Digital identity without intermediaries: how to take back control online
Every time you log into a digital service, someone decides if it’s really you. The underlying problem is that your identity depends on others. Even if it seems like your account or profile is “yours,” it actually depends on whoever manages the service. That entity controls the system that confirms who you are.
This works within each platform, but things get complicated when multiple organizations need to trust each other. How can you verify someone’s identity if it depends on systems that can fail, be attacked, or change their rules?
This is where an alternative gaining more attention comes in: Decentralized Identifiers (DID).
DID: A Digital Identity You Control
The idea is simple: to have a digital identity that does not rely on a single company or institution.
A DID is a unique identifier (like a digital license plate) linked to a cryptographic mechanism that proves you control that identity. Instead of being “stored” on a specific platform’s server, the identity can be anchored or registered in a distributed and verifiable infrastructure.
You don’t need to understand the technology to use it. Just like with a bank card or passport, what matters is that the system can verify the identity exists and that the person using it has the right to do so.
Two Distinct Concepts: Controlling an Identity vs. Proving Who You Are
It’s helpful to separate two concepts that are often mixed:
Controlling an identity: proving that you own a DID.
Proving attributes: demonstrating facts about yourself (for example, that you are a hospital, a university, or an authorized company).
The DID solves the first. For the second, verifiable credentials are used.
Verifiable Credentials: How to Prove Attributes Without Revealing Too Much
Having a digital identity (DID) does not mean others automatically know what type of entity you are.
Verifiable credentials, issued by recognized authorities (e.g., an accrediting body, government agency, or authorized institution), are used to prove that. These credentials:
Do not replace the DID; they are linked to it.
Allow you to prove specific attributes (for example, “I am an authorized hospital”).
Can be presented selectively: share only what is necessary.
A simple way to understand it: the DID is your “base identity,” proof of control, while the verifiable credential is your “accreditation,” proof of attributes.
But… How Does It Work in Practice?
Imagine a hospital wants to collaborate with a university on a research project:
The hospital identifies itself with its DID – proving it controls its digital identity.
It presents verifiable credentials – providing evidence issued by recognized authorities proving what type of organization it is.
The university automatically verifies:
The DID is valid and controlled by the hospital;
The credentials are authentic;
The issuer of the credentials is trustworthy.
If everything checks out, the collaboration can begin without lengthy manual verification processes.
A System That Can Coexist With Existing Methods
This approach does not aim to replace current systems overnight. It can coexist with traditional access and identification methods.
The main difference is in control and interoperability:
The digital identity does not depend solely on one platform.
It can be used across different services.
It allows sharing only the necessary information.
Why This Matters in a Data Space
In an environment where multiple organizations share information, trust should not depend on a single intermediary.
In our data space, DIDs allow establishing a verifiable base identity, and verifiable credentials allow automatically proving attributes while controlling what is shared.
Ultimately, the issue is not only technological but also about trust: how to prove who you are and what role you have in a digital ecosystem, without a single entity always having the final say. In this way, DIDs represent a change that could transform the internet as we know it today.