This is the second post on an educational series about Self-Sovereign Identity and Decentralized Identifiers.
In our previous post we discussed why data protection is important and gave a short introduction to the concept of Self-Sovereign Identity and the elements that form it. In order to help you understand in a deeper (but easy) way the different elements we mentioned last time, we have prepared a series of posts. This time we’ll be talking about Decentralized Identifiers (DID).
The existing identity management systems are based on centralized authorities like domain name registries or certificate authorities and each of these centralized authorities serves as its own root of trust. An easy example of this are passports generated by governments and ruled by a system that allows you to use them as identification anywhere you go.
Blockchain provides the opportunity to use a decentralized identity management where entities are free to use any shared root of trust. In this system, entities are identified by decentralized identifiers, or DIDs, and authenticated via proofs (e.g., digital signatures, privacy-preserving biometric protocols, etc.).
So, what’s a DID?
According to the w3c, a Decentralized Identifier, or DID, is “a globally unique identifier that does not require a centralized registration authority because it is registered with distributed ledger technology or other form of decentralized network.”
The need for this kind of global identifiers that do not require a centralized registration authority is not new. In 2016 DID developers agreed with a suggestion from Christopher Allen “that DIDs could be adapted to work with multiple blockchains by following the same basic pattern as the URN (Unified Resource Name) specification”. The difference is that in DIDs the namespace component identifies a DID method and a DID method specification defines the format of the method-specific identifier:
Any entity may have as many DIDs as necessary (and corresponding DID Documents and service endpoints), to respect the entity’s desired to separate identities, personas, and contexts.
DIDs point to DID Documents and these are described by the w3c as a “set of data that describes the subject of a DID, including mechanisms, such as public keys and pseudonymous biometrics, that the DID subject can use to authenticate itself and prove their association with the DID. A DID Document may also contain other attributes or claims describing the subject. These documents are graph-based data structures that are typically expressed using [JSON-LD], but may be expressed using other compatible graph-based data formats.”
What is a DID method?
DID methods are the mechanism by which a DID and its associated DID Document are created, read, updated, and deactivated on a specific distributed ledger or network. In order to enable the full functionality of DIDs and DID Documents on a particular Decentralized Identifier, a DID method specification must define how each of the CRUD operations (create, read, update and deactivate) is performed by a client as detailed as possible.
It’s important to note that DID methods can also be developed for federated or centralized identity management systems. For their part, all types of identifier systems can add support for DIDs, creating an interoperability bridge between the worlds of centralized, federated and decentralized identifiers.
DIDs and DID Documents are the foundation for decentralized identity but they are only the first step in describing their subjects. The rest of the descriptive power comes through collecting and selectively using verifiable claims, which is the subject of our next post. We will continue to create this kind of informative articles to explain, in an easy way, everything related to DIDs and the protection of your identity.
The third post in this series is about Personal Information and Claims. Let us know what you think and what other identity-related topics we should cover.