Decentralized Identity (DID)
Self-sovereign digital identity.
Decentralized Identity (DID) is a paradigm shift in digital identity management, moving away from centralized authorities (like governments or corporations) towards self-sovereign control by the individual. In a DID system, users generate and manage their own unique identifiers, which are registered on a decentralized network, typically a blockchain or distributed ledger. These identifiers are not tied to any specific organization and are controlled solely by the user through cryptographic keys. This allows individuals to prove their identity or specific attributes about themselves without relying on a trusted third party to vouch for them. The core components include Decentralized Identifiers (DIDs), which are URIs that resolve to DID documents containing public keys and service endpoints; DID methods, which define how DIDs are created, resolved, updated, and deactivated on a specific ledger; and DID resolvers, which are services that retrieve DID documents. DID systems enable users to present verifiable credentials (VCs) – cryptographically signed assertions about themselves – to relying parties. This architecture enhances privacy, security, and user autonomy, as individuals can selectively share information and control who accesses their data. Trade-offs include the complexity of key management for users and the need for robust infrastructure for DID resolution and VC verification.
graph LR
Center["Decentralized Identity (DID)"]:::main
Pre_asymmetric_encryption["asymmetric-encryption"]:::pre --> Center
click Pre_asymmetric_encryption "/terms/asymmetric-encryption"
Pre_layer_1["layer-1"]:::pre --> Center
click Pre_layer_1 "/terms/layer-1"
Rel_verifiable_credentials["verifiable-credentials"]:::related -.-> Center
click Rel_verifiable_credentials "/terms/verifiable-credentials"
Rel_zero_knowledge_proof["zero-knowledge-proof"]:::related -.-> Center
click Rel_zero_knowledge_proof "/terms/zero-knowledge-proof"
Rel_decentralized_identifier_did["decentralized-identifier-did"]:::related -.-> Center
click Rel_decentralized_identifier_did "/terms/decentralized-identifier-did"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
It's like having a digital ID card that you create and keep safe yourself, using a special secret code to prove it's really yours without anyone else needing to approve it.
🤓 Expert Deep Dive
Decentralized Identity (DID) represents a fundamental departure from federated or centralized identity models, embodying the principles of self-sovereign identity (SSI). DIDs are globally unique, machine-readable identifiers that are persistent and resolvable. Their resolution typically involves querying a distributed ledger or other decentralized system to retrieve a DID document. This document contains cryptographic material (e.g., public keys for authentication and signing) and service endpoints, enabling interactions like verifiable credential exchange. The DID method specification is crucial, defining the specific mechanisms for DID lifecycle management (create, read, update, delete) on a given ledger. Architectural choices for DID systems involve selecting appropriate DLTs (e.g., public blockchains, permissioned ledgers, or peer-to-peer networks), defining DID URI schemes, and establishing secure key management practices. Potential vulnerabilities include denial-of-service attacks on DID resolvers, key compromise leading to identity impersonation, and issues with credential revocation mechanisms. The balance between discoverability, verifiability, and privacy is a key design challenge, often addressed through techniques like selective disclosure and Verifiable Data Registries.