What Decentralized ID (DID) Means and How It Works

What Decentralized ID (DID) Means and How It Works

Thank you for visiting our blog post! 🌈

Today we go over what decentralized ID(DID) is and how it works. This post deepens your understanding of DID and Self Sovereign ID(SSI). 🙋🏾💡


Blog posts related to this post:
Download Full Report: Effect of Digital ID and Role of Decentralized ID (DID) in Africa
Example of Decentralized ID (DID) Solutions
The Worldcoin Wave in Africa

Hope you enjoy reading the articles 😌🍒


Table of Contents:
Decentralized Identity (DID)
Identity Models
(a). Centralized Model
(b). Federated Model
(c). Self-Sovereign Identity (SSI) Model
Examples of SSI Model
i. Government ID
ii. University Degree
iii. Doctor's License
iv. Proof of Employment
v. Health Insurance
vi. Telecom Reward Program

Decentralized Identity (DID)

Decentralized identity (DID) entails authenticating users and entities without relying on a central authority. The DID framework is made possible by the rise of decentralized technologies, allowing for the removal of intermediaries. To achieve this, our identity is being transformed into digital profiles that hold details such as usernames, passwords, browsing history, and previous transactions. DID systems help users determine how much information is shared and with whom that information is shared. Read more about DIDs here.

Identity Models

Digital identities have a rich history, starting from the familiar centralized model, which includes government IDs and email addresses with usernames, domain names, and top-level domains. Over time, we have witnessed the emergence of more complex digital personas created on social media platforms like Facebook and X (Twitter). These digital personas often involve the utilization of user data for personalized advertising. 

Recent scandals in these platforms that eroded trust, along with the development of technologies like blockchain and decentralized ledgers, have opened the door to the world of the Self-Sovereign Identity (SSI) model (decentralized IDs are designed to be self-sovereign, meaning that individuals have full control over their identity data). Below, we explain 3 identity models, along with examples and their pros and cons.

Photo by Pixabay by Canva

(a). Centralized Model

Examples: Government ID numbers, passport, email address, social media handles, cell phone or internet providers etc.

Credentials: Password accompanied by a username or email address

How It Works: ID is issued by a centralized authority such as a government or service provider. A user has to get permission to have an ID from the provider and has limited access to stored data.

Pros: It opened the door to the internet.

Cons: Because all of our data belongs to the company (or government) with their privacy and security policies, our ID could be controlled and deleted by them. Also, managing a lot of accounts with different credentials is bothersome.

(b). Federated Model

Examples: Identity Providers (IDPs) including Facebook, X (Twitter), Google, GitHub, Amazon, Instagram, LinkedIn, Microsoft etc.

Credentials: Single-Sign-On (SSO); password accompanied by a username or email address of the IDPs

How It Works: The user has an account with an IDP, and with those credentials, they can access other services. Sites that use the same IDP are called a federation.

Pros: Alleviate the burden to manage many accounts with different credentials.

Cons: Having numerous accounts with different IDPs to access each federation is still bothersome. The privacy and security levels are adjusted to the lowest common denominator in the federation. IDPs attract attackers since it has a pile of data. Because the data belongs to the IDP, data could be controlled and deleted by them.

(c). Self-Sovereign Identity (SSI) Model

Examples: Polygon ID, Fractal ID, Atala PRISM, ONTID etc.

Credentials: Public key and private key (which is allowing digital signature by issuer)

How It Works: Decentralized Identifier (DID), a string of random characters generated through cryptography identifies us. When the issuer creates a credential, a hash is generated, and the issuer can digitally sign on the credential by using a private key associated with DID. Zero-Knowledge Proof (ZKP), an algorithm to authorize the fact without sharing data, is used in case detailed data is not required to prove the fact (for example, date of birth is not required to prove whether the person is older than 20).

Pros: Data is not controlled by the centralized system but is decentralized and owned by a user, so it would not be controlled or erased by others. Secure (end-to-end encryption for all interactions) and high privacy protection.

Cons: Technology is complex and complicated. Hard to understand tech scares away a user base.

Figure 1. Trust Diamond Used by SSI Model

Source: “Atala PRISM FOUNDATIONS” by IOHK

Examples of SSI Model

The table below shows the examples of SSI models. It presents what the verifiable credential (VC) is and who is the holder, issuer, and verifier of VC in each example.

Table 1. Verifiable Credential (VC), Holder, Issuer, and Verifier of SSI Examples

Reference: "Atala PRISM FOUNDATIONS" by IOHK

i. Government ID🪪

A city government (issuer) provides a government ID (VC) to a resident (holder). This credential can be verified by a local school (verifier) when the holder enters the new school.

ii. University Degree🎓

A university (issuer) provides a degree certificate (VC) to a student (holder). This credential can be verified by an employer (verifier) when the holder starts working for the new employer.

iii. Doctor’s License🧑🏾‍⚕️

A local authority (issuer) issues a new license (VC) to a medical student (holder) who passed the national exam. This credential can be verified by an employer (verifier) when the holder starts working for a hospital as a medical doctor.

iv. Proof of Employment💼

An employer (issuer) provides a proof of employment (VC) to an employee (holder). This credential can be verified by a health insurance company (verifier) when the holder applied for the new health insurance policy.

v. Health Insurance🏥

A health insurance company (issuer) provides an insurance beneficiary ID (VC) to a customer (holder) who bought a new policy. This credential can be verified by a hospital administrator (verifier) when the holder receives a medical service at the hospital.

vi. Telecom Reward Program📱

A telecom company (issuer) issues a certificate of meeting the requirement for the reward of a free subscription to a streaming service (VC) to a customer (holder). This credential can be verified by the streaming service provider (verifier) when the holder applies for the subscription service.

References:
(1) “Atala PRISM - Foundations” by IOHK
(2) What Is Decentralized Identity? | Coindesk

Thank you very much for reading this post🪆

For downloading the full report, visit this page.


Follow EMURGO Africa for more information

EMURGO Africa invests and supports local Web3 projects in the region to adopt Cardano’s decentralized blockchain technology to build socially impactful solutions.

As a regional entity of EMURGO, the official commercial arm of Cardano, EMURGO Africa also runs a local Cardano accelerator in Africa, Adaverse, which accepts applications year-round.

For more up-to-date information on EMURGO Africa, follow the official channels listed below.

About EMURGO Africa