Decentralized User-Controlled Identity Access Management

September 21, 2022

Decentralized Identity Access Management (IAM) can be seen as an extension of distributed ledger technology (DLT) which puts the user in control of their identities using an identity wallet which collects verified information about the user from certified issuers. Linking this technology with a multi-factor authentication mechanism using biometrics like retinal scanning, facial recognition, or fingerprint imaging can turn your childhood sci-fi movie scenes into reality. Security has been in the spotlight since the post-pandemic era as the attack surface has expanded tremendously after remote working. Identity systems are under sustained attack due to credential misuse, inappropriate privilege configuration and other methods. This has resulted in continued spending on cybersecurity which may most likely remain on the higher side as security teams are increasingly adopting new innovative cyber security products & mechanisms to protect networks, cloud infrastructure, IoT devices, as well as user identities and their accesses over enterprise networks.

The Push towards Decentralization

The immense push towards decentralization has led to the formulation of Web 3.0, which represents a third generation in the internet evolution that intends to give users ownership and power of their data and identity over the internet. Blockchain offers a fully decentralized architecture that eliminates the need for intermediaries within the current centralized server-client internet model, where decentralization of identities will play a crucial role. Apart from Blockchain, Web 3.0 would be powered by Interplanetary File System (IPFS), which enables crypto-based wallets to store and provide user-controlled identity. Also, paired use of Decentralized IDs (DIDs) & Verifiable Credentials (VCs) create secure, authenticated, and trustworthy peer-to-peer connections without requiring any centralized intermediary. 

Challenges with existing Digital Identity Systems

What makes you weak helps you realize your true strength” may look like a motivational quote, but in essence, to understand the full potential of decentralized identities, one must know about the challenges of existing digital identity management systems. 

  • Ownership: User IDs & PIIs are currently stored in third-party remote but centralized servers which may belong to service agencies and/or enterprises, effectively threatening the ownership of ID use.
  • Credibility: With deep fakes and many ID theft technologies, digital IDs are meant to be non-trustworthy unless they are verified by the identity issuer, which is more third-party dependent in the current infrastructure.
  • Integrity: Considering the user to be genuine, in situations of account hacks or misuse of user credentials, it becomes challenging to ensure the integrity of both the user identity and the credentials.
  • Security: While remote working has pushed organizations to go digital, embracing cloud infrastructure, there are still some open areas in securing the communication of user PIIs or identities over the cloud.


While today’s PKI-based digital X.509 certificates can tackle these challenges, it generally uses a certificate authority (CA) that holds a root of trust. But, what if the CA gets compromised? And that is where decentralized IAM becomes handy.

Need for Decentralized IAM

Internet, at its core, probably never gave a thought to identity, which is why there is no identity layer defined in its build design. However, with the onset of sophisticated cyberattacks like ransomware & botnets, it becomes quintessential to protect user identities and data over the internet, avoiding a single-point failure scenario. Decentralized IAM works on the Self-Sovereign Identity (SSI) principle, which is based on a paired functionality of DIDs & VCs. Decentralized Identity defines user identity over Blockchain fabric using a string pointing to a Blockchain URL where DID document is stored, which holds the information to public key & user information. Verifiable Credentials, on the other hand, is a method used to represent credentials on the web in a secured, private and machine verifiable format using credential metadata and digital proof/signature. When combined, DIDs & VCs build trust within the SSI framework, mitigating most of the challenges. So essentially, it functions in a PKI model but without centralized dependency where the issuer sends its DID public key. The user presents their DID public key at the request of the verifier, who then receives these public keys and digitally signed DID document by both issuer and user to entrust the process with utmost priority to user identity & data security. The below flow diagram illustrates the workflow of a Decentralized IAM. 


Use Cases of Decentralized IAM

While the industry is pondering some real-life use cases, governments across the globe have started embracing this technology in validating users based on their publicly identifiable identities, such as passports, social security numbers or driving licenses. Microsoft presented an interesting use case on how this technique can be used across universities to validate the authenticity of graduates and their transcripts.

Globally, many government-funded consortiums are designing use cases on how this technology can be used to screen passengers or crew members at international borders. Some popular use cases that can be thought of are validating guests at hotel premises or authenticating employee ID across multiple branch offices of an organization. Here at HSC, we are creating unique products based on these technologies, such as:

  • DID-based solution for zero-touch onboarding of IoT devices which simplifies and secures the IoT device provisioning
  •  A Decentralized IAM (Identity Access Management) solution using DIDs and Verifiable Credentials prevents a service from storing users’ identities and credentials in their centralized database.

Courtesy: GSMA



No Comments

Add Comment


We use cookies (including third party cookies) to ensure you get the best experience while visiting our website. Click "Accept All Cookies" to accept the cookie usage. Click "Cookie Settings" to adjust cookie settings.

Mandatory Cookies

These cookies cannot be disabled

These cookies are necessary for the website to function and cannot be switched off.

  • __RequestVerificationToken
  • authentication
  • dnn_IsMobile
  • language
  • LastPageId
  • NADevGDPRCookieConsent_portal_0
  • userBrowsingCookie

Analytics Cookies

These cookies allow us to monitor traffic to our website so we can improve the performance and content of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited or how you navigated around our website.

  • _ga
  • _gat
  • _gid

Functional Cookies

These cookies enable the website to provide enhanced functionality and content. They may be set by the website or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

  • __atuvc
  • euconsent

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.


Not used.