DID / Decentralized Identifier

👤 Stéphane Akkaoui -
📅 January 06, 2023 17:17 -
Categorie: tech

Definition of DID: Understanding the Basics of Decentralized Identifiers

Decentralized identifiers (DIDs) are a new type of globally unique identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) as determined by the controller of the DID.

In contrast to typical, centralized or federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. They are designed to enable individuals and organizations to generate their own identifiers using systems they trust. These new identifiers enable entities to prove control over them by authenticating using cryptographic proofs such as digital signatures.

The specification also enables implementers to design specific types of DIDs to work with the computing infrastructure they trust, such as distributed ledgers, decentralized file systems, distributed databases, and peer-to-peer networks. Note that this may also be implemented on centralized identity providers.

DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions associated with that subject.

Each DID document can express cryptographic material, verification methods, or services, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Services enable trusted interactions associated with the DID subject. A DID might provide the means to return the DID subject itself, if the DID subject is an information resource such as a data model.

Benefits of Using DID: Why Decentralized Identifiers Are Transforming Online Identity

DID have 4 essential characteristics:

decentralized: there should be no central issuing agency. DID eliminate the requirement for centralized authorities or single point failure in identifier management, including the registration of globally unique identifiers, public verification keys, services, and other information.
persistent: the identifier should be inherently persistent, not requiring the continued operation of an underling organization;
cryptographically verifiable: it should be possible to prove control of the identifier cryptographically;
resolvable: it should be possible to discover metadata about the identifier.

DID gives access to the following characteristics:

Control: Give entities, both human and non-human, the power to directly control their digital identifiers without the need to rely on external authorities.
Privacy: Enable entities to control the privacy of their information, including minimal, selective, and progressive disclosure of attributes or other data.
Security: Enable sufficient security for requesting parties to depend on DID documents for their required level of assurance.
Proof-based: Enable DID controllers to provide cryptographic proof when interacting with other entities.
Discoverability: Make it possible for entities to discover DIDs for other entities, to learn more about or interact with those entities.
Interoperability: Use interoperable standards so DID infrastructure can make use of existing tools and software libraries designed for interoperability.
Portability: Be system- and network-independent and enable entities to use their digital identifiers with any system that supports DIDs and DID methods.
Simplicity: Favor a reduced set of simple features to make the technology easier to understand, implement, and deploy.
Extensibility: Where possible, enable extensibility provided it does not greatly hinder interoperability, portability, or simplicity.

More benefits are listed here : https://w3c.github.io/did-use-cases/#featureBenefitGrid

Syntax of DID: A Deep Dive into the Technical Structure of Decentralized Identifiers

A DID is a simple text string consisting of three parts:

the did URI scheme identifier,
the identifier for the DID method, and
the DID method-specific identifier.

DID

Methods of Implementing DID: Exploring the Different Approaches to Adopting Decentralized Identifiers

DID methods are definitions of how a specific DID method scheme is implemented. A DID method is defined by a DID method specification, which specifies the precise operations by which DIDs and DID documents are created, resolved, updated, and deactivated.

Here are some of them:

did-key: the classic deterministic method for generating DIDs deterministically from a JWK file or other local key material
did-web: a DID method for publishing a DID document to a domain's "/.wellknown/" configuration directory, to be resolved over HTTPS.
did-ethr: the classic Ethereum-based DID method at the heart of uPort, Veramo, and many web3 dApp projects (implicit only; main-net indexing & resolution coming soon)
did-ion: a DID Method implementation using the Sidetree protocol atop Bitcoin.
did-tezos: a DID method based on Tezos accounts.
did-sol: the native DID method of the Solana blockchain and DeFi ecosystem.
did:onion: a DID method designed to be resolved over Tor-style onion routing

More DID methods can be found in the DID method specifications

Example of DID in Action

did-key

Using the did-key DID method, one prerequisite is a key file. One generated with the ed25519 encryption is the following:

{
  "kty": "OKP",
  "crv": "Ed25519",
  "x": "E9yi4tOpQSCgTWNgajxGaZ0E7PlM6rvwy69mhDkxaxI",
  "d":"LtK7DbYRKjDwj-FIqwUUEI91myUj4PDzrIus9jpgUIk"
}

Following the [did-key specification](https://w3c-ccg.github.io/did-method-key/) we can produce the following DID:

did:key:z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo

Following the same specification, this DID can be resolved to the following DID document:

{
   "@context" : [
      "https://www.w3.org/ns/did/v1",
      {
         "Ed25519VerificationKey2018" : "https://w3id.org/security#Ed25519VerificationKey2018",
         "publicKeyJwk" : {
            "@id" : "https://w3id.org/security#publicKeyJwk",
            "@type" : "@json"
         }
      }
   ],
   "assertionMethod" : [
      "did:key:z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo#z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo"
   ],
   "authentication" : [
      "did:key:z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo#z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo"
   ],
   "id" : "did:key:z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo",
   "verificationMethod" : [
      {
         "controller" : "did:key:z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo",
         "id" : "did:key:z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo#z6MkfnnvXAP1KKAkfu5XfXH69oPBuFkPjSJKrwQaoybH4CHo",
         "publicKeyJwk" : {
            "crv" : "Ed25519",
            "kty" : "OKP",
            "x" : "E9yi4tOpQSCgTWNgajxGaZ0E7PlM6rvwy69mhDkxaxI"
         },
         "type" : "Ed25519VerificationKey2018"
      }
   ]
}

did-tezos

Similarly, using the [did-tezos specification](https://did-tezos-draft.spruceid.com/), we have from the key:

{
   "crv" : "Ed25519",
   "d" : "LtK7DbYRKjDwj-FIqwUUEI91myUj4PDzrIus9jpgUIk",
   "kty" : "OKP",
   "x" : "E9yi4tOpQSCgTWNgajxGaZ0E7PlM6rvwy69mhDkxaxI"
}

The following DID:

did:tz:tz1bSFkneorNU2Xsjrt9LbW2hBJBP24ZGuGv

The can be resolved to

{
   "@context" : [
      "https://www.w3.org/ns/did/v1",
      {
         "Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021" : "https://w3id.org/security#Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021",
         "blockchainAccountId" : "https://w3id.org/security#blockchainAccountId"
      }
   ],
   "assertionMethod" : [
      "did:tz:tz1bSFkneorNU2Xsjrt9LbW2hBJBP24ZGuGv#blockchainAccountId"
   ],
   "authentication" : [
      "did:tz:tz1bSFkneorNU2Xsjrt9LbW2hBJBP24ZGuGv#blockchainAccountId"
   ],
   "id" : "did:tz:tz1bSFkneorNU2Xsjrt9LbW2hBJBP24ZGuGv",
   "verificationMethod" : [
      {
         "blockchainAccountId" : "tezos:NetXdQprcVkpaWU:tz1bSFkneorNU2Xsjrt9LbW2hBJBP24ZGuGv",
         "controller" : "did:tz:tz1bSFkneorNU2Xsjrt9LbW2hBJBP24ZGuGv",
         "id" : "did:tz:tz1bSFkneorNU2Xsjrt9LbW2hBJBP24ZGuGv#blockchainAccountId",
         "type" : "Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021"
      }
   ]
}