MongoDB

Designing a Decentralized Identity System

Build a self-sovereign identity platform using DIDs, verifiable credentials, and blockchain anchoring for user-controlled digital identity.

srikanthtelkalapally888@gmail.com

March 15, 2026

Decentralized identity puts users in control of their credentials — no central authority required.

Problems with Centralized Identity

Federated Identity (OAuth):
  "Login with Google"
  → Google can revoke your identity
  → Google tracks all your logins
  → If Google goes down, you can't log in

Password-Based:
  Each site stores credentials
  → Data breach exposes passwords
  → Users reuse passwords

Self-Sovereign Identity (SSI) Model

User controls their own identity:
  Private key stored on device (wallet)
  Credentials issued by trusted parties
  User selectively discloses claims
  No central registry required

Decentralized Identifiers (DIDs)

DID: did:web:example.com
     did:key:z6Mkfriq...
     did:ethr:0x1234...

DID Document (public, resolvable):
{
  "id": "did:web:alice.example.com",
  "verificationMethod": [{
    "type": "Ed25519VerificationKey2020",
    "publicKeyMultibase": "z6Mkfriq..."
  }],
  "authentication": ["#key-1"]
}

Verifiable Credentials (VCs)

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "did:web:mit.edu",
  "credentialSubject": {
    "id": "did:key:z6Mkfriq...",
    "degree": { "type": "BachelorOfScience", "name": "Computer Science" }
  },
  "proof": { "type": "Ed25519Signature2020", "jws": "eyJ..." }
}

Presentation Flow

1. University issues degree VC to Alice's wallet
2. Employer requests proof of degree
3. Alice's wallet creates Verifiable Presentation:
   - Selects relevant VC
   - Signs presentation with her private key
4. Employer verifies:
   - Alice's signature valid?
   - Credential issued by trusted university DID?
   - Credential not revoked?

Selective Disclosure

Age Verification:
Government credential: { name, dob, address, id_number }

Alice proves: "I am over 21"
Without revealing: exact DOB, name, or address

Using ZK-proofs (BBS+ signatures)

Revocation

StatusList2021:
  Issuer maintains bitstring of credential statuses
  Credential contains URL to revocation list
  Verifier checks bit position → revoked or valid?

Conclusion

SSI with DIDs + VCs shifts identity control to users. Selective disclosure via ZK-proofs enables privacy-preserving verification. Still maturing but gaining enterprise traction.

Share this article

← Back to all articles