Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing both within organizations as well as on the Internet more broadly. Traditional identity systems typically suffer from single points of failure, lack of interoperability, and privacy issues such as encouraging mass data collection and user tracking. Blockchain technology has the potential to support novel data ownership and governance models with built-in control and consent mechanisms, which may benefit both users and businesses by alleviating these concerns; as a result, blockchain-based IDMSs are beginning to proliferate. This work categorizes these systems into a taxonomy based on differences in architecture, governance models, and other salient features. We provide context for the taxonomy by describing related terms, emerging standards, and use cases, while highlighting relevant security and privacy considerations.
AudienceThis publication is designed for readers with some knowledge of blockchain technology who wish to understand at a high level how blockchain identity management systems work. It is not intended to be a technical guide; the discussion of the technology provides a conceptual understanding. Note that some examples, figures, and tables are simplified to fit the audience.
Executive SummaryIdentity management systems allow one to provision identities to users, while managing authentication, authorization, and data sharing both within organizations as well as on the Internet. With traditional identity management, organizations usually store the credentials (e.g., a password) of each user they interact with, or with federated models, they use a third party to store this information. This creates interoperability, security, and privacy concerns due to the privileged position of the entity that controls the identity information.A possible solution to these issues is found in the use of blockchain technologies for identity management: they can reduce, or even remove, the need for a third party. At a high-level, they can transform data governance and ownership models, and benefit both individual users and businesses. More specifically, it can enable users to control their data and share select personal information to relying parties. It can also enable businesses to streamline their operations by relying on verified user information without having to maintain the infrastructure themselves.A large number of blockchain-based identity management approaches are currently being explored, implemented, and commercialized. Many of them use, or plan to use, smart contracts, the privacy capabilities gained from zero-knowledge protocols, and other scalability solutions atop the underlying blockchain. This is an emerging field and the features, capabilities, security, and privacy of these proposed systems are often unclear.Identity is a far-reaching topic, and the systems being designed to support it can take architectural forms that are both on-chain and off-chain, and fo...