Since 2017, Dock 's expert team has been building cutting-edge decentralized identity and Verifiable Credential technology. We created this complete guide on decentralized identity to explain what it is, how it works, and its many benefits to organizations, individuals, and developers.
TL;DR
1) Organizations: Issuing organizations can provide fraud-proof credentials and verifying organizations can instantly check the authenticity of credentials.
2) Individuals: Fully own and control their digital identity and credentials without relying on any third party to prove their claims.
3) Developers: Build user-centric apps that eliminate the need for passwords and inefficient authentication processes.
Not-so-fun facts:
But don’t get too down because there’s hope! As decentralized identity technology gains more adoption, people and organizations will be able to share data securely.
Decentralized identity is a type of identity management that allows people to control their own digital identity without depending on a specific service provider.
A digital identity is the body of information about an individual, organization, or electronic device that exists online. Data that form a digital identity include:
A verifiable proof of existence is often needed for us to exercise our right as citizens to access essential services like healthcare, banking, and education. Unfortunately, 1 billion people in the world don’t have an official proof of identity. With decentralized identity systems, all you need is an internet connection and a smart device which are becoming more accessible in emerging economies.
These are the key advantages of decentralized identity for:
Organizations: Issue and verify fraud-proof credentials and documents instantly and reduce the risk of data breaches by storing less user information
Individuals: Own and control your digital identity with more privacy
Developers: Secure authentication sign-in for app users that eliminates the need for passwords and privacy-preserving user verification is used
Decentralized identity solutions come with many advantages for organizations including:
Being able to verify credentials instantly is beneficial for a variety of use cases including speeding up the hiring process and reducing the risk of hiring someone without the appropriate credentials.
Many organizations around the world must follow regulations on how they collect, store, and use user data. If they don’t follow the regulations, they can face penalties and sanctions for breaking the rules or data breaches.
The impact of data breaches on organizations:
Decentralized identities enable people to:
A decentralized digital wallet can be used on a phone to securely store your digital identity and credentials with encryption. This approach conceals data which greatly reduces the risk of credential tracking, hacks, and gaining unauthorized access to steal or monetize people’s data. With a decentralized identity, someone has to give authorization to share information when it is requested.
Verizon’s email hacking statistics show that phishing attempts are responsible for 80% of malware infections and almost 95% of all espionage attacks. Also, Facebook has had many data breaches since it was launched. In one instance, 540 million records were exposed in a Facebook data leak, which included Facebook IDs, passwords, Facebook friends, photos, and check-ins. This data is a gold mine for hackers planning phishing scams and social engineering attacks.
With a decentralized identity, passwords don’t exist. Rather cryptographic keys are used to authenticate users when they sign in. You could sign into a website with your Decentralized Identifier data instead of a user name. Basically, you only need to share the information that’s relevant and necessary to access each service.
Decentralized identity solutions help developers by:
Imagine shopping on sites that don’t need to build up and store personal details including credit card information. Instead, your verified payment and shipping information is securely transmitted from your decentralized identity wallet.
Or if someone wants to apply for a loan application, instead of finding all the paperwork, they can give permission to the bank to instantly receive all of the relevant information to show that they are eligible for a loan, including their salary, address, and name.
If an organization like a university or training program is issuing credentials, they can do so securely by making credentials fraud proof. Fake diplomas are a billion-dollar industry and it’s very easy for people to forge a certificate. This creates many risks for companies and impacts people’s safety as many people who get fake credentials work in health care or more risky field work operating heavy machinery. Even back in the 80s, there were approximately 5,000 fake doctors in the US and it is now believed that there will be many more.
By using decentralized identity technology, organizations help prevent fraud to ensure that you are hiring qualified people with authentic credentials. Let’s say a company is looking for a project manager and they have a practice of hiring efficiently to get the best candidates. Many organizations take a long time to recruit and verify the credentials of candidates resulting in them losing out on great prospects as high-quality applicants often get multiple offers.
Here is how the company leverages decentralized identity technology to hire efficiently:
1. Mary, the job applicant, manages her decentralized identity and Verifiable Credentials on her phone with a Dock Wallet and wants to apply for the company Naturellica looking for a Senior Graphic Designer.
2. Mary's University issues her Bachelor of Design as a Verifiable Credential that she stores on her digital wallet and this credential can’t be faked.
3. The company makes a job offer and they just need to check that her certificate is authentic. HR requests to view Mary's credentials and starts the verification process with this QR code that Mary can scan:
4. Mary scans the company's QR code to start the verification process.
5. Mary selects the relevant credential to verify.
6. Mary can select which parts of her credential she wants to share rather than showing all of the details on the university degree to maintain privacy.
7. The company instantly sees that her credential is authentic and they offer Mary the job.
The traditional, manual verification process would normally take weeks to even months.
The term “decentralized identity” is used interchangeably with Self-Sovereign Identity (SSI), which is an approach to digital identity that gives individuals control of their digital identities. The three pillars of Self-Sovereign Identity are:
A growing number of organizations in government and in the private sector around the world are leveraging decentralized identity technology, including the EU. As the world moves more and more towards Web3, which is the next evolution of the internet, an increasing number of people will take back control of their data through decentralization and blockchain.
Problems and Risks With Centralized and Federated Digital Identity Systems
Centralized Identity Management: Administrative Control by a Single Authority or Hierarchy
Almost all of our digital identities are connected through services, devices, and apps.
Our personal information like our credit card, name, and address is being stored and shared on an increasing number of websites while our data is often used by websites to track people to display targeted content and advertise. As people access more websites and apps, the more accounts they have to create and manage, which creates a bad user experience.
Centralized systems often make digital identities vulnerable to cyber attacks and privacy breaches, including identity theft. Because so much user data is stored in one place, hackers could access a large amount of confidential information.
Federated Identity Management
Because of the problems that resulted from the centralized digital identity model, federated identity was developed. A federated identity allows authorized users to access multiple applications and domains with a single set of credentials like when people can use their Google or Facebook to sign into websites or apps. Signing in this way is also referred to as “single sign-on” tools.
While this method of signing in is more convenient for people because they don’t have to create a whole new account, the main downside is that if your password gets stolen, all of the other sites you used with that single sign-on account could be exposed. You would have to trust both companies that offer single sign-on to protect your privacy and security as well as all of the third-party websites that offer these options to implement them correctly. In recent years, there have been several cases of Facebook and Google misusing information, including Facebook user data to manipulate people’s moods and Google employees leveraging their positions to steal, leak, or abuse data they may have access to.
More aspects of our lives require verification of our identities in order to apply for a mortgage, buy a car, or sign up for a new service. People have little to no choice but to surrender their privacy to use the things they want.
Thankfully, decentralized identity solutions can effectively solve many of these privacy and data breach problems. Decentralized identity gives people full ownership and control of their personal information and credentials.
Decentralized identity management is a way of managing your online identity where you, the user, have control over your own personal information, rather than having it controlled by a central organization or company. This is different from centralized identity management, where a central organization or company holds and controls all of your personal information.
One of the main benefits of decentralized identity management is that it gives users more control over their personal information. With centralized identity management, users have to trust that the central organization or company will keep their personal information safe and not misuse it. With decentralized identity management, users have the ability to control who has access to their personal information, and can easily revoke access if necessary.
Another benefit of decentralized identity management is that it is more secure. With centralized identity management, if the central organization or company's security is compromised, all of the personal information of all of its users is at risk. With decentralized identity management, each user's personal information is spread out and not centralized in one place, so even if one user's information is compromised, it does not affect the personal information of other users.
Also, decentralized identity management is more private. With centralized identity management, users often have to give out a lot of personal information to the central organization or company, which can be used for targeted advertising or other purposes that the user may not be comfortable with. With decentralized identity management, users only have to share the personal information that they want to, and can keep the rest private.
There are many organizations working to standardize and shape the field of decentralized identity. These are the key organizations:
A decentralized identity system has these main elements:
Let’s go into more detail about how each of these elements works individually and then how they all work together.
A blockchain is a digital database that records transactions across a network of computers. It is called a "blockchain" because it is made up of a chain of blocks that contain information about the transactions. Each block contains a list of transactions, and once it is added to the chain, the information in it cannot be altered (or it’s extremely difficult to alter). This makes the blockchain secure and transparent, and it is often used for things like cryptocurrency and online voting.
With Dock, only DIDs are registered on the blockchain, but no Verifiable Credential data is ever put on the blockchain for security and privacy.
Security: Blockchain uses cryptography to ensure that once a block is added to the chain, it’s extremely difficult to alter, making the information stored in it secure.
Tamper-resistance: The blocks in a blockchain are linked together using a cryptographic function, making it difficult for any malicious actors to tamper with or alter the data stored in the blocks. Once data is written on blockchain it is almost impossible to change, tamper or delete, providing trust and security to the data.
Decentralized: A blockchain is a decentralized system, meaning that it is not controlled by any one central authority or organization. This allows for a more democratic and transparent system.
Transparency: All the transactions are recorded in a public ledger, which can be viewed by anyone on the network, promoting transparency and accountability.
Trustless: Blockchain enables trustless transactions by using consensus algorithms, smart contracts and digital signatures, which eliminates the need for third party intermediaries.
Here is how each party uses the blockchain in a decentralized identity system:
The blockchain allows everyone in the network to have the same source of truth about which credentials are valid and who authenticated the validity of the data inside the credentials. The blockchain establishes a basis of trust by maintaining a verifiable registry (or records) of:
The identity information is not stored on the blockchain but rather on the holder’s digital wallet. The credentials issued using the Dock blockchain are stored off-chain, usually in someone’s decentralized digital wallet app.
Dock's Solutions Architect Mike Parkhill explains how decentralized identifiers (DIDs) work and their importance.
A decentralized identifier (DID) is a way to identify yourself or something online without relying on a centralized company or organization. Imagine a phone number is like a centralized identifier because it is assigned to you by a phone company, and they keep track of who it belongs to.
A DID is like a personal phone number that you create, own, and control. You can use it to prove who you are online without having to rely on a third party. It's like having a digital passport that you can use on the internet, and it's not controlled by any one company or organization. It's simple to understand like a phone number you own and control.
Right now, most of us use centralized identifiers like emails, passwords, and user names to access websites, apps, and services. But these identifiers have often resulted in:
But DIDs solve many of these problems. A Decentralized Identifier (DID):
Here is a decentralized identifier example that can be managed in a Dock wallet:
A party, either an individual or organization, can make as many DIDs as they want for different relationships. DIDs are like different personas that people can create.
Right now, many people use LinkedIn to show their professional experience and information. But because they don’t want employers to see their personal photos and interests, they make a separate Facebook profile. A DID is similar in that you can make different profiles for different purposes.
For example, you can have a DID for:
Right now, many people use LinkedIn to show their professional experience and information. But because they don’t want employers to see their personal photos and interests, they make a separate Facebook profile. A DID is similar in that you can make different profiles for different purposes.
For example, you can have a DID for:
Dock’s decentralized identity solutions enable organizations and people, to completely create, own, and manage their digital identity.
Dock Certs: User-friendly, No Code Platform for Organizations
Enables users to easily create and manage their decentralized identity as well as issuing, verifying, and revoking Verifiable Credentials. With Dock Certs, organizations can issue fraud-proof certificates that will protect the value of their credential and enhance their reputation among their stakeholders.
Dock Wallet: Individuals and Organizations
People can conveniently take their DIDs and associated Verifiable Credentials anywhere by storing them securely on their Dock Wallet. The wallet enables people to easily create, edit, and manage their decentralized identifiers and no party can take away these identifiers.
Certs API: Developers and Organizations
Dock’s Certs API enables users to conveniently issue, verify and revoke Verifiable Credentials (VCs), manage decentralized identifiers (DIDs), and interact with the Dock blockchain. We have open-source software on GitHub that can be used with the API.
Certs API Benefits:
Web3 ID: Developers and Organizations (Open-Source and Free)
Web3 ID is an authentication and sign-in system that enables:
It’s easy to start creating your decentralized identity with the Dock Wallet app, a wallet that allows users to fully own and control their decentralized identifiers. Verifiable Credentials are associated with DIDs.
Just follow these steps to create a DID:
1. Select DIDs at the bottom of your wallet and click on the + sign on the top right of the screen.
2. Select Create New DID.
3. Name your DID like educational credentials, NFTs, IDs etc. and select Create.
4. Choose a DID type. Difference between the two keys:
5. Select Create after selecting did:key for example and naming it.
6. did:key is created.
7. This is the next step if you select did:dock. Name your DID and select the DID Payment Account. If you have multiple accounts, you will see an extra field on this screen for you to choose which account to use to pay for the DID.
8. Select Confirm.
9. You now have a new DID!
Click here to learn more about how to manage DIDs in your Dock Wallet.
With a Dock Wallet and Dock Certs, you can create a DID by following these steps:
2. Click Create Verifiable Credential on the top right.
3. Create the issuer profile (a university for example) and you can leave the Key Type to the default setting. Then select Create a DID.
4. Choose among the basic template options, select the DID, click Continue on the top right.
1. You can add credential recipients manually one by one or in bulk with the Import CSV option.
2. If you add someone manually, you will enter details like this example below where we are identifying someone by their employee number. Once you fill in all of the details, click Add Recipient.
3. The information will appear like this:
4. If you want to do bulk issuance, you can also import a CSV file. Download the sample template, fill it in, and upload it.
5. The next option is to Persist the credential which means that Dock will securely store the credential on our database (but NOT on the blockchain).
If you persist the credential, there will be a QR code that shows up on the PDF where the recipient can simply scan the QR code with their Dock Wallet app to import the credential in their wallet.
6. There is an option to allow this credential to be revoked.
7. You can anchor the credential which will add a hash of the credential (like a digital fingerprint) you issue on the Dock blockchain. This allows someone to verify when and who created it.
8. Next click Issue Credentials on the top right and you will be able to download the credentials in JSON and PDF formats. A JSON file is a file that stores simple data structures and objects in JavaScript Object Notation (JSON) format, which is a standard data interchange format.
The Basic PDF credential will look like this:
It’s important to know that if you don’t persist or download the credential, you can’t get it back.
9. The issuer can email the PDF and JSON files to the recipient. Soon we will be releasing the Relay Service to automatically send the credential to the recipient's wallet.
10. If there is no QR code on the PDF file (because the credential wasn’t persisted), then the recipient has to download and import the JSON file. To do this select Credentials, click on the + sign on the top right corner, and select the JSON file.
11. The credential will immediately appear in the Dock Wallet.
Organizations can quickly verify users' digital credentials in seconds using Dock Certs and the Dock Wallet on a phone or computer. The verification process is powered by blockchain technology, making it fast and reliable. Because Dock's tools detect fraudulent credentials, verifiers can be assured that the information presented is accurate. Organizations can verify documents with the web or wallet-to-wallet (online or in person).
With the Dock Wallet, individuals:
Click here for the complete guide on how to verify credentials.
Each DID comes with one or many private and public keys:
You can have multiple private-public key pairs, and it’s good practice to generate new public keys when sharing information with a different party. This can be compared to using the same password for 10 different websites. It’s not safe to do this for security reasons. It’s better to have different and long complex passwords for all sites. Similarly, it’s better to generate a new public key for each party you share information with.
Example of how private and public keys would be used
Let’s say there’s a health and safety training organization that provides certification for construction safety and this course is a requirement for workers to get a job with a construction company. Here is how decentralized identity helps prevent fraud and enables organizations to save a lot of time and resources issuing and verifying credentials:
Traditional certification verification processes would normally take a few weeks before he can start working because the construction company would have to manually contact the issuer. The previous verification process would be time-consuming and expensive.
Verifiable Credentials are a digital, cryptographically secured version of both paper and digital credentials that people can present to organizations that need them for verification. A few of many examples of information that can be issued as Verifiable Credentials:
When digital credentials conform to the Verifiable Credentials Data Model 1.0, which is a standard established by World Wide Web Consortium (W3C), they can be referred to as Verifiable Credentials.
Examples of Decentralized Identity Verification
Maintaining privacy is a major benefit of Verifiable Credentials. Let’s say there’s an on-demand food delivery company that requires applicants to have a valid driver’s license. The company can instantly check the Verifiable Credential to confirm that an applicant has a valid driver’s license. A verifiable presentation would allow an applicant, the holder, to show their license number without sharing unnecessary information like their full name or address.
In another example, a club’s staff member can scan the QR code of the holder’s Verifiable Credential to ensure they are at least 18 years old. The public DID of the government’s licensing department is on the blockchain which allows the club to verify the authenticity of the Verifiable Credential because the club trusts the department that issued the credential. The Verifiable Credentials create trust between the parties and guarantee the authenticity of the data and claims without actually storing data on the blockchain.
In another situation, Sofia just moved to Canada without a physical copy of her university degree and she needs to prove her field of study to receive a job offer. Her university then issues her a Verifiable Credential, which is the degree, that is associated with her DID and she can store this in her digital wallet. Sofia then presents the credential to the employer who can instantly verify its authenticity.
A decentralized identity wallet enables people to securely store, manage, and share DIDs and Verifiable Credentials. It’s comparable to a physical wallet that holds various IDs and claims about yourself like service cards, bank cards, and licenses. The decentralized identity wallet will store verified credential details like citizenship, employment, name, and address to prove eligibility, identity, or complete a transaction.
A mobile identity wallet stores information on the phone rather than a browser’s storage or cloud. The digital wallet allows people to access apps and services without revealing personal information. DIDs also prevent your devices from being tracked and correlated (data may be traced back to someone's identity or online behavior). Verifiers can connect to the user’s identity wallet and request data while the user always chooses when to give permission to share data.
Let’s say Anna wants to sign in with Dock Certs using her DID.
1. Dock Certs allow people to login with their DID using Dock’s Web3 ID. This allows users to sign into the platform in a way that preserves their privacy.
2. Anna scans the QR code with her Dock Wallet and authorizes the website to instantly verify her credential.
3. She selects the DID that she created for Dock Certs then clicks Approve.
4. Anna successfully signs into Web3 ID
5. Anna accesses the Dock Certs platform.
Here are just a few of many examples of how decentralized identity technology can solve many problems that result from traditional verification processes and centralized identity management systems in a variety of industries.
Blockchain: A decentralized database that is shared among computers in the blockchain network that records information in a way that makes it very difficult to change, hack, or cheat the system.
Centralized identity management: Administrative control by a single authority or Hierarchy.
Decentralized digital identity wallet: Enables people to securely store, manage, and share DIDs and Verifiable Credentials.
Decentralized Identifiers (DIDs): Cryptographically verifiable identifiers created by the user, owned by the user, and independent of any organization. DIDs contain no personally identifiable information.
Decentralized identity: A type of identity management that allows people to control their own digital identity without depending on a specific service provider.
Digital identity: The body of information about an individual, organization, or electronic device that exists online, including search history and user names.
Federated identity management: Allows authorized users to access multiple applications and domains with a single set of credentials like when people can use their Google or Facebook to sign into websites or apps.
Holder: A user who creates their decentralized identifier with a digital wallet app and receives the Verifiable Credential.
Issuer: The organization that signs a Verifiable Credential with their private key and issues it to the holder.
Private key: Made up of a long string of letters and numbers that allows people to prove ownership, give consent to share selected data, and sign documents. It is used to both encrypt and decrypt the data. As an analogy, a private key is like a master key that can access all of your information and the owner should never share their private key with anyone.
Public key: Made up of a long string of letters and numbers that can safely be shared with anyone you choose to give specific information to.
Self-Sovereign Identity (SSI): A model that gives individuals full ownership and control of their digital identities without relying on a third party. This term is often used interchangeably with the term “decentralized identity.”
Verifiable Credentials (VCs): Digital cryptographically-secure versions of both paper and digital credentials that people can present to organizations that need them for verification.
Verifier: A party that checks the credentials and can read the issuer’s public DID on the blockchain to verify if the Verifiable Credential the holder shared was signed by the issuer’s DID.
Decentralized identity is a type of identity management that allows people to own, and control their own digital identity without depending on a specific service provider. Decentralized identity technology is solving many of the problems resulting from centralized and federated identity management systems, including widespread certificate fraud, slow and expensive verification processes, and risks of data breaches.
Decentralized Technology Benefits
Dock is a Verifiable Credentials company that provides Dock Certs, a user-friendly, no-code platform, and developer solutions that enable organizations to issue, manage and verify fraud-proof credentials efficiently and securely. Dock enables organizations and individuals to create and share verified data.
Dock’s Verifiable Credentials Platform makes your data fraud‑proof and allows your stakeholders to verify its authenticity in seconds - making expensive, time‑consuming, and manual verification processes disappear.