Decentralized identity is an identity framework that lets people own, manage and control their personal information without relying on a central authority. In traditional, centralized systems, like government-issued IDs or online accounts, we typically rely on a single entity to store and verify our identities.
In a decentralized identity system, identities are not stored inside centralized repositories or governed by identity providers. Instead, they are distributed across a network of nodes, granting users full control over the sharing and verifying of their personal identity data.
Decentralized identity is a fundamental pillar of Web3, built upon its core principles of decentralization, cryptographic security, user empowerment and data sovereignty. Think of decentralized identity as having a virtual wallet that securely stores your identity credentials. Instead of sharing your entire identity with every service you interact with, you can selectively share specific pieces of information, granting them only the access they need. Furthermore, you can simply verify a claim without sharing the actual data. For example, you can verify that you are over the age of 18 without sharing your date of birth, or verify that you have a valid driving license without sending a photo of your ID. There are several benefits to this approach:
Centralized and decentralized identity represent two fundamentally different approaches to creating, storing and verifying identity.
Here’s how a typical decentralized identity network works:
Blockchain, or any other DLT, acts as the underlying infrastructure that enables secure and decentralized management of digital identities. Identity-related data, like Decentralized Identifiers (DIDs) and cryptographic keys are recorded on the Blockchain in a transparent and auditable manner.
Decentralized Identifiers are unique and cryptographically secure identifiers assigned to individuals. There are different methods to create and manage DIDs, with one of the most recommended approaches outlined in the DID core specification by the World Wide Web Consortium (W3C). As per the specification, a DID is made up of:
An example of a W3C DID is: did:sample:123121n21bqg21, where did indicates the URI scheme, sample represents the name of the DID method, and 123121n21bqg21 is the unique identifier.
Users can choose to store their decentralized identities in multiple ways:
Blockchain networks use a distributed consensus algorithm to validate transactions and updates to identity data. This ensures the integrity and authenticity of the stored information. Cryptographic techniques, like public key cryptography, are used to generate and associate keys with DIDs. These keys are essential for authentication, allowing authorized individuals to securely access and control their digital identities.
Decentralized identities allow users to choose which attributes or credentials to share based on the context or requirements of the application. Blockchain-based smart contracts can be used to define the conditions for accessing specific identity data, further facilitating selective disclosure.