Identity management is on the verge of a paradigm shift. It is moving from centralized, federated methods to decentralized ones of providing, proving, and sharing identity data between trusted parties. This brings benefits such as:
The Curity Identity Server version 8.2 introduced the ability to issue verifiable credentials using the OpenID for Verifiable Credential Issuance draft specification. The feature is available when enabled with a feature flag and allows users to experiment with credentials and plan how to prepare for this new identity paradigm.
Decentralized identifiers are a type of Uniform Resource Identifier (URI). They are identified via the DID scheme, followed by a method name and a method-specific identifier. They are resolved to keys that can be used to verify an identity.
Myths and Truths About Decentralized IdentifiersCompared to Decentralized Identifiers (DID) documents and publicly available keys, verifiable credentials are personal and securely stored by the credential holder (e.g., in a wallet). By keeping verifiable credentials private, the holder can control the timing and context in which to share a credential and can do so without involving the authority. Novelly, when the holder chooses to present them to a relying party, the issuer has no knowledge of the transaction or the relying party. These characteristics enable self-controlled identities, also called self-sovereign identities.
Explore issuance and verification of digital credentials
Read More about Digital WalletIn this talk, Jacob Ideskog, CTO at Curity, walks through the paradigm shift that is happening with the advent of decentralized identity. When thinking about identity, we tend to think about user accounts, available somewhere in the organization’s data sources. But how will this change when the identities are decentralized, and how do we make sure our APIs can make the right decisions about access?