A Beginners Guide to Decentralized Identifiers (DIDs)
This article is used to document my learnings on DIDs — and also to help other beginners or interested parties, understand DIDs. And if you do have feedback on this article, or would like to chat, I’d appreciate the opportunity to.
Even if you’re new to the world of blockchain, you would have heard about decentralization and how it’s mostly at the core of blockchain technology.
While you may be familiar with decentralization, Decentralized Identity is an emerging concept, in which control is given to the consumers through the use of an identity wallet, through which they collect verified information about themselves from certified issuers.
In this article, we’ll be looking at DIDs — what they are, DID documents, Verifiable data, and how they work.
I’d also try to explain why we use DIDs, and what problems they propose to solve.
Secrets such as passwords, and encryption keys, are used to assist in protecting access to resources such as computing devices, customer data, and other information. Unauthorized access to resources can cause significant disruption and/or negative consequences. Many solutions have definitely been proposed to protect these secrets and in turn, protect the security and privacy of software systems. Each of these solutions, according to research by Zakwan Jaroucheh, follows the same approach, where, once the consumer receives the secret, it can be leaked and be used by any malicious actor. Time and time again, we’ve heard cases of compromised private information, leading to the loss of billions of dollars.
How then can we decentralize secret management, such that the secret won’t have to be sent to the consumer? I guess I can say… This is where DIDs come in.
What is a DID?
First, let's define Identity.
Identity is the fact of being who or what a person or thing is defined by unique characteristics.
An identifier on the other hand is a piece of information that points to a particular identity. It could be named, date of birth, address, email address etc.
A decentralized identifier is an address on the internet that someone, referred to as Subject, which could be you, a company, a device, a data model, thing, can own and directly control. It can be used to find a DID document connected to it, which provides extra information for verifying the signatures of that subject. The subject (which may be you) can update or remove the information on the DID document directly.
For instance, if you’re on Twitter, you likely own a username, take a DID as your username on Twitter. However, in the case of a DID, the username is randomly generated. Through your username, one can find other information about you (DID document) and you can make changes to this information over time.
Each DID has a prefix which it references, called DID Method. This prefix makes it easy to identify its origin or where to use it for fetching DID documents. For instance, a DID from the Sovrin network begins with did:sov while one from Ethereum begins with did:ethr. You can find the full list of registered DID prefixes here.
Let’s briefly look at some of the concepts you’ll likely come across when learning about DIDs.
In a nutshell, a DID document is a set of data that describes a Decentralized Identifier. According to JSPWiki, A DID Document is a set of data that describes a Decentralized Identifier, including mechanisms, such as Public Keys and pseudonymous biometrics, that an entity can use to authenticate itself as the W3C Decentralized Identifiers. A DID Document may also contain other attributes or claims describing the entity
According to W3C, a DID method is defined by a DID method specification, which specifies the precise operations by which DIDs and DID documents are created, resolved, updated, and deactivated.
When you use a DID Method, to resolve a DID, you get the associated DID document.
When you hear of verifiable credentials (VCs), what comes to mind? Probably your passport, driver's license, certificates, and any other document that can be used to identify you.
This has to do with the physical world. Digitally, if someone wants to verify or examine your identity how can they do this?
A verifiable credential in the simplest term is a tamper-proof credential that can be verified cryptographically.
There are three entities in a verifiable credential ecosystem and they are:
- The Issuer
- The Holder
- The Verifier
The issuer is the entity that is issuing the credential, the holder is the entity about whom the credential is issued, and the verifier is an entity that verifies if the credential meets the established criteria of a VC.
For example, say a school certifies that a particular individual has taken the degree exams and this information is verified by a machine for its authenticity.
Here, the issuer is the school, the holder is the individual who has taken the exam, and a verifier is a machine that checks the verifiable presentation for its authenticity. Once verified, the holder is free to share it with anyone he/she wishes.
I hope you’re able to get it up to this point. In my next article, I’ll be sharing how DIDs and Verifiable Credentials work together.
For further reading, feel free to check out these resources
Learn about DIDs with me
This is the first article in the DID monthly series, where I write articles that will enable anyone new to the Decentralized Identity ecosystem to learn the basics of DIDs. Stay up to date on the latest additions to this series by following us on Medium or Twitter.