218
M. Polychronaki et al.
to all the applications on behalf of the user. Consequently, the user only needs to
provide credentials to the FId, allowing him/her to use one account for multiple
roles.
3
Decentralized Identity and Access Management
Decentralizedidentitiesareacorecomponentofthedecentralizedidentifiersstandard
(DID) [19]. Decentralization of IAM as a concept needs to be redesigned from scratch
in order to provide an efficient, more secure solution. The DID standard, while it
is not yet fully developed in order to be globally used, can provide the basis for
creating architectures for decentralized IAM. In this section the basic components
of a decentralized IAM will be presented, while their differences with the traditional
centralized one will be mentioned.
3.1
New Concepts and Components
The centralized architecture models have a number of specific components. While
their functionality remains the same in a decentralized model, the properties of these
components must adapt accordingly.
In Table 1, the basic components of an IAM system are shown, as well as
their counterparts in a decentralized architecture that is based on blockchain. These
components can be divided into three major categories, network, logic and interface,
according to their functionality within the IAM system.
3.1.1
Network: Identity Provider–Identity Issuer–Identity Validator
An identity provider is the component which habilitates the services, both for issuing
a new identity or adding new attributes to existing identities and validating them. In
a decentralized environment, these two functions can be separated and be distributed
across the network running on different kinds of nodes, the identity issuers and the
Table 1 Centralized versus
decentralized IAM
components
Centralized
Decentralized
Network
Identity provider
Identity issuer
Identity validator
Logic
Authorization policies
Smart contracts
Identity
Decentralized identity
Interface
User credentials
Personal wallet
Login interface