Skip to Content
DocsCredsIntroduction to Decentralized Identity

Introduction to Decentralized Identity

⚠️

Traditional identity systems create privacy risks, security vulnerabilities, and data monopolies that restrict users’ control over their identities.

The Problem with Centralized Identity

The digital world relies heavily on identity systems for authentication, authorization, and trust. However, most traditional identity systems are:

  • Centralized - Controlled by corporations, governments, or third-party providers
  • Single Points of Failure - If the central authority is compromised, all identities are at risk
  • Privacy-Invasive - Users have limited control over how their data is used
  • Data Monopolies - Large platforms accumulate vast amounts of personal information

The Decentralized Identity Solution

Decentralized Identity (DID) is a paradigm shift that eliminates central points of failure, allowing individuals and organizations to own, control, and share their identities securely, without relying on a single authority.

At Ezrah, we’ve created a blockchain-powered identity infrastructure that provides a self-sovereign, verifiable, and interoperable identity system, ensuring greater security, privacy, and autonomy in the digital world.

Components of Decentralized Identity

Decentralized identity systems consist of three key participants that work together to create a trustless, secure ecosystem:

Entities that create and sign verifiable credentials

Issuers

Individuals who receive, store, and present credentials

Holders

Parties that validate and rely on presented credentials

Verifiers

Issuers

Issuers are trusted entities that create and cryptographically sign Verifiable Credentials (VCs). These credentials contain verified claims about an identity.

Key Responsibilities:

  • Credential Creation - Generate digital credentials for verified claims
  • Cryptographic Signing - Use private keys to ensure credential authenticity
  • Revocation Management - Ability to revoke credentials when necessary
💡

Real-World Examples: Government agencies issuing digital passports, universities providing degree certificates, banks issuing KYC credentials, employers creating professional certifications.

Holders

Holders are individuals or entities that receive, store, and manage their Verifiable Credentials. They maintain complete control over their digital identity.

Key Responsibilities:

  • Secure Storage - Use digital wallets to safely store credentials
  • Selective Disclosure - Choose exactly what information to share
  • Proof of Control - Demonstrate ownership of credentials during verification
💡

Privacy-First Approach: Holders can prove they have a university degree without revealing their GPA, or verify they’re over 21 without disclosing their exact birthdate.

Verifiers

Verifiers are entities that request, validate, and make trust-based decisions using Verifiable Credentials. They can verify credentials without contacting the original issuer.

Key Responsibilities:

  • Credential Validation - Verify authenticity and integrity cryptographically
  • Trust Assessment - Ensure the credential holder is the rightful owner
  • Privacy-Preserving Checks - Use Zero-Knowledge Proofs and selective disclosure
💡

Instant Verification: A potential employer can immediately verify a candidate’s degree authenticity without waiting days for university confirmation.

Technical Building Blocks of Decentralized Identity

Decentralized identity (DID) systems rely on key technical components to ensure security, privacy, and interoperability. The two primary building blocks are Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).

1. Decentralized Identifiers (DIDs)

DIDs are globally unique, cryptographically verifiable identifiers that do not rely on centralized authorities. They enable self-sovereign identity by allowing individuals and organizations to create and control their identifiers.

Key Features:

  • Decentralization: DIDs are not tied to a central authority and can be resolved using decentralized networks.
  • Cryptographic Control: They are linked to cryptographic key pairs, enabling secure authentication and digital signatures.
  • Interoperability: Built on open standards, DIDs work across different platforms and ecosystems.
  • Privacy-Preserving: Users can create multiple DIDs to minimize data correlation and tracking.

Example DID Structure:

did:ezrah:123456789abcdefghi

This structure includes:

  • did: - The scheme identifier.
  • ezrah: - The DID method, specifying the underlying registry or blockchain.
  • 123456789abcdefghi - A unique identifier assigned within the DID method.

DID Document:

A DID resolves to a DID Document, which contains metadata such as public keys, service endpoints, and authentication methods. Example JSON-LD structure:

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:ezrah:123456789abcdefghi",
  "authentication": [{
    "id": "#key-1",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:ezrah:123456789abcdefghi",
    "publicKeyMultibase": "z6Mkj..."
  }]
}

2. Verifiable Credentials (VCs)

Verifiable Credentials (VCs) are digitally signed statements issued by a trusted entity (Issuer) to a Holder, who can later present them to a Verifier.

Key Features:

  • Tamper-Proof: Signed cryptographically, ensuring authenticity and preventing forgery.
  • Privacy-Enhancing: Enables selective disclosure of credential data.
  • Decentralized Verification: Verifiers do not need to contact the issuer to verify credentials.
  • Revocation Support: Issuers can revoke VCs when necessary.

VC Structure:

VCs follow the W3C Verifiable Credentials standard and typically include:

  • Issuer: DID of the entity that issued the credential.
  • Subject: DID of the entity the credential is about.
  • Claims: The verifiable attributes (e.g., name, age, degree).
  • Proof: A cryptographic signature proving authenticity.

Example Verifiable Credential JSON:

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "http://example.edu/credentials/1872",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "did:ezrah:issuer123",
  "credentialSubject": {
    "id": "did:ezrah:holder456",
    "degree": {
      "type": "Bachelor of Science",
      "name": "Computer Science"
    }
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2023-03-10T04:40:00Z",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:ezrah:issuer123#key-1",
    "proofValue": "z5M3..."
  }
}

Conclusion

DIDs and VCs form the backbone of decentralized identity systems, enabling users to have greater control over their identity while maintaining security and privacy. These technical components provide a foundation for trustless and verifiable digital interactions across various industries.

Last updated on
Ezrah Creds WebhookIssue Credentials