SSI Fundamentals III: DIDs

A DID, a decentralized identifier, is the root component of a decentralized identity platform.

a month ago   •   3 min read

By Pete Vielhaber

In the last post in the series, we covered how blockchains work and some of the components and features crucial to a decentralized identity platform. From here forward in the series, we will unpack decentralized identity.

What is a DID?

A DID, a decentralized identifier, is the root component of a decentralized identity platform. A DID is the digital representation of an entity. An entity is a person, organization, business, digital or physical thing. It is globally unique, meaning there is only one like it, similar to a fingerprint. What is interesting about DIDs is that no identifiable information within the data identifies who we are.

With a DID comes a DID document, which describes information about the DID. It is technically possible to store personal information in the DID document. Because the DID document could be public, the recommendation is not to put personally-identifying information in it.

The utility of a DID is the usefulness of it being an identifier. What is different about decentralized identity versus the other models we reviewed is that we get privacy by design. We will get more into privacy in another blog, but for now, we will cover some basics specific to DIDs.

Looking back to the fingerprint analogy, we can have more than one DID, just like fingerprints. This concept is outside of the idea of DID pairs we previously discussed. Having a DID is like having a persona. We could have one DID that we dedicated to our official documents and a second DID for online personas, like a Twitter handle or gamer tag.

This feature allows us to have multiple DIDs representing different portions of our lives. This flexibility separates our identity into the real and digital world, and other configurations we choose. It may seem insignificant, and some may never use it, but it is available.

Privacy

One of the most fantastic features of decentralized identity is the inability to track the usage of it. When we connect with another entity, whether a friend or business, a new DID pair gets created, one for each party in the relationship. This new DID is what represents us in the connection–not our original DID. The DID pair is what makes it impossible to track our connections. Having this feature built-in provides privacy at the very bottom level of a decentralized identity platform.

Censorship Resistant

Unfortunately, in today's digital world, censorship is becoming commonplace. The main reason is that a middleman controls our identity in centralized or federated identity models. What decentralized identity using the principles of SSI offers is anti-censorship. Anyone can create a DID without a registry or third party's permission. This feature means that no one is denied an identity–and anyone can create one. Not having a central authority provides complete control to entities to own their identity.

It is crucial to remember that any service or company can prevent access to its ecosystem. Simply replacing an existing credential (email + password) with a DID, does not re-write terms and conditions for any service. This fact may not sit well with people, but it is essential to be transparent and offer the truth.

Portability

We can take DIDs wherever we go because we own and control our own. We need no intermediary approval to leave or take our data. There is more when we add the concept of verifiable credentials, which we will cover later in this series. This feature may not seem important, but this becomes a huge relief for anyone without access to identifying documents or who has suffered any loss of records. Controlling all of our data makes recovering or building a dossier of documents accessible and sustainable over a lifetime.

Blockchain

The last thing we will discuss is what gets written on the blockchain. Not all DIDs have to get published to the blockchain. It is possible to have unpublished DIDs, and they are functional. What is important to differentiate is when issuing credentials, the issuing DID must be on the blockchain. There is not a right, wrong or specific application for published or unpublished DIDs–it is merely a preference.

Wrap up

DIDs are the Bilröst to Asgard, the tool that allows us to enter a decentralized ecosystem. DIDs are extraordinarily important for access, anti-censorship, privacy, and portability. While DIDs serve a specific purpose, the real utility comes with verifiable credentials–which we will cover next in this series.

Spread the word

Keep reading