One of the key problems with user identities today is the need to involve a Trusted Third Party to create and manage those identities. Whether that trusted third party is a web site creating and managing an account for a user, or a service providing federated single sign-on (commonly called social login) for other services, or a Certificate Authority and related Public Key Infrastructure supporting public key based cryptographic operations - all of these approaches rely on some trusted third party to create and manage the identity.
Decentralized identity takes an approach that removes the need for a Trusted Third Party Service altogether. In its place is blockchain technology, the key innovation that can be used to anchor the identity and provide a trusted source. This system which is acting as a Decentralized Public Key Infrastructure (DPKI) allows users and servers to prove their identity, attributes and relationships, through cryptographically verifiable digital credentials. It also allows organizations to begin forming and maintaining private digital connections with customers, suppliers, partners and regulators.
The key difference with Decentralized Identity is that every identity in the system is a peer to every other identity. Whether it’s a user or a server, each has its own identity and can partake in decentralized identity operations with any other identity. This is achieved without the need for any involvement of a separate trusted third party. Instead the identities are anchored on a blockchain and can be used for a range of different activities:
Passwordless Authentication: Users can leverage the cryptographic keys of their decentralized identity to be authenticated without the need for passwords or 2FA.
Key Establishment: Key exchange protocols between two or more identities (users or servers) allowing establishment of new cryptographic keys.
End to End encryption: Creating secure messaging connections using newly established cryptographic keys.
Secure credentials: Secure and privacy preserving credentials for safer more privacy-respecting digital experiences.
Every user has their own Decentralized Identity wallet that is used to generate its public/private key pairs, create a standardized Decentralized Identity (DID), and (if necessary) request to have a DID written by an endorser to a blockchain (that acts as the trust anchor). Once an identity has a DID, it can then partake in a range of decentralized activities including authentication, key exchanges, secure communication, and more.
A DID may also be granted a standardized Verifiable Credential by a Credential Issuer that describes attributes, relationships and entitlements for that identity. This Verifiable Credential is held in the wallet and user specified attributes (claims) can be presented to a Credential Verifier for authorization purposes. For example, an identity may have been granted permission to access a specific file, and can prove this permission by presentation of a Verifiable Credential attribute.