paint-brush
Decentralized Identifiers (DIDs) - A Deeper Diveby@mickeymaler
1,057 reads
1,057 reads

Decentralized Identifiers (DIDs) - A Deeper Dive

by Mickey MalerApril 26th, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Decentralized Identifiers (DIDs) - A Deeper Dive - is a new type of identifier that is cryptographically verifiable with high availability. DIDs are typically associated with cryptographic material, such as public keys, and service endpoints, for establishing secure communication channels. The use cases for DIDs include:Identifying people, organizations, and things. A DID document is something like a “blockchain hand-shake” between the information stored in the DID and on a blockchain. For the proper functionality of DIDs on the LTO network, any DID must be indexed first.
featured image - Decentralized Identifiers (DIDs) - A Deeper Dive
Mickey Maler HackerNoon profile picture

This article follows the Rosetta standards and technological W3C descriptions.

What DID is

A Decentralized Identifier (DID) is a new type of identifier that is:

  • globally unique
  • resolvable with high availability
  • cryptographically verifiable
  • issued for a lifetime (unless revoked by the owner)

DIDs are typically associated with cryptographic material, such as public keys, and service endpoints, for establishing secure communication channels. DIDs are useful for any application that benefits from self-administered, cryptographically verifiable identifiers, such as personal identifiers, organizational identifiers, and identifiers for Internet-of-Things scenarios.

The same way the SSL/TLS protocol changed internet use forever by opening a gate to the world of encrypted Web traffic, which is the basis for the protocol that keeps the web safe and secure HTTPS; the same way will DIDs enhance the verification process in world of blockchain, such as decentralized finance.

The DID is a new standard of representing users’ identities by referencing subjects in a decentralized way. It is an identifier that references a subject such as:

  • a person
  • an organization
  • an object

The use cases for DIDs include:

  • Identifying people, organizations, and things
  • Achieving a number of security and privacy-protecting guarantees

DIDs are unique identifiers that specify a resolution method for a DID and a blockchain address that represent its owner. For example, a DID stored on LTO Network blockchain would have DID URL (a pointer) set like is:

Example

scheme: the method used: user's pseudonymous ID

Such a unique Decentralized Identifier verifiable on the LTO network would have the format similar to:

did:lto:3JuijVbbserasr48h8rz8451RTyeL

The example DID above resolves by DID Controller to a DID document, the minimal example of which you can see below:

{
  // context explicitly defines the subject - i this case, DID
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:lto:3JuijVBB7Nrasr48h8rz8451RTyeL",
  "authentication": [{
    // used to authenticate as did
    "id": "did:lto:3JuijVbbserasr2Ea5hCDz8451RTyeL#keys-1",
    "type": "Ed25519VerificationKey2020",
    // A DID Controller is an entity that has the capability to make changes to a DID document 
    "controller": "did:example:123456789abcdefghi",
    "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }]
}

The DID document contains associated cryptographic information (like public keys) that allows the DID controller to prove they are/own the subject. This is possible thanks to the fact that every identifier is signed with a user private key. The public key, uniquely paired with the private key, is then published to a distributed ledger.

When a DID is resolved, the extracted public key is compared to the public key stored on a blockchain. A DID document is something like a “blockchain hand-shake” between the information stored in the DID and on a blockchain. For the proper functionality of DIDs on the LTO network, any DID must be indexed first. Indexing is a process that connects the public address with the associated public key. An address owner can do so using a simple anchoring transaction that will ensure their DID is properly indexed.

This is caused by the fact that the blockchain address is generated from the public key using a one-way hashing function, which makes it impossible to extract the public key from an address.

Without the anchoring transaction, the public key for an address remains unknown.

Unification with a real-world identity

The combination of DID with proof of identity, which was issued by some authority, enhances the DID capabilities. DID can be part of Verifiable credentials (VC), which acts as digital certificates, ID, diplomas, or many others. This way, it is possible to verify the identities of persons or objects, and also, it is possible to add value to these objects.

Using a VC with DIDs that contains information about several real estate properties, can act as proof of ownership and value for these objects.

Combining DID with VC keeps the user credentials private. The combination of DID with a certificate issued by a Certificate authority (CA) creates a great tool for companies that want to cooperate in trust networks and their identity is claimed by the certificate issued by CA. Combining DID with a CA-issued certificate (type x509) keeps the company credentials public, thus saving time with manual searching for the company credibility.

Summarization

DIDs enable you to reference subjects in a decentralized way. DIDs can be resolved to DID documents. DID documents allow the controller to prove they are/own the subject. A blockchain-based company generates these documents for all its accounts, which have done at least one TX. These accounts are created by publishing a certificate, which is related to a DID, thus making a connection between the DID and real-world identity. DIDs can be part of Verifiable credentials (VC), which can be used for multiple cases all around the world.