What are DIDs and what are they for?
We want to talk about DIDs, their advantages and who can benefit from them.
Let's start with the basics. Most systems we currently use have a component able to identify me, which is basically a container that has an identity of my person stored. An example would be social networks: I have an account on Facebook, on Instagram or here on Medium. These are three different identities of my person.
This number of identities can grow steadily when I want to use more services, in which I have to authenticate me. As a result, we have many “siloed” identity containers stored by many services.
The first step to get rid of these countless “siloed” identities is the widely known “login with XYZ” button, which came up for many services. This was the initial step of providing my “identity” to other services: we simply use an existing identity on a given system and hand it over to a new service. As result, I have, in the best case, only one identity on a “siloed” system and can provide it to other services. This is the so called “Federated Identity Provider”, with some protocol examples such as SAML or Oauth 2.0.
With the success of the distributed ledger technologies, the so called “Self Sovereign Identity” came up. As the name says, the user itself is with this identity in full control of the data associated to his identity and is thereby also not dependent on a centralized system. Now, the user is able to give his so called “Decentralized Identity” to external systems to prove that this identity belongs to him.
If you want to access different identities, an overview of them is needed. But how can this be achieved without a single entry point. from which I can start? As a solution, with the distributed ledger technologies, we have a decentralized discovery service for identities making my identity “decentralized”.
Decentralized is good so far. But I also could have multiple decentralized identities on different distributed ledger technologies. Every distributed ledger could have its own implementation of an identity representation. At this point, the W3C identified the problem and created a specification of a “Decentralized Identity”. With this spec, all ledger technologies can adapt and implement the given format, enabling a possible distribution of identities between different technologies.
You can find the specification from the W3C here.
At evan.network, we provide DIDs for your created identities, which then can be used to exchange them to several systems.
But how do they look like and how are they built?
A DID is basically a JSON representation of your identity, which looks like this:
{
'@context': 'https://w3id.org/did/v1',
id: 'did:evan:0xb9c5714089478a327f09197987f16f9e5d936e8a',
publicKey: [{
id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner',
type: 'Secp256k1VerificationKey2018',
owner: 'did:evan:0xb9c5714089478a327f09197987f16f9e5d936e8a',
ethereumAddress: '0xb9c5714089478a327f09197987f16f9e5d936e8a'}],
authentication: [{
type: 'Secp256k1SignatureAuthentication2018',
publicKey: 'did:evan:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner'}]
}As you can see, the DID has an id-field which is a reference to my unique identity on evan.network. The public key part contains all public keys to accounts, which are the “owner” of this identity in the DID document. And because this identity is actually my identity, also my public key is listed there.
But what makes this JSON document decentralized?
This is the “id” of the document. It defines a scheme where this identity is located. The different parts are separated by a “:” within the id.
- The first part defines that this document is a “did”.
- The second part is the “method” where the identity is located.
- The last part is then the method-specific identity.
To map these parts to our example id:
did:evan:0xb9c5714089478a327f09197987f16f9e5d936e8aIt defines that this DID is located on “evan”, with the id “0xb9c5714089478a327f09197987f16f9e5d936e8a” representing my identity on evan. With this markup, you can directly find and access my identity.
Now I have this JSON document, which represents my identity, and can share it to partners or services that need to identify me. The “decentralized” aspect is that it is not located on a siloed system. Instead, it is stored on a distributed ledger (like evan.network), while there is full control on who receives access to the identity through the DID document.
