#Decentralized Identifiers (DIDs)

#What are DIDs?

Decentralized Identifiers (DIDs) are a new type of globally unique identifier designed to enable verifiable, self-sovereign digital identity. Unlike traditional identifiers such as email addresses, usernames, or government-issued IDs, DIDs are:

• Decentralized: Not dependent on centralized authorities or registries
• Persistent: Can exist indefinitely without requiring ongoing maintenance from their issuer
• Resolvable: Can be looked up to discover metadata and verification methods
• Cryptographically verifiable: Enable proof of control through authentication

DIDs enable entities (people, organizations, devices, or digital objects) to establish and maintain identifiers under their own control, independent of any central authority or intermediary.

#Why DIDs Matter

In today's digital world, most identifiers we use are controlled by third parties:

• Email providers control your email address
• Social media companies control your username
• Governments control your passport and ID numbers
• Domain registrars control your domain names

This creates several problems:

1. Single point of failure: If the providing service goes down or out of business, your identifier may become unusable
2. Censorship: The providing service can revoke your identifier at their discretion
3. Privacy concerns: Your online activities can be tracked across services using these identifiers
4. Vendor lock-in: Switching providers often means abandoning your established identifier
5. Siloed identity: Your identity is fragmented across different systems with no coherent way to connect them

DIDs solve these problems by giving entities direct control over their digital identifiers without relying on central authorities, while enabling cryptographic verification of identity claims.

#DID Architecture

#DID Syntax

A DID is a simple text string consisting of three parts, separated by colons:

• Scheme: Always "did", identifying the string as a Decentralized Identifier
• Method: Specifies which DID method is used (e.g., "example", "key", "web", "eth")
• Method-Specific Identifier: A unique identifier within the namespace of the specific method

Each DID method defines how DIDs are created, resolved, updated, and deactivated on a specific system (such as a distributed ledger, decentralized file system, or secure database).

#DID Documents

When resolved, a DID points to a DID document, which contains metadata about the DID subject. A DID document typically includes:

• Verification methods: Public keys or other verification material that can be used to authenticate the DID controller
• Authentication mechanisms: Methods that can be used to prove control of the DID
• Service endpoints: References to services associated with the DID subject, such as messaging endpoints, social media profiles, or credential issuance services

Here's a simplified example of a DID document:

{
    "@context": "https://www.w3.org/ns/did/v1",
    "id": "did:example:123456789abcdefghi",
    "authentication": [
        {
            "id": "did:example:123456789abcdefghi#keys-1",
            "type": "Ed25519VerificationKey2020",
            "controller": "did:example:123456789abcdefghi",
            "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
        }
    ],
    "service": [
        {
            "id": "did:example:123456789abcdefghi#vcs",
            "type": "VerifiableCredentialService",
            "serviceEndpoint": "https://example.com/vc/"
        }
    ]
}

#Key Roles

• DID Subject: The entity identified by the DID (person, organization, thing, data model, etc.)
• DID Controller: The entity that has the ability to make changes to a DID document
• Verifier: An entity that receives and verifies credentials or assertions from a DID subject

In many cases, the DID subject and DID controller are the same entity, but they can be different (e.g., a parent managing a child's DID or a company managing DIDs for its devices).

#Benefits of DIDs

#User Control and Autonomy

DIDs give entities direct control over their digital identifiers. You can:

• Create as many DIDs as you need for different contexts
• Update your DID document when necessary (e.g., to rotate keys)
• Decide which services and verification methods to associate with your DID
• Maintain your identifier even if the underlying infrastructure changes

#Enhanced Privacy

DIDs support privacy-preserving identity through:

• Pairwise DIDs: Creating unique DIDs for each relationship to prevent correlation
• Selective disclosure: Revealing only the necessary information in different contexts
• Minimal data in DID documents: Keeping personal information out of public DID documents
• Cryptographic verification: Proving control without revealing private keys

#Security

DIDs enhance security in several ways:

• No central point of failure: Distributed systems behind many DID methods increase resilience
• Cryptographic proof: Strong verification using public-key cryptography
• Key rotation: Mechanisms to update keys if they're compromised
• Self-certification: No need to rely on third-party certificate authorities

#Interoperability

The W3C DID standard creates a common framework that enables:

• Different DID methods to work together
• Different applications and services to accept the same DIDs
• Consistent verification across platforms
• Portable digital identity across systems and networks

#Persistence

Well-designed DIDs can provide persistent identifiers that:

• Don't depend on the continued existence of any particular company
• Can be maintained indefinitely by their controller
• Are resilient to changes in underlying technology
• Can migrate between different systems if necessary

#Relationship to Other Technologies

DIDs work alongside other technologies to form a complete decentralized identity ecosystem:

• Verifiable Credentials: Provide a standard way to express and verify claims about a DID subject
• Decentralized Web Nodes: Enable secure, permissioned data storage associated with DIDs
• Secure Data Vaults: Allow users to store personal data linked to their DIDs
• Trust Registries: Help establish which issuers are trusted for particular types of credentials

#Further Resources

• W3C DID Core Specification