ENS names are Decentralized Identifiers (DIDs)
Decentralized Identifiers (DIDs) are a new type of unique identifiers that can be controlled solely by the user. With zero transaction costs, users can easily create their own DIDs. They will then be able to prove control over their DID and allow counterparties to find their public encryption key, signature verification key and public services. Those services can be used to interact with the user’s DID.
The DID specification has matured over the last couple of years and is about to become a formal W3C standard. It defines a universal abstract data model representation for identifiers and their verification material (e.g. public keys), relationships and services. The specification is extensible by design which means new types of services, verification materials and other features can be supported. In the core, the specification contains a simple interface to resolve a DID Document from a DID (similar to an Ethereum Account from an ENS name) by anyone who knows the DID of the user. The DID Document will then contain the relevant information to enable use cases such as sign up, sign in, data encryption, secure communication, verifiable authorship and data provenance etc. Since DIDs are URI-compliant, they also make perfect sense for web ontologies.
For the Decentralized Identity (or Self-Sovereign Identity) Community in the Decentralized Identity Foundation (DIF), European Blockchain Services Infrastructure (EBSI), Hyperledger Aries, W3C and OIDC4SSI in OpenID Foundation (OIDF) and many others, DIDs have been a central component and building block for user-centric identity solutions for years.
Other DID-like Identifiers …
However, the Ethereum community is exploring other identifiers like NFTs and Ethereum Name Service (ENS) as identifiers (as a byproduct) with similar goals as DIDs in mind. Both can be created and solely controlled by the user. ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. ENS’s job is to map human-readable names like ’vitalik.eth’ to machine-readable identifiers such as Ethereum addresses and metadata.
A lot of Web3 users have been using ENS names as their identifiers (see Etherscan). Also Twitter is experimenting lately with NFTs and therefore ENS names since they comply with the EIP-721 standard. We can expect more traction in the near future.
ENS names are now DIDs …
DIDs are not a replacement for Ethereum Accounts and ENS. Instead, DIDs can be seen as an abstract representation of those which makes it easier for developers to build applications across different chains and platforms. Many developers in the Decentralized Identity Community are already building a lot of Open Source tooling/products and protocols facilitating trust, privacy, security and data sovereignty, to integrate with the Ethereum ecosystem and vice versa. Some of the Open Source components include decentralized agents (e.g. Veramo), secure communication (i.e. DIDComm Messaging), capabilities-based authorization and delegation frameworks (e.g. ZCaps), login w/ identity wallets (i.e. SIOPv2), user-controlled confidential (e.g. Kepler) or public storage (e.g. Ceramic) and more.
DID-based representations for Ethereum Accounts have been already defined and used. Examples include:
- did:ethr:mainnet:0xb9c5714089478a327f09197987f16f9e5d936e8a
- did:safe:0xff6229bc3655cf0204e850b54397d3651f5198c4_eip155.1
- did:pkh:eth:0xb9c5714089478a327f09197987f16f9e5d936e8a
We have now defined a DID-representation for ENS names such as:
- did:ens:mainnet:vitalik.eth
This has two purposes:
- to wrap existing ENS names as DIDs to facilitate interoperability of emerging technologies in the Decentralized Identity and Ethereum community,
- to define a canonical way to augment ENS names with DID capabilities (e.g., encryption) as mentioned above.
We have already officially registered a DID method specification for did:ens in the W3C DID registry and are now looking for an appropriate home of the specification for further development. We are happy to donate the specification including the ens-did-resolver implementation.
Now, every ENS name can be represented as a DID with no extra steps. The default DID Document will always contain the ENS registry as the public profile service and the current owner of the ENS name as the controller of the DID which already enables use cases such as issuing and proving control of verifiable attestations (i.e. based on W3C Verifiable Credentials) which can be used for sign up and sign in.
Through the ENS registry, standardized TEXT records (as defined in the did:ens specification) can be added to the ENS name to enable more DID-like features, e.g., encryption, delegation, confidential storage, communication etc.
For example, to enable encryption for a did:ens DID, just add the following TEXT records to your ENS name (see did:ens:ropsten:awoie.eth):
You can now use did:ens with Veramo or the did-resolver in your own projects.
Using DIDs as a standard representation for Decentralized Identifiers will increase interop and synergies between different platforms, chains, applications and communities.
Wanna talk about how to use ENS names as DIDs? Join our Discord
