Future-Ready with Decentralized Identity Support

Prepare your IAM infrastructure for the next era of digital trust—supporting Self-Sovereign Identity (SSI), DIDs, and Verifiable Credentials (VCs).

SSI, OID4VC, and Blockchain-Based Identity Support

Why It Matters

Digital identity is evolving from centralized platforms to user-controlled, cryptographically verifiable models. Standards like DID (Decentralized Identifiers) and OID4VC (OpenID for Verifiable Credentials) are reshaping how identity is exchanged and verified.

Keymate's future roadmap includes: This prepares public sector, finance, and cross-border apps for decentralized, privacy-first identity.

Key Components:

DID resolution and verification support

Verifiable Credential (VC) issuance and validation

Integration with OID4VC and SSI-compatible wallets

Selective disclosure & ZKP (zero-knowledge proof) readiness

Federated trust anchors beyond traditional SAML/OIDC

From Wallet to Auth—The Verifiable Credential Flow

User receives Verifiable Credential (VC) from trusted issuer. Stores it in a decentralized wallet. At login or transaction, presents VC to Keymate. Keymate verifies signature and issuer trust chain. Uses attributes in VC to enrich token and enforce policy.

Verifiable Credential Flow

Use Cases:

Key Components:

SSI login flows for citizens, students, and customers

Cross-border identity trust with selective disclosure

Privacy-preserving KYC / credential verification

Government-to-government federated identity

Integration Highlights

DID Resolution Support

Resolve & validate decentralized identifiers

Verifiable Credential Validation

Accept VCs during login or transaction steps

OID4VC Compatibility

Align with OpenID Foundation's decentralized identity protocols

Privacy via Selective Disclosure

Support minimal disclosure with zero-knowledge proofs (planned)

Trusted Issuer Registry

Only accept credentials from approved and audited issuers

Keymate + Keycloak Federation

Enable hybrid auth (OIDC + VC-based) via flexible authenticators

Frequently Asked Questions

This is currently part of our 2025 roadmap. Early PoC integrations are underway.

Our target is DIDComm-compatible wallets (e.g., Trinsic, EBSI Wallet, etc.).

Yes. VC-based and OIDC-based flows can coexist or fallback to each other.

Issuer whitelists, blockchain trust registries, and DID resolution mechanisms will be configurable.

How to Prepare for This Integration

Follow these steps to prepare:

Identify use cases for decentralized identity (e.g., cross-border ID)

Plan schema and credential formats aligned with W3C VC spec

Explore pilot issuers and wallet vendors

Monitor Keymate's roadmap for preview releases and PoCs

Engage with DID/OID4VC community for interoperability best practices

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.