Decentralized identity and IAM: what changes for verification models?

TL;DR: Decentralized identity replaces centralized identity stores with verifiable credentials, digital wallets, and cryptographic proof, aiming to reduce large-scale breach risk and improve privacy, according to 1Kosmos. The governance shift matters because IAM teams must move from warehousing identity data to verifying claims, not assuming a single authority will remain trustworthy forever.

NHIMG editorial — based on content published by 1Kosmos: Key Lessons on decentralized identity and verification models

By the numbers:

• With support for over 150 countries and 99%+ accuracy in detecting spoofing or counterfeit credentials, it verifies users instantly using government-issued IDs, biometrics, and flexible assurance levels.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should organisations separate identity proofing from access governance in decentralized identity models?

A: Organisations should treat proofing as evidence that a claim is valid and access governance as a separate entitlement decision.

Q: Why does decentralized identity still require strong lifecycle governance?

A: Because portable credentials do not eliminate expiry, revocation, or role change.

Q: What do security teams get wrong about selective disclosure?

A: They often assume selective disclosure is only a privacy feature.

Practitioner guidance

• Separate proofing from entitlement decisions Define a policy boundary between identity verification and access approval so a valid credential does not automatically translate into access rights.
• Instrument proof acceptance events Log which credential was presented, which issuer was trusted, what status check was performed, and why the verifier accepted the proof.
• Test revocation and status dependencies Run failure tests for stale credentials, offline verifiers, and revoked credentials presented from a wallet.

What's in the full article

1Kosmos' full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step explanation of holder, issuer, and verifier flows for deployment planning
• Practical examples of selective disclosure and digital wallet verification in real onboarding journeys
• Standards and interoperability context for teams assessing whether decentralized identity is ready for rollout
• Implementation details behind browser and mobile-based identity verification experiences

👉 Read 1Kosmos' analysis of decentralized identity and credential verification →

Decentralized identity and IAM: what changes for verification models?

Explore further

View Full Forum →  |  NHI Foundation Course →