Centralized Identity Systems
A centralized identity system is where one trusted authority manages and stores all
credentials.
All authentication and authorization requests go through this central provider.
Characteristics
Credentials are verified and stored by a single authority.
Managed centrally by admins.
Used for identity and access management.
Example: Microsoft Entra ID
Benefits
Secure adaptive access. Strong authentication and risk-based access policies.
Seamless user experience. Single sign-on reduces password fatigue.
Unified management. One console for all identities—cloud or on-premises.
Simplified governance. Automated policies ensure only authorized users keep
access.
Analogy:
Think of Entra ID as a bank vault . The vault (directory) securely stores all the credentials,
and only authorized tellers (admins) manage keys.
Decentralized Identity
A decentralized identity (DID) system lets individuals own and control their digital
identities instead of a central organization.
Identities are anchored in decentralized systems (often blockchain-based).
Key Concepts
DIDs (Decentralized Identifiers): User-created, globally unique IDs that aren’t
owned by any central entity.
DPKI (Decentralized Public Key Infrastructure): Stores public key data to verify
identity and encryption.
User Agent App: Like a “Digital Wallet” that manages your DIDs and permissions.
OƯ-chain Storage: Personal data remains encrypted on user-controlled devices,
not on public blockchains.
Microsoft’s Approach
Uses decentralized systems only to anchor identifiers—not to expose personal data.
Keeps actual identity data encrypted and user- controlled (“o Ư-chain”).
Example Scenario:
A student receives a verifiable digital diploma stored in their DID Wallet. When applying for
a job, they share this credential directly with the employer, who can verify its authenticity
without contacting the issuing university.
Components of Decentralized Identity
Component Function
W3C DIDs Standards for user -created, self -owned
identifiers.
Decentralized Systems
(Blockchains/Ledgers) Provide trust anchoring for DIDs.
DID User Agents Apps for creating and managing DIDs.
DIF Universal Resolver Looks up and verifies DIDs across systems.
DIF Identity Hubs Personal encrypted datastores for identity
data.
DID Attestations Signed statements that verify claims.
Decentralized Apps (dApps) Apps using DIDs to grant user -controlled
access.
Analogy:
In a decentralized system, you are your own identity provider . Instead of your data living on
someone else’s server, you carry your digital passport in your own encrypted wallet.