Decentralized Identifiers
(DIDs)

Presentation held at XXX, on 2020-xx-yy

Ivan Herman, ivan@w3.org

Introduction

What are the problems?

A typical experience

Consider these two scholarly references:

  • Tomislav Strinić, Damir Buković, Ljubomir Pavelić, Josip Fajdić, Ivan Herman, Ivica Stipić, Ivan Palada & Ivana Hirš, “Anthropological and clinical characteristics in adolescent women with dysmenorrhea”. Collegium antropologicum, 27(2), (2003).
  • Ivan Herman, Markus Gylling, “Bridging the Web and Digital Publishing”, The Journal of Electronic Publishing, (2015).
  • Only one of the two publications is mine…
  • The name is not enough; you need a unique personal identification to avoid problems with, in this case, homonyms
  • This has become even more important in a networked, digital world

No identifiers display all those characteristics!

A DID is a self-sovereign identity, i.e., lifetime, portable, and verifiable digital identity that does not depend on any centralized authority

High level view on DIDs

High level view: DIDs and DID Documents

A unique string (DID) goes through a DID Resolution to a global, decentralized, key-value database; from this databased comes a DID document containing cryptographic materials (e.g., keys), metadata, Signature); this document is connected to an arrow going back to the DID from the database as a cryptographic verification.

Some use cases

Find information on purchased goods

shopping cart with various goods (cloths, books, shoes, camera); the camera has a DID and there is a four step process connecting that DID with a mobile: (1) get hold of the DID, (2) resolve the DID document (3) Verify the DID (4) follow a service refernece to get information

Find information on purchased goods

shopping cart with various goods (cloths, books, shoes, camera); the camera has a DID and there is a four step process connecting that DID with a mobile: (1) get hold of the DID, (2) resolve the DID document (3) Verify the DID (4) follow a service refernece to get information
  • It is very important that:
    • the identification is unique and persistent
    • the information has not been tampered with
  • The same mechanism can be used for constituent parts of goods but the information can remain fully decentralized

Pool of relationships

Four humans connected to a Distributed Ledger of DID documents for all participants. Two figures are annotated as 'A' and 'B'; arrows connect these two with four steps (1) 'A' sems hos DID to 'B', (2) 'B' retrieves the DID document (connected to the ledger) for 'B', (3) 'B' encrypts her data using the keys of 'A', (4) 'B' sends the encrypted data to 'B'

Pool of relationships

Four humans connected to a Distributed Ledger of DID documents for all participants. Two figures are annotated as 'A' and 'B'; arrows connect these two with four steps (1) 'A' sems hos DID to 'B', (2) 'B' retrieves the DID document (connected to the ledger) for 'B', (3) 'B' encrypts her data using the keys of 'A', (4) 'B' sends the encrypted data to 'B'
  • No need for a complex and centralized key management system
    • there may be different ledgers for the various participants
  • Both “A” and “B” may remain anonymous

Technical dive in to DIDs

Anatomy of DIDs

Reminder: URIs, URNs, URLs, …

Ellipse labeled as 'URI' with three contained ellipses: (a) labeled as 'URL, locate through schemes' with examples https://..., ftp://..., data://...; (b) labeled as 'URN name through namespaces', with examples urn:isbn:..., urn:uuid:..., and urn:iso:... (c) labeles as 'INFO information assets through namespaces, with examples info:dewey:... and info:oclnum:...

DID is a new type of URI

The center of the figures is the string 'did:xyz:abcde1234567'. The string is surrounded by three annotations: (a) (pointing at 'did') 'Fixed string 'this is a DID'' (b) (pointing at 'xyx') 'Method name, eg, 'sov', 'bctr', 'key'', and (c) (pointing at 'abcde1234567') 'Method specific identifier'.

DID is a new type of URI

Ellipse labeled as 'URI' with four contained ellipses: (a) labeled as 'URL, locate through schemes' with examples https://..., ftp://..., data://...; (b) labeled as 'URN name through namespaces', with examples urn:isbn:..., urn:uuid:..., and urn:iso:... (c) labeled as 'INFO information assets through namespaces, with examples info:dewey:... and info:oclnum:...; (d) labeled as 'DID identify through methods with example did:sov:..., did:bcbtr:... and did:key:...'. The ellipse labeled as DID is in the centre of the containing one.

Anatomy of DID Documents

Remember?

The center of the figures is the string 'did:xyz:abcde1234567'. The string is surrounded by three annotations: (a) (pointing at 'did') 'Fixed string 'this is a DID'' (b) (pointing at 'xyx') 'Method name, eg, 'sov', 'bctr', 'key'', and (c) (pointing at 'abcde1234567') 'Method specific identifier'.

DID URLs

The center of the figures is the string 'did:xyz:abcde1234567/path?query=qrst#fragment'. The string is surrounded by two annotations: (a) (pointing at part of the string until '/') 'DID' (b) (pointing at the rest) ''Path', 'query', and 'fragment' (just like a URI) with a method specific interpretation'.

Documents to read

Use cases and requirements
https://www.w3.org/TR/did-use-cases/
Core spec
https://www.w3.org/TR/did-core/
DID Specification Registries
https://www.w3.org/TR/did-spec-registries/
These slides
https://iherman.github.io/did-talks/talks/generic/

Some more documents to come

Rubric
Documenting what criteria to look for when choosing a specific method
Implementation guide

Thank you for your attention!
ivan@w3.org