Developing a Decentralized Identity Reference Architecture

Centralized Identity and Access Management (IAM) systems and services have been the foundation for digital identity over the past 40 years. Centralized IAM is attractive to enterprises and service providers since they maintain control of the identity. Still, with increasing user demands, privacy requirements, scalability challenges, and new use cases, Decentralized Identity (originally called User-Centric Identity) is emerging as a viable option that enterprises should at least be evaluating. 

This report outlines a Decentralized Identity Reference Architecture to guide enterprises seeking to enable user control, ensure privacy, leverage cryptography for security, and build trusted ecosystems using open standards. The architecture aims to define the capabilities necessary to deliver resilient, portable digital identities without passwords, provide flexible access management, reduce risk, and enable regulatory compliance. This builds on TechVision’s Reference Architecture approaches for Enterprise IAM, Customer IAM (CIAM), PAM, Security, IGA, and other related capabilities-based reference architectures.

Recommended near-term steps for enterprise adoption include running decentralized identifier (DID) method pilots, cataloging identity attributes for credentials, designating internal trusted issuers, evaluating identity wallets, updating applications for DID support, implementing selective disclosure, co-building proofs-of-value, and contributing to standards maturation. This measured approach allows incremental decentralization while minimizing user disruption during ecosystem maturation towards broader readiness.