Table of Contents
- 1 Key Takeaways:
- 2 The Rise of Decentralized Identifiers: A Solution to Identity Theft
- 3 Understanding the Connection Between Decentralized Identity and Identifiers
- 4 What Are Decentralized Identifiers (DIDs)?
- 5 How do you use DIDs?
- 6 What Are the Core Properties of Decentralized Identifiers (DIDs)?
- 7 What Is Cryptography? The Foundation of Decentralized Identifiers
- 8 Core Cryptography Principles for DIDs
- 9 Two Main Cryptographic Methods for DIDs
- 10 What Is the Role of the DID Controller in Decentralized Identity?
- 11 What Is a DID Document?
- 12 Components of a DID Document
- 13 DID Resolution: How Decentralized Identifiers Retrieve Information
- 14 What Is a DID Method?
- 15 Types of Decentralized Identifiers (DIDs)
- 16 The Intersection of Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs)
- 17 What Are Digital Identity Wallets?
- 18 What Are Examples of Decentralized Identifers (DIDs)?
- 19 Conclusion
- 20 Identity.com
Key Takeaways:
- Decentralized Identifiers (DIDs) are unique identifiers stored on decentralized databases, enabling secure identification and verification through blockchain technology.
- DIDs are fully controlled by the identity owner, eliminating the need for central authorities or intermediaries. This empowers individuals with full control over their own digital identities.
- Each DID is globally unique, ensuring that it can identify a specific entity (person, organization, thing) across the internet and beyond, without risk of duplication or impersonation.
The ever-evolving digital landscape demands a secure and efficient way for individuals and organizations to manage their online identities. However, traditional identifiers like email addresses and phone numbers rely on third-party issuers who can control and even revoke access. This centralized system creates vulnerabilities and complexities, evident in the growing number of accounts users juggle.
According to a 2019 DMA study, the average user has 2.5 email addresses. This highlights a critical question: Can we move beyond identifiers controlled by third parties and design a solution built for the decentralized Web3 ecosystem? Can users regain control of their digital identities, free from the constraints of service providers?
The answer lies in a new approach: Decentralized Identifiers (DIDs).
The Rise of Decentralized Identifiers: A Solution to Identity Theft
The rise of identity theft, often fueled by compromised emails, underscores the need for better control over personal identifiers. Decentralized identifiers (DIDs), powered by blockchain technology, offer a compelling solution. By distributing control and leveraging encryption, DIDs can significantly reduce the risk of identity theft. Additionally, DIDs are persistent and don’t rely on a central authority, eliminating the potential for single points of failure.
The decentralized nature of Web3 and blockchain technologies makes them ideal for solving the challenges of 21st-century identity management. DIDs and decentralized identity present a promising path forward. Understanding DIDs is essential for unlocking the potential of decentralized identity in Web3.
Understanding the Connection Between Decentralized Identity and Identifiers
While distinct concepts, decentralized identity and decentralized identifiers are intricately linked. Imagine them as two sides of the same coin, working together to empower users with control over their digital identities. An identifier acts as a unique code distinguishing an individual, entity, or item. In contrast, an identity encompasses a collection of evolving attributes and information about an individual.
Consider a child’s journey through life, from schooling to employment and beyond. Their identity expands with each new experience and achievement, such as gaining certifications or credentials. Yet, their identifier—a unique, unchanging reference—anchors their growing identity. This distinction between the consistent identifier and the dynamic identity is crucial for understanding decentralized identity systems, ensuring users maintain sovereignty over their digital selves.
What Are Decentralized Identifiers (DIDs)?
Decentralized Identifiers (DIDs) offer a unique approach to digital identification. Unlike traditional systems, DIDs leverage decentralized databases like blockchains or distributed ledgers. DIDs utilize cryptographic methods, like digital signatures, to ensure the authenticity and integrity of individuals or entities.
What Is Cryptography? The Foundation of Decentralized Identifiers
Cryptography is crucial in the DID ecosystem, ensuring privacy and security for digital identities and transactions in Web3. It uses mathematical algorithms for encryption, turning readable data into unreadable formats to protect it during transmission, and decryption, converting it back for the intended recipient. This process is vital for maintaining the integrity, confidentiality, and authenticity of communications and data associated with decentralized identities and verifiable credentials.
Core Cryptography Principles for DIDs
Four key cryptographic principles underpin DID security:
- Confidentiality: Ensures only authorized parties can access data.
- Integrity: Detects unauthorized data modifications.
- Non-repudiation: Prevents senders from denying they sent a message, linking identities to their actions.
- Authentication: Verifies sender and receiver identities, preventing impersonation.
Together, these standards establish a strong framework that enhances the security of digital interactions.
Two Main Cryptographic Methods for DIDs
There are two main cryptographic methods used with DIDs:
- Symmetric encryption uses a single shared key for both encryption and decryption. While efficient, it requires secure key exchange.
- Asymmetric encryption uses a public-key/private-key pair. Anyone can encrypt with the public key, but only the holder of the private key can decrypt. This is crucial for DIDs, as the public key allows for identity verification, while the private key ensures only the owner can control the DID.
Asymmetric encryption is particularly significant for DIDs. It enables secure management and verification of digital identities without compromising control or privacy. The public key is used for encryption and verification, while the private key, kept by the identity’s owner, controls access and modifications to the DID.
What Is the Role of the DID Controller in Decentralized Identity?
A DID controller acts as the administrator for a decentralized identifier (DID). It can be an individual, organization, or even an abstract entity. During DID creation, the controller specifies its purpose, such as identifying a person or a company. This concept gives users significant control over their digital identities, without needing approval from external authorities. Notably, a DID can have multiple controllers, as defined by the DID method used.
For instance, a parent might create a DID for their newborn child and link it to credentials like birth certificates. Since the child is too young to manage the DID, the parent initially acts as the controller. The other parent could also be added as a controller, showcasing the flexibility of having multiple controllers for a single DID.
DIDs serve as unique resource identifiers (URIs) that connect an entity to a DID document and its controller. The controller plays a crucial role in enabling public verification of the associated identity.
What Is a DID Document?
A DID document plays a crucial role in the DID ecosystem. It contains information about the DID subject, including cryptographic keys used for authentication and establishing connections. While publicly accessible, only authorized controllers can modify the DID document. Therefore, it’s essential to avoid including sensitive information within the document. Instead, it should focus on facilitating verification, authentication, and secure interactions.
DID documents utilize graph-based data structures and can be expressed in various formats, with JSON-LD being the most common. Here’s an example of a JSON-LD DID document representation:
{
“id”: “did:example:123456789abcdefghi”,
“authentication”: [{
“id”: “did:example:123456789abcdefghi#keys-1”,
“type”: “Ed25519VerificationKey2018”,
“controller”: “did:example:123456789abcdefghi”,
“publicKeyBase58”: “H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV”
}]
}
Components of a DID Document
- Public keys and verification methods for authenticating the DID subject during interactions.
- Services associated with the DID subject that can be used for identity verification.
- References to service endpoints, enabling issuers to provide the associated services.
- Additional information like digital signatures, timestamps, past resolved keys, and other cryptographic proofs or metadata related to delegation and authorization.
DID Resolution: How Decentralized Identifiers Retrieve Information
DID resolution is a crucial aspect of decentralized identifiers. It involves retrieving the DID document linked to a specific DID. A DID resolver, which can be software or hardware, takes the DID as input and outputs the corresponding DID document.
Similar to how persistent storage functions with create, read, update, and deactivate operations, DIDs function as persistent identifiers with analogous operations. DID resolution is one such operation, and the specific details can vary depending on the chosen DID method.
What Is a DID Method?
DIDs have a unique structure that distinguishes them from other URIs. Different databases utilize various methods for DIDs, as they are not tied to a single network or database. For example, some DIDs reside on the Bitcoin or Ethereum blockchains. A DID method establishes a framework for resolving a DID within a specific blockchain or distributed ledger. Additionally, it outlines the creation and update process for DID documents.
While all DIDs share core functionalities, the implementation of method schemes can differ. Each DID method defines the processes for creating, updating, resolving, and deactivating the associated DID document. A typical DID method structure follows this pattern:
did:example:123456789abcdefghi.
Here, each highlighted section has a specific meaning:
- did: Scheme identifier
- example: DID Method
- 123456789abcdefghi: DID Method-specific Identifier
According to a W3C publication on July 19th, 2022, there are 103 experimental DID Method specifications and 32 experimental DID Method driver implementations. Here are some examples of DID method structures:
- did:example:123456789abcdefghi
- did: sov:NRfXPgBdantKVUbEJH8pW
- did:btcr:xz35-]zv2-qqs2-owjt
- did:v1:test:nym: 3AEJTOMSxDOQpyUft juoez2Bazp4Bswj1ce7F JGybcuu
- did:ethr:0xE6Fe788d8ca2144080b0f6aC7F48480b2AEfa9a6
- did: jolo: 1fb352353ff51248C5104b407f9c04c3666627fcf 5a167d693c9fC84b75964e2
Types of Decentralized Identifiers (DIDs)
Decentralized Identifiers (DIDs) come in various forms, each designed to cater to specific needs and functionalities within the digital identity ecosystem. Here’s a breakdown of the four primary types of DIDs:
1. Ledger-based DIDs
2. Ledger Middleware (“Layer 2”) DIDs
Building upon the base layer of blockchain technology, these DIDs incorporate an additional storage layer. This layer, which can be a Distributed Hash Table (DHT) or a replicated database system, allows for a more cost-efficient and scalable handling of DIDs. It enables the creation and management of a vast number of DIDs with minimal blockchain transactions. This makes this type faster, more economical, and efficient.
3. Peer DIDs
Specifically designed for privacy and security within closed or specific participant groups, Peer DIDs are only resolvable within these networks. They utilize agent protocols to enable secure exchanges and maintenance, providing the essential functionalities of DIDs while prioritizing user privacy.
4. Static DIDs
These are the most basic form of DIDs, supporting fundamental operations like creation and resolution but not updates or deactivation. Essentially, they are static public keys formatted as DIDs, offering a straightforward yet limited approach to digital identification.
The Intersection of Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs)
Imagine controlling your online identity and effortlessly sharing credentials with anyone, securely and reliably. Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) make this a reality.
DIDs provide a unique and secure way for individuals and entities to control their identities online, while VCs offer a tamper-proof format for issuing and storing credentials.
What Are Digital Identity Wallets?
Digital identity wallets are applications enabling individuals and entities to securely manage their digital identities and verifiable credentials. These wallets are central to the management of digital interactions, offering functionalities that enhance security, privacy, and operational efficiency. Here’s what they do:
- Manage Identifiers and Cryptographic Keys: Digital identity wallets handle identifiers and the cryptographic keys associated with them. This primary function is similar to that of password managers like LastPass, Dashlane, NirdPass, Zoho Vault, and Google Password Manager.
- Manage Public Keys and Ledger Information: These wallets also manage public keys and other information published to the distributed ledger. This enables a network module, allowing people, organizations, services, and devices on the same ledger to interact and transact with each other.
- Exchange Credentials: The most crucial aspect is their ability to exchange credentials between the holder, issuer, and verifier. This represents the pinnacle of decentralized identities and the utility of digital wallets. It facilitates trusted identity-enabled transactions between individuals and entities while preserving privacy.
What Are Examples of Decentralized Identifers (DIDs)?
Here are some real-world scenarios where DIDs might be used:
- Applying for a job: Instead of submitting physical documents, you could share VCs for your education and work experience linked to your DID. The employer can verify these credentials directly, streamlining the process.
- Accessing age-gated content: Age verification could be done through VCs linked to your DID, eliminating the need for multiple website registrations or age checks.
- Traveling across borders: DIDs could potentially replace traditional passports, allowing for secure and efficient identity verification at border checkpoints.
Conclusion
In today’s digital world, all forms of communication, transactions, and social interactions take place online. Consequently, re-evaluating how people and organizations are identified becomes crucial. Decentralized Identifiers (DIDs) emerge as a solution to address several issues. These include identity theft, forgery of credentials, and the need to move away from centralized databases.
DIDs are not a standalone solution, but rather a critical component of a larger ecosystem. It serves as a solid foundation for a skyscraper of innovations that will transform the identity, credentials, and web ecosystems. Moreover, this development will have an impact beyond these ecosystems. It relies on blockchain and decentralized ledger technologies (DLT), which various industries are increasingly adopting.
The continuous growth of blockchain technology and its applications is a testament to the potential of DID and what it could offer in the future. We welcome you to the decentralized world and encourage you to explore the endless opportunities that await.
Identity.com
Verifying a user’s identity and the authenticity of their credentials has become increasingly important in the 21st century. The decentralized ecosystem framework, on which DIDs are based, enables this possibility and empowers users to manage their identities. It is impressive to see Identity.com contributing to this desired future as a member of the World Wide Web Consortium (W3C), the standards body for the World Wide Web.
The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please refer to our FAQs page for more info about Identity.com and how we can help you with identity verification and general KYC processes.