Inferensys

Glossary

Self-Issued OpenID Provider V2 (SIOPv2)

An OpenID Connect extension that allows an end-user to act as their own identity provider, using a Decentralized Identifier (DID) to authenticate directly with a relying party without an intermediary.
Strategy consultant facilitating AI use case discovery workshop, sticky notes on glass wall, casual corporate meeting.
DECENTRALIZED AUTHENTICATION PROTOCOL

What is Self-Issued OpenID Provider V2 (SIOPv2)?

An OpenID Connect extension enabling end-users to act as their own identity provider using Decentralized Identifiers for direct authentication with relying parties.

Self-Issued OpenID Provider V2 (SIOPv2) is an OpenID Connect extension that enables an end-user to function as their own identity provider, authenticating directly with a relying party using a Decentralized Identifier (DID) instead of a centralized third-party service. It establishes a cryptographically verifiable peer-to-peer authentication channel where the user controls both the identifier and the associated private keys, eliminating intermediary token issuers.

The protocol leverages DIDComm or standard OAuth 2.0 flows to transmit a self-signed ID token containing the user's DID and verifiable claims. Unlike traditional federated login, SIOPv2 binds the authentication event to a DID Document resolved from a verifiable data registry, ensuring the relying party can independently validate the user's cryptographic proof of control without trusting an external provider's assertion.

SELF-ISSUED IDENTITY

Key Features of SIOPv2

Self-Issued OpenID Provider V2 (SIOPv2) extends OpenID Connect to enable users to act as their own identity provider using Decentralized Identifiers (DIDs). This eliminates reliance on centralized identity providers, establishing a direct cryptographic handshake between the user's wallet and the relying party.

SIOPV2 EXPLAINED

Frequently Asked Questions

Clear, technical answers to the most common questions about the Self-Issued OpenID Provider V2 protocol and its role in sovereign identity.

Self-Issued OpenID Provider V2 (SIOPv2) is an OpenID Connect extension that enables an end-user to act as their own identity provider by authenticating directly with a relying party using a Decentralized Identifier (DID) . It eliminates the need for a centralized third-party identity provider. The protocol works by having the user's wallet generate a self-signed ID Token or present a Verifiable Presentation in response to an authentication request. The relying party discovers the user's cryptographic keys by resolving the user's DID to a DID Document, then uses those keys to verify the signature on the response. This cryptographically binds the authentication event to the user's controlled identifier without requiring the user to register with an external authority.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.