Most identity architects were trained on PKI: a hierarchical chain of certificate authorities (CAs) that vouch for public keys. That model works well in enterprise domains where a root CA can be trusted, but it breaks down in decentralized contexts — self-sovereign identity (SSI), federated networks, or any system where no single authority should control trust. This guide is for architects and technical leads who already understand PKI and need a practical framework for choosing a distributed trust model. We will compare three alternatives, give you criteria for picking one, show the trade-offs in a structured format, and warn you about the most common failures.
Who Must Choose and By When
The decision to move beyond PKI is not theoretical. If you are building a system where users hold their own identifiers (DIDs), where trust must work across organizational boundaries without a shared CA, or where revocation must be transparent and non-custodial, you are already past the point where PKI is sufficient. The timeline depends on your deployment horizon: pilots in regulated industries (healthcare, finance) often need a working model within 6–12 months, while open-source SSI projects may have more flexibility.
Three signals tell you it is time to evaluate alternatives. First, your trust domain is heterogeneous — devices, organizations, and individuals join and leave without a common administrator. Second, your revocation model requires immediate propagation; CRLs and OCSP responders introduce latency that undermines decentralized promises. Third, your privacy model forbids a central authority from seeing who holds which keys. If any of these apply, PKI is not your long-term solution.
We recommend starting the evaluation as soon as you have a rough architecture sketch. Retrofitting trust after the data model is locked is expensive and often leads to security compromises. The comparison in the next sections will help you decide which approach to prototype first.
When PKI Still Works
Before diving into alternatives, be honest: PKI is fine for intranet scenarios, device onboarding in a single-org fleet, or any system where a root CA is operationally feasible. Do not replace it if your trust domain is small and centrally managed. The distributed models we discuss add complexity; use them only when PKI’s limitations hurt.
Option Landscape: Three Approaches to Distributed Trust
We will compare three families of distributed trust models that go beyond PKI. Each has multiple implementations, but the core mechanisms differ enough that the choice is architectural, not just vendor preference.
1. Decentralized Identifiers (DIDs) with Verifiable Credentials
DIDs are URIs that are registered on a distributed ledger or other decentralized network. The DID document contains public keys and service endpoints, and the subject (the identity owner) controls the private keys. Trust is derived from the ledger’s consensus — anyone can verify that a DID document has not been tampered with. Verifiable Credentials (VCs) are then issued by any party and cryptographically bound to the DID. This model is the foundation of W3C standards for SSI.
Strengths: The subject controls the identifier; no central issuer can revoke the DID itself. Interoperability is growing via standards. Weaknesses: The ledger must be available for verification; some implementations rely on a specific blockchain, creating vendor lock-in. Privacy can be tricky if the DID is a public key hash that is linkable across contexts.
2. Web of Trust (WoT) with Peer Signatures
In a web of trust, each participant signs the public keys of other participants they know directly. Trust is transitive: if Alice trusts Bob, and Bob trusts Carol, Alice can decide whether to trust Carol based on the chain of signatures. This model is used in PGP/GnuPG and some federated identity systems.
Strengths: No central authority at all; works offline; privacy is high because no global ledger exists. Weaknesses: Trust paths are probabilistic and can be gamed; revocation is manual and slow; scaling to millions of users requires careful path-finding algorithms. It works best for small, high-trust communities.
3. Threshold-Based Consensus Networks (e.g., IOTA, Hashgraph)
Some distributed networks use directed acyclic graphs (DAGs) or asynchronous Byzantine fault tolerance (aBFT) to reach consensus without a blockchain. In these systems, trust is established by a set of nodes that collectively validate transactions. Identities are often tied to the network’s native addressing scheme.
Strengths: High throughput, no mining fees, and finality in seconds. Weaknesses: The trust model is still somewhat centralized around the validator set; the network’s governance model matters a lot. These are less mature than DID/VC and WoT for identity-specific use cases.
Comparison Criteria Readers Should Use
When evaluating these models, do not just compare features. Use these four criteria to decide which fits your context.
Governance and Control
Who decides the rules for trust? In DID/VC, the ledger’s governance body (e.g., a consortium) defines the consensus rules. In WoT, each user decides their own trust thresholds. In threshold networks, the validator set governs. Ask yourself: can your organization accept external governance? For regulated industries, a consortium-governed ledger may be acceptable; for privacy activists, only WoT may suffice.
Scalability and Performance
How many identities and verifications per second do you need? DID/VC on a public blockchain may handle tens of transactions per second, which is fine for credential issuance but not for high-frequency verification. WoT scales poorly because each verification requires path traversal. Threshold networks can handle thousands of transactions per second but may sacrifice decentralization.
Privacy and Unlinkability
Can an observer correlate your identifiers across different contexts? DIDs on a public ledger are linkable unless you use pairwise DIDs (one per relationship). WoT is naturally unlinkable because no global directory exists. Threshold networks vary: some use zero-knowledge proofs to hide transaction details, but the validator set still sees metadata.
Revocation and Recovery
How do you revoke a compromised key? In DID/VC, you update the DID document; the old key is no longer valid. But the update itself must be confirmed by the ledger, which can take time. In WoT, you must notify your signers to remove your signature — slow and unreliable. Threshold networks often have built-in revocation via the consensus mechanism, but recovery of a lost key requires social recovery or a backup mechanism.
Trade-Offs: Structured Comparison
The table below summarizes the key trade-offs. Use it as a quick reference, but read the prose after for nuance.
| Criterion | DID/VC (Ledger-based) | Web of Trust | Threshold Consensus |
|---|---|---|---|
| Governance | Consortium or open | Individual | Validator set |
| Scalability | Moderate (ledger TPS bound) | Low (path computation) | High (DAG/aBFT) |
| Privacy | Linkable unless pairwise DIDs | High (no global state) | Moderate (metadata visible to validators) |
| Revocation speed | Minutes to hours (ledger confirm) | Days or never (manual) | Seconds (consensus) |
| Maturity for identity | High (W3C standards, multiple implementations) | Medium (PGP, but limited enterprise use) | Low (few identity-specific deployments) |
| Offline capability | No (requires ledger access) | Yes (local signatures) | No (requires network) |
The table makes DID/VC look like the safest choice, and for many teams it is. But the table hides the cost of ledger dependency: every verification requires a network call, and if the ledger goes down or forks, trust breaks. WoT works offline but is hard to audit at scale. Threshold networks offer speed but are still experimental for identity.
Consider a composite scenario: a healthcare consortium wants to share patient consent credentials across hospitals. They need high privacy (patients should not be linkable across hospitals) and fast revocation (if consent is withdrawn). DID/VC with pairwise DIDs and a consortium-governed ledger works, but revocation takes minutes. Threshold consensus could revoke in seconds but requires the validator set to be trusted — which the consortium can control. WoT is too slow for revocation. The choice here depends on whether minutes of revocation delay is acceptable.
When to Avoid Each Model
DID/VC: avoid if your network is frequently offline or if you cannot afford any per-verification cost. WoT: avoid if you need deterministic trust or auditable revocation. Threshold consensus: avoid if your use case requires long-term stability and you cannot commit to a specific validator set.
Implementation Path After the Choice
Once you have selected a model, the implementation steps are not trivial. Here is a generic path that applies to all three, with model-specific notes.
Step 1: Define the Trust Root
For DID/VC, this means choosing a ledger (public or permissioned) and a DID method (e.g., did:indy, did:key, did:web). For WoT, it means bootstrapping a seed set of trusted peers and defining trust thresholds (e.g., “require 3 signatures from a 5-member group”). For threshold consensus, it means setting up the validator nodes and agreeing on the governance charter.
Step 2: Implement Key Management
Distributed identity puts key management on the user. You must provide a secure wallet that can generate, store, and use keys. For DID/VC, the wallet must also handle DID document updates. For WoT, it must manage a local keyring and signature verification. For threshold networks, the wallet may need to interact with the network’s API.
Step 3: Build the Verification Flow
How does a verifier check a credential? In DID/VC, the verifier fetches the DID document from the ledger, extracts the public key, and verifies the VC’s signature. In WoT, the verifier fetches the signer’s public key from a keyserver or local cache, then checks the trust path. In threshold networks, the verifier queries the network for the current state of the identifier.
Step 4: Plan for Revocation and Recovery
Revocation must be designed from day one. For DID/VC, implement a revocation registry (a list of revoked credential IDs stored on the ledger). For WoT, design a process for users to report key compromise and for peers to update their trust lists. For threshold networks, use the network’s built-in revocation, but test it under load.
One common mistake: teams implement the happy path first and add revocation later. That almost always leads to a security gap. Revocation is harder than issuance; do it first.
Risks If You Choose Wrong or Skip Steps
The most common failure is picking a model based on hype rather than requirements. Teams that choose DID/VC because “blockchain is the future” but cannot afford the latency or ledger costs often end up with a hybrid that is neither fish nor fowl — they store DIDs on a ledger but use a central server for verification, defeating the purpose.
Risk 1: Governance Mismatch
If you choose a public ledger for a regulated industry, you may find that the ledger’s governance changes (e.g., a hard fork) invalidates your trust model. Mitigation: use a permissioned ledger with a governance agreement that you control.
Risk 2: Key Management Overload
Distributed identity shifts key management to the user. If your users are not technically sophisticated, they will lose keys. Without a recovery mechanism, they lose their identity. Mitigation: implement social recovery or a backup service (but that re-introduces centralization).
Risk 3: Performance Underestimation
Verification in DID/VC requires a ledger read. If you have millions of verifications per day, the ledger may not keep up. WoT path computation grows exponentially with the number of participants. Threshold networks can handle high throughput but may have variable latency. Mitigation: load test with realistic traffic before production.
Risk 4: Privacy Leakage
Public DIDs are linkable. If a user uses the same DID across multiple services, those services can collude to track the user. Mitigation: use pairwise DIDs or zero-knowledge proofs, but that adds complexity.
One team I read about chose a public blockchain for a patient consent system. They did not implement pairwise DIDs, and soon realized that anyone could see which patients had consented to which hospitals. They had to rebuild the entire credential model. Do not skip privacy analysis.
Mini-FAQ
Can I use PKI and a distributed model together?
Yes. Many systems use PKI for device identity and DIDs for user identity. The two can coexist: a DID can be signed by a CA-issued certificate, bridging the trust models. But be careful: the PKI chain becomes a single point of failure if the CA is compromised.
How do I choose between a public and permissioned ledger for DIDs?
If your users are anonymous and you want anyone to be able to verify, use a public ledger. If your users are known (e.g., employees of a consortium), a permissioned ledger gives you faster consensus and better privacy. The trade-off is that permissioned ledgers are less decentralized.
What is the biggest mistake teams make when implementing WoT?
They assume trust paths will be short. In practice, finding a path of length 3 or 4 that meets the trust threshold can be slow. They also underestimate the effort to maintain a current key directory. WoT works for small groups (under 1000) but not for large-scale identity.
Do I need a blockchain for decentralized identity?
No. DIDs can be registered on a distributed hash table, a P2P network, or even a static file (did:web). Blockchain is one option, not a requirement. The key is that the identifier is under the subject’s control, not that it is on a ledger.
How do I handle key recovery in a decentralized system?
Common approaches: social recovery (a set of trusted friends can sign a key rotation), a time-locked backup (a pre-signed key that becomes valid after a delay), or a hardware-based backup (e.g., a seed phrase). Each has trade-offs in security and usability.
Next Moves
You now have a framework for choosing a distributed trust model. Here are specific actions to take this week:
- Map your trust domain: list all parties that need to verify identities, and note which ones you trust to govern the system. This will eliminate at least one model.
- Prototype the top candidate with a small dataset. Do not optimize yet; just verify that the basic flow works end-to-end.
- Test revocation: simulate a key compromise and measure how long it takes for the revocation to propagate to all verifiers. If it is too slow, reconsider.
- Draft a governance document for your chosen model. Even for WoT, agree on how trust thresholds are set and updated.
- Share this guide with your team and discuss which risks are most relevant to your context. The right model is the one your team can operate safely.
Comments (0)
Please sign in to post a comment.
Don't have an account? Create one
No comments yet. Be the first to comment!