A Beginners Guide to Decentralized Identifiers (DIDs)

Published in

Veramo

6 min readJul 27, 2022

This article is used to document my learnings on DIDs — and also to help other beginners or interested parties, understand DIDs. And if you do have feedback on this article, or would like to chat, I’d appreciate the opportunity to.

Introduction

Even if you’re new to the world of blockchain, you would have heard about decentralization and how it’s mostly at the core of blockchain technology.

While you may be familiar with decentralization, Decentralized Identity is an emerging concept, in which control is given to consumers through the use of an identity wallet, through which they collect verified information about themselves from certified issuers.

In this article, we’ll be looking at DIDs — what they are, DID documents, Verifiable data, and how they work.

I’d also try to explain why we use DIDs, and what problems they propose to solve.

The problem

Our identities have become intricately entwined with the online realm. From social media profiles to financial transactions, our digital footprints have grown exponentially, raising concerns about privacy, security, and control over personal information. Traditional identity systems, which have long served as the bedrock of online interactions, are increasingly revealing their limitations and inadequacies in safeguarding our sensitive data. The need for a more secure, transparent, and user-centric approach has given rise to decentralized identity, a promising solution that empowers individuals with ownership and control over their own identities.

The Pitfalls of Traditional Identity Systems:

Traditional identity systems suffer from several significant drawbacks, which have become increasingly evident in our digitally connected world.

Centralized Storage: Traditional identity systems often rely on centralized authorities, such as governments, corporations, or other third parties, to act as gatekeepers of personal information. These centralized entities maintain vast databases of sensitive data, leaving individuals vulnerable to data breaches and unauthorized access. A single point of failure within these systems can result in widespread identity theft, fraud, and abuse.

Privacy Concerns: With traditional identity systems, individuals typically relinquish control of their personal information to third-party organizations. This lack of control raises significant privacy concerns, as these entities may collect, aggregate, and sell personal data without consent or knowledge. The resulting lack of transparency and accountability leaves individuals exposed to unwarranted surveillance, profiling, and misuse of their information.

Identity Fragmentation: In the digital realm, individuals are often required to create multiple accounts and identities across various platforms, services, and applications. This fragmented approach to identity management leads to siloed data and a lack of interoperability between different systems. Users are burdened with remembering numerous login credentials and often face challenges in proving their identity across different contexts. This problem of multiple passwords and identities adds complexity and inconvenience to our online lives.

Lack of User Control: Traditional identity systems grant limited agency to individuals in managing their own identities. Users are typically dependent on intermediaries to authenticate and authorize their identity, resulting in a lack of control and ownership over their personal information. For example, in identity verification processes, individuals often rely on the banking system or educational institutions to vouch for their identity, which can be cumbersome and time-consuming.

Scene from the Money Heist movie “that’s where you come in”

Decentralized identity (DID) systems aim to overcome the flaws of traditional identity models by leveraging the power of blockchain technology, cryptography, and decentralized networks. In contrast to the centralized approach, DID empowers individuals to take control of their digital identities, enabling them to manage, authenticate, and selectively disclose their personal information.

What is a DID?

First, let's define Identity.

Identity is the fact of being who or what a person or thing is defined by unique characteristics.

An identifier on the other hand is a piece of information that points to a particular identity. It could be name, date of birth, address, email address etc.

A decentralized identifier is an address on the internet that someone referred to as Subject, which could be you, a company, a device, a data model, thing, can own and direct control. It can be used to find a DID document connected to it, which provides extra information for verifying the signatures of that subject. The subject (which may be you) can update or remove the information on the DID document directly.

For instance, if you’re on Twitter, you likely own a username, take a DID as your username on Twitter. However, in the case of a DID, the username is randomly generated. Through your username, one can find other information about you (DID document) and you can make changes to this information over time.

Each DID has a prefix that it references, called DID Method. This prefix makes it easy to identify its origin or where to use it for fetching DID documents. For instance, a DID from the Sovrin network begins with did:sov while one from Ethereum begins with did:ethr. You can find the full list of registered DID prefixes here.

Let’s briefly look at some of the concepts you’ll likely come across when learning about DIDs.

DID Document

In a nutshell, a DID document is a set of data that describes a Decentralized Identifier. According to JSPWiki, A DID Document is a set of data that describes a Decentralized Identifier, including mechanisms, such as Public Keys and pseudonymous biometrics, that an entity can use to authenticate itself as the W3C Decentralized Identifiers. A DID Document may also contain other attributes or claims describing the entity

DID Method

According to W3C, a DID method is defined by a DID method specification, which specifies the precise operations by which DIDs and DID documents are created, resolved, updated, and deactivated.

When you use a DID Method, to resolve a DID, you get the associated DID document.

Verifiable Credentials

When you hear of verifiable credentials (VCs), what comes to mind? Probably your passport, driver's license, certificates, and any other document that can be used to identify you.

This has to do with the physical world. Digitally, if someone wants to verify or examine your identity how can they do this?

A verifiable credential in the simplest term is a tamper-proof credential that can be verified cryptographically.

There are three entities in a verifiable credential ecosystem and they are:

The Issuer
The Holder
The Verifier

The issuer is the entity that is issuing the credential, the holder is the entity about whom the credential is issued, and the verifier is an entity that verifies if the credential meets the established criteria of a VC.

For example, say a school certifies that a particular individual has taken the degree exams and this information is verified by a machine for its authenticity.

Here, the issuer is the school, the holder is the individual who has taken the exam, and a verifier is a machine that checks the verifiable presentation for its authenticity. Once verified, the holder is free to share it with anyone he/she wishes.

I hope you’re able to get it up to this point. In my next article, I’ll be sharing how DIDs and Verifiable Credentials work together.

For further reading, feel free to check out these resources

Reach out to me on Twitter, if you have any questions or just want to learn more about what we’re building at Veramo.

Learn about DIDs with me

This is the first article in the DID monthly series, where I write articles that will enable anyone new to the Decentralized Identity ecosystem to learn the basics of DIDs. Stay up to date on the latest additions to this series by following us on Medium or Twitter.