PingOne Neo
Decentralized Identity 101
Everything you want to know about decentralized identity and verifiable credentials.
What is Decentralized Identity?
It is an approach to identity management that allows users to control their identity information. Sometimes referred to as “identity on the network edge” or self-sovereign identity, it eliminates the need for users to provide unnecessary amounts of personal information in order to access a service. Do you really need to hand over your driver's license which includes your home address, just to prove your age?
Organizations issue users a verifiable digital credential that is stored in a digital wallet. Users present their credentials to organizations that can verify the information instantly without having to contact the issuer.
What is Decentralized Identity?
It is an approach to identity management that allows users to control their identity information. Sometimes referred to as “identity on the network edge” or self-sovereign identity, it eliminates the need for users to provide unnecessary amounts of personal information in order to access a service. Do you really need to hand over your driver's license which includes your home address, just to prove your age?
Organizations issue users a verifiable digital credential that is stored in a digital wallet. Users present their credentials to organizations that can verify the information instantly without having to contact the issuer.
Who Uses Decentralized identity
Issuer
The organization that creates a Verifiable Digital Credential signed with their private key and issues it to the holder (generally the end user of the verifiable credential).
Holder
A person or user that creates the decentralized identifier, then receives and stores the Verifiable Credential in their digital wallet app.
Verifier
A party that checks the credentials and can read the issuer’s public identifier or certificate to verify if the Verifiable Digital Credential the holder shared was signed by the issuer’s keys.
Common Terms
(Taxonomy)
Verifiable Credentials (VCs)
A digital verifiable credential consists of any attribute that can be attached to a person. It contains important information about the verifiable digital credential including the issuer, who it was issued to, and specific data attributes. Verifiable Digital Credentials are cryptographically-secure to ensure the provenance of the credential.
Distributed Ledger Technology (DLT)
A decentralized database that is shared among computers in a DLT network that records information in a way that makes it nearly impossible to change, hack, or cheat the system (unless you control 51% of all computing power on the internet).
Decentralized Identifiers (DIDs)
A unique identifier sometimes stored on DLT made up of a string of letters and numbers that contains details like the public key and verification information. DIDs contain no personally identifiable information.
Service Provider
A service provider is an entity that needs to verify the identity of a user before providing access to its services or resources.
System of Record
A system of record (SoR) is a trusted source of information that can be used to verify the claims made by an individual's digital identity. The SoR can be any entity that is trusted to maintain accurate and reliable information about an individual such as a government agency (ex. Department of Motor Vehicles for a state driving license), a financial institution, or an educational institution.
Trust Frameworks
Trust frameworks provide a common language and set of expectations for entities in the decentralized identity ecosystem, such as issuers, verifiers, relying parties, and users. They define the processes for issuing, verifying, and using digital identities and credentials, as well as the technical requirements for interoperability and security.
Self-Issued OpenID Provider
SIOP is based on the OpenID Connect protocol, which is widely used for authentication and authorization in web applications. With SIOP, individuals can create and manage their own digital identities, and use them to access a wide range of online services and resources.
Digital Wallets
Digital wallets are the storage mechanism for verifiable credentials. Digital wallets can be embedded into an application and proprietary to a service provider, or they can be open and all forms of verifiable credentials can be stored.
Revoking credentials
Just like a physical credential, verifiable digital credentials may also have an expiration date or be revoked. Decentralized identity revocation occurs in real-time. That way, Verifiers always know whether the issuer has decided the data has expired, or whether the user has removed consent to use the data.
| Centralized Identity | Decentralized Identity |
| Data is kept and controlled by the organization which collected or created the information. | Information is controlled by the individual and stored on their personal device in their digital wallets |
| Data may be collected, stored, and shared with “trusted” third parties, commonly without end users knowledge | Data is shared when the person explicitly approves the sharing |
| Large databases of user credentials and information are the target of cyber attacks | Since each individual stores their own data, there is no centralized source of information for hackers to attack. |
What standards communities exist to support DCI
Decentralized Identity Foundation (DIF)
An engineering-driven organization focused on developing the foundational elements necessary to establish an open ecosystem for decentralized identity and ensure interoperability between all participants.
World Wide Web Consortium (W3C)
The mission of the W3C Work Groups and Community Groups chartered for decentralized identity topics is to identify and resolve real world identity issues, to explore and build a more secure trusted digital identity ecosystem on the internet for people, organizations, and things. Their work focuses on the ecosystem’s scalability, interoperability, mobility, security, and privacy.
Internet Engineering Task Force (IETF)
An open international community of network designers, operators, vendors, and researchers working on the evolution of the Internet architecture and the smooth operation of the Internet.
Hyperledger Indy
The Linux Foundation’s community dedicated to developing frameworks, tools, and libraries for deployments of decentralized ledgers and blockchains.
International Standards Organization (ISO)
This independent, non-governmental organization is made up of members from the national standards bodies of 167 countries. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges. ISO Sub-Committees develop standards for many aspects of decentralized identity, including mobile driving licenses and mobile eID, distributed ledger technology, identity management, privacy, and cryptography.
Use Cases By Industry
Financial Services
Financial institutions can simplify and speed up the customer onboarding process using decentralized identity. Customers can provide their identity information through a DCI solution, which can then be securely shared with the financial institution for digital verification, eliminating the need to manually verify the customer at each interaction.
Decentralized identity can help financial institutions comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Using robust identity verification mechanisms to create an immutable record, financial institutions reduce the risk of identity fraud and improve the accuracy of compliance checks.
With decentralized identity, financial institutions can reduce the risk of data breaches and protect their customers' personal information. This can improve customer trust and enhance the reputation of the financial institution.
Verifiable Credentials can enable financial institutions to provide more personalized financial services to their customers by giving the institutions access to a rich and secure source of identity information including a customer's financial history, preferences, behaviors, and consent.
Government
State and local governments can use verifiable credentials (VC) to provide citizens a secure and efficient way to access government services. For example, citizens can use digital VCs to prove their identity when applying for a driver's license, filing taxes, and when they need to provide proof of real estate ownership, reducing the time and cost associated with traditional identity verification.
With decentralized identity, citizens have control over their own identity information and can choose which data they share with specific government agencies, reduce the attack surface, and risk of breaches. This can help build trust in the government and reduce reputational risks and improve inclusivity.
Decentralized identity reduces the possibility of identity theft and improves accuracy of compliance checks through the use of robust identity verification and issuing digital credentials. Additionally, governments can use DCI to store digital records including birth and death certificates.
Verifiable credentials reduce the risk of fraud for numerous government services including social security fraud, tax fraud, and voter fraud. The credentials are cryptograghically signed nearly eliminating the possibility of forgery.
Healthcare
Healthcare organizations can verify new patient identities and issue reusable verifiable credentials for the future for rapid intake, processing, as well as verifying insurance coverage and deductibles.
Verifiable credentials allow healthcare organizations to control access to health records by enabling patients to manage who can access their information, and delegate permissions to others to maintain compliance (ie.: HIPAA). Patients can use a DCI solution to grant and revoke access to their health data, reducing the risk of data breaches and ensuring data privacy.
Decentralized identity can facilitate interoperability between different healthcare organizations by providing a common standard for identity management using verifiable credentials. This improves the efficiency of data sharing and enables better coordination of care across different providers and systems.
Decentralized identity can help public health organizations track and manage the spread of infectious diseases by enabling patients to securely share their health information. Patients can share information such as vaccination records and test results, which can help public health organizations monitor and respond to outbreaks.