VII Core -- DIDs

Introduction

Decentralized Identifiers (DIDs) are a new type of digital identifier which is globally unique, highly available, and cryptographically verifiable. They are currently being standardized at the W3C and, when deployed responsibly, can be extremely effective at preserving user privacy, enhancing transparency and consent, enabling data portability, and enforcing user control.

DIDs are best classified according to which DID Method they belong to. Each DID Method defines a CRUD model that describes how a specific DID scheme works with a specific verifiable data registry such as a distributed ledger or blockchain. There are many dozens of DID Methods that have already defined their own specifications and contributed their DID scheme to the W3C.

DIDs provide a level of abstraction around public keys. The way DIDs are used is through a process known as DID Resolution, which locates the registry where the DID is anchored (according to its DID Method) and produces the DID Document. The DID Document contains cryptographic material like public key material as well as ways to interact with the DID subject via service endpoints.

A central feature of DIDs is that, when used in identity systems, they can replace the use of passwords and provide much better security and encryption using public/private keypairs instead. This results in DIDs having a significantly different trust model than centralized identifiers. Specifically, DIDs form the basis of a Decentralized Public Key Infrastructure (DPKI) for the web.

To learn more about our approach to DIDs, read our blog, “Intro to DIDs for people”.

Usage

MATTR VII packages the power of DIDs into our VII Core. Core allows our users to create, register, resolve, retrieve, manage, and delete DIDs.

DIDs are created by a user’s tenant and used to establish relationships with other users. The tenant generates the keys and metadata necessary to establish the DID, and registers the DID on a public ledger if applicable. In addition to handling DID creation and registration, the tenant is always configured to resolve DIDs it receives in order to get the latest key and service information.

MATTR VII also establishes a verifiable relationship between your tenant domain and DIDs created by your tenant, enabling linkage between an internet domain owner and a DID owner. This approach creates a bridge that connects the traditional trust model of the internet with a distributed trust model. This follows the open standard Well Known DID Configuration being developed at the Decentralized Identity Foundation (DIF).

Drivers

As a central component of VII Core, DIDs have a set of configurable options that are part of our VII Drivers. See the tutorial on creating DIDs to understand how to set and use these.

DID Method Support

  • did:key

  • did:web

  • did:ion

Key Management Support

  • ed25519

  • bls12381g2 (ZKP-enabled)

NOTE: We have developed an experimental feature in MATTR VII around Zero-Knowledge Proofs (ZKP). It’s a technique to implement privacy-preserving selective disclosure in verifiable credentials using the cryptography of BBS+ signatures.

As ZKPs are experimental and the standards are subject to breaking changes. To experiment with this feature, use your API endpoint to create a DID using the "keyType":"bls12381g2" option. If you create a Verifiable Credential using this new DID as the issuer DID, the platform will automatically detect this capability and issue a ZKP-enabled BBS+ credential for you. Our Mobile Wallet App can detect if ZKP is enabled in a credential, and upon request for verification, will use that information to derive a new credential presentation that selectively discloses the required info using ZKP. You can read more about our work on privacy-preserving verifiable credentials on our blog.

For more detail on our DID-related capabilities, check out the API Reference Docs.