Sometimes the term DID is used when people refer to SSI. SSI uses Decentralized Identifier to manage Verifiable Credentials. DIDs are a crucial component of SSI. They provide a unique and persistent identifier for an individual, organisation, or device without relying on a centralized authority or registry.
A DID is a globally unique identifier generated and managed by the entity it identifies, ensuring that they have full control over its digital identity. This identifier is stored on a distributed ledger or blockchain, which helps maintain its persistence, security, and verifiability.DIDs can be used to create and manage verifiable credentials containing specific claims or information about the entity.
By using DIDs and verifiable credentials, SSI enables secure and privacy-preserving identity management, allowing users to prove their identity and share specific information with others as needed.DIDs (Decentralized Identifiers) are created and managed through a combination of cryptographic techniques, distributed ledger technology (typically a blockchain), and standardized protocols.
Here’s an overview of the process:
1. Key pair generation
The first step in creating a DID is to generate a cryptographic key pair, consisting of a private key and a public key. The private key is kept secret by the owner and used for signing messages and transactions, while the public key is shared publicly and used for verifying signatures.
2. DID creation
A unique DID is derived from the public key using a specific DID method, which defines the rules and processes for creating, reading, updating, and deleting DIDs on a particular distributed ledger or network. Different DID methods exist for different ledgers, such as Ethereum, Bitcoin, or Hyperledger Indy.
3. DID Document
Along with the DID, a DID Document is created, which contains information about the DID, including the public key, service endpoints (e.g., where to send encrypted messages), and optional metadata (e.g., key rotation policies). The DID Document serves as a machine-readable description of the entity associated with the DID.
4. Storing on the ledger
The DID and its corresponding DID Document are then stored on the distributed ledger. This ensures that the DID is globally resolvable, tamper-proof, and can be verified independently by any party.
5. Updating and managing
The entities that created the DID can update or manage it using their private key. For example, they might update the DID Document to add or remove service endpoints or rotate the associated cryptographic keys. The DID method specifies the rules for updating and managing DIDs, which typically involve submitting transactions to the distributed ledger to reflect the changes.
In some cases, the owner of a DID may wish to deactivate it, rendering it unusable for future transactions or interactions. The process for deactivation is also defined by the DID method and usually involves submitting a specific transaction to the ledger. Deactivation is an essential aspect of DID management, allowing users to securely retire old or compromised DIDs.
By following these steps, DIDs can be created, managed, and deactivated in a decentralized manner, giving users full control over their digital identities. This process ensures that DIDs are secure, verifiable, and persistent, enabling the implementation of Self-Sovereign Identity systems that empower individuals and organizations to manage their digital identities without relying on centralized authorities.
DIDs are a key building block of Self-Sovereign Identity, providing a decentralized, secure, and privacy-preserving method for managing digital identities in a way that empowers individuals and organizations.