized identity across different platforms and services, without having to create multiple accounts.
  • Decentralized systems are designed to be transparent and trustworthy, leveraging the immutability of DLTs.

Features: Centralized vs Decentralized

Centralized and decentralized identity represent two fundamentally different approaches to creating, storing and verifying identity.

Centralized Identity
  • Requires trust in the central authority, which may be an identity provider, a government body or any online service.
Decentralized Identity
  • Trust is distributed across the network, with no single authority.
Centralized Identity
  • Limited support. Different services require users to create accounts and undergo verification processes.
Decentralized Identity
  • Allows seamless use of the same identity credentials across different services.
Centralized Identity
  • Owned and controlled by the central authority.
Decentralized Identity
  • Owned and controlled by the user.
Centralized Identity
  • Relies on the security measures taken by the central authority. A single breach may expose data of all users.
Decentralized Identity
  • Uses Distributed Layer Technology (DLT) such as blockchain and advanced cryptographic techniques for better security. Public key cryptography is often used for key generation, digital signatures and encryption.
Centralized Identity
  • Typically, costs are much lower because of the prevalence of centralized identity providers in the market.
Decentralized Identity
  • Typically, costs are higher because of a larger infrastructure footprint, development complexity and scalability challenges.
Centralized Identity
  • Limited access for people without traditional forms of identification.
Decentralized Identity
  • Fosters inclusion by providing digital access to individuals who don’t have traditional forms of identification, like government issued IDs.
Centralized Identity
  • Relies on the availability and uptime of the central system.
Decentralized Identity
  • Decentralized nodes ensure high availability.

Is decentralized identity the same as self-sovereign identity (SSI)?

Decentralized identity and self-sovereign identity (SSI) are two terms that represent the same underlying approach and can be used interchangeably. While some experts view self-sovereign identity as a specific implementation of decentralized identity, the distinction between the two is often negligible. Both approaches share common principles and objectives, focusing on granting individuals control over their personal data.

How does the decentralized identity approach work?

Here’s how a typical decentralized identity network works:

A tamper-resistant ledger

Blockchain, or any other DLT, acts as the underlying infrastructure that enables secure and decentralized management of digital identities. Identity-related data, like Decentralized Identifiers (DIDs) and cryptographic keys are recorded on the Blockchain in a transparent and auditable manner.

Creation of decentralized identifiers (DIDs)

Decentralized Identifiers are unique and cryptographically secure identifiers assigned to individuals. There are different methods to create and manage DIDs, with one of the most recommended approaches outlined in the DID core specification by the World Wide Web Consortium (W3C). As per the specification, a DID is made up of:

  • The Unified Resource Identifier (URI) scheme
  • The DID method identifier
  • The actual identifier (which will differ based on the method)

An example of a W3C DID is: did:sample:123121n21bqg21, where did indicates the URI scheme, sample represents the name of the DID method, and 123121n21bqg21 is the unique identifier.


Users can choose to store their decentralized identities in multiple ways:

  1. User-controlled storage: Users can store their DIDs and associated data on their personal devices, such as computers, smartphones, or hardware wallets. This approach provides users with full control over their DIDs and ensures privacy and security since the data remains within their possession.
  2. Cloud storage: Users can also choose to store their DIDs and associated data in cloud-based storage services from trusted providers. Cloud storage offers convenience and accessibility across devices, enabling users to access their DIDs from anywhere with an internet connection. However, it's important to select reputable and secure cloud storage providers to ensure the privacy and protection of the DIDs.
  3. Decentralized storage platforms, such as InterPlanetary File System (IPFS), allow users to store their DIDs in a distributed and decentralized manner. Decentralized storage provides increased data availability and resilience compared to traditional centralized storage solutions.
  4. Blockchain-based storage: In some decentralized identity systems, DIDs and associated data can be stored directly on a blockchain. Storing DIDs on the blockchain ensures data integrity and enables verifiability by anyone with access to the blockchain.

Distributed consensus and cryptographic security

Blockchain networks use a distributed consensus algorithm to validate transactions and updates to identity data. This ensures the integrity and authenticity of the stored information. Cryptographic techniques, like public key cryptography, are used to generate and associate keys with DIDs. These keys are essential for authentication, allowing authorized individuals to securely access and control their digital identities.

Selective/minimal disclosure

Decentralized identities allow users to choose which attributes or credentials to share based on the context or requirements of the application. Blockchain-based smart contracts can be used to define the conditions for accessing specific identity data, further facilitating selective disclosure.

Final thoughts

Decentralized identity is the modern way of authentication that relies on self-owned, verifiable credentials. This new paradigm shifts the power back to the individual, enabling seamless and trusted interactions across various platforms and eliminating the need for centralized authorities. As decentralized identity continues to evolve, it holds the promise of a more inclusive, secure and interoperable digital ecosystem where individuals have sovereignty over their own identities.

Free Virtual Trial of Identity Manager

Identity Manager governs and secures your organization’s data and users, meets uptime requirements, reduces risk and satisfies compliance.