Decentralized Identifiers

Decentralized Identifier (DID)

A DID is the foundational building block for decentralized identity. Below is a high-level overview of the DID architecture.

Decentralized Identifier Architecture

There are six pieces to the architecture diagram above:

  • DID URL: How a DID can be looked up (resolved).
  • DID: The actual ID scheme.
  • DID Document: Stores important information like DID history, public key(s), and other metadata describing the DID subject.
  • DID Subject: Who the DID is about.
  • DID Controller: Who has control of the DID.
  • Verifiable Data Registry: Where the information is stored.

DID

A DID is a three part system: scheme, method, and specific string.

did:example:123456abcdef

  • did: scheme: Not much more to say here.
  • example: method: The DID method is a formal document that sets out all of the rules for how the DID is implemented. It would set things like, what VDR is being used, how DIDs are created, updated, resolved, and deactivated. Check the DID Methods page for more.
  • 1231456abcdef: specific string: How this string is constructed will be set in the DID method. However, this string must be unique. It is kind of like a username but usually randomly generated.
CategoryDescription
Ledger based DIDsOriginal DID category where a blockchain serves as a registry with transactions written to store info.
Ledger Middleware DIDsAn improvement with a storage layer in between the user and the blockchain. Only a hash of the stored information is saved on the DLT.
Peer DIDsThere is no globally shared registration. Instead a DID in a peer-to-peer fashion.
Static DIDsThese DIDs are created and resolvable but can not be updated or deactivated. They tend to be far more simple.
Alternative DIDsThere are a variety of other methods that are being developed that do not currently meet the other four categories.