For the best web experience, please use IE11+, Chrome, Firefox, or Safari
OneLogin + One Identity delivering IAM together. Learn more

How is Blockchain Related to Identity Management?

Blockchain is a decentralized, shared ledger used to record transactions and track digital assets. Information written to a block can’t be altered, or tampered with. Structurally, a blockchain is, as the name indicates, a chain of blocks.

What is the anatomy of a block?

Each block comprises a header and a body. The body contains transactional information, whereas the header includes the following basic elements:

- Hash. Each block contains the cryptographic hash (unique identifier) of the previous block. This ensures that all the blocks in a blockchain are closely intertwined, and build on top of each other.

- The root hash. This hash is calculated by combining the hashes of all the transactions stored in a block.

- Epoch timestamp. The time at which the block was created, stored as seconds since January 1, 1970.

- Nonce. Aka number only used once. It’s a random number that’s used as a counter during “mining” i.e. adding blocks to the blockchain.

How are blockchains decentralization?

Blockchains are managed via distributed, peer-to-peer networks, which are typically open for anyone to join. Each node has its own copy of the ledger, which not only ensures redundancy, but also data integrity – if someone alters data in one node, the change won’t propagate to any of the remaining nodes. And since all nodes in a blockchain network tally records with each other, it would be easy to flag the one with tampered data.

What are some blockchain use-cases?

- Cryptocurrencies. The blockchain concept was originally conceived to create and manage digital currencies. Today, there are thousands of cryptocurrencies that are powered by Blockchain. Some examples are Bitcoin, Ethereum, Litecoin, and Cardano etc.

- Smart contracts. Smart contracts are small programs stored inside blocks, that run when certain predefined conditions are met. Their logic is driven by simple “if/when __ then” statements. For example: release funds to a client on January 31st, or send an error notification if a misconfiguration is detected, or apply the new vulnerability patch when it’s released by the official vendor.

- Inventory management. Blockchains are also being used to create a network of suppliers, manufacturers, warehouses, distribution sites, and retailers. Tamper-proof inventory data is made available to all trusted parties in the network.

- Non-fungible tokens (NFTs). NFTs are unique digital assets, stored on a blockchain. They assign value to digital art and collectibles, transforming them into assets that can be traded via blockchains. For example, a 2011 GIF ofthe “Nyan Cat” was sold as an NFT for $600,000. A video showing LebBron James performing a slam dunk sold for over $200,000.

- Automotive industry. Blockchain has slowly started to disrupt the automotive industry. For example, block-chain based digital vehicle passports, which store and track the service history, mileage, and other information regarding a vehicle.

- Cybersecurity. Blockchains are distributed databases of tamper-resistant data. This makes them a great way to store security-critical data.

How do blockchains relate to identity management?

Most Identity and Access Management (IAM) systems today rely on centralized databases, which create a single point of failure. This puts the personally identifiable information (PII) of millions of people at a serious risk of compromise. Blockchain helps solve this by decentralizing IAM, and creating decentralized identifiers.

What are decentralized identifiers?

Decentralized identifiers (DIDs) are decentralized digital identities, which aren’t associated with any centralized identity providers or registration authorities. Each DID is protected by a private key, known only to the owner. This private key is also used during authentication.

DIDs are cryptographically secure by design. Senders encrypt messages using the receiver’s public key (available to everyone). But only the receiver can decrypt the message using the private key known only to them.

A person/entity can have multiple DIDs, for example, one DID to log in to a streaming platform, and another associated with online banking. This significantly limits an identity breach to affect multiple facets of a person’s life (even if they lose access to their streaming platform, their finances will remain safe).

How are blockchain identities decentralized?

Blockchain-based digital identities can be stored in many different places, without causing any data integrity or trust issues. Since blockchains are tamper-proof by design, they make it exponentially harder for malicious actors to change anything without getting noticed.

How are blockchain credentials verified?

Verifiable credentials are secure, tamper-proof credentials that can be cryptographically verified. Similar to how NFTs allow people to digitally watermark their assets and make them “their own,” verifiable credentials can associate a digital identity with a person/entity, preventing anyone else from claiming ownership.

How is the provenance of identity proved?

Identity blockchains also contain the timestamps that can help verify the origin and accuracy of attributes. This can be especially relevant while implementing secure identity lifecycle management.

What is Self-Sovereign Identity (SSI)

As the name indicates, SSI is the process of making users the sovereigns of their own identities, i.e. they store their identities on their own devices (blockchain decentralization enables this), and choose which information they want to use for verification. No need to have your information stored on a centralized database that can create a single point of failure.


In today’s world, a person’s digital identity is a commodity that can be sold and stolen. Protecting digital identities and PII has become a high priority in the world of tech and blockchains could be part of the solution we have all been looking for.

Try OneLogin for Free

Experience OneLogin’s Access Management capabilities first-hand for 30 days