Skip to main content

Decentralized Identity

Decentralized Identity (DID) is a digital identity model in which individuals or entities control identifiers and credentials through cryptographic mechanisms, without relying on a single centralized Identity Provider (IdP).

Expanded Explanation

1. Technical Function and Core Characteristics

DID uses cryptographic key pairs, decentralized identifiers, and verifiable credentials to establish identity data that multiple parties can verify without a central authority. It typically relies on distributed ledgers or other decentralized registries to resolve identifiers and public keys.

Standards bodies define decentralized identifiers as globally unique identifiers that do not require a centralized registration authority and that support key rotation and privacy-preserving authentication. Verifiable credentials provide cryptographically verifiable attestations about an identity subject that verifiers can check against issuer keys and revocation data.

2. Enterprise Usage and Architectural Context

Enterprises use DID to support authentication, authorization, and attribute sharing across organizational boundaries while limiting direct storage of personal data. It can integrate with existing identity and access management stacks through standards-based protocols and APIs.

Architectures often include digital wallets, issuer services, verifier services, and trust registries or governance frameworks that define policies for credential formats, assurance levels, and interoperability. Enterprises may deploy DID alongside Single Sign-On (SSO), federation, and customer identity platforms.

3. Related or Adjacent Technologies

DID relates to Public Key Infrastructure (PKI), Federated Identity Management (FIM), and attribute-based credentials. It uses many of the same cryptographic building blocks as PKI while changing how identifiers and trust relationships are established and discovered.

It also aligns with zero trust security architectures by enabling continuous, verifiable proof of attributes and relationships. Standards for decentralized identifiers and verifiable credentials interoperate with protocols such as Open Authorization 2.0 (OAuth 2.0), OpenID Connect (OIDC), and Security Assertion Markup Language (SAML) in enterprise environments.

4. Business and Operational Significance

DID matters for enterprises that need portable, interoperable identity credentials for customers, partners, and employees across jurisdictions and platforms. It can reduce reliance on centralized identity brokers and lower exposure to large identity data stores.

Regulatory and privacy requirements drive interest in models where users hold and present credentials selectively while organizations verify them cryptographically. This approach supports data minimization, auditability of credential issuance and verification, and alignment with standards-based digital identity ecosystems.