User-centric Identities

This is a chapter from the book Token Economy (Third Edition) by Shermin Voshmgir. Paper & audio formats are available on Amazon and other bookstores. Find copyright information at the end of the page.

</aside>

If properly designed, a blockchain wallet could serve as the foundation for both user-centric and privacy-preserving identity management systems. In combination with Decentralized Identifiers (DIDs), blockchain networks can provide more sophisticated decentralized identity management solutions, reducing friction and costs for all participants involved.

Identity management refers to the processes by which individuals, organizations, and objects are identified and authenticated—which is the basis for trustworthy social and economic interactions. Governments issue birth certificates, IDs, passports, and driver’s licenses; schools and universities issue diplomas and licenses; healthcare providers manage personal health records; and companies manage their client, business, and employee data. Historically, such licenses, certificates, and records were mostly analog, issued and managed by governmental institutions and companies. The advent of the Internet created the need for digital identity systems; however, the Internet Protocol lacks a native identity layer because it was only designed to address and identify computers—not people, organizations, or objects.

To resolve this issue, identity management systems had to be built on the application layer of the Internet. Private computer infrastructure was used to manage the data involved in issuing identities, managing passwords, and verifying credentials of people, institutions, goods, and services. These systems rely on username–password combinations and centralized databases—a concept adapted from pre-Internet systems—that centralize all aspects of identity management, including issuing identifiers, authentication methods, credential provision, and data storage. The result was fragmented and incompatible data silos that impose significant costs and limitations on users, companies, and governments alike.

Password chaos: Today, users must manage an overwhelming number of usernames and passwords, resulting in scattered fragments of personal data across the Web. Single sign-on solutions that emerged over time—offered by companies like Google, Meta, or Apple—simplified this process but introduced significant drawbacks, as these providers can monitor and unilaterally issue and revoke access, potentially locking users out of multiple services simultaneously.
Data portability is crucial for both businesses and customers alike. Supply chains rely on data portability to trace the provenance of goods and services and to reduce document-handling costs. Individuals rely on being able to export their personal data when they change service providers. In client–server setups, however, enabling such portability entails high operational costs and technical challenges.
Control, security, and custodial costs: Users have limited control over their personal data. They are often unaware of how their data is used or shared and must trust these companies to secure their data. Their digital footprints are often stored in plain text, enabling extensive data mining for user profiling, advertising algorithms, and other profit-driven activities. This personal data has become a new form of product—an asset class in its own right—and has contributed to what privacy advocates call “Surveillance Capitalism.” Even if data is not exploited for commercial purposes, username–password combinations can still be compromised in data breaches, which occur frequently. The management of identity-related data is therefore expensive, and security largely depends on the business ethics of the service provider and the legal framework of the country where the company operates.

History of Digital Identity Management

Over the past decades, there have been many efforts to create more collectively controlled identity management systems for the Internet. In 1999, Microsoft launched “Microsoft Passport,” a federated identity solution aimed at reducing password chaos by offering a single identity service for multiple Internet services. However, this solution required a coordinator, placing Microsoft at the center of control. In 2001, Sun Microsystems introduced the “Liberty Alliance,” which distributed control across multiple institutions but still tied personal data to individual service providers. That same year, the “Identity Commons” initiative began consolidating work on digital identity, emphasizing decentralization, which later led to the creation of the Internet Identity Workshop in 2005.

Open-source developers pursued more user-centric identity solutions, such as “OpenID,” which allowed individuals to control their identities using personal domain names and data stores. These solutions countered the server-centric model by enabling users to grant permission for their data to be shared. However, these solutions never found mainstream adoption. They lacked user-friendliness and critical mass adoption to create the necessary network effects.

Around 2008, companies like Facebook embraced some ideas from OpenID and paired them with their centralized systems, offering simplified usability. “Facebook Connect” allowed users to sign in to various services by simply using their existing Facebook credentials, saving time and effort for users and reducing costs for smaller Internet startups that did not have to create their own identity systems. It centralized control over users’ digital identities, extending to their browsing histories, social media activities, and geolocations. Network effects played into Facebook’s hands because of its large user base. This model became the blueprint for other Internet providers like Google, Amazon, and Apple to offer similar services, and together they soon dominated the online identity market—including all personal data and digital footprints of their users. They simplified the processes of storing user identities, authentication details, and payment information. The usability of their services created a feedback loop in which more users attracted even more users, further entrenching the dominance of these platforms and discouraging users from engaging with smaller competitors. Consequently, the Internet has become re-centralized around a few major providers, although it was originally intended to be much more decentralized.

To counter this, decentralization advocates continued exploring user-centric alternatives. The “Web of Trust” initiative, rooted in the “Pretty Good Privacy” (PGP) movement, introduced asymmetric cryptography for identity validation. However, its reliance on email addresses as identifiers tied it to centralized institutions like “ICANN,” limiting adoption. Visionaries like Christopher Allen elevated the debate by proposing the concept of Self-Sovereign Identity. He laid out several principles of data management and data sharing over the Web, which inspired various initiatives, including “Social Linked Data, Rebooting the Web of Trust” and “WebIDs.” The aim of all these initiatives is to establish international open standards that decouple the issuance and verification of credentials, addressing the limitations of server-centric systems.

With the advent of blockchain networks, decentralization efforts gained momentum. The decentralized public key infrastructure of blockchains fully aligns with open and user-centric initiatives, without linking identities to email addresses or centralized systems. Since identification in blockchain networks is limited to pseudonymous identifiers, it needs to be complemented with more sophisticated solutions.

“History of Identities” from Token Economy (Third Edition) 2025, Shermin Voshmgir

Key Elements of Identity Systems

The key elements relevant in any identity management system, centralized or decentralized, online or offline, are identifiers, authentication, and credentials.

Identifiers uniquely identify a person, organization, or object. Examples include email addresses, phone numbers, and social security numbers. While names are not always unique or persistent, identifiers like serial numbers or passport numbers are designed to be both unique and consistent over time. Their persistence can vary by country or institutional policy, as some document numbers may expire. Identifiers also play a critical role in tracking objects (e.g., product serial numbers) and organizations (e.g., company registration numbers used for taxes or subsidies). Blockchain networks, such as the Ethereum network, use blockchain addresses as identifiers.