Tous les articles

Centralized vs. Decentralized Identity

September 25, 2023
Discover which identity management system best suits your company's security requirements and goals
   

Identity management is a critical part of any company's security posture. But with so many different identity management models to choose from, it can be hard to know which one is right for your company.

In this blog post, we'll take a look at two popular identity management models: centralized identity and decentralized identity. We'll discuss the pros and cons of each model, as well as the risks associated with each.

What Is A Centralized Identity Model?

In a centralized identity model, all user identity data is stored in a single, central location. This data includes things like usernames, passwords, and other personal information.

Centralized identity models are easy to manage and scale. They also offer a high level of security, as all user data is stored in a secure location.

However, centralized identity models also have some drawbacks. For example, they can be a single point of failure. If the central database is compromised, all user data could be exposed. Additionally, centralized identity models can be less user-friendly than decentralized identity models.

Examples Of Centralized Identity Models

  1. Directory Service is a centralized identity system that stores user information in a central database. This information can then be used to authenticate users and grant them access to resources.

For example, when a user tries to sign in to a company's website, the directory service will authenticate the user by checking their username and password against the central database. If the user is authenticated, they will be granted access to the website.

  1. Identity Federation is a system that allows users to authenticate to multiple websites and applications using a single set of credentials. Identity federation works by using a central identity provider to authenticate users and then issuing them a security token. This token can then be used to access resources on other websites and applications that are federated with the identity provider.

For example, a university student can use their identity federation credentials to sign in to the university's website, the library's website, and the student union's website. The student only has to remember one set of credentials and their identity is verified once by the central identity provider.

  1. Cloud-based Identity Management Platforms is a system that can be used to manage user access to applications and resources. Cloud-based identity management platforms offer a variety of features, including single sign-on, multi-factor authentication, and user provisioning.

For example, a company can use a cloud-based identity management platform to manage user access to its internal applications, such as its email system and its customer relationship management (CRM) system. The cloud-based identity management platform can also be used to manage user access to external applications.

What Is A Decentralized Identity Model?

In a decentralized identity model, user identity data is distributed across multiple locations. This data is stored securely, and it is only accessible to the user and the entities that the user has authorized to access it.

Decentralized identity models offer several advantages over centralized identity models. They are more secure, as there is no single point of failure. They are also more user-friendly, as users only have to manage one set of credentials.

However, decentralized identity models also have some drawbacks. They can be more difficult to manage and scale than centralized identity models. Additionally, they may not be compatible with all existing applications and systems.

  1. Blockchain is a distributed ledger technology that can be used to create decentralized identity systems. In a decentralized identity system using blockchain, users' identity data is stored in a tamper-proof distributed ledger. This data is only accessible to the user and the entities that the user has authorized to access it.

Blockchain-based decentralized identity systems offer several advantages over traditional centralized identity systems. They are more secure, as there is no single point of failure. They are also more user-friendly, as users only have to manage one set of credentials. Additionally, blockchain-based decentralized identity systems can be used to create self-sovereign identities, which give users more control over their identity data. 

For example, a user creates a Decentralized Identifier (DID), which is a unique identifier, and a Verifiable Credential (VC), which is a digital credential that contains the user's identity data, such as their name, address, and date of birth, both stored on the blockchain. The user shares their DID and VC with the website or application that they want, to be able to verify their identity. The website or application can then verify the user's identity by checking the DID and VC on the blockchain.

  1. Self-Sovereign Identity (SSI) is a decentralized identity model that gives users control over their identity data. In an SSI system, users own their identity data and can share it with entities that they trust. Users can also revoke access to their identity data at any time.

SSI systems are based on several key principles:

  1. Self-ownership: Users own their identity data and can control who has access to it.
  2. Portability: Users can carry their identity data with them and use it across different applications and services.
  3. Interoperability: SSI systems should be able to interoperate with each other so that users can use their identity data in different contexts.

Verifiable Credentials (VC), which are digital credentials that can be verified by anyone, can be used to verify a person's identity, education, or other attributes. For example, students can use VC to prove their academic achievements to potential employers or universities. This can help to reduce the need for paper transcripts and make it easier for students to transfer credits between institutions.

So, which identity management model is right for your company?

The answer depends on your specific needs and requirements. If you're looking for a secure and user-friendly identity management model, then decentralized identity may be a good option for you. However, if you need an identity management model that is easy to manage and scale, then centralized identity may be a better choice.

Here are some additional things to consider when choosing an identity management model for your company:

  • The size and complexity of your company: If you have a small company with a few employees, you may be able to get away with using a simple centralized identity management solution. However, if you have a large company with a complex IT infrastructure, you will need a more robust and scalable solution.
  • The types of applications and systems that you use: If you use a lot of different applications and systems, you will need an identity management solution that can integrate with all of them. This can be a challenge, as not all identity management solutions are compatible with all applications and systems.
  • The security requirements of your company: If you have a high-security environment, you will need an identity management solution that can provide a high level of security. This may require a solution that uses two-factor authentication, single sign-on, and other security features.
  • The budget that you have available: Identity management solutions can range in price from a few hundred dollars to several thousand dollars. You will need to decide how much you are willing to spend on an identity management solution, and then choose a solution that fits your budget.

In addition to these factors, you may also want to consider the following when choosing an identity management model for your company:

  • The future growth of your company: If you are planning on growing your company shortly, you will need to choose an identity management model that can scale with your growth.
  • The needs of your users: You will need to choose an identity management model that is easy for your users to use. This is especially important if you have a large number of users or if your users are not tech-savvy.
  • The level of support that you need: You will need to choose an identity management solution that offers the level of support that you need. This may include 24/7 support, training, and documentation.

By considering these factors, you can choose an identity management model that meets the needs of your company and protects your users' identities.

ShareID, Your Decentralized Identity Management Solution 

When you work with ShareID, you can provide your customers with a strong authentication process tied to their government-issued IDs in real time and with a simple smile. With its patented technology, ShareID can validate a person's liveness and all their shared personal data, ensuring the person behind the screen is the right one anytime a transaction with the platform happens, and without storing their personal data or biometrics. Request a demo today!

Centralized vs. Decentralized Identity

RéglementationExigence cléRéponse ShareIDRésultat pour vous
DSP2 – Directive (UE) 2015/2366 + RTS SCA (UE 2018/389) Source DSP2 : Directive (UE) 2015/2366Authentification forte du client (SCA) obligatoire (art. 97) avec lien dynamique (art. 5 RTS) et indépendance des facteurs (art. 9 RTS).- Full IDV : authentification du document d’identité + biométrie (détection du vivant) - MFA 3.0: Ré-authentification forte basée sur l’identité Full IDV + MFA 3.0Conformité immédiate SCA ; fluidité pour l’utilisateur, sécurité renforcée.
DSP3 / Payment Services Regulation (projet) Source RTS SCA : Règlement délégué (UE) 2018/389 Entrée en vigueur prévue en 2025/ 2026.Articles 85–89 : consolidation de la SCA, règles d’accessibilité, clarification des exemptions.- Full IDV : authentification du document d’identité + biométrie (détection du vivant) - MFA 3.0: Ré-authentification forte basée sur l’identité Solution déjà alignée sur les parcours biométriques & exemptions. MFA 3.0Anticipez les évolutions futures sans refonte lourde.
DORA – Règlement (UE) 2022/2554 Source DORA : Règlement (UE) 2022/2554Authentification forte pour protéger les systèmes et les données critiques (art. 9(4)(d)), encadrement strict des prestataires de Technologie de l’information et de la communication (art. 28–30).- MFA 3.0: Ré-authentification forte basée sur l’identité. Intégrable via SDK/API (iOS, Android, Web), traçabilité complète. MFA 3.0Sécurisation des systèmes d’informations critiques, conformité démontrable aux superviseurs.
eIDAS (UE 910/2014) + implémentation 2015/1502 Source eIDAS (2014) : Règlement (UE) 910/2014Niveaux simple / substantiel / élevé ; multi-facteurs encouragés pour les niveaux substantiel et élevé.Authentification des documents + biométrie (détection du vivant). Full IDVValeur probante proche d’un contrôle présentiel.
eIDAS 2 – Règlement (UE) 2024/1183 Source eIDAS 2 : Règlement (UE) 2024/1183Les EUDI Wallets devront fonctionner à un niveau d’assurance élevé, avec partage sélectif d’attributs.- MFA 3.0: Ré-authentification forte basée sur l’identité Intégrable via SDK/API (iOS, Android, Web), traçabilité complète. MFA 3.0Intégration fluide des futurs portefeuilles européens.
MiCA – Règlement (UE) 2023/1114 Source MiCA : Règlement (UE) 2023/1114Les prestataires de services sur crypto-actifs doivent appliquer les obligations KYC/AML (Directive 2015/849) ; art. 76 impose CDD (renforcement de la vigilance client) renforcé pour certaines plateformes.Authentification des documents + biométrie (détection du vivant) = anti-deepfake et anti-spoofing. Doc IDV ou Full IDVRéduction drastique des fraudes, conformité crypto-AML.
ETSI TS 119 461 (V2.1.1, 2025) Source ETSI TS 119 461 : Norme européenneVérification d’identité à distance : 5 étapes (initiation → collecte → validation → liaison → résultat). Liveness et anti-spoofing obligatoires pour les parcours à distance.- Enrôlement complet : authentification des documents + Biométrie (détection du vivant) - Algorithmes entraînés sur une base de données de vrais et de faux documents de la Gendarmerie Nationale. Full IDVEnrôlement KYC robuste, valeur probante reconnue.
FIDA – Financial Data Access (projet) Source FIDA (proposition) : Commission européenneConsentement explicite, traçable et révocable via des tableaux de bord.- MFA 3.0: Authentification forte basée sur l’identité au moment du consentement + réauthentification fluide avec un simple sourire. MFA 3.0Accès aux données conforme et centré utilisateur.
RGPD – Règlement (UE) 2016/679 Source RGPD : Règlement (UE) 2016/679Durée de maintien de données chez ShareID paramétrable. Aucun stockage biométrique : hachages homomorphiques brevetés , ISO 27001.Image de marque, risque réglementairejuridique réduit, confiance accrue des régulateurs et clients.



← Tous les articles
Our newsletter - Digital Consciousness

Each month, get tips and tricks to protect yourself against online fraud.

Paris
San Francisco
Casablanca
Copyright © 2025 ShareID, Inc. All Rights Reserved.