Decentralized identifiers (DIDs) are a type of globally unique
identifier
An identifier is a name that identifies (that is, labels the identity of) either a unique object or a unique ''class'' of objects, where the "object" or class may be an idea, physical countable object (or class thereof), or physical noncountable ...
that enables an
entity
An entity is something that exists as itself, as a subject or as an object, actually or potentially, concretely or abstractly, physically or not. It need not be of material existence. In particular, abstractions and legal fictions are usually ...
to be identified in a manner that is
verifiable
Verify or verification may refer to:
General
* Verification and validation, in engineering or quality management systems, is the act of reviewing, inspecting or testing, in order to establish and document that a product, service or system meets ...
, persistent (as long as the DID controller desires), and does not require the use of a centralized
registry Registry may refer to:
Computing
* Container registry, an operating-system-level virtualization registry
* Domain name registry, a database of top-level internet domain names
* Local Internet registry
* Metadata registry, information system for re ...
.
DIDs enable a new model of decentralized
digital identity
A digital identity is information used by computer systems to represent an external agent – a person, organization, application, or device. Digital identities allow access to services provided with computers to be automated and make it possibl ...
that is often referred to as
self-sovereign identity
Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. Without SSI, individuals with persistent ...
or
decentralized identity.
They are an important component of
decentralized web
The decentralized web is research program which proposes to reorganize the Internet using peer-to-peer infrastructure rather than centralized data hosting services. Interest in the decentralized web arose due to the lack of trust in network maint ...
applications.
DID documents
A decentralized identifier resolves (points) to a DID document, a set of data describing the DID subject, including mechanisms, such as cryptographic public keys, that the DID subject or a DID delegate can use to authenticate itself and prove its association with the DID.
DID methods
Just as there are many different types of
URIs, all of which conform to the URI standard, there are many different types of DID methods, all of which must conform to the DID standard.
Each DID method specification must define:
* The name of the DID method (which must appear between the first and second colon, e.g., did:example:).
* The structure of the unique identifier that must follow the second colon.
* The technical specifications for how a DID resolver can apply the
CRUD
In computer programming, create, read, update, and delete (CRUD) are the four basic operations of persistent storage. CRUD is also sometimes used to describe user interface conventions that facilitate viewing, searching, and changing information u ...
operations to create, read, update, and deactivate a DID document using that method.
The W3C DID Working Group maintains a registry of DID methods.
Usage of DIDs
A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies. DIDs are designed to enable the controller of a DID to prove control over it and to be implemented independently of any centralized registry,
identity provider
An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. ...
, or
certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...
. DIDs are
URIs that associate a DID subject with a DID document. Each DID document can express cryptographic material, verification methods, and service endpoints to enable trusted interactions associated with the DID subject. A DID document might contain additional semantics about the subject that it identifies. A DID document might also contain the DID subject itself (e.g. a
ata model.
Standardization efforts
The W3C DID Working Group
developed a specification for decentralized identifiers to standardize the core architecture, data model, and representation of DIDs.
The W3C approved the DID 1.0 specification as a W3C Recommendation on July 19, 2022.
See also
*
Self-sovereign identity
Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. Without SSI, individuals with persistent ...
External links
* https://identity.foundation/
* https://trustoverip.org/
* https://www.hyperledger.org/use/hyperledger-indy
* https://www.hyperledger.org/use/hyperledger-aries
* https://sovrin.org/
The 10 principles of Self Sovereign Identity* https://irma.app/
References
Authentication protocols
Authentication methods
Identity management
Digital technology
Federated identity
Computer access control
Decentralization
{{Comp-sci-stub