What is Decentralized Identifier (DID)?

In this post ”What is Decentralized Identifier (DID)?”, you will learn about the DID framework, types of Decentralized Identifiers(DIDs), how decentralized Identifiers work and lots more.

A decentralized identification, or DID, is an ID that can be produced by a self-contained, independent, and decentralized system. It serves as evidence of digital identity ownership.

About Decentralized Identifier (DID)

Decentralized IDs are a new-age trust structure of cryptographically verifiable universally unique identifiers (UUIDs). They do not require a centralized registration authority. Individuals, abstract entities, organizations, data models, and Internet of Things (IoT) objects can all be identified with them.

The goal of DID is to provide internet users back control of their identity. This is by allowing them to produce unique identities using trusted mechanisms. So individuals and businesses can benefit from seamless, safe, and private data sharing. This is as a result of using blockchain’s distributed ledger technology. By enabling authentication of these IDs using cryptographic proofs. For instance, digital signatures (DLT).

We need to supply crucial information to access apps, websites, services, and devices in today’s digital environment. The current technology for universally unique identifiers (UUID) and uniform resource names (URN) necessitates a centralized registration authority. And is not capable of cryptographically verifying ownership of the identifier. As a result, we’re frequently subjected to data theft, privacy breaches, and other issues.

However, using the DID framework, users can store a variety of acceptable identifiers in a safe and private digital wallet. Including government-issued certificates, educational and tax certificates. And also other personally identifiable information (PII)..

Blockchain-based Distributed Ledger

A blockchain-based distributed ledger serves as a source of all identifiers saved in the wallet. Rather than depending on a central authority to handle the user’s identification. The identification information is kept in a user-managed wallet rather than on the ledger. It allows users to share certain aspects of their identity with different services as they deem fit.

Unlike the centralized architecture, users can only present the information that is required to any organization (website, app, etc.). These entities can use a blockchain-based ledger to verify that the proofs are correct. You’re trying to sign up for a new internet service. Hence you need to prove that you’re over the age of 18. So you’ll be able to manage what information is provided from your virtual wallet with the online service. Thanks to the decentralized framework. You don’t have to give your exact date of birth. Just show proof that you’re over the age of 18.

The DID Framework

A Decentralized Identifier is a basic text string. According to the core DID draft, which was first released by the W3C. It is divided into three sections:

  • On-chain storage of the DID URI scheme identifier.
  • The identifier for the DID method.
  • The identification for the DID method

DIDs are part of a global key-value database, with DID Documents. (e.g., public keys, service endpoints, and authentication procedures). They are hosted on compatible blockchains like Ethereum. DIDs serve as keys. Likewise, DID Documents serve as values. Hence describing unique data models that can be used to bootstrap cryptographically provable interactions with identifiable entities in the decentralized ecosystem.

A DID Document, for example, provides a public key for authentication. The private key associated with a DID Document can be used to establish ownership.

Beginners Guide for Decentralized Identifiers (DIDs)

The Decentralized Identifiers, or DIDs, protocol, together with the Verifiable Credentials protocol and Distributed Ledger Technology, is one of the three pillars of Self-Sovereign Identity as defined by the W3C. (or Blockchain).

Tykn has been developing Self-Sovereign Identity solutions for the Turkish Ministry of Foreign Affairs. And also the United Nations Development Programme for the past four years. Our Decentralized Identifiers experts have assembled all you need to get started with this technology in one blog.

You’ll know precisely what Decentralized Identifiers are. The variation between Public and Private DIDs. How they’re used. And more after reading this post.

Usefulness of Decentralized Identifiers

To connect us, we currently rely on identifiers from intermediaries. Such as Google, Facebook, email providers, and mobile network operators. This has significant implications for our privacy. Because the (meta)data collected by those parties as a result of exchanges through those links is beyond our control.

Even if you use an encrypted messaging service like WhatsApp. The middleman (Facebook) can view and retain your metadata. This may tell them who you messaged. When you messaged them. For how long. At what intervals. From where you were. And also the apps you used.

These intermediaries can then combine that data with other (meta)data from you. In addition to the buddy you messaged, to construct a much more accurate profile. For example, if your friend was chatting to you about racing bikes, it’s possible that you’ll get targeted race bike advertising as well. Even though your chat was end-to-end encrypted. Just because your friend was searching for race bikes at the same time you were talking!

While marketing for race bikes are usually harmless (most of the time), large-scale data correlation tactics have been used to sway elections. This is due in part to the fact that control over these identifiers is concentrated in the hands of a small group of people.Those who have near-unrestricted access to your personal information.

What are Decentralized
Identifiers?

Decentralized identifiers are identifiers that are globally unique and permanent.

They enable two parties to establish unique, private, and secure peer-to-peer connections.

Because of its decentralized structure, credentials can be verified at any time.

Each party, whether an individual or an organization, is free to create as many DIDs as they choose. Data correlation is avoided by using various DIDs for different digital relationships and circumstances.

• The identity owner has complete control over them. DIDs do not rely on centralized registries, authorities, or identity suppliers.

The connection between Decentralized Identifiers, Verifiable Credentials and Blockchain.

When an organization offers you a Verifiable Credential, they also give you their Public DID. The blockchain, which is an immutable record of data, stores the same Public DID. If someone wishes to confirm the Credential’s authenticity/validity, they can look up the DID on the blockchain. To determine who issued it without having to contact the issuer.

The Blockchain serves as a decentralized data registry that can be verified. A “phonebook” that anyone can use to find out whose organization a given Public DID belongs to.

Verifiable Credentials may be validated everywhere, at any time, thanks to Decentralized Identifiers. Even if the issuer is no longer in business. (With the exception of cases when credentials were issued using Private DIDs and the issuer’s DID was not included in the ledger).

Important Note:

No Personally Identifiable Information (PII) is maintained on the blockchain in a situation where blockchain is utilized for identity management. This is important because a distributed ledger is immutable. This means that anything you put on it can’t be changed or removed. Therefore no personal information should ever be stored on it.

On the ledger, just the issuer’s Public DID is kept.

Types of Decentralized Identifiers
(DIDs)

There are two forms of DIDs: public DIDs and private DIDs. (Also known as “peer,” “pairwise,” “pseudonymous,” or “pairwise-pseudonymous” DIDs).

Private DIDs

Two parties can exchange private DIDs to create a secure channel that no one else has access to.

This means that no one else knows what happens over that route. Or even who is behind it.

What’s the best part? Without relying on a single central authority, you can create as many unique DIDs for as many separate associations as you see fit. This is to prevent linkage of your private information. There will be no more uninvited race bike advertisements! (Or, hopefully, electoral tampering.)

Public DIDs

In a world where private DIDs are the norm, public DIDs are only used when a subject wishes to be identified publicly. (e.g. a government office issuing passports).
They can also be used to start a private DID exchange between two parties.

Advantages of Decentralized
Identifiers (DIDs)

Institutions and organizations that issue or validate credentials profit from DIDs.

• Because of its decentralized structure, credentials can be verified at any time.
Unlike a system where credentials are stored in a centralized database that may be made obsolete if the database went down for any reason. (Or, in a worst case scenario, destroyed).

• They let two parties to establish a secure data transmission channel. No one else has access to this channel.

So, what does this imply in terms of application?

Assume the government wants to offer you a digital passport in addition to your physical one. The actual version will be kept in a safe at home. Then the digital version will be used for practical purposes.

You must scan a QR code at the municipal service counter. The DIDs are exchanged here. And the secure connection is hence established. The clerk now offers you your digital passport in the format of a Verifiable Credential via this secure connection. You agree and save it in your (digital) wallet.

Now, on your way home, you choose to grab a bottle of wine for supper. Consequently, the cashier asks for your ID because you’re wearing night cream. You produce a QR-code from your wallet that verifies you are of legal drinking age. Because you don’t want to give a lot of personal information with a stranger. (i.e. full name, date of birth, place of birth, document number, etc.).

So the cashier scans it (again, exchanging DIDs and establishing a secure connection). And confirms that the proof is correct and derived from a valid form of identity issued by a valid authority.

All of this is managed automatically on the backend in part by verifying the municipality’s public DID. As well as the schema, credential definition, and revocation registry, which are all stored in the verifiable data registry, or blockchain. Hello, vino for a private dinner party!

How Decentralized Identifiers work

So here is an example of Decentralized Identifiers in action:

With the Ministry of Foreign Affairs, the United Nations Development Programme, and the Istanbul Chamber of Commerce. We recently piloted our Self-Sovereign Identity technology in Turkey.

What is the goal? Turkey wants to implement Self-Sovereign Identity to greatly boost refugee employment prospects and financial independence. The country currently has over 3 million refugees.

The following is how the pilot went down:

• To hire refugees, (Syrian) entrepreneurs must fill out a Work Permit application. This procedure is actually engthy and paper-based currently.

• Several Syrian entrepreneurs went to the Chamber of Commerce to physically verify their identification. Our SSI Portal was utilized by the Chamber of Commerce to build a secure peer-to-peer link with the Entrepreneurs. Entrepreneurs using Tykn’s SSI Mobile Wallet software to scan a QR Code on our SSI Portal are shown in the image above. The Entrepreneurs’ and Chamber of Commerce’s DIDs are transferred when they scan it. Establishing that secure connection.

The Chamber of Commerce offers them a digital cryptographic proof. A Verifiable Credential, attesting to the fact that they have a registered business through that relationship.

• The Syrian entrepreneurs saved their digital identity wallets with those credentials. Our SSI Mobile Wallet is a great way to keep track of your money on the go.

• The Entrepreneurs were also to initiate a Work Permit Application without leaving their Mobile Wallet. They use their Verifiable Credentials to establish their identity and then they run a registered firm.

Now, any organization, such as the Ministry of Labour, can check the authenticity of the Entrepreneur’s Proof of Business Ownership without having to contact the Chamber of Commerce.

They can compare the Public DID associated with the Credential to the one stored on the blockchain. Giving the Ministry assurance that this Proof is genuine and has not been tampered with.

W3C and Verifiable Credentials

The World Wide Web Consortium, or W3C, is the primary worldwide standard-setting body for the Internet. They are the ones who, among other things, invented the URL standard.

The Decentralized Identifiers protocol. Along with the Verifiable Credentials protocol and Distributed Ledger Technology, is one of the three pillars of Self-Sovereign Identity as defined by the W3C. (or Blockchain).

“Decentralized identifiers (DIDs) are a new type of identifier that provides verifiable, decentralized digital identification,” according to the Decentralized Identifiers (DIDs) Data Model 1.0. A DID identifies any topic that the DID’s controller determines it identifies. (e.g., a person, organization, thing, data model, abstract entity, etc.). DIDs, unlike traditional federated identifiers, are designed to be independent of centralized registries, identity providers, and certificate authorities.”

Lastly, here is a list of more interesting topics you might want to read:

  1. Blockchain Technology
  2. Defi
  3. NFTs
  4. DAOs
  5. Crypto
  6. Web 3.0
  7. Altcoin Tokenomics
  8. Metaverse
  9. Smart Contracts

Leave a Comment