The identity & credentials economy has been relatively stable for a very long period. .For hundreds of years, it has been a quasi institutional monopoly centered around governments and universities, and with relatively little change and innovation. But recently, this industry has begun to be disrupted by the globalization of higher education and labor markets, requiring credentials to work over a much larger scale. The increasing need for access to digital services, which require multiple forms of digital identity, for digital wallets, online banking, social media accounts, etc. carries significant risk, if not thoughtfully designed and carefully implemented.

A new form of identity is needed, one that weaves together technologies and standards to deliver key identity attributes, such as self-ownership and censorship resistance, that are difficult to achieve with existing systems. Cryptographically secure, decentralized identity systems could provide greater privacy protection for users, while also allowing for portability and verifiability.

This session describes an architecture reference for Decentralized Identities (DIDs) that fits in the self-sovereign identity (SSI) framework of issuer - holder - verifier process. The solution architecture demonstrates how to make this "trust triangle" trustworthy and confidential. Confidential Identity Hubs, hosted on confidential computing infrastructure in multiple “hubs” around the world create the necessary distributed network for storing and securing identity elements at scale. Security of sensitive data is ensured by the redundancy of the distributed network, and governance remains decentralized by removing sole ownership of the provided infrastructure.