What is Decentralized Identifier (DID)？

Identity systems support a wide range of applications in our daily lives, including identity verification and authorization, account creation and login, business registration and taxation, industry licensing, and voting. Similarly, all operations and activities begin with confirming the user’s identity and permissions.

We are increasingly connected to applications and services, and our identifiers have long been issued, held, and controlled by state agencies, corporations, and Internet registries, making our identifiers numerous and difficult to manage, but also difficult to use widely. Traditional identifier management systems are not only centralized, with service providers storing user data, but also risky, as malicious behavior can steal user information by compromising servers, a common occurrence today.

The technology of decentralized identifier (DID) proposes a new digital identity model that does not rely on authentication and issuance by third-party institutions, and achieves verifiable traceability on the blockchain, allowing users to securely control their own data and authorized applications.

What is a decentralized identifier (DID)?

To understand what a decentralized identifier is, you must first understand the three keywords listed below：

• Identity

A partial set of data that represents an entity such as a person, organization, thing, data model, abstract entity, and so on.

• Identifiers

Refers to a piece of data used to point to one or more specific identities, such as a name, corporate tax ID, cell phone number, online application account information, and so on. A centralized entity issues, holds, and controls traditional identifiers, and users must obtain permission to change the information.

• Decentralized identifiers

Are those that are issued, held, and controlled by users without the involvement of a third party and are stored in a distributed ledger or peer-to-peer network. Decentralized identifiers are globally unique, resolvable, and widely available, as well as verifiable.

Decentralized identifiers are simply lines of letters and numbers that combine to form a unique digital identifier that is registered and stored on the blockchain or another type of distributed ledger technology. They are always autonomous from any centralized authority and do not contain any personal information. DIDs can be used to identify not only a person or entity, but also a product, location, organization, IoT device, or even something that does not exist in the physical world, such as an idea or concept.

In addition to this, it is possible to create more than one digital identity and use them on various platforms.

The World Wide Web Consortium (W3C)proposed a draft specification for Decentralized Identifiers (DIDs) v1. 0 in June 2022, defining the concept of DIDs, as well as standardizing and specifying the DID syntax, a common data model, core properties, serialized representations, DID operations, and an explanation of the process of resolving DIDs to the resources that they represent.

How Decentralized Identifier Work?

A Simple Example of DID：

A DID is a simple text string consisting of three parts:

1. the did URI scheme identifier
2. DID method identifier
3. DID method method-specific identifier

Figure 1 A simple example of a DID Source: https://www.w3.org/TR/did-core/

DID architecture and the relationship of the basic components：

Figure 2 Overview of DID architecture and the relationship of the basic components. Source: https://www.w3.org/TR/did-core/

DID and DID URL

DID and DID URLs are composed of three parts: the did URI scheme identifier, a method identifier, and a unique DID method method-specific identifier.DIDs can be resolved into DID documents.DID URLs extend the syntax of a basic DID to allow it to locate a specific resource, such as the encrypted public key of a DID document, or an external resource of a DID document.

DID subject

The subject of a DID is the DID-identified entity, which can be virtual, such as the DID controller, concept, or it can point to entity, such as person, group, software, etc.

DID document

DID documents contain information associated with a DID. They express verification methods, such as cryptographic public keys, such as cryptographic public keys, and services relevant to interactions with the DID subject.

DID controllers

A DID controller is an entity(person, organization, or autonomous software) that has the ability to make changes to a DID document, typically asserted by the control of a set of cryptographic keys used by software acting on behalf of the controller. Typically asserted by the control of a set of cryptographic keys used by software acting on behalf of the controller. Note that the same DID can have multiple controllers.

Verifiable data registries

In order to make DID resolvable DID documents, DID typically recorded on an underlying system or network. Regardless of the specific technology used, any such system that supports recording DIDs and returning data necessary to produce DID documents is called a verifiable data registry.

DID methods

Entity created, resolved, updated by using DID methods, and deactivated a particular type of DID and its associated DID document.

DID resolvers and DID resolution

A DID resolver is a system component that takes a DID as input and produces a conforming DID document as output.

DID URL dereferencers and DID URL dereferencing

A DID URL dereferencer is a system component that takes a DID URL as input and produces a resource as output.

After understanding the above-mentioned contents related to the operation and formation of a DID, we know the logic of the various aspects of the operation of a DID such as created, resolved, updated, and deactivated.

What are the benefits of DIDs

Based on the design purpose of DID and the characteristics brought by the distributed network, several advantages can be obtained in comparison with the traditional entity and online credentials, and these advantages make developers choose DID as the application extension technology for WEB3 identity credentials.

Compared to traditional entity credentials (e.g. bank cards, ID cards):

1. Lower likelihood of loss and theft
2. Significant savings in manufacturing materials
3. Higher trustworthiness based on multi-party verification
4. Easier transmission and use

Compared to traditional online credentials.

1. Prove their claims without depending on any party
2. Improved data security
3. Prevent the spread of their data without their knowledge
4. User can fully own and control their data

Web3 cases using DID technology

Nowadays, practitioners in the field of WEB3 are developing many application-worthy decentralized identity solutions for WEB3 based on DID technology.

Ethereum Name Service (ENS)

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system built on the Ethereum Blockchain. ENS converts hard-to-read data strings (such as encrypted wallet addresses, hashes, metadata, and other machine-readable identifiers) into easy-to-read addresses. It works similarly to the Domain Name System (DNS) used for websites.

Figure 3 ENS Domains Source: https://ens.domains/

ENS initially used the Vickrey auction format to sell popular six, five, four, and three-letter domain names to interested users. Each name ends with.eth and can be associated with multiple cryptocurrency addresses, hashes, and other data. Names can now be purchased without an auction and rented by the year. Prices vary according to the length of the name you wish to rent.

ENS’ innovative service significantly improves the ease of blockchain interaction, and just as we no longer use IP addresses to browse the web, we are equally likely to see an increase in the scale of use of ens domain names due to their utility and growing popularity.

Proof of Humanity

Proof of Humanity (PoH) is a social identity verification system for humans on Ether. PoH combines trust networks, reverse Turing tests, and dispute resolution to create a proof list based on real humans, creatively combining people and on-chain addresses effectively to create an on-chain human social identity verification system.

Figure 4: Proof of Humanity Source: https://proofofhumanity.id/

BrightID

BrightID is a real-life digital identity verification system based on the Ethereum ecosystem, completely independent of traditional and internet identity AUTHENTICATE, solving the problem of unique identity by creating and analyzing social graphs.

BrightID Source: https://www.brightid.org/

Unlike Proof of Humanity, BrightID creates a WEB3 social circle for each user while verifying and creating a digital identity, and it also provides users with social data analysis to determine user trust levels. When users use BrightID to socialize with others, the system indicates the level of trust between the two parties.

• Suspicious: Don’t know each other at all
• Just met: met a few times
• Already known: Frequently interacted with
• Recovery: family-like (this person can help recover the account)

BrightID is used in a variety of scenarios, including identity, application user verification, activity verification (airdrops, for example), trust and reputation building, and so on. Its solution is currently used by Gitcoin, RabbitHole, Status, and many other projects, and it has been recognized several times by Vitalik Buterin.

Conclusion

DID technology is one of the few practical technologies in recent years that truly promotes blockchain applications, and the characteristics it possesses make it a broad application prospect in the field of WEB3.

While some technologists continue to challenge the dominant technology viewpoints, questions about the misuse of DID technology, data security, and behavior tracking issues have not dissipated.

However, the emergence of DID technology is driving current centralized physical and digital identity systems to try to build decentralized and democratized identity system architectures, and people are being empowered by the extension of DID technology to decouple power from centralized service providers and allow individuals to take ownership of their data.