Decentralized identity is a new approach to digital identity management that leverages the power of blockchain to enable people to remain in control of their own identity information.
In today’s world, our digital identities are becoming increasingly important parts of our lives. Naturally, this puts an emphasis on having secure and reliable ways for storing and managing our personal data online. Traditional solutions for digital identity management rely on centralized entities like government agencies, companies, centralized registries and other centralized databases.
But the centralized approach has its issues and has shown some significant vulnerabilities in recent years. From security breaches to concerns over privacy and censorship, we’ve had plenty of chances to see the drawbacks of the current model.
This is where decentralized identity seeks to provide a solution. But before we delve into how it achieves that, we need to take a look at two important concepts that underpin our modern understanding of what identity is.
Identifiers and attestations
Identifiers are pieces of information that directly point to a particular identity. Name, social security number, place and date of birth – these are a few of the identifiers we typically associate with an identity. In addition, in today’s world, digital credentials like emails and usernames have also become important identifiers.
An attestation, on the other hand, is a verifiable claim made by an institution about a person or an organization. Drivers licenses, university diplomas, certificates, regulatory licenses – these are all examples of attestations.
How does decentralized identity work?
As mentioned above, decentralized identity aims to improve the current model with the help of Web3 technologies. It leverages things like private key infrastructure and distributed ledgers to ensure that identity-related information is self-controlled, private and portable.
Web3 technologies make it possible to have decentralized identifiers (DIDs), which are, essentially, the building blocks of decentralized identity. Ethereum accounts are an example of one such decentralized identifier.
Secured by private key cryptography and stored on immutable ledgers, DIDs are unique, secure and cryptographically verifiable, and can be associated with different entities like people, companies, institutions and other organizations. What’s more, DIDs can be used to underpin attestations.
Any attestation issued by a DID controller is linked to the DID of the issuer and because that decentralized identifier is secured and stored on a public blockchain, the attestations associated with it can be easily verified. That’s why, in the context of decentralized identity, attestations are often referred to as verifiable credentials – they are tamper-proof and cryptographically verifiable. Just as importantly, they are also self-controlled – even if the issuer becomes defunct, the validity of the attestations issued by it is always backed by the blockchain network.
Types of attestations
Depending on how they are stored and managed, we have several different types of attestations in decentralized identity.
Perhaps the most straightforward of the bunch are the on-chain attestations, which are stored in smart contracts on a blockchain network like Ethereum. Here the smart contract is designed to map an attestation to its corresponding DID.
The main concern with this type of attestation stems from the transparent nature of public blockchains and its implications for privacy. To address these concerns, we also have
Here we have attestations that are held off-chain in digital wallets, but are signed with the DID of the issuer that is stored on the blockchain network. The attestations are encoded as JSON Web tokens containing the digital signature of the issuer and, because of that, are easily verified.
Off-chain attestations with persistent access
But what if you want to retain the advantages of off-chain storage, while maintaining persistent blockchain presence. Well, this is where off-chain attestations with persistent access come into play. This approach involves converting an attestation into a JSON file and storing it off-chain, but then storing the hash of that file on-chain. There, the hash is linked to a DID – which can be either the DID of the attestation issuer or its recipient – via an on-chain registry.
The benefits of decentralized identify
Decentralized identity offers a number of advantages, including:
- User control and ownership – Individuals have full control over their identity data, with no reliance on intermediaries.
- Reduced privacy risks – By limiting the sharing of personal data with intermediary actors, decentralized identity solutions reduce the risks associated with data breaches.
- Interoperability – DIDs are compatible across Web3 various platforms and services, making them interoperable.
Decentralized identity offers a new approach to securing and managing identity data. And as we continue to spend more and more time online, this approach seems well suited to meet the needs of our increasingly digital world.