← Patterns / SP-052 Draft

Decentralised Identity & Verifiable Credentials

Decentralised identity replaces the traditional identity provider (IdP) hub-and-spoke model with a cryptographic trust triangle: Issuers publish signed Verifiable Credentials into Holder wallets; Holders present selective disclosures to Verifiers; Verifiers resolve Issuer DIDs to retrieve public keys and validate signatures — without contacting the Issuer or any central authority at verification time. This pattern covers the security architecture decisions required to implement this model safely at enterprise scale. The W3C DID Core 1.0 specification defines a globally resolvable identifier format (did:method:identifier) backed by a DID document containing public keys, service endpoints, and capability delegations. Method selection (did:web for enterprise, did:key for ephemeral, did:ion for anchored, did:ethr for Ethereum-based) determines the trust and availability model. The W3C VC Data Model 2.0 defines the structure of signed claims, with JSON-LD and JWT as primary serialisations. The EU Digital Identity Wallet (EUDIW) under eIDAS 2.0 mandates a Level of Assurance (LoA) framework aligned to ISO/IEC 29115 (Low/Substantial/High), with Qualified Electronic Attestations of Attributes (QEAAs) issued by accredited Trust Service Providers (TSPs). This creates a regulated trust anchor distinct from the permissionless DID ecosystem. EBSI (European Blockchain Services Infrastructure) provides a public permissioned ledger for DID registration and trusted issuer registries. Zero-knowledge selective disclosure addresses the privacy gap in basic VC presentations: a holder can prove age over 18 without revealing date of birth, or prove membership of a licensed professional body without revealing their name. BBS+ signatures (IETF draft) enable multi-message signing where any subset of claims can be disclosed with a derived proof. SD-JWT (IETF RFC 9635) provides a simpler selective disclosure mechanism using salted hash commitments, adopted by eIDAS 2.0 ARF as the primary format for EUDIW. Both approaches must be implemented without correlation risk — each presentation must use a fresh proof to prevent verifiers from linking presentations to the same holder.
Release: 26.03 Authors: Spinoza, Vitruvius Updated: 2026-03-10
Assess
ATT&CK This pattern addresses 442 techniques across 13 tactics View on ATT&CK Matrix →
DECENTRALISED IDENTITY & VERIFIABLE CREDENTIALS IA-04 IA-05 IA-08 IA-12 | SC-12 SC-13 | AU-10 | PT-01 | SP-029 SP-033 SP-040 SP-044 SP-051 ISSUER Identity Proofing KYC / eID verification before credential issuance IAL2/IAL3 assurance · Biometric binding IA-12 Credential Issuance API (OID4VCI) OpenID for Verifiable Credential Issuance Pre-authorised & authorisation code flows SA-11 DID Document Management DID creation, update, deactivation lifecycle Service endpoints · Verification methods IA-04 Signing Key HSM Hardware-backed credential signing keys FIPS 140-2/3 L3+ · Key ceremony · Rotation SC-12 Credential Schema Registry Schema definitions, version management JSON-LD contexts · Schema validation CM-03 Issues cryptographically signed VCs after verifying holder identity claims. Trusted authority in the VC ecosystem. HOLDER / WALLET Secure Element / TEE Hardware-backed key storage · StrongBox / SE SC-28 Credential Store Encrypted VC storage · Backup & recovery IA-05 Selective Disclosure Engine BBS+ / SD-JWT · Zero-knowledge proofs Minimise data shared · Predicate proofs SC-13 PT-01 DID Key Pair Management Ed25519 / P-256 · Key rotation · Recovery SC-12 Pairwise DID Generator Unique DID per relationship · Unlinkability Anti-correlation · Privacy by design PT-03 User-controlled wallet stores credentials and selectively discloses claims. Holder is always in control. AC-19 PT-02 PT-05 VERIFIER Presentation Verification VP signature validation · Schema conformance Proof verification · Holder binding check IA-08 Trust Registry Query Issuer accreditation lookup · Trust chain Governance framework validation PM-07 SA-09 DID Resolution Universal Resolver · DID method resolution SC-08 Revocation Check StatusList2021 · Bitstring status list query SI-07 Policy Engine Presentation definition · Required claims Trusted issuers list · Assurance level gating AC-03 Validates presentations without contacting the issuer — no phone-home correlation. Cryptographic trust, not network trust. AC-04 AC-16 AU-02 RA-03 OID4VCI OID4VP DID Register Resolve + Lookup DID Resolve TRUST INFRASTRUCTURE DID Registry did:web · did:ebsi · did:ion · did:key IA-04 Trust Registry EBSI Trusted Issuers · X.509 Bridge PM-07 Revocation Service StatusList2021 · Bitstring Status List SI-07 eIDAS 2.0 EUDIW Trust Framework ARF · PID · QEAA · EAA · QTSP IA-08 SC-17 SC-08 IR-04 SA-09 SP-052: Decentralised Identity & Verifiable Credentials 35 NIST 800-53 Rev 5 controls across 12 families · Authors: Vitruvius, Spinoza · Draft · 2026-03-10 Cryptographic Infrastructure Trust Governance Protocol Flows Governance Overlay Control flow Resolution / lookup XX-00 NIST control (click to view) Trust boundary opensecurityarchitecture.org Aligned with: W3C DID Core 1.0 · W3C VC Data Model 2.0 · eIDAS 2.0 Architecture Reference Framework · OpenID4VCI / OpenID4VP

Click any control badge to view its details. Download SVG

Key Control Areas

DID Method Selection and Resolution Security

IA-08SC-12
Choose DID methods appropriate to the trust model. did:web anchors trust to DNS/TLS — suitable for enterprise issuers with established PKI but vulnerable to DNS hijacking. did:key is ephemeral and self-certifying — suitable for ephemeral agent identities but offers no revocation path. did:ion and did:ethr provide cryptographic anchoring to public ledgers (Bitcoin Sidetree, Ethereum) with stronger non-repudiation. Universal resolver deployment must validate DID document integrity and reject stale or unsigned documents.

Key Management for DIDs

SC-12IA-05SC-28
Each DID document references one or more public keys for authentication, assertion, key agreement, and capability invocation. The corresponding private keys must be protected in hardware security modules (HSMs) or secure enclaves for high-assurance issuers, or in secure element/Trusted Execution Environment (TEE) for mobile wallets. Key rotation must be reflected in the DID document without breaking existing credential validity — implementors must track key version at time of issuance (verificationMethod reference in credential proof).

Verifiable Credential Issuance Pipeline

IA-05SA-11CM-03
The issuance API must authenticate the credential subject using LoA-appropriate identity proofing before binding claims. OID4VCI (OpenID for Verifiable Credential Issuance) is the emerging standard issuance protocol. Credentials must be signed with the Issuer's DID key, include an expiry (exp claim), and reference a revocation mechanism. Credential schema validation must enforce type constraints before signing to prevent malformed credentials propagating through the ecosystem.

Holder Wallet Security

IA-05SC-28AC-19
The wallet is the most attack-targeted component — it holds private keys and all credentials. Architectural requirements: device binding (key generated in secure element, non-exportable), backup/recovery mechanism that does not expose key material (BIP-39 social recovery or custodial backup with threshold encryption), biometric unlock with OS-level secure storage, and credential compartmentalisation (separate key pairs per issuer relationship to prevent holder correlation). EUDIW wallets must be certified against EN 17926 (EUDIW certification scheme).

Selective Disclosure and Zero-Knowledge Proofs

SC-13PT-01PT-03
Implement selective disclosure to enforce data minimisation at the protocol level. SD-JWT: the issuer produces salted hashes of each claim; the holder discloses only the salt+value pairs for requested claims. BBS+: the issuer signs all claims in a single group-signature; the holder derives a fresh unlinkable proof over a subset of claims. For age verification without date-of-birth disclosure, implement range proofs (e.g., Bulletproofs, Groth16 circuits). Each presentation must use a fresh nonce from the verifier to prevent replay attacks.

Trust Registry and Issuer Accreditation

PM-07SA-09RA-03
Verifiers must have a reliable mechanism to determine which issuers are authorised to make particular claims. Trust registries (EBSI Trusted Issuer Registry, X.509 PKI hierarchies, Gaia-X notarisation) provide this anchoring. Implement a layered trust model: Root Trust Anchors (government CAs, EBSI notaries) accredit Intermediate Trust Anchors (sector bodies, professional associations) which accredit Leaf Issuers (individual institutions). Trust registry entries must themselves be verifiable credentials signed by the accrediting authority.

Revocation Architecture

IA-05SI-07AU-02
StatusList2021 (W3C Bitstring Status List) embeds a compact bit-array at a published URL; verifiers check the bit at the credential's statusListIndex without revealing which credential they are checking (privacy-preserving). Accumulator-based revocation (RSA accumulators, Merkle tree accumulators) allows zero-knowledge non-revocation proofs but requires accumulator updates to be distributed to all holders. Short-lived credentials (15-minute TTL for access tokens, 24-hour TTL for session credentials) can replace revocation for lower-sensitivity use cases. Revocation check freshness must be bounded — accept cached status only within a defined window (default: 1 hour for high-assurance, 24 hours for standard).

Privacy Architecture and GDPR Compliance

PT-01PT-02PT-03PT-05
DIDs and VCs create novel GDPR tensions: the DID itself may constitute personal data if it is persistent and linkable to a natural person; on-ledger DID registration makes erasure requests technically complex; verifiable presentations create audit logs at the verifier. Mitigations: use pairwise DIDs (different DID per relationship) to prevent correlation; minimise on-ledger data (hash commitments only, no PII); implement right-to-erasure via credential revocation (the credential becomes worthless without valid status) and DID document deletion; ensure holder consent is captured for each credential issuance.

eIDAS 2.0 EUDIW Compliance

IA-08IA-12SA-09PM-07
Implementing a Qualified Trust Service Provider (QTSP) or wallet-relying party under eIDAS 2.0 requires: EUDIW wallet certification (EN 17926), QEAA issuance requires qualified HSMs (CC EAL 4+ or FIPS 140-2 Level 3), LoA assessment at the instance level (Low — self-assertion, Substantial — remote identity proofing, High — in-person proofing with government document verification), and cross-border recognition of QEAAs from other EU member states via the EUDIW trust framework. The ARF mandates SD-JWT as the primary credential format.

Cross-Protocol Interoperability

SC-08CM-06SA-04
The DID/VC ecosystem intersects with existing identity protocols. OID4VP (OpenID for Verifiable Presentations) enables credential presentation within existing OAuth 2.0/OIDC infrastructure — verifiers act as OAuth Resource Servers with DIF Presentation Exchange as the presentation request format. SIOPv2 (Self-Issued OpenID Provider v2) allows holders to act as their own OpenID Providers. Implementors must manage version compatibility across W3C VC Data Model 1.1 and 2.0, JSON-LD context resolution failures, and DID method sunset risk.

Audit and Non-Repudiation

AU-02AU-06AU-10
Issuer signing logs must record: DID of subject, credential type, claims bound, signing timestamp, and key reference — without logging PII claim values. Verifier audit logs must record: credential type presented, issuer DID, verification result, and verifier purpose — not the claims themselves. Implement audit log integrity via append-only log with periodic hash chaining (similar to Certificate Transparency). Non-repudiation at the verifier: the signed VP (Verifiable Presentation) with verifier-provided nonce constitutes cryptographic proof of presentation.

When to Use

Use this pattern when: building a digital identity wallet for citizens or employees; implementing cross-organisational credential exchange without a shared IdP; implementing KYC portability (verify once, reuse across institutions); deploying age verification with privacy preservation; participating in EUDIW as an issuer, wallet provider, or relying party; implementing professional licence verification or academic credential attestation; replacing username/password with hardware-bound cryptographic credentials.

When NOT to Use

Do not use DID/SSI as the primary enterprise identity layer if you need real-time provisioning/de-provisioning (SCIM + OIDC is simpler and more mature). DIDs add complexity without benefit for internal single-organisation identity where a standard OIDC IdP is sufficient. BBS+ and ZK proof systems should not be used in production without a formal review of the cryptographic library — the mathematics are sound but implementations are immature and supply chain risk is high. If your threat model does not require privacy-preserving selective disclosure, SD-JWT over OIDC is sufficient and much simpler to implement and audit.

Typical Challenges

DID method lock-in is the most significant architectural risk — choosing a method that loses community support or suffers a critical vulnerability can invalidate your entire credential ecosystem. Key recovery without exposing key material to a custodian is an unsolved UX problem for consumer wallets; enterprise wallets typically resolve this with M-of-N Shamir Secret Sharing held by the employer, introducing custodial trust. JSON-LD context resolution failures cause silent verification failures in production — context documents must be pinned locally or served from content-addressed storage. Revocation check performance degrades at scale with StatusList2021 if the status list URL is not CDN-distributed. GDPR compliance and on-ledger DID registration are in direct tension for did:ethr and did:ion methods — legal analysis is required before registering DIDs on public blockchains in EU contexts.

Threat Resistance

This pattern addresses: credential replay and theft (through holder binding and nonce-based presentations), issuer impersonation (through DID-anchored public key verification and trust registries), wallet compromise and key extraction (through hardware-backed key storage and device binding), correlation attacks (through pairwise DIDs and unlinkable ZK proofs), governance bypass (through layered trust registries with cryptographic accreditation chains), and key recovery attacks (through threshold key recovery with audit logging). It reduces reliance on centralised identity providers as single points of failure, and prevents mass identity disclosure events by eliminating centralised credential databases.

Assumptions

This pattern assumes the organization is operating as one or more roles in the trust triangle: Issuer (creating and signing credentials), Holder (receiving credentials into a wallet and presenting them), or Verifier (receiving and validating presentations). It assumes familiarity with public key cryptography (elliptic curve signatures, key pairs) and awareness of the W3C standards stack. For eIDAS 2.0 compliance sections, this pattern assumes an EU-regulated context or an organization seeking mutual recognition. The pattern assumes TLS 1.3 for all API transport and that DID resolution is performed over authenticated channels.

Developing Areas

  • Post-quantum cryptography poses an existential challenge to the DID/VC ecosystem because the signature algorithms underpinning both DIDs and Verifiable Credentials — ECDSA (secp256k1, P-256) and EdDSA (Ed25519) — are vulnerable to Shor's algorithm on a cryptographically relevant quantum computer. Unlike short-lived TLS sessions, VCs may have multi-year validity periods: a professional licence credential issued today with an EdDSA signature could be forged by a quantum-capable adversary within the credential's lifetime, and retrospective forgery of any credential whose presentation was recorded becomes possible. NIST PQC standards (ML-DSA in FIPS 204 for general signatures, SLH-DSA in FIPS 205 for stateless hash-based signatures) are finalised but not yet integrated into any W3C DID method or VC proof suite. The BBS+ signature scheme enabling unlinkable selective disclosure has no post-quantum equivalent — research into lattice-based anonymous credentials (e.g., IBM's lattice-based DAA) is active but years from standardisation. Organisations should implement crypto-agility in their DID document structures: abstract the verificationMethod to support hybrid proof suites (classical + PQC) during transition, and plan for mass credential re-issuance when post-quantum VC proof suites are standardised. See SP-040 Post-Quantum Cryptography Migration for algorithm selection and transition planning.
  • AI-generated identity fraud is fundamentally altering the threat landscape for identity proofing, the critical step that precedes credential issuance. Deepfake technology can now generate photorealistic synthetic faces, forged identity documents, and real-time video impersonation sufficient to defeat remote identity proofing at LoA Substantial — the 2024 Hong Kong deepfake video call fraud ($25.6M) demonstrated that even human-in-the-loop verification is vulnerable. For VC ecosystems, this means the integrity of every credential in circulation is only as strong as the identity proofing performed at issuance: a synthetically generated identity that passes KYC and receives a legitimate VC from a legitimate issuer is indistinguishable from a genuine credential at verification time. Biometric liveness detection (ISO/IEC 30107-3 Presentation Attack Detection) is engaged in an arms race with generative adversarial networks; injection attacks that bypass the camera entirely by feeding synthetic video directly into the verification SDK are particularly difficult to counter. The emerging defence is layered: device attestation (proving the biometric was captured on a genuine device), injection attack detection (verifying the video pipeline has not been intercepted), document authenticity verification (NFC chip reading for ePassports), and cross-referencing against known synthetic identity databases. Organisations issuing high-assurance VCs should require LoA High identity proofing with in-person or supervised remote verification for credentials that confer significant entitlements.
  • Cross-ecosystem interoperability is the most significant barrier to decentralised identity achieving network effects beyond siloed deployments. The identity credential landscape is fragmenting across at least four incompatible ecosystems: W3C DID/VC (SD-JWT and JSON-LD serialisations), ISO 18013-5 mDL (mobile driving licence with CBOR/COSE encoding and device engagement protocols), ICAO Digital Travel Credentials (DTC for passport-grade credentials with sovereign PKI), and proprietary wallet platforms (Apple Identity in Wallet, Google Wallet credentials) with closed verification APIs. OID4VP is emerging as a bridge protocol — it can transport both SD-JWT VCs and ISO 18013-5 mDL credentials within a single presentation request — but adoption is uneven and the credential format Balkanisation means a verifier must implement multiple verification paths. The EU's eIDAS 2.0 ARF mandates SD-JWT for EUDIW but must accommodate mDL for driving licences and existing national eID schemes with diverse technical stacks. Without convergence on a common presentation layer, holders will need multiple wallet apps for different credential types, recreating the fragmented card-wallet experience that decentralised identity was supposed to eliminate.
  • Machine identity and IoT DIDs represent a significant expansion of the DID/VC model beyond human holders to devices, autonomous agents, and software services. Supply chain provenance use cases — where a sensor device attests its calibration status, firmware version, and manufacturer identity via a device-bound VC — are being piloted by the W3C Verifiable Credentials for Supply Chain working group and industry consortia like MOBI (Mobility Open Blockchain Initiative) for vehicle identity. Extending DIDs to billions of IoT devices creates resolution scalability challenges that current DID methods were not designed for: did:web requires DNS infrastructure per device manufacturer, did:key has no update mechanism for device key rotation, and ledger-anchored methods face transaction throughput limits. The emerging approach is hierarchical delegation: a manufacturer DID issues device VCs binding each device's secure element public key to its identity, without registering individual device DIDs on any ledger — the manufacturer DID serves as the trust anchor and the device VC serves as the identity assertion. Autonomous AI agent identity adds another dimension: as agents act on behalf of humans or organisations (see SP-047 AI Agent Security), they need verifiable delegation credentials proving their authority scope, creating a DID-based capability delegation chain from principal to agent. NIST SP 800-183 (Networks of Things) and IEEE 802.1AR (Secure Device Identity) provide foundational standards, but integration with the W3C DID/VC stack remains at the proof-of-concept stage.
  • Regulatory divergence on digital identity frameworks threatens to prevent the cross-border credential interoperability that is the core value proposition of decentralised identity. The EU's eIDAS 2.0 mandates government-issued EUDIW wallets with qualified trust service providers, creating a regulated top-down ecosystem; the United States has no federal digital identity framework, with a patchwork of state-level mobile driver's licence (mDL) deployments and private-sector identity solutions competing without mutual recognition. India's Aadhaar/DigiLocker ecosystem serves 1.4 billion people but uses a centralised biometric identity model fundamentally incompatible with SSI principles, while China's CTID (Cyber Trust Identity) operates within a state-controlled identity infrastructure with no interoperability mechanism for foreign credentials. Mutual recognition agreements — the legal instruments that would allow a German EUDIW credential to be accepted by a US relying party — do not exist for decentralised identity and face fundamental barriers: differing identity proofing standards, incompatible privacy regimes (GDPR vs. US sectoral privacy laws vs. China's PIPL), and divergent trust anchor models (government PKI vs. blockchain-anchored vs. centralised). The risk is that decentralised identity reproduces the jurisdictional fragmentation of traditional identity systems rather than transcending it, with organisations operating across borders forced to maintain parallel credential ecosystems for each regulatory regime.

Related Patterns

Patterns that operate within or alongside this one. Click any to view.

SP-019 Key Management Architecture SP-029 Zero Trust Architecture SP-033 Passkey & Passwordless Authentication SP-040 Post-Quantum Cryptography Migration SP-044 SaaS Identity Lifecycle Management SP-051 Tokenised Asset Security Architecture
IA: 7AC: 5SC: 5AU: 3PM: 2PT: 4SA: 3CM: 2IR: 2RA: 1SI: 1
IA-01 Identification and Authentication Policy and Procedures
IA-02 Identification and Authentication (Organisational Users)
IA-04 Identifier Management
IA-05 Authenticator Management
IA-08 Identification and Authentication (Non-Organisational Users)
IA-12 Identity Proofing
IA-13 Identity Proofing and Re-Proofing
AC-01 Access Control Policy and Procedures
AC-03 Access Enforcement
AC-04 Information Flow Enforcement
AC-16 Security and Privacy Attributes
AC-19 Access Control for Mobile Devices
SC-08 Transmission Confidentiality and Integrity
SC-12 Cryptographic Key Establishment and Management
SC-13 Cryptographic Protection
SC-17 Public Key Infrastructure Certificates
SC-28 Protection of Information at Rest
AU-02 Event Logging
AU-06 Audit Record Review, Analysis, and Reporting
AU-10 Non-Repudiation
PM-07 Enterprise Architecture
PM-18 Privacy Program Plan
PT-01 Policy and Procedures for Processing Personally Identifiable Information
PT-02 Authority to Process Personally Identifiable Information
PT-03 Personally Identifiable Information Processing Purposes
PT-05 Privacy Notice
SA-04 Acquisition Process
SA-09 External System Services
SA-11 Developer Testing and Evaluation
CM-03 Configuration Change Control
CM-06 Configuration Settings
IR-04 Incident Handling
IR-09 Information Spillage Response
RA-03 Risk Assessment
SI-07 Software, Firmware, and Information Integrity