DIDs overview

Decentralised identifiers (DIDs) are globally unique, highly available and cryptographically verifiable digital identifiers. They are typically represented as a Unique Resource Identifier (URI) that can point to a person, organisation, data model or any abstract entity.

The main difference between DIDs and traditional identifiers (e.g. email address or user account) is that they are not owned by any service provider or organisation. As such, they can be used across platforms and prevent vendor lock-in.

DIDs are a W3C standard and can be extremely effective at preserving user privacy, enhancing transparency and consent, enabling data portability and enforcing user control. DIDs can be used in identity management systems and provide superior security and encryption compared to passwords by using public/private key pairs instead. Thus, DIDs offer a different trust model to centralised identifiers. Specifically, DIDs form the basis of a Decentralised Public Key Infrastructure (DPKI) for the web.

DIDs are classified according to their DID method. Each method defines a CRUD model to describe how a specific DID scheme works with a specific verifiable data registry such as a distributed ledger or blockchain. There are many dozens of DID methods that defined their own specifications and contributed their DID scheme to the W3C.

DIDs are used through a process known as DID resolution, which locates the registry where the DID is anchored (based on its DID method) and retrieves its corresponding DID document. This is a JSON document that contains cryptographic material such as public keys as well as ways to interact with the DID subject via service endpoints.

What's next?