• Decentralized identifiers give users control over their digital identities without relying on centralized authorities.
• They use specific methods to create, resolve, and manage identities on blockchain networks, with Verifiable Credentials (VCs) adding trust through cryptographic verification.
• Organizations benefit from DIDs by improving security and privacy while empowering users with control over their identities.

Introduction: What is a Decentralized Identifier?

‍Decentralized identifiers (DID; plural DIDs) allow users to control their digital identities. Unlike traditional digital identifiers like email or a username, they do not rely on centralized authorities for management and verification. One such centralized authority could be Google or Microsoft. The main difference is that in the case of DIDs, only the user has control over the identity. Decentralized identifiers are globally unique and can be resolved to DID Documents, which describe how to interact with them.We will explore the concept of decentralized identifiers, their functionality, applications, and benefits. Moreover, we will discuss the link between DIDs, verifiable credentials, and blockchain technology.Key Characteristics of Decentralized Identifiers

1. Decentralization: They do not rely on centralized authorities, reducing the risk of a single point of failure and enhancing security and privacy.
2. Self-Sovereignty: The owner has full control over their identifier and associated information, enabling true ownership of digital identities.
3. Interoperability: They are designed to work across different platforms and systems, following standards set by the W3C.
4. Security: Decentralized identifiers use cryptographic methods to ensure the integrity and authenticity of the identity information.
5. Privacy: Users can selectively disclose their information, minimizing unnecessary data exposure.

How Decentralized Identifiers Work

DID Document

A DID Document is a JSON-LD file that contains essential information about a decentralized identifier like public keys, authentication methods, and service endpoints. It serves as the basis for verifying the identity and authenticity of the DID owner.

A DID Document is a JSON-LD file that contains essential information about a decentralized identifier like public keys, authentication methods, and service endpoints. It serves as the basis for verifying the identity and authenticity of the DID owner.

Example of a DID Document or a Decentralized Identifier:

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "RsaVerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----"
  }],
  "service": [{
    "id": "did:example:123456789abcdefghi#vcs",
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}

[.c-wr-center][.button-black]Sign Up[.button-black][.c-wr-center]

DID Methods

DID methods define how decentralized identifiers are created, resolved, updated, and deactivated on specific blockchain networks. Each method corresponds to a unique scheme and underlying technology. For example, “did:ethr” for Ethereum-based identifiers or “did:sov” for Sovrin-based ones.

Verifiable Credentials

Verifiable credentials (VC; plural: VCs) are digital statements that assert certain attributes about a DID subject. This can include, among other things, education, certification, or employment history. VCs are cryptographically signed by an issuer and can be independently verified by any party. VCs enhance the trust and utility of decentralized identifiers by providing attestations about the identity, qualifications, or attributes of the owner.

Example of a Verifiable Credential:

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "did:example:123456789abcdefghi",
  "issuanceDate": "2020-03-10T04:24:12.164Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  },
  "proof": {
    "type": "RsaSignature2018",
    "created": "2020-03-10T04:24:12Z",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "https://example.edu/issuers/keys/1",
    "jws": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ2ODkifQ..."
  }
}

W3C Decentralized Identifiers

The World Wide Web Consortium (W3C) has developed a standard that defines the structure, operation, and interoperability of any decentralized identifier. According to the W3C, a DID is a globally unique identifier that can be resolved to a DID Document. This document contains the cryptographic material and other metadata required to authenticate the owner and facilitate trusted interactions.

What is ERC 1056: Lightweight Identity

ERC 1056, also known as the “Lightweight Identity” standard, is an Ethereum Improvement Proposal that defines an interface for managing decentralized identifiers on the Ethereum blockchain. It aims to provide a simple and efficient method for creating, updating, and deactivating DIDs using Ethereum smart contracts.

What ERC 1056 Proposes:

ERC 1056 proposes the use of a smart contract called the “EthereumDIDRegistry.” 

This registry contract allows users to:

• Create decentralized identifiers: It allows the registration of new DIDs on the Ethereum blockchain.
• Update decentralized identifiers: Modify the metadata associated with an existing identifier, such as public keys or service endpoints.
• Revoke decentralized identifiers: The user will be able to deactivate a DID, rendering it invalid.
  

The main goal of ERC 1056 is to offer a lightweight and flexible identity management solution that leverages the security and transparency of the Ethereum blockchain without the complexity and overhead of more extensive identity frameworks.

EthereumDIDRegistry Contract

The EthereumDIDRegistry contract is the core component of the ERC 1056 standard. It provides functions to manage the lifecycle of decentralized identifiers; creation, updates, and revocation. Using access control mechanisms, the contract safeguards that only authorized entities can perform these operations.

Key Functions of the EthereumDIDRegistry Contract:

• createDID(address owner): Registers a new decentralized identifier with the specified owner address.
• setAttribute(bytes32 did, bytes32 key, bytes value, uint validity): Sets an attribute, such as a public key or service endpoint.
• revokeAttribute(bytes32 did, bytes32 key): Revokes an attribute, effectively deactivating it.

[.c-box-wrapper][.c-box]You might be interested in: What Is a Nonce in Blockchain: Definition and Purpose[.c-box][.c-box-wrapper]

Decentralized Identifiers and Blockchain

Role of Blockchain in DIDs

Blockchain technology provides a solid infrastructure for managing decentralized identifiers. By leveraging the decentralized and immutable nature of blockchains, identifiers can be securely created, managed, and verified without relying on any authority.

Examples of Blockchain-Based DID Implementations

1. Ethereum (did): This protocol uses the Ethereum blockchain to manage DIDs, leveraging smart contracts to create and resolve them.
2. Sovrin (did): A public, permissioned blockchain specifically designed for identity management, it offers a scalable and privacy-preserving DID solution.‍
3. Hyperledger Indy (did): An open-source blockchain framework designed explicitly for decentralized identity.

Advantages of Using Decentralized Identifiers in Organizations

Enhanced Security

Decentralized systems eliminate central points of control, reducing the risk of data breaches and unauthorized access. Each identifier is cryptographically secure, and the associated DID Document makes it so that only the legitimate owner can control and update their identity information.

Improved Privacy

Using decentralized identifiers, organizations can put into action privacy-preserving identity solutions. Individuals can selectively disclose their information, and verifiable credentials can prove attributes without revealing unnecessary details.

Increased Interoperability

DIDs are designed to be interoperable across different systems and platforms. Organizations can adopt a unified identity framework that works seamlessly with various applications and services, reducing integration complexities.

Empowered Users

Users can manage their identities independently and securely without relying on external authorities, which fosters good relationships between organizations and individuals.

[.c-wr-center][.button-black]Get Started[.button-black][.c-wr-center]