Decentralized Identifiers (DID) & Verifiable Credentials (VC)

What are decentralized identifiers (DID)?

The first fundamental concept within the Self-Sovereign Identity (SSI) paradigm is the Decentralized Identifier (DID), an identifier for any participant (individual, entity, or thing) in the SSI ecosystem.

A Decentralized Identifier (DID) is a globally unique identifier like a URL (or web address), whose address is unique, resolvable with high availability, and cryptographically verifiable. DIDs are typically associated with cryptographic material, such as public keys, and service endpoints, for establishing secure communication channels. DIDs do not require a centralized authority for their generation or registration as they are registered through distributed ledger technologies (DLT).

DIDs are built on the principle of self-sovereign identity, which means that users are in control of their ID data. They can choose what information to share, with whom, and how long to keep it. DIDs are also tamper-proof and resilient against identity theft and other attacks. 

The use of DIDs is growing as more organizations realize the benefits of decentralized ID systems. For example,  current commercial deployments of W3C Verifiable Credentials heavily utilize Decentralized Identifiers to identify people, organizations, and things and to achieve several security and privacy-protecting guarantees.

DID Documents are stored on a decentralized ledger, such as a blockchain. This means that they are tamper-proof and cannot be lost or deleted. Every time a change is made to a DID Document, a new version is created and stored on the ledger. This allows DIDs to be updated over time, without losing their history.

DIDs are created using a variety of different algorithms, depending on the ledger they are stored on. For example, Bitcoin addresses are generated using a cryptographic algorithm called secp256k1, while Ethereum addresses are generated using keccak-256.

What is distributed ledger technology?

Distributed ledger technology is the technological infrastructure and protocols that allow for simultaneous access, validation, or updating of records. It works on computer networks spread across multiple entities or locations which use cryptography to securely store data with cryptographic signatures providing only authorized users the ability to read it.

This architecture represents a significant change in how information is gathered and communicated by moving record-keeping from one central location to a decentralized system. As each entity stores its data on the ledger, all other participants can see who's using it--and therefore verify their trustworthiness as well!

An example of a DID

A DID is a simple text string consisting of three parts:

1. the did URI scheme identifier
2. the identifier for the DID method
3. the DID method-specific identifier

‍

DID Methods

DIDs are a revolutionary new form of intellectual property that can be adapted for use with any type of blockchain. DID documents do not depend on whether the network is public, private, or permission - they will still function properly regardless!

Defining how a DID and DID document are created, resolved, and managed on a specific blockchain or “target system” is the role of a DID method specification. DID method specifications are to the generic DID specification as URN namespace specifications (UUID, ISBN, OID, LSID, etc.) are to the generic IETF URN specification (RFC 8141).

DID method specifications typically define at least the following operations for a particular target system:

1. Create
2. Read
3. Update
4. Delete

So, where do DIDs fit in the wider SSI standard ecosystem and Verifiable Credentials? Verifiable Credentials are associated with a specific DID, as the owner or holder of that credential.

What are Digital Verifiable Credentials?

Verifiable credentials (or VCs) are a standard format for the digital representation of credentials. They allow individuals to prove their identity, qualifications, or membership in an organization without needing to share the underlying data.

VCs are an important part of the decentralized web, as they provide a way for individuals and organizations to securely share information without reliance on a central authority. By using VCs, individuals can keep control of their data, and organizations can more efficiently manage digital assets and resources.

VCs are often compared to traditional physical credentials, such as driver's licenses or passports, however, VCs have several advantages over traditional credentials: 

• they can be instantly verified online, without the need for in-person verification
• they can be revoked or updated if needed
• they are more tamper-proof because they are digital and cryptographic
• they offer better privacy protection because you can selectively share only the information that is needed, without revealing other unnecessary information

Top 9 Characteristics of Verifiable Credentials (VCs)

1. Decentralized: there is no central authority that issues or manages VCs.

2. Self-sovereign: users have full control over their VCs and can decide which information to share, with whom, and when.

3. Secure: VCs are tamper-resistant and can be verified by machines.

4. Private: VCs give users control over their data and protect their privacy.

5. Portable: VCs are digital and can be easily stored, shared, and managed.

6. Interoperable: VCs can be used across different platforms and devices.

7. Durable: VCs can outlast the issuer, as they are stored on a decentralized ledger.

8. Revocable: Users can revoke access to their VCs at any time.

9. Flexible: VCs can be used for various applications.

‍

While the adoption of DIDs and the Verifiable Credential trust ecosystem is just gaining traction, it has already provided a sneak peek into what a robust, user-centric, and secure internet will look like. DIDs are an important part of the emerging decentralized web, which is designed to be more resilient and open than the traditional web. By giving users control over their data and identities, DIDs have the potential to enable a new era of online interactions that are more private, secure, and efficient.