A Survey on Decentralized Identifiers and Verifiable Credentials
Carlo Mazzocca, Abbas Acar, Selcuk Uluagac, Rebecca Montanari, Paolo Bellavista, Mauro Conti
TL;DR
The paper analyzes Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) as foundational technologies for Self-Sovereign Identity (SSI) and their broader applicability beyond SSI. It surveys threats and mitigations, major implementations (e.g., DIDKit, IOTA Identity, Aries, Entra Wallet, Veramo), diverse applications across Smart Transportation, Healthcare, Industry, and more, and a global landscape of regulations and initiatives. The work highlights cross-domain potential, practical adoption challenges, and future research directions in standardization, scalability, usability, integration, and privacy. Taken together, the survey provides a comprehensive resource for researchers, developers, and policymakers to understand the state of DIDs and VCs and to guide real-world deployments with privacy-preserving, interoperable identity systems.
Abstract
Digital identity has always been considered the keystone for implementing secure and trustworthy communications among parties. The ever-evolving digital landscape has gone through many technological transformations that have also affected the way entities are digitally identified. During this digital evolution, identity management has shifted from centralized to decentralized approaches. The last era of this journey is represented by the emerging Self-Sovereign Identity (SSI), which gives users full control over their data. SSI leverages decentralized identifiers (DIDs) and verifiable credentials (VCs), which have been recently standardized by the World Wide Web Community (W3C). These technologies have the potential to build more secure and decentralized digital identity systems, remarkably contributing to strengthening the security of communications that typically involve many distributed participants. It is worth noting that the scope of DIDs and VCs extends beyond individuals, encompassing a broad range of entities including cloud, edge, and Internet of Things (IoT) resources. However, due to their novelty, existing literature lacks a comprehensive survey on how DIDs and VCs have been employed in different application domains, which go beyond SSI systems. This paper provides readers with a comprehensive overview of such technologies from different perspectives. Specifically, we first provide the background on DIDs and VCs. Then, we analyze available implementations and offer an in-depth review of how these technologies have been employed across different use-case scenarios. Furthermore, we examine recent regulations and initiatives that have been emerging worldwide. Finally, we present some challenges that hinder their adoption in real-world scenarios and future research directions.