DID
Last updated
Last updated
As conceptualized and standardized by the W3C, the Decentralized Identifiers, or DIDs, are a new type of identifier that enables verifiable, decentralized digital identity.
Before diving into the DID World, let's read the overview of DID architecture and the relationship between the basic components.
A DID may represent an entity - for example a person, an organization, or even a machine. A Decentralised Identifier (DID) is a string uniquely identifying each user. The DID can contain multiple different keys for purposes such as encryption, signature, authentication, etc.
Narrative Description
DIDs and DID URLs
DID subjects/holder
DID controllers
DID documents
Issuer
Issuers are entities that issue credentials to a Holder.
Claim
An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.
Verifiable Credential
To get more details of DID architecture components, or to know more about the terminology of DID, you can reach out for Credential Manifest by DIF and Decentralized Identifiers (DIDs) v1.0 by W3C
The namestring that shall identify this DID method is: zk
A DID that uses this method MUST begin with the following prefix: did:zk
. Per the DID specification, this string MUST be in lowercase.
The remainder of the DID, after the prefix, is specified below.
For now, the ZK DID method specific identifiers are categorized as two DID types, EVM-based DID
and Non-EVM-based DID
.
A ZK EVM-based DID has the following structure:
A ZK Non-EVM-based DID has the following structure:
did:zk:0x51fA67337...82EB6a9B22A
EVM-based DID
a did
which relates to a brand new Ethereum
address -- '0x51fA67337...82EB6a9B22A'
did:zk:sui:0xd5059a902ad02b...7ceaf7d6
Non-EVM-based DID
a did
which relates to a brand new Non-EVM-based
address -- '0xd5059a902ad02b...7ceaf7d6'
The example DID above resolves to a DID document. A DID document contains information associated with the DID, such as ways to cryptographically authenticate a DID controller.
The DID ecosystem is based on public key infrastructures where only the owner of the private key has full authorization of the DID. This is similar to blockchain-based systems, in which the users control their assets. This leads to the following issues regarding the system when in use:
Recovering a lost private key is extremely difficult;
Once your private keys are stolen, malicious acts like impersonation may cause 'you' to misbehave.
As described above, a DID is bound to an entity. So, the user could identify themselves with DID, the developers may distinguish them via DID. We design the API (DID Request Method) for developers to get user DID.
A DID can be resolved to a DID document stored in a Decentralized Data Registry (e.g. a blockchain). This document contains several keys: a signing key, an encryption key, etc., and optionally a link to a DID service endpoint. DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions associated with that subject. Each DID document contains information regarding cryptographic material, verification methods, or service endpoints, which the document provides a set of mechanisms enabling a DID subject to prove ownership of control of the DID.
Currently, two public key and signing algorithms are supported:
Ed25519
-- the EdDSA signature scheme using SHA-512 (SHA-2) and Curve25519.
Secp256k1
with the ECDSA algorithm -- defined in Standards for Efficient Cryptography (SEC) (Certicom Research).
X25519
-- is an elliptic curve Diffie-Hellman key exchange using Curve25519. It allows two parties to jointly agree on a shared secret using an insecure channel.
The construction of DID Document
We offer several APIs for the usage of DID-Keys, please check the API (DID-Keys Method) for more specification.
A Decentralized Identifier, or , is a URI composed of three parts: the scheme did:
, a method identifier, and a unique, method-specific identifier specified by the DID method. DIDs are resolvable to DID documents.
The / of a DID is, by definition, the entity identified by the DID. The DID subject/holder might also be the DID controller.
A is an entity that is authorized to make changes to a DID document. The process of authorizing a DID controller is defined by the DID method.
contain information associated with a DID. They typically express verification methods, such as cryptographic public keys, and services relevant to interactions with the DID subject.
A standard data model and representation format for cryptographically-verifiable digital credentials as defined by the W3C Verifiable Credentials specification .