Digital Identities: Understanding Key Concepts and Management Systems

In today’s interconnected world, digital identity forms the backbone of our online interactions—shaping everything from e-commerce and administrative procedures to the protection of personal data.  It encompasses not only how individuals, organizations, and objects are identified online but also how these identities are managed and secured.

1. From “Physical” Identity to Digital Identities

Identity consists of a unique set of characteristics—such as name, address, contact information, or identification numbers like SIRET (System of Identification of the Register of Establishments) and GTIN (Global Trade Identification Number)—that distinguish a person, organization, or object.

As our lives become increasingly digital, these real-world identities are translated into the virtual sphere in two primary ways:

• directly, through identifiers we willingly share with online services,
• or indirectly, via the traces we leave behind as we browse, buy, and interact.

These elements form what is called digital identity.

To define it, several complementary approaches are used:

• The footprints and traces left online: This includes, among other things, data generated by internet searches, online purchases, and interactions on social networks, which, when cross-referenced, can identify an individual, their habits, and preferences… The use of this information is regulated in Europe by the “ePrivacy” directive.
• The sovereign perspective: This approach focuses on the issuance of certified digital documents by recognized authorities, such as identity cards, permits, registration certificates, K-bis… These documents serve as references for establishing the identity of an individual or organization.
• Other information related to service providers: Each provider with whom an individual interacts tends to build a profile containing identifiers and personal data. This information is often replicated with each new service subscription. Its actual use beyond the initial service is generally opaque, with possible monetization without the person’s knowledge. In Europe, the General Data Protection Regulation (GDPR) governs these practices.

According to current regulations within the EU (GDPR, Data Act), companies must be transparent about how they collect, use, store, and share this information. This transparency is crucial for building trust with users.

2. The Different Digital Identity Management Systems

Organizations typically manage digital identities through three main models: centralized, federated, and decentralized systems. Each model brings its own strengths and weaknesses, shaping both user experience, data security and their adoption.

Centralized Identity Management

A single entity, such as a company or organization, collects and manages all user identity data. This approach simplifies data management, as all information is stored in one place. However, it poses high security and privacy risks in case of a breach.

For example, when you log into your Ameli health insurance account with your social security number and password or access your Orange Business customer portal using your credentials, you are relying on a centralized identity system.

Federated Identity Management

This involves single sign-on (SSO) and/or federated identity management. The authentication responsibility is centralized within the organization and allows users to access multiple services/applications with the same credentials within the same organization (SSO) or beyond the organization in a trust-based relationship established between the organization, its partners, and the user (Federated Identity). This approach improves user experience by reducing friction, but in case of a breach, all applications and sites become vulnerable.

Examples: Accessing a website/application using your “Gmail” or “Facebook” account; Accessing an application using your “Microsoft” account.

Decentralized or Self-Sovereign Identity (SSI)

This approach allows users to control their own identity data without relying on a central authority. It offers greater security and privacy, as users can autonomously and selectively choose which attributes to share and with whom, without these being held by a specific service.

Examples: Passwordless access to online accounts; Access to data spaces (TEMS, etc.); Future European digital identity wallets.

With this understanding of digital identities and the systems that manage them, it is essential for organizations to choose the approach or approaches that best suit their needs and those of their users.

3. A Summary of the Advantages and Disadvantages of the Different Approaches

	Advantages	Disadvantages
Centralized Identity	– Simplified data management – Facilitates regulatory compliance – Easier integration with other systems and generally lower maintenance costs – Quick access to data for users – Centralized security updates	Vulnerabilities linked to a single point; high risks of data breaches in case of compromise – Need to strengthen the model with strong authentication solutions – Lack of control for the end-user and multiple access points
Federated Identity	– User experience: simplified access to multiple services, reducing the number of credentials – Improved security through single sign-on (SSO) – Reduced online customer acquisition costs	– Dependence on a provider; risks related to trust in the provider – Vulnerability of a set of applications/sites in case of breach; target for attacks and data theft (single entry point) – Broader data collection with the federated identity approach
Decentralized Identity	– Full control of data by the user, reducing identity theft risk – Reduced fraud risk – Increased privacy and transparency – Integrity of exchanges – New use cases supported by European regulation (EUDI Wallet)	– Requires advanced technical infrastructure – Still an emerging approach with limited deployment and challenges in creating trusted ecosystems

4. Focus on Decentralized Identity

Decentralized identity, although still emerging, offers promising prospects for a more secure and privacy-respecting digital future.

It guarantees the integrity of exchanged attributes (Verifiable Credentials), transparency of exchanges, and security.

With this approach, user journeys for B2C and/or B2B, online or offline, can be simplified. For example, decentralized identity can address various use cases such as:

Agriculture: Facilitating the collection of agricultural data consent, simplifying exchanges between sector actors (KYS, KYC, phytosanitary records, dataspace…).

E-commerce: Simplifying access (removing identifiers, frictionless and secure experience), enhancing user trust (privacy protection, reducing data theft risks), verifying identity for secure transactions.

Compliance: Simplifying KYC processes, reducing costs, combating identity theft, ensuring document integrity (e.g., IBAN), facilitating online product subscriptions.

Several European projects have been launched to test the EU digital identity wallet, ensure its safe and seamless deployment, and work on use cases (e.g., Potential, We Build consortium…).

Recent developments also show that an articulation between centralized identity managed by the state (e.g., SIRET/SIREN, personal identity) and decentralized corporate digital identity can streamline data exchanges (e.g., data associated with a contract, certificates…) and reduce re-entry. There is thus a strong link between decentralized identity and data exchange services.

Conclusion

As digital identity evolves at breakneck speed, its impact on individuals and organizations grows ever more significant. By combining the strengths of centralized, federated, and decentralized models, we can foster a digital environment that is both secure and user-friendly—one that truly earns our trust.

Ultimately, understanding and choosing the right approach to digital identity is essential for navigating the digital age with confidence.