Skip to Content
DocsCredsIntroduction to Decentralized Identity

Introduction to Decentralized Identity

Overview

The digital world relies heavily on identity systems for authentication, authorization, and trust. However, most traditional identity systems are centralized, controlled by corporations, governments, or third-party providers. This model creates privacy risks, security vulnerabilities, and data monopolies that restrict users’ control over their identities.

Decentralized Identity (DID) is a paradigm shift that eliminates central points of failure**, allowing individuals and organizations to own, control, and share their identities securely, without relying on a single authority.

At Ezrah we’ve created a blockchain-powered identity infrastructure that provides a self-sovereign, verifiable, and interoperable identity system, ensuring greater security, privacy, and autonomy in the digital world.

Components of Decentralized Identity

Decentralized identity (DID) is an identity framework that enables individuals and organizations to have self-sovereign control over their digital identities without relying on centralized authorities. The three major components of a decentralized identity system are as follows:

1. Issuers

Issuers are entities that create and sign Verifiable Credentials (VCs). These credentials contain claims about an identity, such as a university issuing a diploma or a government agency issuing a driver’s license.

Responsibilities:

  • Credential Creation: Generates digital credentials that represent verified claims.
  • Signing and Encryption: Uses cryptographic keys to sign credentials, ensuring authenticity and integrity.
  • Revocation Management: Maintains mechanisms to revoke credentials if needed.

Examples:

  • Government institutions issuing passports.
  • Universities providing diplomas.
  • Banks issuing financial credentials.

2. Holders

Holders are individuals or entities that receive, store, and manage Verifiable Credentials. They control their digital identity and decide how and when to share their credentials.

Responsibilities:

  • Credential Storage: Uses digital identity wallets to securely store credentials.
  • Selective Disclosure: Chooses what information to share with verifiers.
  • Authentication: Proves control over credentials when interacting with verifiers.

Examples:

  • A job applicant presenting a diploma to a potential employer.
  • A traveler proving identity using a digital passport.
  • A customer verifying age for online services without revealing their birth date.

3. Verifiers

Verifiers are entities that request, validate, and rely on Verifiable Credentials to make trust-based decisions. They use cryptographic methods to confirm the credentials’ authenticity without needing to contact the issuer directly.

Responsibilities:

  • Credential Verification: Checks if credentials are valid and issued by a trusted authority.
  • Authentication & Trust: Ensures the credential holder is the rightful owner.
  • Privacy-Preserving Verification: Uses techniques like Zero-Knowledge Proofs to verify claims without exposing unnecessary information.

Examples:

  • Employers verifying educational credentials.
  • Financial institutions conducting KYC checks.
  • Online platforms validating identity for account access.

Technical Building Blocks of Decentralized Identity

Decentralized identity (DID) systems rely on key technical components to ensure security, privacy, and interoperability. The two primary building blocks are Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).

1. Decentralized Identifiers (DIDs)

DIDs are globally unique, cryptographically verifiable identifiers that do not rely on centralized authorities. They enable self-sovereign identity by allowing individuals and organizations to create and control their identifiers.

Key Features:

  • Decentralization: DIDs are not tied to a central authority and can be resolved using decentralized networks.
  • Cryptographic Control: They are linked to cryptographic key pairs, enabling secure authentication and digital signatures.
  • Interoperability: Built on open standards, DIDs work across different platforms and ecosystems.
  • Privacy-Preserving: Users can create multiple DIDs to minimize data correlation and tracking.

Example DID Structure:

did:ezrah:123456789abcdefghi

This structure includes:

  • did: - The scheme identifier.
  • ezrah: - The DID method, specifying the underlying registry or blockchain.
  • 123456789abcdefghi - A unique identifier assigned within the DID method.

DID Document:

A DID resolves to a DID Document, which contains metadata such as public keys, service endpoints, and authentication methods. Example JSON-LD structure:

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:ezrah:123456789abcdefghi",
  "authentication": [{
    "id": "#key-1",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:ezrah:123456789abcdefghi",
    "publicKeyMultibase": "z6Mkj..."
  }]
}

2. Verifiable Credentials (VCs)

Verifiable Credentials (VCs) are digitally signed statements issued by a trusted entity (Issuer) to a Holder, who can later present them to a Verifier.

Key Features:

  • Tamper-Proof: Signed cryptographically, ensuring authenticity and preventing forgery.
  • Privacy-Enhancing: Enables selective disclosure of credential data.
  • Decentralized Verification: Verifiers do not need to contact the issuer to verify credentials.
  • Revocation Support: Issuers can revoke VCs when necessary.

VC Structure:

VCs follow the W3C Verifiable Credentials standard and typically include:

  • Issuer: DID of the entity that issued the credential.
  • Subject: DID of the entity the credential is about.
  • Claims: The verifiable attributes (e.g., name, age, degree).
  • Proof: A cryptographic signature proving authenticity.

Example Verifiable Credential JSON:

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "http://example.edu/credentials/1872",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "did:ezrah:issuer123",
  "credentialSubject": {
    "id": "did:ezrah:holder456",
    "degree": {
      "type": "Bachelor of Science",
      "name": "Computer Science"
    }
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2023-03-10T04:40:00Z",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:ezrah:issuer123#key-1",
    "proofValue": "z5M3..."
  }
}

Conclusion

DIDs and VCs form the backbone of decentralized identity systems, enabling users to have greater control over their identity while maintaining security and privacy. These technical components provide a foundation for trustless and verifiable digital interactions across various industries.

Last updated on
Ezrah Creds WebhookIssuing Credentials