Next Article in Journal
LSNet: Adaptive Latent Space Networks for Vulnerability Severity Assessment
Previous Article in Journal
A Comprehensive Study of MCS-TCL: Multi-Functional Sampling for Trustworthy Compressive Learning
Previous Article in Special Issue
Secret Cryptographic Key Sharing Through the Integer Partition Function
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 16
Issue 9
10.3390/info16090778
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Identity Management Systems: A Comprehensive Review

by
Zhengze Feng
1,
Ziyi Li
2,
Hui Cui
1,* and
Monica T. Whitty
1
1
Department of Software Systems and Cybersecurity, Faculty of IT, Monash University, Melbourne, VIC 3800, Australia
2
School of Computing and Information Systems, Faculty of Engineering and Information Technology, University of Melbourne, Parkville, VIC 3010, Australia
*
Author to whom correspondence should be addressed.
Information 2025, 16(9), 778; https://doi.org/10.3390/info16090778
Submission received: 9 July 2025 / Revised: 20 August 2025 / Accepted: 5 September 2025 / Published: 8 September 2025
(This article belongs to the Special Issue Editorial Board Members’ Collection Series: “Information Processes”, 2nd Edition)
Browse Figures
Versions Notes

Abstract

Blockchain technology has introduced new paradigms for identity management systems (IDMSs), enabling users to regain control over their identity data and reduce reliance on centralized authorities. In recent years, numerous blockchain-based IDMS solutions have emerged across both practical application domains and academic research. However, prior reviews often focus on single application areas, provide limited cross-domain comparison, and insufficiently address security challenges such as interoperability, revocation, and quantum resilience. This paper bridges these gaps by presenting the first comprehensive survey that examines IDMSs from three complementary perspectives: (i) historical evolution from centralized and federated models to blockchain-based decentralized architectures; (ii) a cross-domain taxonomy of blockchain-based IDMSs, encompassing both general-purpose designs and domain-specific implementations; and (iii) a security analysis of threats across the full identity lifecycle. Drawing on a systematic review of 47 studies published between 2019 and 2025 and conducted in accordance with the PRISMA methodology, the paper synthesizes academic research and real-world deployments to identify unresolved technical, economic, and social challenges, and to outline directions for future research. The findings aim to serve as a timely reference for both researchers and practitioners working toward secure, interoperable, and sustainable blockchain-based IDMSs.

1. Introduction

Digital identity is a fundamental building block of modern digital ecosystems, which refers to the set of attributes used to identify, authenticate, and authorize individuals or entities in their interactions with online services [1,2]. Effective digital identity management underpins trust and security in numerous sectors, including healthcare [3,4,5,6,7,8], education [9,10,11,12,13,14], the Internet of Things (IoT) [15,16,17,18,19,20], and energy trading [21,22,23]. In these domains, robust identity management systems ensure secure access control, enable trustworthy data sharing, and support regulatory compliance.
Identity Management Systems (IDMSs), defined by NIST as systems or applications that manage identity proofing, registration, verification, and issuance, are traditionally deployed using centralized or federated architectures but both approaches struggle to address evolving security, privacy, and interoperability requirements effectively [1,2]. Centralized IDMSs suffer from inherent risks such as single points of failure, limiting scalability across multi-organizational environments and providing users with minimal control over their personal identity data [1,2,24,25,26]. Federated IDMSs address several critical limitations of centralized architectures by eliminating single points of failure, strengthening user autonomy over identity data, and enabling secure cross-domain authentication and access [27,28]. However, they remain vulnerable to privacy breaches during inter-organizational data exchange, lack full support for holistic identity lifecycle management, and face persistent interoperability constraints across heterogeneous systems [1,2,27,29,30].
Recent advances in blockchain-based Decentralized IDentity Management Systems (DIDMSs) aim to overcome these limitations. DIDMSs leverage distributed ledger technology to eliminate reliance on a central authority, enhance privacy via selective data disclosure and pseudonymous identifiers, and give users direct control over creating, managing, and revoking their digital identities [14,31,32,33]. Many DIDMS implementations are designed to support the principles of self-sovereign identity (SSI), a paradigm in which individuals fully own and control their identity data, deciding when and with whom to share it without mediation by a central entity. In this context, SSI can be viewed as the guiding philosophy, while DIDMSs represent the technical systems that implement it. Blockchain’s immutable audit trail and smart contract programmability support complete identity lifecycle tracking [31,32,34], and W3C standards such as decentralized identifiers (DIDs) and verifiable credentials (VCs) further promote cross-organizational trust and interoperability [34,35,36].
Given these developments, a comprehensive understanding of this rapidly evolving DIDMS landscape is essential for guiding both future research and real-world adoption. However, the existing literature has yet to provide such a holistic and up-to-date perspective. Liu [37] highlighted the decentralization, immutability, and self-sovereign features of blockchain and reviewed major IDMS solutions such as Sovrin, uPort, and ShoCard, but lacked detailed cross-domain application analysis. Kaneriya [38] provided a comprehensive comparison of several DIDMS solutions and outlined SSI principles but did not cover recent advancements such as cross-chain interoperability or Layer-2 scaling solutions. ALAMRI’s analysis on blockchain-based IDMS in healthcare IoT (HIoT) contexts was limited to generic blockchain threats without detailed discussions on identity-specific attacks or tailored mitigation strategies [39]. Raut [40] identified critical elements and technologies such as smart contracts and zero-knowledge proofs but provided insufficient comparative analysis of privacy-enhancing techniques. Lastly, Quraishi [41] offered case studies of existing blockchain IDMS implementations but failed to thoroughly investigate emerging privacy technologies or offer precise future research recommendations.
As this study reviews numerous related concepts, Table 1 provides a concise summary of the abbreviations used throughout the paper to facilitate readability.

1.1. Contributions

To the best of our knowledge, this is the first comprehensive paper that reviews the IDMS from three aspects: historical development, cross-domain applications, and security challenges. The key contributions are as follows:
  • We present a chronological review of IDMSs’ involvement, tracing their progression from traditional centralized and federated models to emerging blockchain-based architectures.
  • We propose a detailed taxonomy of blockchain-based IDMSs, classifying contemporary solutions according to their application domains, including general-purpose systems, electronic healthcare, academic credentialing, the Internet of Things (IoT), energy trading, and real-world deployment platforms.
  • We further investigate potential security threats that affect DIDMSs throughout the entire identity lifecycle, focusing on impersonation attacks, repudiation attacks, data integrity attacks, linkability attacks, and quantum attacks.
  • Building upon recent blockchain privacy and security technologies and evaluating multi-domain applications and practical deployments, we propose robust technical approaches and outline specific future research directions and technological pathways for blockchain-based IDMS development.

1.2. Organization

The remainder of this paper is organized as follows. Section 2 outlines the methodology, including the systematic review process and data analysis framework. Section 3 introduces key technical preliminaries, including blockchain, decentralized identifiers (DIDs), verifiable credentials (VCs), and related cryptographic tools. Section 4 reviews the historical evolution of IDMSs from centralized to decentralized models. Section 5 surveys generic decentralized IDMS solutions, focusing on general-purpose designs, while Section 6 examines decentralized IDMS solutions developed for specific application domains such as healthcare, education, IoT, energy trading, and real-world deployment platforms. Section 7 discusses security challenges and potential threats. Section 8 highlights open research issues and future directions. Finally, Section 9 concludes the paper.

2. Methodology

This paper follows the general principles of the PRISMA framework [42] to guide a transparent and reproducible systematic review of blockchain-based IDMSs. The process comprises three main stages: a structured literature search, selection based on predefined inclusion and exclusion criteria, and a detailed content analysis of the selected works.

2.1. Search Strategy

A systematic search was conducted in two major academic databases, IEEE Xplore and ScienceDirect, which are widely recognized for their coverage of authoritative technical publications in information technology and interdisciplinary research involving blockchain. The search was limited to the period from January 2019 to April 2025, which allows the review to capture both early foundational studies and recent developments reflecting the rapid evolution and practical deployment of blockchain-enabled identity management solutions. The search queries were constructed using a combination of primary and domain-specific secondary keywords, connected through Boolean operators. Core search terms included: (“Blockchain” OR “Identity Management System”) AND (“Healthcare” OR “IoT” OR “Academic Credential” OR “Energy Trading”). Keyword variations were applied iteratively to ensure domain-wide coverage of relevant implementations.

2.2. Inclusion Criteria

The inclusion criteria were designed to ensure that the review focused on works of direct relevance to blockchain-based IDMSs: (1) Studies were eligible if they explicitly described an identity management system that incorporated blockchain as a core architectural component and implemented a full identity lifecycle, including creation, verification, access control, and revocation; (2) systems that merely employed blockchain for data storage or logging, without addressing the broader identity management processes, were excluded; (3) only literature written in English was considered; and (4) eligible sources included peer-reviewed journal articles, conference papers, relevant technical standards, and technical white papers that presented detailed architectural designs and interaction workflows in real-world implementations. Materials lacking peer review or editorial oversight—such as blogs, opinion pieces, or informal publications—were excluded.
For instance, one study proposing a blockchain-based credential verification service for academic records was excluded because it did not provide mechanisms for identity creation or revocation, thus failing to meet the full lifecycle criterion. Conversely, a healthcare-focused solution that integrated decentralized identifiers and verifiable credentials for patient identity management was included, even though its blockchain layer was limited to interoperability functions, because it implemented the complete identity lifecycle. Similarly, a proposed IoT device authentication protocol was excluded when blockchain was used solely for key distribution without user or device identity lifecycle management.
The initial search identified 4259 records from databases and an additional 7 from other relevant sources, yielding 4266 unique records after merging. Duplicate removal eliminated 1269 entries. The remaining 2997 records underwent title and abstract screening to assess topical relevance. At this stage, 2665 studies were excluded because they did not involve any form of system design and implementation, even if blockchain technology was present. A further 241 studies were removed because they were themselves literature reviews and thus outside the scope of IDMS system selection. An additional 48 were excluded for addressing unrelated fields. We summarize the selection process of relevant papers on the topic in Figure 1.

2.3. Data Analysis Framework

The final set of 46 studies was analyzed using a structured framework comprising three dimensions. The first dimension addressed technical attributes, including selective disclosure, interoperability, revocation capabilities, and readiness for post-quantum security. The second dimension concerned application domains, covering both general-purpose IDMSs and domain-specific implementations in healthcare, IoT, academic credential verification, energy trading, and other real-world platforms. The third dimension focused on security features, evaluating how each system addressed threats such as impersonation, repudiation, data integrity violations, linkability, and quantum-based attacks.

3. Preliminaries

This section surveys the key concepts and technologies underpinning blockchain-based IDMSs. We begin with the fundamentals of blockchain architecture, including its distributed ledger, immutability, and consensus mechanism, followed by decentralized identifiers and the verifiable credential framework as defined by the World Wide Web Consortium. We outline enterprise-grade platforms, focusing on Hyperledger’s modular framework, and conclude by discussing the cryptographic building blocks essential for privacy and security, such as zero-knowledge proof and elliptic curve cryptography.

3.1. Blockchain Fundamentals

Blockchain technology has introduced transformative capabilities through its core features, such as distributed storage, decentralization, and immutability [34,40]. These characteristics have significantly impacted domains, including finance, healthcare, and the metaverse, driving significant transformations in both work efficiency and operational approaches [40]. Consequently, blockchain also holds promise for introducing more efficient and secure methods in the field of digital identity management [2,34,40].
At its core, a blockchain consists of a chronologically ordered chain of blocks, each containing a set of cryptographically signed transactions [34]. All transactions are grouped into blocks, and the blocks are linked through cryptographic methods to form an immutable chain structure [40,43]. As illustrated in the Figure 2, each block consists of two main components: the block header and the block body [41,44]. The block header contains the following key metadata [43]:
  • Block Hash: The unique identifier of the current block, generated by performing a cryptographic hash computation on all fields in the block header, such as version number, timestamp, and difficulty. This ensures the block’s uniqueness. As part of the chain structure, the block hash links blocks together. Even a minor change in block content results in a completely different hash value.
  • Previous Block Hash: The hash value of the preceding block, linking the current block to the previous one. This creates the chain structure of the blockchain, ensuring the sequential order of blocks and the immutability of data.
  • Version: Indicates the protocol or format version used by the block. This ensures that nodes in the network can correctly interpret the block data. The version is updated when block structures or protocols evolve.
  • Timestamp: Records the block creation time, typically in Unix timestamp format. It establishes the chronological order of blocks and serves as a time reference for nodes in the network.
  • Nonce: A random number used in the proof-of-work consensus mechanism. Miners adjust the nonce value to meet the mining difficulty conditions, such as ensuring the hash value starts with a specific number of leading zeros.
  • Difficulty: Represents the computational difficulty required to generate a block, often expressed as the target hash condition. Difficulty dynamically adjusts according to the network’s computational power, ensuring a stable interval between block generations.
The block body stores transaction data, which is the core content of the blockchain [44]. For example, in Bitcoin, the block body contains records of transactions, including the sender, recipient, amount, and timestamp [41,45]. Each transaction is assigned a unique transaction hash [41]. Additionally, transaction data may include the execution results of smart contracts, which is common in blockchains like Ethereum [44].
To maintain consistency across the network, blockchain employs consensus mechanisms that enable all honest nodes in a decentralized, untrusted, and asynchronous distributed network to reach agreement on updates to the global system state [46]. There are various types of consensus mechanisms, each employing different approaches to block validation and ledger maintenance. Examples include Proof of Work (PoW), where nodes compete to solve computational puzzles to earn the right to add a new block [46]; Proof of Stake (PoS), where nodes gain block production rights by staking a certain amount of cryptocurrency [46]; Proof of Authority (PoA), which relies on a set of pre-selected authoritative nodes to generate blocks [46]; and Practical Byzantine Fault Tolerance (PBFT), where nodes reach consensus through a voting process that tolerates a certain number of faulty or malicious nodes [46].

3.2. Decentralized Identifiers (DIDs)

A DID is a globally unique identifier that is generated and managed by the user on a distributed ledger or decentralized network, thereby eliminating reliance on centralized authorities [47]. Unlike traditional centralized identifiers, DIDs function independently from any single entity or service provider, enhancing resilience and user autonomy [48].
Each DID corresponds to a DID document stored on a decentralized network or distributed ledger [47,48]. This document includes critical metadata such as public keys used for cryptographic verification, service endpoints for communication with the DID holder, verification methods detailing how authentication can be achieved, and governance mechanisms specifying the controlling authority of the DID [47,48].
In the VC framework, DIDs form a fundamental layer by uniquely identifying the holder and the issuer of credentials [47]. Although DIDs provide unique identification, they do not inherently contain detailed attributes or personal data [47,49]. Instead, verifiable credentials supplement DIDs by attaching verifiable attributes such as educational qualifications, age, or address, thereby enabling comprehensive identity verification [47,49]. A single DID may thus be linked to multiple verifiable credentials, collectively building a robust digital identity profile [47,48].

3.3. Verifiable Credentials (VCs)

VCs constitute a standardized digital identity framework defined by the World Wide Web Consortium (W3C) [47,49]. They are digitally signed credentials proving specific attributes or statuses of entities, enabling independent verification without intermediaries [31,47]. VCs are generally stored securely within the holder’s personal digital wallet, rather than directly on a blockchain, enhancing user control and privacy [47]. A standard VC structure includes a unique credential identifier, a type field describing its classification, the issuer’s DID, the issuance date, credential subject attributes such as age and qualifications, and cryptographic proofs for authenticity verification [47]. Key features of VCs include the following [47]:
  • Verifiability: Allowing any verifier to independently validate the credential’s authenticity.
  • Immutability: Ensured through robust cryptographic signatures.
  • Privacy Protection: Enabled via selective disclosure mechanisms.
  • Offline Verification: Supported by public key cryptography, removing the necessity for real-time issuer interactions.
  • Revocability: Maintained through issuer-published revocation lists or status registries.

3.4. Hyperledger

Hyperledger is an open-source collaborative project that offers a suite of blockchain frameworks and tools specifically designed for enterprise-level applications [50]. As a comprehensive toolbox, Hyperledger hosts various sub-projects, including Hyperledger Fabric, which is well suited for building enterprise private blockchains; Hyperledger Indy, which focuses on decentralized digital identity management; and Hyperledger Caliper, a benchmarking tool for evaluating blockchain performance, among others [50]. Hyperledger provides features such as fine-grained access control, strong privacy protection, high performance, and excellent scalability [50]. In decentralized IDMSs, it is commonly used for constructing identity databases and automating identity verification processes [4,6,8,9,10,11,12,19,50].

3.5. Zero-Knowledge Proof (ZKP)

ZKP is a cryptographic protocol that enables a prover to convince a verifier of the truth of a specific statement without revealing any information beyond the validity of the statement itself [6,51]. ZKPs can generally be classified into two categories: interactive zero-knowledge proofs, such as Schnorr ZKP and Sigma protocols, which require multiple rounds of challenge and response between the prover and verifier; and non-interactive zero-knowledge proofs, such as zk-SNARKs, zk-STARKs, and Bulletproofs, which allow the prover to generate a complete proof in a single step without further interaction [52]. In practical privacy-preserving applications, ZKPs enable users to present a credential while selectively disclosing only the specific information they want the verifier to see, such as revealing certain parts of a credential while keeping others hidden, or proving they are over 18 years old without disclosing their exact date of birth [12,22,52].

3.6. Elliptic Curve Cryptography (ECC)

Elliptic curve cryptography (ECC) is a public-key cryptographic algorithm based on the mathematical theory of elliptic curves [53]. ECC performs mathematical operations on points over an elliptic curve to enable functions such as encryption, decryption, digital signatures, and key exchange [53]. Within the field of asymmetric cryptography, ECC offers shorter key lengths, faster computational speeds, and lower hardware requirements while maintaining a high level of security [53]. These advantages make ECC particularly well suited for lightweight authentication mechanisms in identity management systems [3,15,17].

4. Overview of IDMS Development

Identity forms the foundation of any IDMS, yet its definition remains inherently context-dependent and multi-faceted [1,2,47,54]. In general, identity represents an entity within a specific domain, defined by a set of identifiers (such as usernames, decentralized identifiers) and associated credentials (such as passwords, biometric templates, or verifiable credentials) [1,54]. People often equate digital identity with real-world identity attributes, such as names, dates of birth, hobbies, clothing preferences, or criminal records [1,54]. However, in modern networked services, only attributes highly relevant to users are typically considered, as these directly determine the functionality and success of applications and services [1,54].
An IDMS is a system deployed within computing or communication networks designed to manage identity, enabling organizations to facilitate and regulate user access to online applications and resources while safeguarding confidential personal and business information from unauthorized access [54,55,56]. A robust IDMS must first verify a user’s identity and then grant appropriate access rights. The core components of an IDMS include the following stakeholders [54,55,56]:
  • Users: They are clients of both the service provider (SP) and the identity provider (IdP). To access services, users must possess valid identities. Users can represent public organizations, individuals, or virtual entities and are uniquely identified by their identifiers.
  • Service Providers (SPs): They deliver services to users within the IDMS. Examples include online shopping platforms or healthcare record management systems.
  • Identity Providers (IdPs): They are the cornerstone of the IDMS. The IdP acts as a trusted entity responsible for registering user identities, verifying their authenticity, and storing identity data. Furthermore, the IdP handles user authentication requests from service providers, ensuring secure and reliable identity management.
Figure 3 depicts the evolution of IDMS architectures from early centralized designs to federated models and, more recently, blockchain-enabled IDMSs. This progression reflects the ongoing effort to improve scalability, interoperability, and user privacy.

4.1. Traditional Centralized IDMSs

Early IDMSs emerged from the client–server (C/S) architecture paradigm of the 1980s and 1990s, where user credentials were stored and managed centrally by service providers [1]. By 1995, Tim Howes [57] formally and systematically introduced the Lightweight Directory Access Protocol, enabling the lightweight and widespread adoption of directory services globally and initiating the standardization and proliferation of IDMSs. In such centralized IDMSs, the roles of SP and IdP are typically unified, meaning that users register directly with each service and rely on the same provider for both service access and identity verification [1,2], as shown in Figure 4. Organizations use this type of IDMSs to store user credentials, such as usernames and passwords, for each user [1,2]. As illustrated, the SP and IdP are integrated in this model, allowing users to register directly with the associated SP.
Today, major platforms like Google and Facebook still utilize centralized IDMSs for both user management and authentication within their ecosystems [34]. These systems support millions of users and offer convenience and scalability for internal applications. However, it imposes a burden on users as they have to maintain separate credentials for accessing services from different SPs [1]. Moreover, centralized IDMS models face several inherent challenges that have driven the shift toward alternative solutions:
  • Single Point of Failure (SPOF): Centralized IDMSs often rely on a central server or database to store all identity data and perform authentication [1,2,24,25]. If the central system encounters an issue, the entire identity management system becomes non-operational [2,24]. This can lead to resource inaccessibility and business disruptions, which are particularly critical for banking and government services.
  • Data Breaches: Centralized IDMSs store all identity data in a central database, making it a prime target for cyberattacks [2,24,25]. Additionally, such systems often run on legacy software with significant SPOF vulnerabilities [25]. If the system is compromised, sensitive information can be stolen or exposed, resulting in severe security and privacy risks [2,24,25].
  • Lack of Interoperability: Centralized IDMS systems are often isolated, making it difficult to share or exchange identity data across platforms or organizations [1,2,24,25,26]. Users are forced to register and maintain separate accounts for various systems—such as email, social media, and banking—resulting in a poor user experience, commonly referred to as “password fatigue.” This lack of interoperability also hampers organizational collaboration due to the inability to unify identity management and verification [2,24].
  • Inaccessibility: Globally, many identities rely on paper-based processes, making access to relevant data challenging [37]. Eliminating the need for physical document verification would make IDMS systems more authoritative, accessible, and applicable to a broader range of users and sectors [37].

4.2. Federated IDMSs

A federated IDMS is a cross-organizational framework that allows multiple independent organizations to share and validate user identity information without requiring each organization to maintain complete user identity data independently [1,2,27]. Around 1999, as collaboration among Internet-based enterprises increased, the need for identity federation began to emerge [54]. In 2004, the Liberty Alliance, led by Sun Microsystems, formally provided a comprehensive implementation guideline for developers and implementers to support the Liberty ID-FF 1.2 standard [58]. The guideline established standardized communication mechanisms between IdPs and SPs, reinforced privacy protection measures to prevent easy linkage of user identities, and mandated the use of secure channels protected by TLS/SSL, digital signatures on messages, replay attack prevention, and mutual authentication to enhance overall system security [58].
In federated IDMSs, SPs establish agreements through protocols to ensure that an identity authenticated by one SP is accepted across various services. Once a user authenticates their identity with one SP using a designated identifier, that identity is considered verified by all other SPs within the federation.
As shown in Figure 5, this model enables users to access numerous services using a single set of credentials provided by the IdP. Each identity domain consists of an IdP and one or more SPs. The IdP acts as an intermediary between users and SPs, managing and validating user credentials [1]. For example, when a user logs into a social media platform using their Google account, the same identity can then be used to log into a school portal or an online shopping site without requiring separate credentials. The IdP is responsible for assessing and verifying user credentials, while SPs rely on the IdP to authenticate users and retrieve relevant attributes and values [1].
Despite its advantages, a federated IDMS still relies heavily on the IdP for functionalities such as Single Sign-On, where authentication tokens are issued by the IdP to SPs’ SSO. According to Bertino’s research, which covers the full lifecycle of identity issuance, usage, modification, and revocation in federated IDMSs [30], the following challenges persist [28,29,30,59,60]:
  • Lack of Flexible Registration and Verification Mechanisms: The current systems lack robust mechanisms for verifying the validity and ownership of identifiers, such as social security numbers or passports. This deficiency hampers the system’s ability to authenticate users with high accuracy.
  • Vulnerability to Identity Theft: Federated IDMSs fail to effectively prevent dishonest individuals from registering fake identifiers or impersonating other users, posing a significant threat of identity theft. Additionally, existing strong authentication methods lack flexibility and granular control, and the reuse of the same credentials increases the risk of credential compromise.
  • Inconsistent Updates Across Systems: Federated IDMSs struggle to maintain consistency across systems when identifiers are updated. For instance, when a user changes their email address or phone number, other systems that rely on these data may not synchronize the updates, leading to discrepancies.
  • Inefficient Revocation Mechanisms: The current systems often lack practical and efficient mechanisms for identity revocation. Temporary credentials may simplify the revocation process but require frequent re-authentication, which can degrade the user experience.

4.3. Decentralized IDMSs

Although Bitcoin, launched in 2009, had already provided blockchain as a technological foundation for identity infrastructure, it was not until 2016 that the concept of self-sovereign identity (SSI) was formally established as the theoretical basis for modern decentralized IDMSs [34,45]. This development was marked by the publication of the influential article The Path to Self-Sovereign Identity by Christopher Allen [61], a former co-founder of Blockstream and a veteran cryptography expert. After 2018, significant progress was made: the W3C Decentralized Identifier Working Group was established to advance the standardization of decentralized identifiers, the verifiable credentials standard was subsequently released, and the European Blockchain Services Infrastructure (EBSI) project incorporated DIDs and VCs into electronic identity applications [47].
In summary, blockchain-based IDMSs eliminate centralized authorities, enhance user privacy, and empower users with full control over their identities [41]. Users independently manage their identity credentials and share only the necessary information without relying on intermediaries for authentication, thus ensuring both privacy and autonomy [40].
As shown in Figure 6, blockchain-based IDMSs consist of multiple components, with the main interactions occurring among three core parties: the identity holder, the identity provider, and the verifier [2]. To participate in the system, a user must first possess a blockchain-anchored DID, which represents a globally unique identity [2]. Ownership and control of the DID are proven through the user’s possession of the corresponding private key [2]. Once a DID is established, it serves as the foundational address to which VCs are linked [2]. The identity provider verifies the user’s real-world identity and issues a VC, cryptographically signed to attest to the verification [2]. The user then securely stores the VC within an identity wallet [2].
When accessing a service, the verifier issues a credential request to the user [2]. The user selects an appropriate VC from their identity wallet in response, with the option to minimize information disclosure without revealing unnecessary personal details [2]. The verifier checks the validity of the VC’s digital signature and verifies its revocation or expiration status; if successfully verified, the user is granted access to the requested resource [2].

5. Generic Decentralized IDMS Solutions

Beyond leveraging the inherent properties of blockchain, existing studies have incorporated additional technologies such as blockchain oracles, zero-knowledge proofs, and distributed storage to further enhance the functionality of blockchain-based IDMSs. This section reviews general-purpose blockchain-based IDMS solutions that are not tied to a single application domain. We classify and compare them according to four key functional and security-related features: (i) selective disclosure, (ii) interoperability, (iii) revocation support, and (iv) quantum resistance (see Table 2). These features are evaluated in light of the specific design choices and trade-offs made by each system.

5.1. Selective Disclosure

Selective disclosure refers to the ability of an identity holder to reveal only the minimum set of attributes required for a transaction, while withholding unrelated personal information [4,5,6,11,12,18,21,22,23,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77]. Most reviewed systems implement this feature through verifiable credentials (VCs) conforming to W3C standards, often combined with zero-knowledge proofs (ZKPs) or cryptographic accumulators. For example, Song and Yu [62] integrate DIDs and VCs with blockchain oracles to perform signature verification off-chain, improving authentication efficiency. Srivastava, Agarwal and Chaurasia [63] achieve selective disclosure via Hyperledger Aries agents, enabling user wallets to control credential presentation granularity. In contrast, Chen, et al. [64] use a one-way accumulator to allow rapid proof generation without revealing raw attributes, which reduces on-chain storage but limits expressive verification logic.
VC plus ZKP approaches, as in [62,63,67], offer high flexibility in defining and proving attribute claims but incur higher computational and verification costs. Accumulator-based designs [64] provide faster proof generation with lower on-chain footprint but are less adaptable to dynamic attribute sets. Hybrid approaches, such as that of Kersic et al. [65], show promise in combining multi-standard interoperability with privacy guarantees, while unconventional embedding methods [66] broaden the design space for secure, selective attribute sharing. Across all reviewed solutions, the main unresolved challenges include standardizing attribute schemas across DID methods, ensuring interoperability of proof formats, and optimizing performance for resource-constrained devices.

5.2. Interoperability

Interoperability refers to the capability of an IDMS to exchange and validate credentials across heterogeneous identity ecosystems, including systems based on different blockchain platforms or DID methods. Achieving this requires standardized communication protocols, cross-chain verification mechanisms, and governance frameworks to establish mutual trust between domains [4,5,6,11,12,15,16,18,19,20,21,22,23,62,63,64,65,67,68,70,71,72,73,76,77].
Interoperability is addressed at multiple layers. At the protocol layer, Kersic et al. [65] and Srinivas et al. [69] provide unified wallet and agent orchestration across DID methods, enabling cross-organizational VC exchange. At the infrastructure layer, Zecchini et al. [67] employ cross-chain relays to reconcile identity states, achieving low on-chain storage overhead. However, these solutions face common challenges: aligning multiple DID resolution schemes, synchronizing revocation registries, and ensuring compatibility with legacy IAM systems. The reliance on specific blockchain platforms (e.g., Hyperledger Indy in [63,69]) can limit cross-ecosystem adoption unless gateways or standard bridges are deployed.
Cross-chain approaches [67] enable broader ecosystem integration but introduce additional attack surfaces at relay points, while multi-standard wallets [65] prioritize flexibility at the cost of increased orchestration complexity. Agent-based deployments [69] offer strong domain isolation but require significant deployment coordination. Current challenges include the lack of universally adopted DID resolution protocols, governance models for cross-network trust, and secure, scalable bridging mechanisms for high-throughput environments.

5.3. Revocation Support

Revocation support ensures that credentials can be invalidated promptly and verifiably, preventing misuse of compromised or outdated identity data. Effective revocation mechanisms must balance transparency, privacy, and efficiency, particularly in decentralized environments [3,4,5,6,8,9,10,11,12,15,16,17,18,19,20,21,22,23,64,68,69,71,72,73,75,76,77,78].
Hao et al. [68] implement revocation through a Structured Merkle Patricia Tree (SMPT), allowing proofs of credential validity to be generated and verified efficiently. Their pairwise DID mechanism further enhances privacy by ensuring that each interaction uses a unique DID, mitigating correlation risks. Thorve et al. [78] integrate biometric authentication into identity wallet access, tying credential validity to successful biometric verification. This prevents revoked or compromised credentials from being reused, as wallet access itself requires biometric confirmation. Their design also simplifies credential recovery by mapping usernames to DIDs, enabling secure migration between devices. Yin et al. [71] propose DP-DID, which uses a rotating committee established through distributed key generation. During committee rotation, members add cryptographic noise to shares before transferring them to new members, preserving system key integrity and preventing derivation attacks. This mechanism supports not only user credential revocation but also key recovery at user, batch, and committee levels. Shrivas et al. [11] discuss revocation in the context of academic credential verification, noting that on-chain revocation registries can provide transparency but risk revealing credential usage patterns. They propose integrating privacy-preserving mechanisms into revocation checks to mitigate this risk.
Tree-based registries [68] excel in verification speed and scalability but require careful handling of privacy leakage from public audit trails. Biometric-bound revocation [78] offers strong assurance of credential control but depends on the security and reliability of biometric sensors. Committee-based recovery [71] distributes trust but adds coordination overhead. A common limitation across approaches is the lack of interoperability in revocation lists, with most designs tailored to specific blockchains.

5.4. Quantum Resistance

Quantum resistance is the ability to maintain security against quantum computer attacks by leveraging post-quantum cryptographic methods, preventing private key compromise, hash collisions, and ledger tampering [11,14,33].
Shrivas et al. [11] explicitly address quantum resilience by proposing the integration of post-quantum cryptographic (PQC) algorithms into VC signature schemes. This forward-looking approach seeks to ensure that credentials issued today remain verifiable in a post-quantum era. However, the authors note significant practical challenges: PQC keys and signatures are substantially larger than those in classical schemes, increasing storage and transmission demands, particularly for mobile and IoT-based identity wallets.
PQC integration [11,14] provides the most direct mitigation strategy against quantum threats, with BDEC illustrating how domain-specific frameworks can incorporate both privacy-preserving proofs and efficient revocation. However, PQC algorithms introduce larger key and signature sizes, affecting performance and storage efficiency, and the integration of advanced proof systems such as zkSNARKs adds computational overhead. Most existing systems remain vulnerable in the long term, relying on classical cryptography without upgrade pathways. Addressing quantum resilience will require industry-wide consensus on PQC standards, practical optimization for constrained environments, and ensuring interoperability between PQC-enabled and legacy identity systems.
Table 2. Comparative analysis of technical features in general-purpose IDMSs, where ✓ means satisfied, and × not satisfied.
Table 2. Comparative analysis of technical features in general-purpose IDMSs, where ✓ means satisfied, and × not satisfied.
Ref.Selective DisclosureInteroperabilityRevocation SupportQuantum Resistance
[62]×
[63]×
[64]×
[65]××
[66]×××
[67]××
[68]×
[78]×××
[69]×
[70]××
[71]×
[72]×
[73]×
[74]×××
[75]××
[76]×
[77]×

6. Applications of IDMSs

As blockchain-based IDMSs continue to evolve, their system architectures are increasingly adapted to meet the specific requirements of various application domains. This section provides a systematic analysis of blockchain-based IDMS solutions tailored for specific industries, including academic credentialing, electronic healthcare, the Internet of Things (IoT), and energy trading, and even encompassing real-world deployment platforms. The analysis aims to identify prevailing technological trends as well as existing research gaps in these areas.

6.1. Electronic Healthcare

With the rapid advancement of global digital healthcare, technologies such as Electronic Health Records (EHRs), telemedicine, Wearable Health Devices, and Genomic Data Storage are becoming increasingly prevalent [5,6]. However, ensuring the security, privacy, and interoperability of healthcare data remains a significant challenge [5,6]. Traditional healthcare identity management systems, which predominantly rely on centralized authorities, are vulnerable to cyberattacks, opaque access control, and limited patient control over personal health information [5,6]. These weaknesses heighten risks of identity fraud, unauthorized access, and fraudulent medical claims. To address these challenges, decentralized IDMSs incorporate a variety of technologies, including advanced privacy-preserving cryptographic techniques such as zero-knowledge proofs (ZKPs) [52], which enable identity attribute verification without revealing sensitive information, and decentralized storage architectures that enhance security by ensuring distributed and tamper-resistant data management [3,5,6].
Xiang et al. [3] address the tension between anonymity and regulatory accountability by proposing a permissioned blockchain-based scheme (PBBIMUA). Their system incorporates elliptic curve cryptography (ECC) [53] as a lightweight cryptographic mechanism, enabling efficient performance even on resource-constrained devices. The scheme also features a challenge–response protocol for mutual authentication, ensuring both the uniqueness and privacy of user identities [3]. This balance supports regulatory compliance but lacks selective disclosure and interoperability features. Harrell et al. [4] proposed and implemented MediLinker, where patients can store, share, and revoke six types of essential credentials, exercising selective disclosure when visiting different clinics and retaining full control over which credentials to share [4]. Notably, MediLinker incorporates a Medical Power of Attorney (MPOA) feature, enabling legal guardians, such as representatives of elderly individuals or minors who are unable to make independent healthcare decisions, to manage identity, consent to treatments, and oversee medical data on behalf of the patient. Javed et al. [5] propose Health-ID on an Ethereum consortium blockchain. Using smart contracts and JSON Web Tokens (JWTs), the system verifies attributes while only storing hash values on-chain to reduce storage overhead. This hybrid design enables scalability and supports telemedicine use cases. Compared with MediLinker [4], Health-ID emphasizes throughput and low-latency verification but offers weaker support for cross-institutional interoperability.
Targeting the challenges of cross-platform data sharing, Torongo et al. [6] proposed Blockchain-based Decentralized Identity Management for Healthcare Systems (BDIMHS). It also integrates a Decentralized Key Management Service (DKMS) to enhance the security of identity wallets. BDIMHS supports a variety of identity credentials and, unlike Health-ID [5], enables fully passwordless interactions, relying on VCs for authentication and aligning with the usability needs of healthcare providers. However, its lightweight deployment model makes it more suitable for containerized environments than for large-scale hospital systems.
Saragih et al. [7] design an SSI-based framework tailored to resource-constrained healthcare settings, particularly in developing regions. Built on ChainSQL, it integrates biometric authentication and lightweight smart contracts for access control. While it enhances usability and inclusivity, the system omits advanced features such as selective disclosure and revocation registries, limiting its applicability in high-assurance clinical contexts. Mikula and Jacobsen [8] propose an identity and access management (IAM) system that leverages Hyperledger Fabric’s permissioned blockchain to enhance patient data security and streamline access control in EHRs. Finally, Mikula and Jacobsen [8] propose an identity and access management system on Hyperledger Fabric, replacing centralized CAs with Identity-Based Cryptography (IBC) and implementing a PBFT consensus for efficient EHR queries. Their approach supports permission revocation but lacks selective disclosure or interoperability with broader digital identity ecosystems.
Healthcare IDMS research reveals complementary trade-offs. Systems like MediLinker [4] and BDIMHS [6] lead in selective disclosure through VCs and ZKPs, while Health-ID [5] and PBBIMUA [3] prioritize efficiency and traceability. Revocation is widely supported, though mechanisms vary, from on-chain credential registries (MediLinker, BDIMHS) to smart contract–driven access revocation [8]. Interoperability remains partial: MediLinker and BDIMHS show cross-clinic potential, but most systems are siloed within specific infrastructures. None of the surveyed works implement quantum resistance, underscoring a critical gap given the sensitivity and longevity of healthcare records. Table 3 offers a detailed comparison of the technical features of blockchain-based IDMSs applied in the electronic healthcare sector.

6.2. Academic Credentials

With the increasing digitalization of education, academic credentials such as degrees, diplomas, transcripts, and professional certifications are increasingly issued in digital formats [10]. However, the absence of a unified global certification framework has led to widespread issues of credential forgery, fraudulent qualifications, and fragmented verification procedures [13,14]. Traditional verification requires universities, employers, and government agencies to interact with multiple authorities, resulting in high time costs and complex verification processes [9,10]. Furthermore, different countries, regions, and educational institutions use varied accreditation systems, leading to low credential portability and limited mutual recognition, thereby restricting the global mobility of academic qualifications [10,11]. To address these challenges, numerous scholars have conducted research on the application of IDMSs in academic credential management, exploring how decentralized identity frameworks can enhance the trustworthiness, security, and verifiability of academic credentials.
Reza et al. [9] proposed an academic certificate management system based on Hyperledger Fabric. The system employs a composite key generation algorithm that integrates biometric data, internal IDs, and passwords to produce unique identity key pairs for each user, making it extremely difficult to forge identities or academic documents. This design strongly binds user identity to issued credentials, but it lacks fine-grained selective disclosure and interoperability, restricting its applicability across institutional or cross-border contexts. Sy et al. [10] developed EduCredPH, a permissioned blockchain system built on Hyperledger Fabric. The platform establishes a decentralized verification network that seamlessly integrates with traditional academic management systems. The system comprises four core components: a blockchain network for certificate storage and verification, an API gateway for external interactions, a centralized system that synchronizes data with existing university platforms, and a user-facing application. The system enforces role-based access controls, improving revocation handling and reducing exposure to credential misuse. However, like Reza et al., it remains limited in cross-institutional interoperability and still relies on pre-quantum cryptography. Lux et al. [12] focus on user-centric control through integration with OpenID Connect (OIDC) [79]. Their Hyperledger Indy and Sovrin-based system leverages DIDs and VCs with zero-knowledge proofs, enabling flexible selective disclosure and compatibility with existing web login workflows. This improves usability and privacy but does not address post-quantum security risks.
Most existing blockchain-based educational systems rely on pre-quantum cryptography, rendering them vulnerable to future quantum attacks such as Shor’s and Grover’s algorithms [80]. To address this concern, Shrivas et al. [11] proposed a post-quantum secure academic credential verification system that replaces conventional cryptographic methods with lattice-based cryptography and hash-based signature schemes to generate quantum-resistant key pairs. Their design also supports multi-university deployment within a single permissioned blockchain, enabling both interoperability and revocation through a post-quantum Membership Service Provider. The approach, however, increases computational overhead and requires optimization for scalability. Li et al. [14] further explore quantum-resilient credentialing in the Blockchain-based Digital Education Credential (BDEC) framework. BDEC adopts a minimal yet quantum-safe design, requiring only a PQC-secure digital signature scheme and a zkSNARK to achieve both authenticity and privacy in credential verification. By avoiding reliance on blockchain-specific or classical cryptography vulnerable to quantum attacks, BDEC demonstrates that PQC-based designs can be practical and domain-adaptable. Nevertheless, its reliance on zkSNARKs introduces setup complexity, and its current instantiation focuses on the education sector, leaving cross-domain applicability as an open area for exploration.
The reviewed systems illustrate a clear progression from basic forgery prevention [9,10] toward advanced privacy and security guarantees [11,12,14]. Selective disclosure is strongest in [12,14], where VCs and ZKPs enable attribute minimization. Interoperability is best supported by Shrivas et al.’s system, explicitly designed for multi-institutional networks. Revocation support is common across systems but varies in efficiency, with Sy et al. [10] and Shrivas et al.’s systems [11] offering more fine-grained controls than Reza et al.’s [9]. Quantum resistance remains the least addressed feature: only Shrivas et al. [11] and Li et al. [14] incorporate PQC, underscoring a critical research gap given the long-term risks of quantum computing. Table 4 summarizes and compares the technical characteristics of blockchain-based IDMSs within the academic credential domain.

6.3. Internet of Things (IoT)

The rapid development of Internet-of-Things (IoT) technology has enabled seamless connectivity across various smart systems, including smart homes, industrial automation, vehicular networks, and smart cities [16,17]. However, IoT devices are often widely distributed, resource-constrained, and lack a unified identity management framework, posing significant challenges for traditional centralized systems such as Public Key Infrastructure (PKI) [15,17,18]. These challenges include complex device authentication, elevated data security risks, insufficient privacy protection, and vulnerability to identity spoofing attacks [15,17,18,20]. In contrast, decentralized IDMSs operate without a central authority, making them well suited for IoT device registration, authentication, access control, and data sharing [15,16,17,18,19,20]. By eliminating centralized identity providers, a decentralized IDMS enables IoT devices to autonomously manage their identities, thereby enhancing overall security, privacy, and system robustness [17,18,20]. The following academic studies review how researchers are integrating blockchain, lightweight cryptography, decentralized storage, and privacy-enhancing techniques to develop efficient, secure, and privacy-preserving IoT identity management solutions.
For wireless sensor networks on the IoT, Ismail et al. [15] introduce a lightweight blockchain-based identity management and security authentication mechanism that tackles authentication and access control challenges in resource-constrained sensor devices. Their hybrid blockchain architecture employs a private blockchain for node authentication within the network and a public blockchain for cross-network identity verification in the IoT cloud, thereby enhancing both security and scalability. The architecture comprises Base Stations for node registration and data aggregation, Cluster Heads for in-network data handling and smart contract–based identity management, and Monitoring Nodes for sensor operations. To prevent identity spoofing, the system utilizes the Elliptic Curve Digital Signature Algorithm (ECDSA) [53] with a hashed ID mechanism. Additionally, a machine learning module is employed to detect various Denial-of-Service attacks and automatically isolate malicious nodes via smart contracts.
To enhance authentication and access security for cloud-hosted IoT devices, Katta et al. [16] developed a blockchain-based distributed identity management system that integrates public and private cloud infrastructure. In that architecture, the private cloud is responsible for authenticating IoT devices and issuing access tokens, while a Network Address Translation plus Virtual Private Network gateway securely connects the private cloud to the public cloud, linking local identity modules with Amazon Web Services’ (AWS) Virtual Private Cloud. Once authenticated, device data streams are sent to AWS for behavioral analysis, storage, and security monitoring. Local IoT device authentication is managed by a private blockchain, whereas cross-domain identity management is supported by a public blockchain, enabling interoperability and transparency. The system is deployed on Ethereum and includes mechanisms for man-in-the-middle (MitM) attack detection, allowing it to automatically isolate compromised devices and issue new credentials.
Traditional public key cryptography (PKC)-based authentication algorithms impose a high computational burden on low-power IoT devices and are often ill suited for such environments, where threats like device spoofing, identity theft, and replay attacks are common. To address these challenges, Mukhandi et al. [17] proposed a consensus-driven lightweight device identity management system based on a private Ethereum blockchain. In that framework, device-specific attributes—such as MAC address, firmware version, and configuration data—are hashed and used with ECDSA to generate a unique, verifiable device identity fingerprint, which is registered on-chain to ensure identity integrity and uniqueness. The system combines decentralized identity management with a lightweight consensus mechanism and stores identity data securely and efficiently using a Merkle tree structure. During authentication, a voting-based consensus model is employed to overcome the limitations of point-to-point verification. If consensus among nodes confirms that the submitted identity matches the stored record, access is granted; otherwise, a security alert is triggered.
Traditional identity and access management systems are designed around human-centric interactions and are ill suited for the autonomous, device-driven communication landscape of the Internet of Things (IoT). To address this gap, Giaretta et al. [18] proposed UniquID, a fully decentralized, blockchain-based identity management system tailored specifically for IoT devices and machine-to-machine (M2M) communication. The system is blockchain-agnostic and can be deployed on any platform that supports Merkle tree structures and smart contracts. Each device autonomously generates a public key, while an Imprinter creates an Imprinting Contract (IC) on-chain to bind the device identity and specify its access control policies (ACLs). This enables verifiable identity and authorization, with support for off-chain authentication between devices. UniquID eliminates the need for traditional PKI, supports offline authentication, and enables autonomous trust relationships between devices, thus presenting a novel paradigm for decentralized identity management on the IoT.
For industrial applications, Vallois et al. [19] proposed a blockchain-based identity and access management (IAM) system designed to support the secure sharing of IoT device identities, permissions, and access control policies across multiple organizations and use-case domains. The system ensures data integrity, traceable authentication, and transparent, verifiable operations. Built on a Hyperledger Fabric private blockchain, the solution combines decentralized device identity registration with smart-contract-driven access control, forming a secure framework for multi-enterprise collaboration. Operating in a consortium blockchain model, each participating organization runs its own IAM controller, responsible for managing identity registration, permission updates, access requests, and revocations. Device identities are registered via encrypted transactions and stored in a shared directory, supporting both Role-Based Access Control (RBAC) [81] and Attribute-Based Access Control (ABAC) [82] models for dynamic and fine-grained permission management. To address scalability, the system incorporates a key–value database and off-chain storage mechanisms.
Tcydenova et al. [20] proposed a decentralized access control framework aimed at eliminating the single point of failure inherent in traditional centralized systems. Designed specifically for IoT environments, the framework integrates decentralized identifiers (DIDs), blockchain, multi-signature smart contracts, and a decentralized oracle network to achieve highly robust identity management for IoT devices. In that architecture, IoT devices are not directly connected to the blockchain; instead, they are managed by oracles, which handle data generation and maintain a unique DID for each device. The decentralized oracle network is collectively responsible for maintaining DIDs, performing authentication, and making access control decisions. The blockchain stores DID documents, access control policies, and multi-signature contracts. The system defines two core smart contracts: the DID Registry Smart Contract (DIDSC), which stores and resolves user/device DID documents, and the Access Control Smart Contract (ACSC), which governs the multi-signature access control verification process. By tightly integrating DIDs, multi-signature contracts, and oracle networks, the framework enables off-chain communication for resource-constrained IoT devices, making it highly suitable for scalable, decentralized identity management in large-scale IoT deployments.
Recent studies extend these efforts to high-demand and edge-oriented IoT environments. Xiong et al. [83] introduced BDIM, a decentralized identity scheme for vehicular ad hoc networks (VANETs) that employs smart contracts for access control and integrates reputation-based trust management. The system achieves millisecond-scale responses (≤250 ms) and low query delays even under high user loads, demonstrating scalability in large-scale IoT. Complementing this perspective, Bai et al. [84] extended decentralized identity management to mobile edge computing (MEC) environments by coupling blockchain with a proactive caching strategy. Their approach optimized cache selection based on node utility while leveraging blockchain for secure and tamper-resistant data management. Simulation results confirmed significant improvements in cache hit rate, latency reduction, and overall system efficiency, illustrating the potential of decentralized IDMSs to support trustworthy and performance-sensitive IoT applications at the network edge.
Table 5 highlights a comparative analysis of the technical features of blockchain-based IDMSs in the IoT domain.

6.4. Energy Trading

As the global energy market shifts toward distributed energy resources and smart grids, energy trading models are evolving rapidly [21,23]. Traditional energy trading systems depend on centralized entities—such as grid operators, government regulators, and third-party platforms—to manage energy distribution and authenticate identities [21,22,23]. However, these centralized approaches suffer from low transaction efficiency, high trust costs, and insufficient user privacy [21,22,23]. In contrast, peer-to-peer (P2P) energy trading and renewable energy markets require a decentralized approach that can support direct transactions [21,22,23]. Decentralized IDMSs offer a secure, efficient, and privacy-preserving alternative by enabling energy producers and consumers to transact without relying on centralized certification authorities [21,22,23]. This model not only reduces identity management costs but also enhances transparency and trust in transactions [21,22,23]. In the following sections, we review decentralized IDMS solutions for energy trading and examine how they integrate blockchain, smart contracts, zero-knowledge proofs [52], and distributed storage to facilitate identity authentication, P2P energy trading, and decentralized market operations.
Cali et al. [21] proposed a local energy market management framework that integrates blockchain with self-sovereign identity (SSI) [34] to enhance security, privacy, and network resilience in decentralized energy trading. Within the system, users can select one or more VCs and present them as a Verifiable Presentation (VP) signed using zero-knowledge proofs (ZKPs) [52], enabling minimal disclosure authentication and preventing the leakage of unnecessary personal information. The architecture adopts a dual-layer blockchain + middleware structure: the SSI platform manages DID documents, VC revocation lists, and issuer public keys; the smart contract platform handles pricing, settlement, and scheduling logic for the energy market; and the middleware module functions as a VC verifier, serving as a bridge between the SSI layer and the smart contracts. The market mechanism is implemented through a pluggable smart contract architecture, where credential verification is required for every energy transaction prior to execution. Contract events are logged using events, with each transaction including a VP hash and timestamp. The system also supports asynchronous pricing for market clearing, enhancing its flexibility and scalability.
To address the challenge of privacy-preserving identity verification in decentralized energy trading, Volkmann et al. [22] introduced a peer-to-peer transaction verification framework based on self-sovereign identity (SSI) [34] and blockchain, grounded in the Trust-over-IP (ToIP) model [85]. The framework maps the four-layer ToIP architecture to the context of P2P energy trading: Layer 1 replaces traditional identities with user-generated DIDs; Layer 2 establishes secure, peer-to-peer encrypted communication channels between DIDs; Layer 3 utilizes standardized VCs to represent identity and authorization attributes; and Layer 4 governs permission policies, such as who can publish DIDs, issue VCs, and verify transactions. The system combines C-based implementations with zero-knowledge proofs (ZKPs) [52] to achieve minimal data disclosure, allowing prosumers to submit only a minimal subset of identity attributes. A standardized VC schema builds a unified market trust framework, ensuring that VCs issued by different institutions are structurally compatible and composable, supporting cross-regional and cross-operator identity interoperability and trusted energy transactions.
Congestion management in low-voltage distribution networks, the security and verifiability of local peer-to-peer (P2P) energy trading, and the effective incentivization and participation of active resources in grid control are critical challenges in energy markets. To address these issues, Kilthau et al. [23] proposed a P2P energy trading and flexibility market management platform that integrates self-sovereign identity (SSI) [34] and blockchain technologies. Built upon the Trust-over-IP (ToIP) architecture, the system utilizes Hyperledger Indy and Aries to enable privacy-preserving identity verification with support for selective disclosure. Identity authentication is carried out via DID resolution and end-to-end encryption, while a smart contract-driven market management engine governs transaction execution. Additionally, the system employs a bottom-up forecasting method to generate individual load predictions for each prosumer agent, and a sensitivity analysis algorithm to assess the relationship between node-level voltage/current variations and adjustment strategies, both of which contribute to effective congestion mitigation in the grid.
Table 6 presents a comparison of the technical aspects of blockchain-based IDMSs designed for energy trading applications.

6.5. Real-World IDMS Platforms

Currently, numerous enterprises are focusing on the development of blockchain-based IDMS solutions. Taking into account factors such as project innovativeness, maturity, and the transparency of their technical design, functionalities, and documentation, this section introduces several widely recognized IDMS platforms that have been deployed in real-world settings, including Kiva Protocol, Blockstack, IDChain, reclaimID, ShoCard, Sovrin, and uPort.
  • Kiva Protocol is an electronic KYC (eKYC) and financial inclusion solution built on decentralized identifiers (DIDs) and VCs [86]. It utilizes a Hyperledger Indy-based distributed ledger network for storing DIDs, associated public keys, credential schemas, and revocation registries [86]. Users can store their DIDs and credentials using the Identity Owner Edge Agent, and third-party financial service providers can employ the Verifier System to conduct rapid identity verification without storing sensitive user information [86]. By incorporating guardianship mechanisms, Kiva Protocol enables individuals who lack digital identity management capabilities to access decentralized identity services [86]. Additionally, it enhances eKYC processes through the use of zero-knowledge proofs (ZKPs) [52], reducing the need for financial institutions to store excessive personal data while expanding the accessibility of identity verification services. Currently, Kiva Protocol has been adopted in areas such as cross-institutional identity sharing and digital credit records, contributing to the development of secure and inclusive financial services.
  • Blockstack offers identity management, data storage, and name resolution services to support decentralized applications without the need for centralized servers [87]. It employs a three-layer architecture, consisting of the Blockchain Layer, Peer Network Layer, and Storage Layer, to achieve secure and scalable decentralized computing [87]. In the Blockchain Layer, Blockstack does not store large quantities of data directly on the blockchain. Instead, it operates Virtualchain, a virtual blockchain running on top of the Bitcoin blockchain, leveraging Bitcoin’s security to record immutable metadata without introducing additional computational overhead [87]. This design also allows for blockchain migration, ensuring flexibility in the long term [87]. The Peer Network Layer utilizes the Atlas Network, a decentralized name resolution and data indexing network, to store and resolve name data, index pointers that reference user data storage locations, and globally distribute Zone Files to ensure data integrity and availability [87]. In the Storage Layer, Blockstack uses Gaia, a decentralized storage system that gives users control over their data by allowing them to select their own storage providers while maintaining a decentralized infrastructure [87].
  • IDChain is a decentralized identity management system that combines blockchain with artificial intelligence (AI) to ensure secure and transparent authentication for individuals, enterprises, and government institutions [88]. It combats identity theft by integrating advanced cryptographic techniques with AI-driven fraud detection [88]. Users undergo a two-factor authentication process to generate a unique decentralized identifier (DID), while a multi-party Trust Network assigns a trust score based on confirmations from various entities [88]. Smart contracts on the Solana blockchain execute all identity verification transactions, and the decentralized IDWallet enables users to selectively disclose identity attributes—using zero-knowledge proofs (ZKPs) [52] to enhance privacy. An AI-powered fraud prevention module further strengthens security by detecting identity forgery and suspicious activities through biometric and geolocation data [88].
  • reclaimID enables users to autonomously create, manage, and share their digital identity data by storing them within a decentralized naming infrastructure and applying attribute-based encryption mechanisms that enforce fine-grained access control [89]. The system performs identity resolution through encrypted namespaces and distributed hash tables, and includes a standards-based authentication service to enable seamless integration with existing applications [89]. Enhanced by non-interactive zero-knowledge proofs [52] for additional privacy, reclaimID eliminates centralized intermediaries and reduces exposure risks [89].
  • ShoCard allows users to retain full control over their digital identities while enabling secure verification processes for various organizations, including enterprises, financial institutions, and the travel industry [90]. Users store their identity data on mobile devices and authenticate through the ShoCard app, which collects and securely hashes official documents and biometric data; only the encrypted hash is recorded on the blockchain to preserve privacy [90]. In the certification phase, third-party entities such as banks and government agencies issue verifiable credentials on-chain, facilitating processes like KYC compliance and credit verification [90]. During authentication, users initiate verification via mechanisms such as QR codes or Bluetooth, while smart contracts manage access control and record transactions for transparency and auditability. Built on a hybrid public–private blockchain model that incorporates sidechains for high-throughput transaction processing, ShoCard ensures both immutability and efficient performance [90].
  • Sovrin, built on Hyperledger Indy, integrates Decentralized Public Key Infrastructure (DPKI) and zero-knowledge proofs (ZKPs) [52] to provide a globally trusted identity service [91]. Sovrin adopts a layered network architecture to ensure efficient and secure identity management [91]. The Sovrin distributed ledger stores decentralized identifiers (DIDs), public keys, credential schemas, and revocation registries, serving as a foundation for identity verification [91]. The Sovrin cloud agents facilitate decentralized identity resolution and credential storage, while the edge layer employs decentralized identity wallets that use end-to-end encryption to protect identity data [91]. When identity verification is required, users can selectively disclose only the necessary information through the Sovrin Wallet and sign transactions securely [91].
  • uPort is a [34] solution built on Ethereum [92]. It employs a set of smart contracts, including the Proxy Contract for acting as the user’s core identifier and forwarding transactions, the Controller Contract for managing access control and enabling controller replacement, the Recovery Quorum Contract for identity recovery, and the Registry Contract for maintaining identity-to-data mappings in a decentralized storage network [92]. User identity data are stored in a decentralized manner on IPFS in the form of JSON Web Tokens (JWTs) [93], while the hash values of these data records are stored on the Ethereum blockchain to ensure data integrity [92]. Additionally, uPort supports selective disclosure, enabling users to share only specific pieces of identity information as needed [92].
Table 7 reviews and compares the technical features of blockchain-based IDMSs that have been implemented in real-world scenarios.

7. Security Analysis of Blockchain-Based IDMSs

Blockchain-based IDMSs are being increasingly adopted across various sectors, offering more reliable and efficient services for digital identity management [41]. However, the accompanying security risks and challenges are equally critical issues that demand attention [41]. Blockchain-based IDMSs introduce new workflows, storage mechanisms, and responsibility structures, all of which may expose unforeseen vulnerabilities that attackers could exploit, thereby threatening the system’s overall security and privacy [94]. In this section, we analyze the key categories of security threats faced by blockchain-based IDMSs and evaluate the effectiveness of existing countermeasures and defense mechanisms reported in the literature.
  • Impersonation Attacks refer to scenarios where an attacker masquerades as a legitimate identity holder, issuer, or verifier to perform unauthorized identity-related actions [94]. Attackers can employ various techniques to launch such attacks, including forging fake VCs or self-claiming false attributes to deceive service providers [94]. In more severe cases, attackers may compromise issuer privileges to illegally issue or revoke VCs [94]. Many existing studies have addressed this threat by implementing strict access control mechanisms and multi-party verification processes [3,4,5,6,7,8,9,10,11,12,15,16,17,18,19,20,21,22,23,51,62,63,65,66,67,68,69,73,75,78,95,96]. For example, Sy et al. [10] utilized a permissioned Hyperledger Fabric network to ensure that only registered and authorized nodes are allowed to create VCs. Similarly, Reza et al. [9] proposed a multi-layered verification process for issuing education-related VCs, where teachers upload grades, academic supervisors perform cross-verification, management servers handle processing, and blockchain consensus nodes execute the final recording to ensure rigorous auditing at every stage.
  • Repudiation Attacks are denial attacks which occur when a user or system component repudiates identity-related actions they have performed, thereby evading responsibility or gaining undue benefits [94]. For example, a user may sign an electronic contract with their identity and immediately deregister that identity from the blockchain, making it impossible for the other party to later verify the identity’s validity. Existing research has demonstrated effective defense mechanisms against denial attacks by employing various signature schemes combined with the traceability features of blockchain technology [3,4,5,6,7,8,9,10,11,12,15,16,17,18,19,20,21,22,23,51,62,63,65,66,67,68,69,73,75,78,95,96]. Ismail et al. [15] proposed an IDMS in which all operations, such as identity registration, authentication, and communication requests, are signed with the sender’s private key to ensure non-repudiation. These signatures, in conjunction with corresponding public keys, enable post-event verification of both the source and content of the action, ensuring non-repudiation [15]. Similarly, Tcydenova et al. [20] introduced a multi-party signing mechanism, requiring multiple entities to co-sign the same access control transaction. Only after reaching a predefined threshold does the blockchain smart contract permit the device to transmit data [20]. Moreover, all authorization actions are immutably recorded on-chain, providing verifiable evidence of every access authorization decision [20].
  • Data Integrity Attacks refer to the unauthorized modification, tampering, or fabrication of identity data [94]. One of the most common forms of this attack involves altering the attribute values within an already issued VC, thereby creating false service eligibility information [94]. Typical examples include modifying educational qualifications, such as changing a high school degree to a Ph.D., or altering age information to bypass restrictions for minors. Existing research has adopted digital signatures and strict access control mechanisms to prevent unauthorized modifications to VCs [3,4,5,6,7,8,9,10,11,12,15,16,17,18,19,20,21,22,23,51,62,63,65,66,67,68,69,73,75,78,95,96]. Kilthau et al. [23] proposed a verification process in which verifiers check the VC’s digital signature and ensure that the issuer information matches, effectively preventing malicious tampering. Srivastava et al. [63] designed a VC issuance process that requires multiple participants to collaboratively generate and manage the signing private key. As a result, modifying VC content would require compromising multiple entities to obtain their respective private key shares; otherwise, forged signatures would fail verification [63].
  • Linkability Attacks happen in the case that users conceal their real identities, but service providers can still link multiple credentials or repeated access activities to the same user across different contexts through repeated credential presentations, leading to what is known as a linkability attack [47]. Specifically, if a user repeatedly uses the same decentralized identifier (DID) across multiple service providers, these providers can aggregate activity records from different contexts to build behavioral profiles, even without knowing the user’s true identity [47]. Moreover, multiple service providers may collude by sharing verification log data, further enhancing cross-domain linkage of user activities. Existing research primarily mitigates this threat by adopting variable identity identifiers to prevent exposure of the same identity across multiple scenarios, often combined with selective disclosure techniques to ensure that different authentication contexts reveal different sets of information [4,6,12,22,23,51,62,63,65,67,68,69,95]. In the approach proposed by Torongo et al. [6], a new DID is dynamically created for each one-to-one communication session, rather than relying on a single global identifier. As a result, even if the same user establishes multiple connections with different service providers, external observers and service providers cannot correlate these interactions based on DID, since each session utilizes a distinct identifier.
  • Quantum Attacks are attacks launched by quantum computers. Since most current blockchain systems rely on pre-quantum cryptography, they remain vulnerable in the face of quantum computing advancements [80]. Shor’s algorithm can efficiently break public key identity systems deployed on blockchains within a reasonable time frame, potentially enabling attackers to forge signatures of universities, students, or verifiers, leading to identity impersonation and fraudulent transactions [80]. Grover’s algorithm significantly accelerates hash collision searches, increasing the risk of undetected block data tampering, such as falsifying educational records or transaction logs [80]. It is anticipated that within the next two decades, quantum computers will reach the capability to break mainstream public key cryptographic algorithms [80]. However, existing research offers limited defense mechanisms against quantum attacks. Shrivas et al. [11] proposed replacing conventional cryptographic algorithms in Hyperledger Fabric with post-quantum cryptographic schemes, such as lattice-based cryptography [80], to enhance resistance against quantum threats.
Table 8 provides a detailed summary of blockchain-based IDMS studies that propose corresponding countermeasures against the five common types of attacks discussed above.

8. Discussion and Future Work

Our comprehensive review of 47 blockchain-based IDMS studies reveals significant implementation patterns and critical research gaps that inform future development priorities. The analysis demonstrates varying maturity levels across core IDMS capabilities. Selective disclosure is proposed by 70% (33/47) of studies, indicating widespread recognition of privacy requirements. Interoperability capabilities are present in 68% (32/47) of systems, reflecting growing emphasis on cross-platform integration. Revocation support shows the highest adoption at 74% (35/47) of studies, suggesting strong maturity in credential lifecycle management. However, quantum resistance remains critically underaddressed, with only 4% (2/47) of studies incorporating post-quantum cryptographic measures. Most critically, only 4% (2/47) of reviewed studies fully implement all four essential properties: selective disclosure, interoperability, revocation support, and quantum resistance. This finding reveals that while individual features are well explored, integrated solutions addressing comprehensive IDMS requirements remain largely absent from current research.
Regarding domain-specific patterns, healthcare applications show strongest emphasis on selective disclosure and revocation (83% and 100%, respectively), reflecting regulatory compliance needs. IoT implementations prioritize interoperability (75%) but largely neglect selective disclosure (12.5%), indicating domain-specific trade-offs. Academic credentialing demonstrates balanced feature adoption but leads in quantum resistance adoption (40%), suggesting forward-looking security considerations in long-term credential systems.
Based on the identified gaps, we propose the following critical research priorities.

8.1. Integrated System

Current research shows that most blockchain-based IDMS implementations support only coarse-grained selective disclosure, typically allowing users to authorize specific functional modules or reveal selected data fields. However, as digital identity applications expand into more domains, higher levels of selective disclosure will be required [34]. Instead of presenting an entire identity card to disclose one’s age, users in future systems could use zero-knowledge proof (ZKP) [52] techniques to perform condition-level disclosures, proving they are over 18 years old without revealing their exact date of birth, address, or gender. Furthermore, the integration challenge extends beyond individual privacy features to encompass comprehensive system design. Our analysis reveals that existing solutions typically excel in isolated capabilities but fail to provide unified architectures addressing all four essential properties simultaneously. Future research must prioritize holistic design methodologies that seamlessly integrate selective disclosure, interoperability, revocation, and quantum resistance within cohesive system frameworks rather than treating these as orthogonal features.

8.2. Standards-Based Interoperability

Interoperability, meanwhile, remains a pressing challenge for blockchain-based IDMSs [34]. The diversity of digital identity types, institutions, technologies, and platforms makes it difficult to ensure seamless, secure, and efficient identity information exchange, recognition, and verification [34]. Most current studies only achieve partial interoperability. The convergence toward W3C standards (DIDs and VCs) across 89% of recent implementations provides a foundation for addressing interoperability challenges, yet significant technical gaps remain. Cross-chain interoperability presents particular technical challenges in maintaining credential integrity and revocation status across distributed systems. Advanced research directions include developing standardized credential mapping protocols that enable automatic translation between different attribute schemas and verification methodologies. Additionally, the goal of one-time identity registration with multi-platform usability requires sophisticated federation mechanisms that preserve user privacy while enabling broad institutional acceptance of credentials issued by diverse authorities.

8.3. Security Countermeasures

Blockchain-based IDMSs are still relatively new technologies, and current research primarily relies on blockchain’s inherent properties—such as immutability and decentralization—for security and privacy protection [37]. However, there remains a significant gap in active defense mechanisms specifically targeting attacks on blockchain-based IDMSs [94]. Future security developments will likely focus on areas such as multi-factor authentication, zero-knowledge proofs, and post-quantum cryptography.
Multi-factor authentication (MFA) requires users to present multiple types of credentials from different categories when logging in or performing critical actions, thereby enhancing security [41]. For example, Saragih et al. [7] integrated cryptographic keys and biometric data, such as fingerprints, to strengthen identity authentication against attacks. Going forward, MFA is expected to evolve from mandatory multi-step processes to intelligent, context-aware authentication, leveraging behavioral patterns, geographic locations, and device fingerprints to enable seamless, user-transparent login experiences.
ZKPs have already been applied in blockchain-based IDMSs to support selective disclosure [52]. In the work by Torongo et al. [6], hospitals send proof requests to patients, who then use ZKPs to demonstrate specific attributes without revealing the full credential content. Looking ahead, ZKP solutions will need faster computation speeds and lower hardware requirements to adapt to various identity verification scenarios. Furthermore, as blockchain-based IDMSs continue to diversify, cross-chain authentication interoperability using ZKPs will become an important research focus.
Post-quantum cryptography (PQC) remains a largely unexplored but crucial frontier for decentralized IDMS security. It is widely predicted that sufficiently powerful quantum computers will emerge within the next two decades, capable of breaking widely deployed public-key cryptosystems [80]. Among the 47 studies reviewed in this paper, only two incorporated quantum-resilient measures: Shrivas et al. [11] adopted lattice-based signatures for VC verification, while Li et al. [14] combined PQC-secure digital signatures with zkSNARK-based efficient revocation. Both demonstrate promising directions but also reveal major challenges—PQC keys and signatures are substantially larger, creating storage and transmission overhead, and advanced proof systems such as zkSNARKs introduce setup complexity and computational cost. This limited adoption indicates a substantial research opportunity. Future work should investigate: (i) algorithm-agile DID methods that can migrate seamlessly from pre-quantum to post-quantum schemes; (ii) lightweight PQC implementations optimized for resource-constrained blockchain nodes, especially in IoT contexts; (iii) hybrid classical–post-quantum trust models that enable gradual adoption; and (iv) cross-platform interoperability between PQC-enabled and legacy IDMSs. Addressing these areas is essential to ensuring the long-term viability and trustworthiness of decentralized identity systems in a post-quantum era.

8.4. Economic and Social Implications

Beyond purely technical considerations, the adoption of blockchain-based IDMSs at scale will be shaped by significant economic and social factors. From an economic perspective, deployment entails substantial investment in infrastructure, system integration, personnel training, and ongoing compliance with evolving regulatory standards. These costs may be prohibitive for small-to-medium enterprises or for public-sector bodies in resource-constrained regions, slowing adoption despite technical feasibility. From a social perspective, decentralized identity solutions shift control over personal data toward individuals, potentially reducing reliance on centralized authorities. While this redistribution of control aligns with self-sovereign identity principles, it also risks excluding populations lacking reliable access to digital infrastructure or sufficient digital literacy. Public trust in both the technology and the governance frameworks underpinning it will be critical for adoption; privacy-preserving features must be transparent, verifiable, and easy to use to encourage participation. Future research should therefore consider not only technical innovations but also sustainable deployment models, equitable access strategies, and governance mechanisms that maintain inclusivity while ensuring security and compliance across jurisdictions.

9. Conclusions

This systematic review provides the first comprehensive analysis of blockchain-based IDMS evolution, encompassing 47 studies across healthcare, education, IoT, energy, and real-world deployment platforms. Our analysis reveals a field in rapid development but with critical integration challenges that must be addressed for widespread adoption. The evidence from both academic research and successful real-world deployments demonstrates the technical viability and growing market acceptance of blockchain-based identity solutions. However, the finding that only 4% of studies achieve comprehensive implementation of all essential properties highlights the urgent need for integrated research approaches. In addition, the systematic gaps identified in this review provide concrete directions for advancing the field toward mature, deployable solutions. Priority research areas include developing integrated architectures that simultaneously address all four core properties, advancing post-quantum migration strategies for long-term security resilience, and creating comprehensive interoperability frameworks that enable seamless cross-platform identity verification.
Nevertheless, this paper has several inherent limitations of literature-based analysis. The systematic review methodology, while comprehensive within the defined scope, relied on published academic literature and documented real-world implementations, potentially missing proprietary solutions or emerging developments not yet published. The technical feature analysis was based on documented capabilities rather than empirical performance testing, which may not fully capture implementation quality or real-world operational challenges. Additionally, the rapid pace of blockchain technology evolution means that some findings may become outdated as new solutions emerge. Furthermore, the review focused primarily on technical aspects, with limited analysis of economic, legal, and social factors that significantly influence real-world adoption patterns. Future empirical research should validate our findings through comprehensive performance benchmarking, user experience studies, and longitudinal analysis of deployment outcomes across different organizational contexts.

Author Contributions

Conceptualization, Z.F. and H.C.; methodology, Z.F. and H.C.; validation, H.C., Z.L. and M.T.W.; formal analysis, Z.F.; resources, Z.F.; writing—original draft preparation, Z.F.; writing—review and editing, Z.L., H.C. and M.T.W.; supervision, H.C. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

All related data are provided in the paper.

Acknowledgments

The authors would like to acknowledge anonymous reviewers for their comments.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Cao, Y.; Yang, L. A survey of Identity Management technology. In Proceedings of the 2010 IEEE International Conference on Information Theory and Information Security, Beijing, China, 17–19 December 2010; pp. 287–293. [Google Scholar] [CrossRef]
  2. Goel, A.; Rahulamathavan, Y. A Comparative Survey of Centralised and Decentralised Identity Management Systems: Analysing Scalability, Security, and Feasibility. Future Internet 2024, 17, 1. [Google Scholar] [CrossRef]
  3. Xiang, X.; Wang, M.; Fan, W. A permissioned blockchain-based identity management and user authentication scheme for e-health systems. IEEE Access 2020, 8, 171771–171783. [Google Scholar] [CrossRef]
  4. Harrell, D.T.; Usman, M.; Hanson, L.; Abdul-Moheeth, M.; Desai, I.; Shriram, J.; de Oliveira, E.; Bautista, J.R.; Meyer, E.T.; Khurshid, A. Technical design and development of a self-sovereign identity management platform for patient-centric health care using blockchain technology. Blockchain Healthc. Today 2022, 5, 10–30953. [Google Scholar]
  5. Javed, I.T.; Alharbi, F.; Bellaj, B.; Margaria, T.; Crespi, N.; Qureshi, K.N. Health-ID: A blockchain-based decentralized identity management for remote healthcare. Healthcare 2021, 9, 712. [Google Scholar] [CrossRef] [PubMed]
  6. Torongo, A.A.; Toorani, M. Blockchain-based Decentralized Identity Management for Healthcare Systems. arXiv 2023, arXiv:2307.16239. [Google Scholar] [CrossRef]
  7. Saragih, T.K.; Tanuwijaya, E.; Wang, G. The Use of Blockchain for Digital Identity Management in Healthcare. In Proceedings of the 2022 10th International Conference on Cyber and IT Service Management (CITSM), Yogyakarta, Indonesia, 20–21 September 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–6. [Google Scholar]
  8. Mikula, T.; Jacobsen, R.H. Identity and access management with blockchain in electronic healthcare records. In Proceedings of the 2018 21st Euromicro Conference on Digital System Design (DSD), Prague, Czech Republic, 29–31 August 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 699–706. [Google Scholar]
  9. Reza, M.S.; Biswas, S.; Alghamdi, A.; Alrizq, M.; Bairagi, A.K.; Masud, M. ACC: Blockchain Based Trusted Management of Academic Credentials. In Proceedings of the 2021 IEEE International Symposium on Smart Electronic Systems (iSES), Jaipur, India, 18–22 December 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 438–443. [Google Scholar]
  10. Sy, M.P.M.; Marasigan, R.I.; Festijo, E.D. EduCredPH: Towards a Permissioned Blockchain Network for Educational Credentials Verification System. In Proceedings of the 2024 12th International Conference on Information and Education Technology (ICIET), Yamaguchi, Japan, 18–20 March 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 434–439. [Google Scholar]
  11. Shrivas, M.K.; Kachhwaha, S.; Bhansali, A.; Singh, S.V. Quantum-resistant university credentials verification system on blockchain. In Proceedings of the 2022 IEEE Nigeria 4th International Conference on Disruptive Technologies for Sustainable Development (NIGERCON), Lagos, Nigeria, 5–7 April 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–6. [Google Scholar]
  12. Lux, Z.A.; Thatmann, D.; Zickau, S.; Beierle, F. Distributed-ledger-based authentication with decentralized identifiers and verifiable credentials. In Proceedings of the 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), Paris, France, 28–30 September 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 71–78. [Google Scholar]
  13. Li, Z.Z.; Wang, H.; Gasevic, D.; Yu, J.; Liu, J.K. Enhancing blockchain adoption through tailored software engineering: An industrial-grounded study in education credentialing. Distrib. Ledger Technol. Res. Pract. 2023, 2, 1–24. [Google Scholar] [CrossRef]
  14. Li, Z.Z.; Zhang, X.; Cui, H.; Zhao, J.; Chen, X. BDEC: Enhancing Learning Credibility via Post-quantum Digital Credentials. In Proceedings of the International Conference on Provable Security, Gold Coast, Australia, 25–27 September 2024; Springer: Berlin/Heidelberg, Germany, 2024; pp. 45–64. [Google Scholar]
  15. Ismail, S.; Dawoud, D.; Reza, H. Towards a lightweight identity management and secure authentication for IoT using blockchain. In Proceedings of the 2022 IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA, 6–9 June 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 077–083. [Google Scholar]
  16. Katta, S.; Alrawashdeh, K.; Adebayo, J.; Tulasi, M.; Dokka, M. Blockchain-Based Distributed Hybrid Cloud Identity Management for Securing IoT Devices in the Cloud. In Proceedings of the NAECON 2023-IEEE National Aerospace and Electronics Conference, Dayton, ON, USA, 28–31 August 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 67–72. [Google Scholar]
  17. Mukhandi, M.; Damião, F.; Granjal, J.; Vilela, J.P. Blockchain-based device identity management with consensus authentication for IoT devices. In Proceedings of the 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 8–11 January 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 433–436. [Google Scholar]
  18. Giaretta, A.; Pepe, S.; Dragoni, N. UniquID: A quest to reconcile identity access management and the IoT. In Proceedings of the Software Technology: Methods and Tools: 51st International Conference, TOOLS 2019, Innopolis, Russia, 15–17 October 2019; Springer: Berlin/Heidelberg, Germany, 2019. Proceedings 51. pp. 237–251. [Google Scholar]
  19. Vallois, V.; Mehaoua, A.; Amziani, M. Blockchain-based identity and access management in industrial IoT systems. In Proceedings of the 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM), Bordeaux, France, 17–21 May 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 623–627. [Google Scholar]
  20. Tcydenova, E.; Seok, B.; Cho, M.; Lee, C. Decentralized Access Control for Internet of Things Using Decentralized Identifiers and Multi-signature Smart Contracts. In Proceedings of the 2022 International Conference on Platform Technology and Service (PlatCon), Jeju, Republic of Korea, 24–26 August 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 66–70. [Google Scholar]
  21. Cali, U.; Dynge, M.F.; Ferdous, M.S.; Halden, U. Improved Resilience of Local Energy Markets using Blockchain Technology and Self-Sovereign Identity. In Proceedings of the 2022 IEEE 1st Global Emerging Technology Blockchain Forum: Blockchain & Beyond (iGETblockchain), Virtual, 7–9 November 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–5. [Google Scholar]
  22. Volkmann, M.; Tripathi, S.S.; Kaven, S.; Frank, C.; Skwarek, V. Privacy in local energy markets: A framework for a self-sovereign identity based P2P-trading authentication system. In Proceedings of the 2023 IEEE 21st International Conference on Industrial Informatics (INDIN), Lemgo, Germany, 17–20 July 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1–7. [Google Scholar]
  23. Kilthau, M.; Asman, M.; Karmann, A.; Suriyamoorthy, G.; Beck, J.P.; Regener, V.; Derksen, C.; Loose, N.; Volkmann, M.; Tripathi, S.; et al. Integrating peer-to-peer energy trading and flexibility market with self-sovereign identity for decentralized energy dispatch and congestion management. IEEE Access 2023, 11, 145395–145420. [Google Scholar] [CrossRef]
  24. Lesavre, L.; Varin, P.; Mell, P.; Davidson, M.; Shook, J. A taxonomic approach to understanding emerging blockchain identity management systems. arXiv 2019, arXiv:1908.00929. [Google Scholar]
  25. Hansen, M.; Berlich, P.; Camenisch, J.; Clauß, S.; Pfitzmann, A.; Waidner, M. Privacy-enhancing identity management. Inf. Secur. Tech. Rep. 2004, 9, 35–44. [Google Scholar] [CrossRef]
  26. Torres, J.; Nogueira, M.; Pujolle, G. A survey on identity management for the future network. IEEE Commun. Surv. Tutors. 2012, 15, 787–802. [Google Scholar] [CrossRef]
  27. Liu, L.; Gao, J. Research on Trusted Federated Identity Management and Its Application. In Proceedings of the 2009 First International Workshop on Education Technology and Computer Science, Wuhan, China, 7–8 March 2009; IEEE: Piscataway, NJ, USA, 2009; Volume 3, pp. 438–442. [Google Scholar]
  28. Jensen, J. Federated identity management challenges. In Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security, Prague, Czech Republic, 20–24 August 2012; IEEE: Piscataway, NJ, USA, 2012; pp. 230–235. [Google Scholar]
  29. Malik, A.A.; Anwar, H.; Shibli, M.A. Federated identity management (FIM): Challenges and opportunities. In Proceedings of the 2015 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, Pakistan, 17–19 December 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 75–82. [Google Scholar]
  30. Bertino, E.; Paci, F.; Shang, N. Keynote 2: Digital Identity Protection—Concepts and Issues. In Proceedings of the 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan, 16–19 March 2009; pp. lxix–lxxviii. [Google Scholar] [CrossRef]
  31. Saraswathi, R.V.; Swathi, M.V.V.; Punwatkar, S.M.; Konduru, S.; Sami, M.A. A Survey on Blockchain-Based Certificate Authentication System: From Traditional to Digital. In Proceedings of the 2024 4th International Conference on Ubiquitous Computing and Intelligent Information Systems (ICUIS), Bali, Indonesia, 9–11 January 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 1417–1422. [Google Scholar]
  32. Yan, Z.; Zhao, X.; Liu, Y.; Luo, X.R. Blockchain-driven decentralized identity management: An interdisciplinary review and research agenda. Inf. Manag. 2024, 61, 104026. [Google Scholar] [CrossRef]
  33. Cui, H.; Whitty, M.; Miyaji, A.; Li, Z. A Blockchain-Based Digital Identity Management System via Decentralized Anonymous Credentials. In Proceedings of the 6th ACM International Symposium on Blockchain and Secure Critical Infrastructure, Hong Kong, China, 27–30 May 2024; pp. 1–11. [Google Scholar]
  34. Gilani, K.; Bertin, E.; Hatin, J.; Crespi, N. A survey on blockchain-based identity management and decentralized privacy for personal data. In Proceedings of the 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), Paris, France, 28–30 September 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 97–101. [Google Scholar]
  35. W3C Working Group; Caceres, M.; Gonzalez-Zuniga, D.; Kruisselbrink, M.; Watson, L.; Smith, M.; Wu, X.; Abed, M.; Agarwal, S.; Agoston, S.; et al. Use Cases and Requirements for Decentralized Identifiers; W3C: Cambridge, MA, USA, 2021. [Google Scholar]
  36. Reed, D.; Sporny, M.; Longley, D.; Allen, C.; Grant, R.; Sabadello, M.; Holt, J. Decentralized identifiers (dids) v1. 0. Draft Community Group Rep. 2020. Available online: https://www.w3.org/TR/did-1.0/ (accessed on 15 June 2025).
  37. Liu, Y.; He, D.; Obaidat, M.S.; Kumar, N.; Khan, M.K.; Choo, K.K.R. Blockchain-based identity management systems: A review. J. Netw. Comput. Appl. 2020, 166, 102731. [Google Scholar] [CrossRef]
  38. Kaneriya, J.; Patel, H. A comparative survey on blockchain based self sovereign identity system. In Proceedings of the 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS), Thoothukudi, India, 3–5 December 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1150–1155. [Google Scholar]
  39. Alamri, B.; Crowley, K.; Richardson, I. Blockchain-based identity management systems in health IoT: A systematic review. IEEE Access 2022, 10, 59612–59629. [Google Scholar] [CrossRef]
  40. Raut, R.; Gourshettiwar, P.; Thakre, G. A Review on the Role of Blockchain Technology for Decentralized Identity Management: A Future Without Passwords. In Proceedings of the 2025 4th International Conference on Sentiment Analysis and Deep Learning (ICSADL), Mumbai, India, 21–23 February 2025; IEEE: Piscataway, NJ, USA, 2025; pp. 453–459. [Google Scholar]
  41. Hariharasudan, V.; Quraishi, S.J. A Review on Blockchain Based Identity Management System. In Proceedings of the 2022 3rd International Conference on Intelligent Engineering and Management (ICIEM), London, UK, 18–20 May 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 735–740. [Google Scholar]
  42. Mishra, V.; Mishra, M.P. PRISMA for review of management literature—Method, merits, and limitations—An academic review. In Advancing Methodologies of Conducting Literature Review in Management Domain; Emerald Publishing Limited: Leeds, UK, 2023; pp. 125–136. [Google Scholar] [CrossRef]
  43. Ghaffari, F.; Gilani, K.; Bertin, E.; Crespi, N. Identity and access management using distributed ledger technology: A survey. Int. J. Netw. Manag. 2022, 32, e2180. [Google Scholar] [CrossRef]
  44. Bernabe, J.B.; Canovas, J.L.; Hernandez-Ramos, J.L.; Moreno, R.T.; Skarmeta, A. Privacy-preserving solutions for blockchain: Review and challenges. IEEE Access 2019, 7, 164908–164940. [Google Scholar] [CrossRef]
  45. Nakamoto, S.; Bitcoin, A. A peer-to-peer electronic cash system. Bitcoin 2008, 4, 15. [Google Scholar]
  46. Lashkari, B.; Musilek, P. A comprehensive review of blockchain consensus mechanisms. IEEE Access 2021, 9, 43620–43652. [Google Scholar] [CrossRef]
  47. Mazzocca, C.; Acar, A.; Uluagac, S.; Montanari, R.; Bellavista, P.; Conti, M. A survey on decentralized identifiers and verifiable credentials. arXiv 2024, arXiv:2402.02455. [Google Scholar] [CrossRef]
  48. Kim, K.H.; Lim, S.; Hwang, D.Y.; Kim, K.H. Analysis on the Privacy of DID Service Properties in the DID Document. In Proceedings of the 2021 International Conference on Information Networking (ICOIN), Jeju Island, Republic of Korea, 13–16 January 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 745–748. [Google Scholar]
  49. Wang, X.; Qiu, W.; Zeng, L.; Wang, H.; Yao, Y.; He, D. A credible transfer method of cross-chain assets based on DID and VC. In Proceedings of the 2021 IEEE 4th International Conference on Information Systems and Computer Aided Education (ICISCAE), Dalian, China, 24–26 September 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 238–242. [Google Scholar]
  50. Aggarwal, S.; Kumar, N. Hyperledger. In Advances in Computers; Elsevier: Amsterdam, The Netherlands, 2021; Volume 121, pp. 323–343. [Google Scholar]
  51. Raipurkar, A.R.; Bobde, S.; Tripahi, A.; Sahu, M. Digital Identity System Using Blockchain-based Self Sovereign Identity & Zero Knowledge Proof. In Proceedings of the 2023 OITS International Conference on Information Technology (OCIT), Raipur, India, 18–20 December 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 611–616. [Google Scholar]
  52. Hasan, J. Overview and applications of zero knowledge proof (ZKP). Int. J. Comput. Sci. Netw. 2019, 8, 2277–5420. [Google Scholar]
  53. Prabu, M.; Shanmugalakshmi, R. A comparative and overview analysis of elliptic curve cryptography over finite fields. In Proceedings of the 2009 International Conference on Information and Multimedia Technology, Jeju Island, Republic of Korea, 16–18 December 2009; IEEE: Piscataway, NJ, USA, 2009; pp. 495–499. [Google Scholar]
  54. Windley, P.J. Digital Identity: Unmasking Identity Management Architecture (IMA); O’Reilly Media, Inc.: Sebastopol, CA, USA, 2005. [Google Scholar]
  55. Koshutanski, H.; Ion, M.; Telesca, L. Distributed Identity Management Model for Digital Ecosystems. In Proceedings of the International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007), Valencia, Spain, 14–20 October 2007; pp. 132–138. [Google Scholar] [CrossRef]
  56. Mühle, A.; Grüner, A.; Gayvoronskaya, T.; Meinel, C. A survey on essential components of a self-sovereign identity. Comput. Sci. Rev. 2018, 30, 80–86. [Google Scholar] [CrossRef]
  57. Howes, T.A. The Lightweight Directory Access Protocol: X. 500 Lite. Technical Report, Center for Information Technology Integration. 1995. Available online: https://deepblue.lib.umich.edu/handle/2027.42/107938?show=full (accessed on 15 June 2025).
  58. Kemp, J.; Aarts, R.; Bone, N.; Castellanos-Zamora, D.; Crom, E.J.M.; Telecom, F.; Kannappan, L.; Lindsay-Stewart, A.; Maeda, K.; DoCoMo, N.; et al. Liberty ID-FF Implementation Guidelines. 2004. Available online: https://docs.oracle.com/cd/E19462-01/819-4674/admba/index.html (accessed on 30 May 2025).
  59. Arias Cabarcos, P.; Almenárez, F.; Gómez Mármol, F.; Marín, A. To federate or not to federate: A reputation-based mechanism to dynamize cooperation in identity management. Wirel. Pers. Commun. 2014, 75, 1769–1786. [Google Scholar] [CrossRef][Green Version]
  60. Aldosary, M.; Alqahtani, N. A survey on federated identity management systems limitation and solutions. Int. J. Netw. Secur. Its Appl. 2021, 13, 43–59. [Google Scholar] [CrossRef]
  61. The Path to Self-Sovereign Identity. 2016. Available online: https://www.lifewithalacrity.com/article/the-path-to-self-soverereign-identity/ (accessed on 10 May 2025).
  62. Song, Z.; Yu, Y. The digital identity management system model based on blockchain. In Proceedings of the 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS), Huzhou, China, 15–17 July 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 131–137. [Google Scholar]
  63. Srivastava, S.; Agarwal, D.; Chaurasia, B. Secure Decentralized Identity Management using Blockchain. In Proceedings of the 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Exeter, UK, 1–3 November 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1355–1360. [Google Scholar]
  64. Chen, R.; Shu, F.; Huang, S.; Huang, L.; Liu, H.; Liu, J.; Lei, K. BIdM: A blockchain-enabled cross-domain identity management system. J. Commun. Inf. Netw. 2021, 6, 44–58. [Google Scholar] [CrossRef]
  65. Kersic, V.; Vidovic, U.; Vrecko, A.; Domajnko, M.; Turkanovic, M. Orchestrating digital wallets for on-and off-chain decentralized identity management. IEEE Access 2023, 11, 78135–78151. [Google Scholar] [CrossRef]
  66. Rede, P.; Iyer, S.; Sharma, S.; Deshmukh, S. Blockchain Based Identity Management System Using Cryptography and Steganography. In Proceedings of the 2023 International Conference on Information Technology (ICIT), Amman, Jordan, 11–12 October 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 173–177. [Google Scholar]
  67. Zecchini, M.; Sober, M.; Schulte, S.; Vitaletti, A. Building a cross-chain identity: A self-sovereign identity-based framework. In Proceedings of the 2023 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), Athens, Greece, 17–20 July 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 149–156. [Google Scholar]
  68. Hao, J.; Gao, J.; Xiang, P.; Zhang, J.; Chen, Z.; Hu, H.; Chen, Z. TDID: Transparent and Efficient Decentralized Identity Management with Blockchain. In Proceedings of the 2023 IEEE International Conference on Systems, Man, and Cybernetics (SMC), Honolulu, HI, USA, 1–4 October 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1752–1759. [Google Scholar]
  69. Srinivas, V.; Jha, A.K.; Ganesh, G.; Nitish, V.; Jadon, S. Decentralized User Identity Management using Blockchain. In Proceedings of the 2023 2nd International Conference on Vision Towards Emerging Trends in Communication and Networking Technologies (ViTECoN), Vellore, India, 4–5 May 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1–6. [Google Scholar]
  70. Peng, Z.; Deng, J.; Gao, S.; Cui, H.; Xiao, B. vDID: Blockchain-Enabled Verifiable Decentralized Identity Management for Web 3.0. In Proceedings of the 2024 IEEE/ACM 32nd International Symposium on Quality of Service (IWQoS), Osaka, Japan, 17–19 June 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 1–2. [Google Scholar]
  71. Yin, J.; Xiao, Y.; Chen, Q.; Lim, Y.; Liu, X.; Pei, Q.; Zhou, J. DP-DID: A Dynamic and Proactive Decentralized Identity System. IEEE Trans. Inf. Forensics Secur. 2025, 20, 4999–5014. [Google Scholar] [CrossRef]
  72. Kim, J.; Choi, M.; Lee, C.; Woo, J.; Hong, J.W.K. Service Applicable Blockchain-based Self-Sovereign Identity Management System. In Proceedings of the 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Dubai, United Arab Emirates, 1–5 May 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1–5. [Google Scholar]
  73. Gilani, K.; Ghaffari, F.; Bertin, E.; Crespi, N. Self-sovereign identity management framework using smart contracts. In Proceedings of the NOMS 2022–2022 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, 25–29 April 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–7. [Google Scholar]
  74. Gupta, S.; Bairwa, A.K.; Kushwaha, S.S.; Joshi, S. Decentralized identity management system using the amalgamation of blockchain technology. In Proceedings of the 2023 3rd International Conference on Intelligent Communication and Computational Techniques (ICCT), Jaipur, India, 1–2 December 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1–6. [Google Scholar]
  75. Bhattacharjee, P.; Prakash, C.; Gairola, S.; Lala, S.S.; Mukherjee, P. DigiBlock: Digital Self-sovereign Identity on Distributed Ledger based on Blockchain. In Proceedings of the 2022 International Conference on Advancements in Smart, Secure and Intelligent Computing (ASSIC), Bhubaneswar, India, 23–24 December 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–7. [Google Scholar]
  76. Terzi, S.; Savvaidis, C.; Sersemis, A.; Votis, K.; Tzovaras, D. Decentralizing identity management and vehicle rights delegation through self-sovereign identities and blockchain. In Proceedings of the 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), Madrid, Spain, 12–16 July 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1217–1223. [Google Scholar]
  77. N’Goran, K.R.; Tetchueng, J.L.; Kermarrec, Y.; Brou, A.P.B.; Asseu, O. Blockchain-based Identity and Access Management in a Community Cloud. In Proceedings of the 2023 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, 21–23 September 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1–6. [Google Scholar]
  78. Thorve, A.; Shirole, M.; Jain, P.; Santhumayor, C.; Sarode, S. Decentralized identity management using blockchain. In Proceedings of the 2022 4th International Conference on Advances in Computing, Communication Control and Networking (ICAC3N), Mumbai, India, 16–17 December 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1985–1991. [Google Scholar]
  79. Sakimura, N.; Bradley, J.; Jones, M.; De Medeiros, B.; Mortimore, C. OpenID Connect Core 1.0 incorporating errata set 1. Openid Found. Specif. 2014, 335. Available online: https://openid.net/specs/openid-connect-core-1_0-errata1.html (accessed on 30 April 2025).
  80. Fernandez-Carames, T.M.; Fraga-Lamas, P. Towards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacks. IEEE Access 2020, 8, 21091–21116. [Google Scholar] [CrossRef]
  81. Franqueira, V.; Wieringa, R. Role-based access control in retrospect. Computer 2012, 45, 81–88. [Google Scholar] [CrossRef]
  82. Hu, V.C.; Kuhn, D.R.; Ferraiolo, D.F.; Voas, J. Attribute-based access control. Computer 2015, 48, 85–88. [Google Scholar] [CrossRef]
  83. Xiong, R.; Ren, W.; Hao, X.; He, J.; Choo, K.K.R. Bdim: A blockchain-based decentralized identity management scheme for large scale internet of things. IEEE Internet Things J. 2023, 10, 22581–22590. [Google Scholar] [CrossRef]
  84. Bai, J.; Zhu, S.; Ji, H. Blockchain based decentralized and proactive caching strategy in mobile edge computing environment. Sensors 2024, 24, 2279. [Google Scholar] [CrossRef] [PubMed]
  85. Davie, M.; Gisolfi, D.; Hardman, D.; Jordan, J.; O’Donnell, D.; Reed, D. The trust over ip stack. IEEE Commun. Stand. Mag. 2019, 3, 46–51. [Google Scholar] [CrossRef]
  86. Kiva Protocol Technical White paper. Technical Report. 2021. Available online: https://assets.ctfassets.net/j0p9a6ql0rn7/3jnqTBAv3MYA0ByuYC8eYr/211c7bd152a397899481b0b3ef99ab6b/Kiva_Protocol_-_Technical_White_Paper_-_June_2021.pdf (accessed on 15 May 2025).
  87. Ali, M.; Shea, R.; Nelson, J.; Freedman, M.J.; Blockstack. Blockstack: A New Internet for Decentralized Applications. Technical Report, 2017. Available online: https://pdos.csail.mit.edu/6.824/papers/blockstack-2017.pdf (accessed on 19 April 2025).
  88. Pecson, L. IDChain: Decentralized Identity Verification on Blockchain. Technical Report, IDChain.com. 2024. Available online: https://idchain.com/IDChain_Whitepaper.pdf (accessed on 15 April 2025).
  89. Schanzenbach, M.; Bramm, G.; Schütte, J. reclaimID: Secure, self-sovereign identities using name systems and attribute-based encryption. In Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 946–957. [Google Scholar]
  90. ShoCard, I. Identity Management Verified Using the Blockchain: Validate Once, Identify Everywhere. ShoCard with ShoCoin Tokens Whitepaper. Technical Report. 2018. Available online: https://coinpaprika.com/storage/cdn/whitepapers/448345.pdf (accessed on 15 May 2025).
  91. Foundation, S. SoVRINTM: A protocol and token for Self-Sovereign Identity and Decentralized Trust. Technical Report, 2018. Available online: https://sovrin.org/library/sovrin-protocol-and-token-white-paper/ (accessed on 24 June 2025).
  92. Lundkvist, C.; Heck, R.; Torstensson, J.; Mitton, Z.; Sena, M. Uport: A Platform for Self-Sovereign Identity. 2017, 128, p. 214. Available online: https://tranzilla.ru/media/uploads/ajax/2707/d355/04f3/1d78/b345/fe9d/e70e/c709/cbb6/a02d/8beb/58bf/7053/22f9/5907/b923/whitepaper.pdf (accessed on 25 June 2025).
  93. Jones, M.; Bradley, J.; Sakimura, N. Rfc 7519: Json Web Token (jwt). 2015. Available online: https://datatracker.ietf.org/doc/html/rfc7519 (accessed on 20 June 2025).
  94. Grüner, A.; Mühle, A.; Lockenvitz, N.; Meinel, C. Analyzing and comparing the security of self-sovereign identity management systems through threat modeling. Int. J. Inf. Secur. 2023, 22, 1231–1248. [Google Scholar] [CrossRef]
  95. Grüner, A.; Mühle, A.; Gayvoronskaya, T.; Meinel, C. A quantifiable trust model for blockchain-based identity management. In Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 30 July–3 August 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 1475–1482. [Google Scholar]
  96. Nehra, V.; Aakarsh, M.; Khanna, H.; Jindal, N. Decentralized Digital Identity Verification System Using Blockchain Technology. In Proceedings of the 2024 4th International Conference on Innovative Practices in Technology and Management (ICIPTM), Greater Noida, India, 7–8 March 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 1–6. [Google Scholar]
Information 16 00778 g001
Figure 1. PRISMA flow diagram for literature selection.
Figure 1. PRISMA flow diagram for literature selection.
Information 16 00778 g001
Information 16 00778 g002
Figure 2. Structure of a blockchain composed of a sequence of interconnected blocks. Each block contains a block header and a block body. The header includes the previous block hash, timestamp, nonce, version, and difficulty, while the body stores a list of transactions. Blocks are linked together via the hash of the previous block.
Figure 2. Structure of a blockchain composed of a sequence of interconnected blocks. Each block contains a block header and a block body. The header includes the previous block hash, timestamp, nonce, version, and difficulty, while the body stores a list of transactions. Blocks are linked together via the hash of the previous block.
Information 16 00778 g002
Information 16 00778 g003
Figure 3. Timeline of key milestones in the evolution of IDMSs. The development progressed from centralized architectures in the 1980s, through the emergence of federated identity solutions in the late 1990s and early 2000s, to the proposal and adoption of SSI models since 2016.
Figure 3. Timeline of key milestones in the evolution of IDMSs. The development progressed from centralized architectures in the 1980s, through the emergence of federated identity solutions in the late 1990s and early 2000s, to the proposal and adoption of SSI models since 2016.
Information 16 00778 g003
Information 16 00778 g004
Figure 4. Architecture of a centralized IDMS, where a user separately interacts with multiple IdPs, each of which handles authentication for its associated SP. Each IdP independently manages user credentials and identity verification.
Figure 4. Architecture of a centralized IDMS, where a user separately interacts with multiple IdPs, each of which handles authentication for its associated SP. Each IdP independently manages user credentials and identity verification.
Information 16 00778 g004
Information 16 00778 g005
Figure 5. Architecture of a federated IDMS, where a user authenticates via one or more trusted IdPs, which assert the user’s identity to multiple associated SPs. Each IdP serves as a central point of authentication for a group of SPs within the same trust domain.
Figure 5. Architecture of a federated IDMS, where a user authenticates via one or more trusted IdPs, which assert the user’s identity to multiple associated SPs. Each IdP serves as a central point of authentication for a group of SPs within the same trust domain.
Information 16 00778 g005
Information 16 00778 g006
Figure 6. Blockchain-based decentralized IDMS architecture, where the user holds and presents credentials issued by an IDP to a verifier. Credential status and public keys are anchored on the blockchain to enable trust without centralized control.
Figure 6. Blockchain-based decentralized IDMS architecture, where the user holds and presents credentials issued by an IDP to a verifier. Credential status and public keys are anchored on the blockchain to enable trust without centralized control.
Information 16 00778 g006
Table 1. List of key abbreviations used in this paper.
Table 1. List of key abbreviations used in this paper.
AbbreviationDefinition
IDMSIdentity management system
DIDMSDecentralized identity management system
SSISelf-sovereign identity
DIDDecentralized identifier (W3C standard)
VCVerifiable credential (W3C standard)
Table 3. Comparative analysis of technical features in general-purpose IDMSs, where ✓ means satisfied, and × not satisfied.
Table 3. Comparative analysis of technical features in general-purpose IDMSs, where ✓ means satisfied, and × not satisfied.
Ref.Selective DisclosureInteroperabilityRevocation SupportQuantum Resistance
PBBIMUA [3]×××
MediLinker [4]×
Health-ID [5]×
BDIMHS [6]×
Saragih et al. [7]×××
Mikula et al. [8]×××
Table 4. Comparative analysis of technical features in academic credential IDMSs, where ✓ means satisfied, and × not satisfied.
Table 4. Comparative analysis of technical features in academic credential IDMSs, where ✓ means satisfied, and × not satisfied.
Ref.Selective DisclosureInteroperabilityRevocation SupportQuantum Resistance
Lux et al. [12]×
Reza et al. [9]×××
EduCredPH [10]×××
Shrivas et al. [11]
BDEC [14]
Table 5. Comparative analysis of technical features in IoT IDMSs, where ✓ means satisfied, and × not satisfied.
Table 5. Comparative analysis of technical features in IoT IDMSs, where ✓ means satisfied, and × not satisfied.
Ref.Selective DisclosureInteroperabilityRevocation SupportQuantum Resistance
Ismail et al. [15]××
Katta et al. [16]××
Mukhandi et al. [17]×××
UniquID [18]×
Vallois et al. [19]××
Tcydenova et al. [20]××
BDIM [83]××
Bai et al. [84]×××
Table 6. Comparative analysis of technical features in energy trading IDMSs, where ✓ means satisfied, and × not satisfied.
Table 6. Comparative analysis of technical features in energy trading IDMSs, where ✓ means satisfied, and × not satisfied.
Ref.Selective DisclosureInteroperabilityRevocation SupportQuantum Resistance
[21]×
[22]×
[23]×
Table 7. Comparative analysis of technical features in real-world IDMSs, where ✓ means satisfied, and × not satisfied.
Table 7. Comparative analysis of technical features in real-world IDMSs, where ✓ means satisfied, and × not satisfied.
Ref.Selective DisclosureInteroperabilityRevocation SupportQuantum Resistance
[86]×
[87]×××
[88]×××
[89]×
[90]××
[91]×
[92]×
Table 8. A comparative summary of blockchain-based IDMS studies mitigating common attacks.
Table 8. A comparative summary of blockchain-based IDMS studies mitigating common attacks.
Threat TypeReferences
Impersonation Attack[3,4,5,6,7,8,9,10,11,12,15,16,17,18,19,20,21,22,23,51,62,63,65,66,67,68,69,73,75,78,95,96]
Repudiation Attack[3,4,5,6,7,8,9,10,11,12,15,16,17,18,19,20,21,22,23,51,62,63,65,66,67,68,69,73,75,78,95,96]
Data Integrity Attack[3,4,5,6,7,8,9,10,11,12,15,16,17,18,19,20,21,22,23,51,62,63,65,66,67,68,69,73,75,78,95,96]
Linkability Attack[4,6,12,22,23,51,62,63,65,67,68,69,95]
Quantum Attack[11,14]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Feng, Z.; Li, Z.; Cui, H.; Whitty, M.T. Identity Management Systems: A Comprehensive Review. Information 2025, 16, 778. https://doi.org/10.3390/info16090778

AMA Style

Feng Z, Li Z, Cui H, Whitty MT. Identity Management Systems: A Comprehensive Review. Information. 2025; 16(9):778. https://doi.org/10.3390/info16090778

Chicago/Turabian Style

Feng, Zhengze, Ziyi Li, Hui Cui, and Monica T. Whitty. 2025. "Identity Management Systems: A Comprehensive Review" Information 16, no. 9: 778. https://doi.org/10.3390/info16090778

APA Style

Feng, Z., Li, Z., Cui, H., & Whitty, M. T. (2025). Identity Management Systems: A Comprehensive Review. Information, 16(9), 778. https://doi.org/10.3390/info16090778

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop