Concept
1. Definition of DID
A string that identifies a resource — a globally unique identifier
https://www.w3.org/TR/did-core
Decentralized Identifiers (DIDs) v1.0
This section is non-normative. This section contains a variety of security considerations that people using Decentralized Identifiers are advised to consider before deploying this technology in a production setting. DIDs are designed to operate under the t
www.w3.org
2. Comparison with the WWW's URI
URI: every web identifier - a string in a specific format that makes a string globally unique on the WWW
URL: network location - a URI that can be used on the Web to find the location of a representation of that resource
URN: persistent name
DID is a URI that can be either a URL or a URN, and that can be resolved to obtain a standardized set of information (metadata) about the resource identified by the DID. It depends on cryptography (cryptographic verification and decentralization).
3. DID's 4 core properties.
1) Permanent (permanent, persistent) — the identifier doesn't need to be changed.
2) Resolvable identifier — can be looked up to find metadata.
3) Cryptographically verifiable identifier — control can be proven using cryptography.
- used to generate the DID
- since a DID is associated with exactly one public key/private key pair, controller of the private key = controller of the DID, which is provable
4) Decentralized identifier — no centralized registration authority is required.
- a centralized registry decides whether a particular identifier is unique and only registers it if it is unique
4. DID format
did = "did : method-name : method-specific-id"
method-name = 1*method-char
method-char = %x61-7A / DIGIT
method-specific-id = *( *idchar ":" ) 1*idchar
idchar = ALPHA / DIGIT / "." / "-" / "_" / pct-encoded
pct-encoded = "%" HEXDIG HEXDIG
(1) Schema, (2) Method — based on blockchain or other distributed ledgers; on creation or update, a transaction is written to that ledger; choose a technology suitable for the specific use case from various implementation technologies, (3) sub-string identifier of the method (always guaranteed to be unique within the did method namespace, and recommended to be globally unique as well)
*Adopters' evaluation criteria for how well requirements are met [ rubric https://w3c.github.io/did-rubric ]
DID Method Rubric v1.0
Component Requirements The primary components managed by this registry are criteria for evaluating DID Methods, with as many as eight subcomponents: name, id, version, question, responses, relevance, examples, and, optionally, a source. In addition, the DI
w3c.github.io
2) The DID URL Syntax ABNF Rules
did-url = did path-abempty [ "?" query ] [ "#" fragment ]
3) Comparison of WWW and SSI url rules
| https://host.domain-name.com:8080/file-path/file-name?key=value&key=value#index-name (1-protocol) (2-domain) (3-path) (4-port) (5-parameter=parameter) (6-fragment=anchor=index) |
Domain name (DNS) |
| did : method-name : method-specific-id#index-name did : method-name : method-specific-id?query-name did : method-name : method-specific-id/file-path?query-name#index-name did : method-name : method-specific-id?query-name=/file-path?query-name#index-name (1-did) (2-did url : path parameter=parameter fragment=anchor=index ) |
Decentralized ID (DID) |
Comparison 01: in services running on the WWW, the port address is usually omitted. In the case of DID, the method-specific-id, which sits in a position similar to the port, is not omitted.
Comparison 02: when multiple parameters are used in www, they are joined with & , but in DID they are joined with ?
Comparison 03: W3C maintains recommendations for parameter naming used in parameters. While considering extensibility, to maximize interoperability they operate a recommended specification. Through this, when the same DID parameter is used even when it operates with a different semantic system, they prevent mutual conflict.
How it works
1. DID resolver resolver
- Looks up a standardized data structure called a DID document
- Just as a DNS resolver (a protocol for resolving a domain name url to an IP address) receives a host name (www.example.com) from a web browser or other application and tracks down the IP address for that host name, a DID resolver refers to a service or server that provides a DID document for a DID
*HTTP — a protocol for retrieving a resource representation url from a web server
- Rather than thinking of it as a concrete protocol, you should regard it as an abstract function or algorithm that takes a DID (along with additional parameters) as input and returns a DID document (along with additional metadata) as a result.
2. Sample DID document
{
"@context": "[<https://www.w3.org/ns/did/vl>](<https://www.w3.org/ns/did/vl>)",
"id": "did:example:123456789abcdefghi",
"authentication":[{
"id": "did:example:123456789abcdefghi#keys-1",
"type": "Ed25519VerificationKey2018",
"controller": "did:example:123456789abcdefghi",
"publicKeyBase58" : "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}],
"service": [{
"id": "did:example:123456789abcdefghi#vcs",
"type": "VerifiableCredentialService",
"serviceEndpoint": "[<https://example.com/vc/>](<https://example.com/vc/>)"
}]
}
https://www.aladin.co.kr/shop/wproduct.aspx?ItemId=290964757
Mastering Self-Sovereign Identity
This book covers how, after receiving digitally signed credentials through self-sovereign identity, you store them in a personal digital wallet and securely prove your identity online. Inspired by blockchain, this pa
www.aladin.co.kr
