Skip to main content

Decentralized Identity

Decentralized Identity is an architectural pattern that shifts control of digital identity from centralized corporate silos to the actual entities—users, organizations, or devices—that own them.

Instead of relying on central identity providers or traditional federation protocols, this model uses public-key cryptography and open web standards to build cross-domain trust without vendor lock-in.

ThunderID provides the underlying infrastructure to orchestrate this lifecycle. It acts as an Enterprise Identity Hub, enabling you to anchor decentralized identifiers, issue tamper-evident claims, and securely verify third-party assertions.

When to Use This Pattern

This pattern is a good fit when you need to:

  • Remove Central Intermediaries: Traditional authentication protocols require applications to constantly call back to a central Identity Provider (IdP) at runtime to verify a user. This pattern removes those central intermediaries, allowing applications to securely verify an identity offline and independently using public-key cryptography.

  • Eliminate Repeated Verification: Replace manual, expensive compliance checks (like KYC or employment verification) with portable, reusable digital proofs that drastically reduce onboarding friction.

  • Maximize User Privacy: Minimize organizational data liabilities by allowing users to selectively disclose only the specific identity attributes required for a transaction.

  • Support Offline & Edge Environments: Secure supply chains, IoT networks, or distributed devices with cryptographic proofs that can be verified resiliently even when the issuer is offline.

How the Trust Triangle Works

Decentralized identity eliminates the need for centralized data repositories by implementing a tri-party architectural framework referred to as the Trust Triangle.

IssuerHolderWallet / AppVerifierRelying Party Issues VC Presents Verifiable Presentation Resolves DID Doc& checks revocation

What You Can Build

Credential Issuance

Issue cryptographically signed, W3C-compliant Verifiable Credentials to user wallets — covering personal identification, professional certifications, vehicle registration, or loyalty cards.

Onboarding and Authentication

Instantly authenticate users and register new accounts by accepting trusted, tamper-evident digital credentials — eliminating manual identity verification, forms, and document uploads.

Standalone Claim Verification

Allow users to cryptographically prove specific facts — such as holding an active license or being over a certain age — without disclosing any unrelated personal data.

ThunderID LogoThunderID Logo

Product

DocsAPIsSDKs

Community

ContributingDiscussionsReport an Issue

Resources

ReleasesGitHubBrand Guidelines
© WSO2 LLC. All rights reserved.Privacy PolicyCookie Policy