Digital IDs are racing into ever more spheres of public life. They make things convenient, but they also imperil the privacy of millions.
Commercial experiments began in the late 1990s alongside state initiatives. In recent years blockchain projects have joined in, offering decentralized models of identification. The integration of artificial intelligence into products has multiplied demand for such solutions.
Read ForkLog’s new feature on the past, present and possible future of digital identity systems.
Lords of the internet
The question of identity preoccupied developers long before Bitcoin and ChatGPT. In the 1970s the first attempts focused on implementing accounts—simple logins and passwords—in research labs at MIT and IBM.
In the 1980s the term “digital identity” entered the literature on information security. These were, however, isolated systems—with no single identity spanning multiple organizations.
The first corporate internet ID is considered to be Microsoft Passport, released in 1999. It allowed a single Microsoft account to be used across websites—a form of single sign-on (SSO). Competitors soon emerged: AOL Screen Name and Yahoo ID.
In 2005 LiveJournal developer Brad Fitzpatrick founded the OpenID Foundation. Unlike Microsoft’s Passport, the system let users log in via a single ID not owned by one corporation.
In 2007 engineers at Google and Twitter introduced OAuth as a way to delegate access without sharing a password. It became a springboard for OpenID Connect, launched seven years later.
The project underpins modern internet ID, including sign-in via Google, Apple and Facebook. In July 2025 the OpenID Foundation announced a working group at the intersection of digital ID and AI—the AI Identity Bridge.
As the internet evolved, providers became the bottleneck. Today, much of online interaction depends on the “lords of the internet” such as Amazon Web Services, Google Cloud and Microsoft Azure.
Big tech features in most contracts and often acts as investor and partner to international consortia and startups that later coalesced into groups. Their aim was to draft specifications for digital identity, security, interoperability and a unified approach to verifiable identity attributes.
One such initiative was the 2014 launch of the ID2020 Alliance, backed by Microsoft, Accenture and the Rockefeller Foundation. The organization emphasized human rights in digital identification.
In 2016 an international non-profit, the Cloud Signature Consortium (CSC), began operating in Brussels. Members included Adobe, Docusign, Intesi Group, InfoCert, LuxTrust, SwissSign and European Qualified Trust Service Providers. The group’s task was to set and develop a unified standard for digital signatures with a focus on EU law.
Identity, set up cheaply
EU regulatory standards serve as a template for both governments and private firms.
According to the 2025 report CSC The cloud signature market: an EU & global perspective, the European Economic Area has 270 trust-service providers. Over 150 of them offer electronic signatures, and more than half provide cloud-based solutions.
Per MarketsandMarkets, the global Identity & Access Management market was worth about $22.9bn in 2024 and is projected to reach roughly $34.3bn by 2029.
The leader in digital ID solutions is Okta and, since its 2021 acquisition, Auth0. The latter has continued to operate under its own brand.
Auth0 was founded in 2013 in Seattle by former Microsoft employees. The goal was to let developers add authentication and authorization to apps without building their own systems. Auth0 was conceived as Identity-as-a-Service—a universal API provider for login, tokens, OAuth, SSO and multi-factor authentication.
At the Oktane 2025 conference, Okta and Auth0 unveiled new security principles designed to “seamlessly integrate” AI agents into digital-identity defense to deliver end-to-end protection. The aim is to let organizations exploit digital assistants and boost productivity without compromising reliability.
Among rivals, Microsoft Entra and Azure AD stand out thanks to integration with the cloud platform and a vast enterprise client base. Okta also competes with ForgeRock, Ping Identity, IBM, Oracle, SailPoint and CyberArk.
Digital ID is more a necessity than a fad, yet in centralized form it carries risks tied to the concentration of data and power. If a state or company becomes the sole digital-ID operator, it gains access to vast troves of personal information—from biometrics to online activity.
That creates the risk of mass surveillance, leaks, hacks and abuse. Blockchain—lacking a single point of failure—aims to fix these shortcomings.
Identity, on-chain
After Bitcoin’s arrival, dependence on centralized giants looked different. As developers began building genuinely new decentralized solutions on blockchains, approaches to digital ID also evolved.
In Web3 the Self-Sovereign Identity (SSI) concept has long been developing: users fully control their digital identifiers and attestations, while verifiers can validate them via a public registry. W3C’s Decentralized Identifiers and Verifiable Credentials (VC) standards are key here.
- VC are the digital equivalent of paper credentials such as passports, driving licences, student cards, diplomas or staff badges. They exist digitally and can be verified automatically with a cryptographic signature—without a centralized database;
- DID is a unique, verifiable digital identifier that belongs solely to its holder and does not depend on any organization or state;
- W3C DID Working Group is the official body that, in July 2022, ratified the W3C Recommendation. Participants include Microsoft, IBM, ConsenSys, SpruceID, Dock, IOTA Foundation, Sovrin Foundation and others.
Civic was one of the first blockchain ID companies focused on consumers. In 2018 the team released an app for securely storing ID documents and verifying them via Ethereum. Today the effort has shifted to KYC for crypto exchanges.
But the earliest work on decentralized identity came from Ethereum projects uPort and Sovrin, which pursued SSI in partnership with IBM’s Blockchain Platform, built on Hyperledger Fabric in 2014–2016.
On May 4th 2017 the Ethereum Name Service (ENS) appeared—a decentralized protocol on Ethereum that maps human-readable names such as alice.eth to blockchain addresses, content hashes, metadata and more. It made interaction far simpler: instead of recalling a long string like 0x0b08dA7068b73A579Bd5E8a8290ff8afd57bc32A, you can use familiar words.
An ENS name can store more than an address: email, social links, a profile image, a website. The service thus becomes part of one’s digital persona—show your ENS and people see the person behind it.
Bitcoin has its own digital-identity service—the Identity Overlay Network (ION). It is an L2 solution from Microsoft.
The service lets people or organizations create unique identifiers (DID) they control themselves, with no need for a central registrar.
DIDs can be used to prove identity or as attributes: a subject shows control of a private key and can present a credential such as a degree, certificate or club membership. Microsoft positions the tool as a way to sign in to apps without a password.
Polygon ID — launched in March 2023 — is a Web3 identity service from the Polygon team. It lets dapps verify user data without revealing personal information. It relies on zero-knowledge proofs, allowing it to authenticate accounts while keeping them encrypted to the verifier.
Polygon ID enables reuse and interoperability of identification data. Once an issuer provides information to a holder, it can be referenced as long as it remains valid.
Another notable product is BlockID, a commercial platform from 1Kosmos that uses biometrics and blockchain. A user can pass remote verification by uploading documents and a facial scan to obtain a credential stored in encrypted form. Thereafter, instead of re-uploading a passport to each new service, the user presents this identifier. For example, an employee obtains a credential via BlockID and then uses it to access corporate apps.
Proof of Humanity is another identity-focused effort: a decentralized registry of real people, developed with Kleros Cooperative. Each account represents one real, unique person—the aim is to counter Sybil attacks.
The flow is as follows: a user registers, uploads a video and photo, and links a wallet address. After successful review, the profile enters the registry—proving that the address belongs to a real person.
Sam Altman is building a similar system with Worldcoin, only here biometrics are used—a scan of the iris by a device called the “orb”.
States have not stood idle. Finland was the first to roll out a digital-passport (eID) programme in practice. In 1999 the government, with the Population Register Centre, launched Finnish eID for electronic signatures and access to public services. Estonia went further: three years later it added e-residency alongside eID.
These successful deployments became a benchmark for the EU and the basis for eIDAS, eIDAS 2.0 and the “European Digital Identity” EUDI Wallet, slated to launch in 2026.
In Japan, trials of the GMO Blockchain KYC Tool—bank client verification with data hashed on-chain—began eight years ago.
Japan Smart Chain is a national L1 blockchain with built-in eKYC and identification via DID and VC. In August 2025 the network’s testnet and the Mizuhiki Suite identity module went live.
Mizuhiki Suite provides protocol-level identity checks that let users control their digital identifiers. Personal data are not published on-chain directly—hashing and selective disclosure are used.
AI identity
As artificial intelligence advances, the world faces a new challenge: the need to identify and allow AI agents to exist online autonomously, including making payments.
In May Coinbase unveiled x402, an online payments tool. It moves stablecoins over standard internet protocols and lets AI agents strike autonomous deals. The solution is built on the HyperText Transfer Protocol (HTTP), the protocol by which browsers exchange data with servers.
Coinbase noted that giving agents access to external context and APIs today is a complex, manual process that prevents bots from autonomously calling outside services.
Yet agents with access to external APIs, context and tools outperform models that rely only on internal data and web search. x402 removes a key bottleneck on the path to autonomy: agents can now pay for API calls without human intervention.
The solution also opens new monetization avenues for content creators, Coinbase stressed.
In October the exchange launched Payments MCP, which lets language models such as Anthropic’s Claude and Google’s Gemini access a crypto wallet, a fiat on-ramp and payments. Built by the Coinbase Developer Platform team, the service gives AI agents “the same onchain financial tools as people—from wallets and fiat on-ramps to stablecoin payments.”
Modern decentralized identifiers allow digital identities to be held by more than people. Jack Dorsey’s Block, for instance, promotes Web5—a set of standards and technologies for data storage and a decentralized identity layer atop Web2 and Web3.
Some projects target unique identifiers specifically for AI agents. A group including Cisco, LangChain, LlamaIndex, Galileo and Glean created AGNTCY, an open-source effort to craft an industry standard for agent-to-agent interaction—simplifying interoperability and data exchange among AIs.
The Agent Identity framework assigns each agent a DID at creation; the platform then issues credentials for it. Each document is signed with an asymmetric key and registered in a ledger, letting users verify an agent’s identity and entitlements.
Another example is Nuggets with its Know Your Agent (KYA) concept. Each AI agent is assigned a digital identity, enabling autonomous assistants to interact with systems securely while retaining an audit trail.
In Web3, a telling example is SingularityNET, where AI services register in a decentralized registry, obtain unique identifiers and offer their wares. Agents can hold wallets and tokens, letting them participate in DAO and DeFi.
Do we really need digital ID?
Digital identification is becoming foundational to modern society. In many cases it is essential—particularly as multi-accounting proliferates. Projects need to weed out bots and multi-accounters, and exchanges and other platforms must verify identity and age.
Even decentralized, code-based systems have flaws. The chief risk is loss of key control. If keys are lost, restoring identity is exceedingly hard—there is no central authority to appeal to. Other issues include forged credentials and covert tracking.
The risks of centralized solutions—total surveillance and control—barely need restating.
Text: Vladimir Slipper, Sergey Golubenko