What Is Decentralized Identity?
Decentralized identity is a model where individuals and organizations hold their own verifiable credentials in a digital wallet and present them directly to whoever needs to check them, without a central identity provider brokering every interaction. It is often called self-sovereign identity (SSI) because the holder, not a platform, controls the credential.
This is a shift away from the federated model most workforce and consumer login runs on today, where an identity provider authenticates you and vouches for you to each application.
The three roles: issuer, holder, verifier
Every decentralized identity interaction has the same three parties, known as the trust triangle:
- Issuer signs and gives out a credential (a university issues a degree, a government issues an ID, an employer issues a proof of employment).
- Holder stores the credential in a wallet and decides when and to whom to present it.
- Verifier receives a presentation and checks the signature, the issuer, and the status, without needing to call the issuer in real time.
Because the credential is cryptographically signed, the verifier trusts the math and the issuer's public key rather than a live connection to the issuer. See issuer, holder, verifier for the model in detail.
The building blocks
Decentralized identity rests on two W3C standards plus a presentation layer:
- Decentralized Identifiers (DIDs) are identifiers the subject controls, resolvable to a DID document containing public keys and service endpoints. No central registrar issues them. See the W3C DID Core specification.
- Verifiable Credentials (VCs) are tamper-evident, signed claims that follow the W3C VC Data Model. Read our Verifiable Credentials standard deep dive.
- Presentation protocols move credentials between wallets and verifiers. The OpenID for Verifiable Credentials family (OpenID4VCI for issuance, OpenID4VP for presentation) is emerging as the dominant transport.
Privacy: selective disclosure and zero-knowledge proofs
A key advantage is that holders can reveal the minimum needed. With selective disclosure and formats like SD-JWT, you can prove you are over 18 without showing your birth date or full ID. Zero-knowledge proofs and BBS signatures push this further, proving a statement is true without revealing the underlying data.
Where it is being used
- Reusable identity verification and KYC: verify once, reuse the credential, instead of repeating document checks at every service. This connects directly to the identity verification market.
- Government and cross-border ID: the EU's eIDAS 2.0 and the EUDI Wallet mandate a wallet for every citizen, and mobile driver's licenses (ISO/IEC 18013-5) are rolling out across US states. See our digital IDs by country directory and identity regulations hub.
- Workforce: verifiable employment, certification, and access credentials that survive job changes.
Decentralized vs federated identity
Federated identity (SAML, OIDC) is mature, centralized, and excellent for enterprise SSO, but the identity provider is a single point of control and failure. Decentralized identity removes the runtime dependency on that provider and gives the holder portability and privacy, at the cost of a younger ecosystem and wallet adoption still in progress. The two will coexist: expect identity fabrics to bridge federated and decentralized credentials.
Where to start
Read what is self-sovereign identity for the philosophy and history, the Verifiable Credentials standard for the data model, and compare tools in top decentralized identity platforms and the decentralized identity vendor directory. When you are ready to choose, see best decentralized identity platforms.
Frequently asked questions
- What is decentralized identity?
- Decentralized identity is a model where people and organizations hold their own credentials in a digital wallet and present them directly to whoever needs to verify them, without depending on a central identity provider to broker every login.
- How is decentralized identity different from federated identity?
- In federated identity a central provider such as an IdP authenticates you and vouches for you to each service. In decentralized identity you hold cryptographically signed credentials yourself and present them peer to peer, so the verifier can check them without calling the issuer.
- Is decentralized identity the same as blockchain?
- No. Some decentralized identifier methods anchor to a distributed ledger, but the core standards (W3C DIDs and Verifiable Credentials) do not require a blockchain. Many production deployments use did:web and standard signatures with no ledger at all.
- What are the main standards behind decentralized identity?
- The core standards are W3C Decentralized Identifiers (DIDs), the W3C Verifiable Credentials Data Model, and the OpenID for Verifiable Credentials family (OpenID4VCI and OpenID4VP) for issuance and presentation.