8 Decentralized identifiers


Drummond Reed and Markus Sabadello

    Decentralized identifiers (DIDs) are the cryptographic counterpart to verifiable credentials (VCs). Together these are the “twin pillars” of SSI standardization. In this chapter, you learn how DIDs evolved from the work started with VCs, how they are related to URLs and URNs, why a new type of cryptographically verifiable identifier is needed for SSI, and how DIDs are being standardized at World Wide Web Consortium (W3C). Your guides are two of the editors of the W3C Decentralized Identifier 1.0 specification: Markus Sabadello, founder and CEO of Danube Tech, and Drummond Reed, chief trust officer at Evernym.

    At the most basic level, a decentralized identifier (DID) is simply a new type of globally unique identifier—not that different from the URLs you see in your browser’s address bar. But at a deeper level, DIDs are the atomic building block of a new layer of decentralized digital identity and public key infrastructure (PKI) for the internet. This decentralized public key infrastructure (DPKI, https://github.com/WebOf TrustInfo/rebooting-the-web-of-trust/blob/master/final-documents/dpki.pdf) could eventually have as much impact on global cybersecurity and cyberprivacy as the development of the SSL/TLS protocol for encrypted web traffic (currently the largest PKI in the world).

    8.1 The conceptual level: What is a DID?

    8.1.1 URIs

    8.1.2 URLs

    8.1.3 URNs

    8.1.4 DIDs

    8.2 The functional level: How DIDs work

    8.2.1 DID documents

    8.2.2 DID methods

    8.2.3 DID resolution

    8.2.4 DID URLs

    8.2.5 Comparison with the Domain Name System (DNS)

    8.2.6 Comparison with URNs and other persistent Identifiers

    8.2.7 Types of DIDs

    8.3 The architectural level: Why DIDs work

    8.3.1 The core problem of Public Key Infrastructure (PKI)

    8.3.2 Solution 1: The conventional PKI model