Decentralized Identity
1. Introduction
Today’s digital identity systems are fragmented and flawed. Users create countless accounts, lose control of personal data to centralized entities, and face risks like data breaches and identity theft. To fix this, Decentralized Identity (DID) and Self-Sovereign Identity (SSI) are emerging. SSI empowers users to control their identity and data directly, without intermediaries. It’s not just a technical change, it’s a shift toward user autonomy and data rights.
Blockchain offers the infrastructure needed for this shift, ensuring decentralization, immutability, and cryptographic trust. But decentralization alone isn’t enough, true privacy requires tools like selective disclosure and zero-knowledge proofs.
This lecture explores DID, SSI, blockchain’s role, the privacy challenges involved, and how the Oasis Network provides a privacy-first foundation for decentralized identity.
2. Understanding DIDs and SSI
Decentralized Identifiers (DIDs) are unique, self-controlled identifiers standardized by W3C. Unlike emails or usernames controlled by third parties, a DID is created and controlled by the user. It points to a DID Document, listing public keys and service endpoints for trusted interaction.
Self-Sovereign Identity (SSI) is the philosophy around user-controlled identity. It focuses on principles like control, consent, portability, and privacy. SSI uses the Trust Triangle: Issuers create credentials, Holders store them, and Verifiers validate them (all under the user’s control).
Verifiable Credentials (VCs) are tamper-proof digital versions of traditional IDs, securely stored in user wallets and presented when needed, often using selective disclosure for privacy.
Comparison of Identity Models
To better understand the paradigm shift represented by SSI, it’s helpful to compare it with traditional identity management approaches.
| Feature | Traditional (Centralized) | Federated Identity | Self-Sovereign Identity (SSI) |
| Control | Service Provider / Central Authority | Identity Provider (e.g., Google, Facebook) | User (Holder) |
| Data Storage | Centralized databases (silos) | Centralized at Identity Provider & Service | User’s device/wallet (primarily off-chain) |
| Primary Identifier | Username/Password, Email, Account ID | Third-party account (e.g., Google Account) | Decentralized Identifier (DID) |
| Trust Anchor | Central Authority / Service Provider | Identity Provider | Decentralized Ledger / Verifiable Data Registry |
| Consent | Often implicit via Terms of Service | Delegated to Identity Provider | Explicit, granular, per-interaction |
| Data Sharing | Provider controls sharing; often broad | IdP shares pre-defined attributes | User shares minimal data via VCs (selective) |
| Privacy | Low; risk of breaches, surveillance | Moderate; depends on IdP; tracking risk | High; user control, minimization techniques |
| Portability | Low; locked into specific service | Limited; tied to IdP relationships | High; user owns DIDs and VCs |
| Interoperability | Low; proprietary systems | Moderate; relies on specific protocols | High; based on open W3C/DIF standards |
| Resilience | Low; single point of failure | Moderate; relies on IdP availability | High; decentralized infrastructure |
3. Blockchain: The Backbone of DID
Blockchain serves as a Verifiable Data Registry (VDR) for DID systems. It records essential information (like DIDs and public keys) immutably and transparently, eliminating reliance on centralized authorities.
Importantly, sensitive data stays off-chain to protect privacy and meet legal standards like GDPR. Only minimal anchoring data is stored on-chain.
Different blockchains offer trade-offs: public blockchains maximize decentralization, while permissioned blockchains can offer lower costs and faster performance.
4. Preserving Privacy in Verification
True SSI depends on strong privacy protections:
- Selective Disclosure lets users reveal only what’s necessary (e.g., proving age without showing a full ID).
- Zero-Knowledge Proofs (ZKPs) allow users to prove facts without revealing any personal information.
- Encryption protects private keys and credentials in wallets.
- Off-Chain Storage keeps sensitive identity data out of the public blockchain.
These techniques must work together, and depend heavily on common standards for interoperability.
5. Applications Across Industries
Finance: SSI can streamline KYC and enable trust in DeFi without revealing personal data.
Healthcare: Patients control their health records and grant specific access to providers.
Education: Universities issue digital diplomas and certificates as VCs.
Web3: Users manage their own profiles and build on-chain reputations with verified credentials.
Supply Chains: Blockchain identities enhance traceability and trust.
IoT and Government: From secure device identity to digital citizen IDs, SSI improves security and user experience across sectors.
However, network effects are crucial: adoption needs cooperation across industries for DID/SSI to succeed.
6. Soul-Bound Tokens (SBTs) and Identity
Soul-Bound Tokens (SBTs) represent non-transferable credentials (like degrees or memberships) on-chain. They help build verifiable reputation but can raise privacy concerns.
On Oasis, Confidential SBTs could preserve privacy, storing attestations encrypted and using private smart contracts for verification. This opens possibilities like:
- Private, reputation-based lending
- Confidential social recovery of lost accounts
- Secure on-chain reputation systems
Combining SBTs with Oasis’s confidential compute could significantly advance privacy-respecting identity systems in Web3.
7. Conclusion
Decentralized Identity and Self-Sovereign Identity aim to shift control from centralized corporations back to individuals. Blockchain anchors this shift with trust and security, but true success depends on privacy-enhancing technologies like ZKPs and confidential compute.
The Oasis Network stands out as a platform built specifically to support these goals, enabling privacy-preserving identity applications that balance transparency and confidentiality.
While challenges remain, the movement toward user-controlled digital identity (powered by platforms like Oasis and innovations like SBTs) is well underway.