Blockchain identity management could replace passwords and fix many hacking problems

IBM, other large companies and startups are working on a global shift to decentralized identity that is built on blockchain technology. This would mean a person would control their digital identity and would not need to use passwords for systems that interfaced with the ID system.

Blockchain provides distributed ledger technology as the foundation for decentralized identity. In this solution, trust is not rooted in any single point of control but is shared across participants in a network where each person has varying degrees of permission to view data.

Beyond just the technology, however, they must work as a community to establish standards and evolve regulations to work in a decentralized world.

IBM and others have joined the Decentralized Identity Foundation (DIF) as a complement to our current stewardship in the Hyperledger Project. Today, the Hyperledger Project has also announced that they are joining DIF as we together join like-minded organizations such as Microsoft, Evernym, the Sovrin Foundation, and others who aspire to make the vision of self-sovereign identity a reality.

A unified decentralized identity ecosystem requires addressing a set of fundamental user needs and technical challenges:
1. Enabling registration of self-sovereign identifiers that no provider owns or controls.
2. The ability to lookup and discover identifiers and data across decentralized systems.
3. Providing a mechanism for users to securely store sensitive identity data, and enabling them to precisely control what is shared with others.

DIF is working on specs and reference implementations for the following key deliverables:

* Decentralized Identifiers (DIDs): the specification for establishing and managing identifiers rooted in decentralized systems
* Universal Resolver: a server featuring a pluggable system of DID Method drivers that enables resolution and discovery of DIDs across any decentralized system
* Universal Registrar: a server that enables the registration of DIDs across any decentralized system that produces a compatible driver.
* Identity Hubs: secure personal datastores that coordinate storage of signed/encrypted data, and relay messages to identity-linked devices

At the moment, the Universal Resolver simply accepts an identifier as input, and returns the DID Document as a result. In the future, more advanced input options (such as queries for certain services or keys), as well as additional result information (such as “supplementary” details about the resolution process) can be supported.

They are working on client libraries in Java, Python, and NodeJS that will make it easy to access an instance of the Universal Resolver remotely