In today's digital world, online identities are increasingly becoming extensions of our real-world personas, the traditional mechanisms of managing digital identities are showing their limitations.The prevalent centralized systems, pose significant risks including data breaches, privacy erosion, and create a lack of control over one's own digital footprint. These are serious challenges that exist not only for individuals and their data but enterprises keeping personal information become honeypots leaks (US data breaches cost $9.8M on average in 2023).
Identifiers provide the building blocks for you to exist online beginning as a unique entity and soon forming an identity through participation and expression online. There are trends and opportunities emerging within Decentralized Identity we are beginning to see the adoption with in current systems e.g. Bluesky’s underlying AT Protocol.
DIDs offer a self-sovereign form of identity, allowing individuals and entities to fully own and control their digital identifiers without the need for centralized gatekeepers.
At the heart of DIDs are principles of permanence, resolvability, cryptographic verifiability, and decentralization—characteristics that ensure security, privacy, and a seamless interoperability across various platforms and ecosystems. This article acts as an introduction to DIDs.
TLDR
DID's represent any entity, persistent and verifiable identifier they are a type of Universal Resource Identifier (URI). They are not reliant on a particular blockchain or service, implemented in a variety of ways with Methods. DIDs resolve to DID documents, these documents contain the metadata associated with the DID. They are one path forward toward decentralized identity.
Decentralized Identifiers (DIDs) v1.0
Setting the stage
Identifiers
Commonly you interact with identifiers day-to-day in street addresses, phone numbers to online in the form of email addresses and usernames across the web.
Once you are uniquely identified in a system, you then unlock the ability to interact and slowly add an additional pieces to your digital identity.
Digital identity
Built on top of these identifiers, Digital Identity could view this as your digital footprint. From interactions across social media, banking, accounts, emails, your digital identity begins to take form.
There are parts which are more representing your physical identity in the form of personal information (ex: birthday, age, etc.) or others which are more ephemeral like reputation within a social network (ex: Twitter, YouTube, etc.).
Decentralized identity?
System of digital identity where the creation, management, authentication of representing entities in a way which is not reliant on one application or service provider to maintain or enable interactions.
Decentralized identity contrasts the current system of Centralized and Federated identity that we have become familiar with.
Centralized Identity
When you create an account on a service (ex: Twitter account) with the common flow of your email and password, these are stored by the service on their databases. They manage and maintain this data themselves and likely don’t allow any of the identity data to be shared or reused in other systems natively.
Federated Identity
Federated identity enables you to create one account, and this account then can be reused with certain supported sites. The common example is your Google account where you can create and use services just by linking your newly created account to an already existing Google account. The management of this identity linking will be managed by the service provider and they will now have additional access to certain data you create on this linked service.Decentralized Identity
Decentralized identity introduces a paradigm in which identity is interoperable across your online life. With the opportunity to separate identity forming data from one service to a user controlled system where users can control and securely share data in a privacy preserving way, paving a path to a more user-centric future online experience.
This means that the information created by and attributed to an individual can now be separated from the application layer, brought with an identifier which can be verified on new services without the need to bootstrap the same social graph and basic information.
DIDs
What are DIDs?
First a definition of a DID: a globally unique identifier managing a user identity independent of a centralized registry. DID's stand for decentralized identifiers, they quite simply identify/represent and entity in a decentralized manner. Created as a W3C recommendation, they lay out the framework for Decentralized Identifiers. The World Wide Web Consortium (W3C) is an international public-interest non-profit made up of a variety of individual contributors, organizations and full time staff working together to create web standards.
Rather than relying on centralized identifier issuers these identifiers can persistent outside the lifetime of a particular application (RIP to your MySpace account).
source: Self-Sovereign Identity
This persistence means that a DID can be referenced and refer the same entity regardless of the underlying location of reference. By identifying an entity with a DID you have a persistent way to now refer to an entity in the digital realm, its like if everyone spoke the same language but make it for machines.
DIDs are a type of Uniform Resource Identifier (URI), used to identity any type of resource on the World Wide Web. You interact with URIs in the form of URLs for your favorite websites (e.g. https://google.com).
source: https://danielmiessler.com/p/difference-between-uri-url/
URLs are used to identify a resource within the World Wide Web, they are a representation of an entity within. So if you want to represent a person, that would be represented by a resume, portfolio website etc. DIDs can also represent any other entity, (ex: organizations, data model, abstract entity). DIDs can be further resolved to get additional information about the entity identified by the DID, if the entity has one or more representations on the web, metadata can include one or more URLs.
You can think today how you have many different social media accounts and in order to allow people to find you on other platforms you include a LinkTree as an attempt to aggregate your online presence.
A DID is a URI which can be either a URL or URN and resolved to get a standardized set of information (metadata) about the resource identified by the DID. If the entity represented has one or more representations on the web, metadata can include one or more of URLs.
Core Properties
DIDs have 4 core properties
source: Self-Sovereign Identity
Permanent
The identifier must never be able to change, no matter switching services
Resolvable
From the identifier, services must be able retrieve additional information about the entity represented by a Identifier
Cryptographically verifiable
The identity holder must be able to prove they control the identifier
Decentralized
Avoid single points of failure utilizing decentralized networks like blockchains, distributed ledgers or peer-to-peer networks
In Practice
While a DID is persistence, it does not mean you necessarily have one identifier across of all online presence. You can decide and create identifiers across your online life for specific uses or ways to group identity in a variety of settings.
You might want to keep all of your financial accounts with one set account, keeping the relevant information readily accessible for required financial transactions. In another you want to have your social media accounts associated with.
How DIDs work
TLDR
DID subject are referred to by DIDs and resolve to DID documents which are controlled by a DID controller and recorded on a verifiable data registry.
source: https://w3c.github.io/did-core/#architecture-overview
DID Documents
DIDs are useful by resolving to an additional metadata which further describe the entity. To resolve a DID a resolver is used to retrieve the DID document.
Every DID has one DID document, which contains metadata about the DID subject. DID subject is the entity identified by the DID and described by the DID document.
source:
The entity which controls the DID and associated DID document is called the DID controller. Often times the DID controller is the same as the DID subject, but there are times that a DID may be controlled by one entity while representing a different individual.
DID Methods
DID methods are implementation specific details, for a DID by the network or system.
source: Self-Sovereign Identity
This is specified in the syntax following the second colon of a DID. This is called the method-specific identifier. It is typically a long string generated using random numbers and cryptographic functions. It is always guaranteed to be unique within the DID method namespace (and is recommended to be globally unique all by itself).
Four basic “CRUD” operations can be executed on a DID:
Create
How can a DID and its associated DID document be created?
Read
How can the associated DID document be retrieved?
Update
How can the contents of the DID document be changed?
Deactivate
How can a DID be deactivated so it can no longer be used?
You can check the list of DID methods here
DID Resolution
An identifier only gives you a unique identity, if you would like to retrieve some additional information about the entity, this process of obtaining the DID document associated with a DID. The process to go from DID to readable data is based on the method of the DID.
This metadata enables:
Any additional data created by a service and stored within a DID document
Looking up a public key to verify the digital signature from the issue of a verifiable credential
Authenticate the DID controller when the controller needs to log in to a website or app
Discover and access a well-known
Request a DID to DID connection
source: Self-Sovereign Identity
DID resolution could be done from a blockchain, distributed ledger, or database. Resolving a DID could be thought of as an algorithm rather than a set fetch, following the path set by the DID.
Summary
Now you should have a high level understanding of core concepts around DIDs then and better understand what is underlying these existing systems are. Hopefully this can also begin your wheels turning on the possibilities of decentralized identity. As we expand the decentralized identity space, DIDs will continue to grow in adoption and use cases.
If you would like to dive in more, I highly suggest checking out the DID Core Spec.
In other articles I’ll share more details on how DID’s play one role within the Decentralized Identity landscape and dive deeper into related topics around decentralized identity.
Thanks for reading, subscribe below for updates on articles I write about the internet and the wide world within.
Connect with me on Farcaster - @mane
