Decentralized Identifiers (DIDs) have recently gained more attention for being one of blockchain’s most exciting use cases, and the hype is well founded. In concept, DIDs aim to use cutting-edge cryptography and unique identifiers to enable users to validate themselves online, while still dictating when and how that identity data is used. Put simply, Decentralized IDs have the potential to help internet users around the world wrest back control of their data from the corporations that presently control it.
As the technology matures, DIDs could turn out to be a significant breakthrough for individual data governance, and it very well may usher in a new age of self-sovereign identity as well. And this is really one of the main benefits of DIDs – the ability to have full control over one’s digital identity, and how that identity is leveraged by corporations online. We presently need to hand over our identification data in its entirety to sign up for an app or online service – but with the advent of DIDs, this will become a thing of the past. DIDs are resistant to censorship, and they give users an unprecedented amount of control over how their personal data is used online. In addition to improved data governance, DIDs also offer the added benefit of increased security. The security benefits of blockchain are well-known, and DIDs show that the technology has the potential to transform much more than simply the financial markets.
In this piece, we’ll dive into how DIDs work from a technical standpoint, and then take a step back to assess the broader implications for the consumer internet industry as a whole.
What is a Decentralized ID?
DIDs can be created by any user, at any time, and for any reason. The DID itself consists of two main components: a unique individual identifier, and a “DID Document,” which is a record of when the DID was created, and the permission set for its usage. DID Documents don’t contain any personally identifiable information; rather, they contain detail around the terms of the cryptographic contract. DIDs, on the other hand, exist in two flavors: public and pairwise. Public DIDs are ideal for storing small snippets of data that you’re comfortable with sharing publicly (such as your name, and perhaps a brief description of yourself), while Pairwise DIDs are better when you want to use an application while still preserving your privacy.
These DID Documents are then stored on an “Identity Hub”, which is a replicated network of datastores from mobile and desktop images alike. Identity Hubs allow user data to interact with other platforms through a User Agent Application, with all data transfer taking place over an edge-encrypted network.
That said, Decentralized IDs require additional infrastructure to be in place before they can be used across multiple platforms. Let’s now take a look at how verification for DIDs works, and how blockchain helps facilitate the entire process from end to end.
How do Decentralized IDs work?
Although the mass-market use cases for DIDs are still on the horizon, researchers at companies like Microsoft and IBM have already thought through the technical aspects of how DIDs will be put into action – and the result is an elegant solution that leverages blockchain technology and existing encryption technology to ensure that users’ identification data stays secure throughout.
The workflow below (developed by researchers at Microsoft) does a great job of depicting how DIDs work in practice. Users first need to use a User Agent App to create their own DID, and define the permissions for how their data should be used. Similar to how a web browser is used to navigate the internet, a User Agent App can be used to navigate the entirety of one’s online identity. One’s actual identity data will live off-chain, but can be accessed and shared with online services via the User Agent App. Once data permissions have been defined, users can then use the User Agent App to push their unique DID data payload to the decentralized system of their choice. Once this happens, verification takes place and the user can begin using a given application with their pre-defined permission set.
Source: Microsoft’s Decentralized Identity teamIn order to retrieve a user’s DID data, most applications generally leverage a Universal Resolver, which is able to interface with the underlying decentralized systems and find the DID Documents that are necessary for verification. Universal Resolvers act as a standardized way for looking up and verifying DIDs across multiple decentralized systems, and they have the ability to retrieve DID Documents as well.
Managing all of this data are Identity Hubs, which act as the foundation for decentralized, user-permissioned applications. Identity Hubs primarily run based on a user’s off-chain identity data store, and they act as the go-between for User Agent Apps and third-party decentralized platforms. When being used for the verification of credentials or documents, Identity Hubs can also provide Attestations to decentralized applications that require them. Attestations are digital certificates signed with a user’s DID that verify a claim. Think of attestations as digital endorsements from key trust providers (like your university or previous employer) that certify. In a world where anyone can get a DID, Attestations provide the verification necessary to know that a given DID is “real”. For example, a university could digitally sign an Attestation stating that a given user has graduated, and even include a verified copy of their transcripts. Once issued and signed, Attestations can then be cryptographically verified and used by Identity Hubs in a cross-platform environment.
What does the near future look like for DIDs?
It’s clear that DIDs have the potential to transform user privacy as we know it. By giving control over personal data back to the user, DIDs are poised to finally make the concept of a self-sovereign online identity a reality. And even today, real-world use cases are already being worked on – Microsoft has already announced its own decentralized digital identity solution (now in testing), and industry heavyweight IBM has even created a team dedicated to figuring out a technical solution for DIDs. Leading the charge on this front is the Decentralized Identity Foundation, which is working on building the foundational technical elements needed to create an online ecosystem for decentralized identities.
Here at Unitychain.io, we believe that DIDs are a critical component of our decentralized future. DIDs give all of us the ability to dictate when and how our data is used, and the decentralized nature of this technology lends itself well to interoperability with multiple online platforms. Our vision is that in the future, Unitychain will act as the software layer that enables this interoperability while giving users an unprecedented level of security and reliability on any network. More on this soon!