Decentralized Identifier (DID)
What is Decentralized Identifier (DID)?
Decentralized Identifier (DID)A W3C-standard identifier that a subject controls directly, independent of any centralized registry, and that resolves to a cryptographic key material document.
A DID is a globally unique identifier defined by the W3C DID Core specification that lets people, organizations, devices, or services prove control of an identifier without relying on a centralized registry, identity provider, or certificate authority. Each DID resolves through a method-specific resolver to a DID Document containing public keys, authentication methods, and service endpoints. Different DID methods anchor the document in blockchains, key-event logs, the DNS, or peer-to-peer channels. DIDs are a foundational building block for self-sovereign identity, verifiable credentials, and privacy-preserving authentication, enabling users to present cryptographically signed claims without disclosing identifiers controlled by a third party.
● Examples
- 01
did:web:example.com mapping to a DID Document hosted at https://example.com/.well-known/did.json.
- 02
did:key encoding an Ed25519 public key directly as the identifier, with no on-chain dependency.
● Frequently asked questions
What is Decentralized Identifier (DID)?
A W3C-standard identifier that a subject controls directly, independent of any centralized registry, and that resolves to a cryptographic key material document. It belongs to the Identity & Access category of cybersecurity.
What does Decentralized Identifier (DID) mean?
A W3C-standard identifier that a subject controls directly, independent of any centralized registry, and that resolves to a cryptographic key material document.
How does Decentralized Identifier (DID) work?
A DID is a globally unique identifier defined by the W3C DID Core specification that lets people, organizations, devices, or services prove control of an identifier without relying on a centralized registry, identity provider, or certificate authority. Each DID resolves through a method-specific resolver to a DID Document containing public keys, authentication methods, and service endpoints. Different DID methods anchor the document in blockchains, key-event logs, the DNS, or peer-to-peer channels. DIDs are a foundational building block for self-sovereign identity, verifiable credentials, and privacy-preserving authentication, enabling users to present cryptographically signed claims without disclosing identifiers controlled by a third party.
How do you defend against Decentralized Identifier (DID)?
Defences for Decentralized Identifier (DID) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Decentralized Identifier (DID)?
Common alternative names include: DID, Decentralized identity ID.
● Related terms
- identity-access№ 1005
Self-Sovereign Identity (SSI)
An identity model in which individuals or organizations hold and present their own credentials directly, without relying on a central identity provider.
- identity-access№ 1200
Verifiable Credential
A tamper-evident, cryptographically signed statement issued by one party about a subject, expressed in the W3C Verifiable Credentials Data Model.
- identity-access№ 320
Digital Identity
The combination of identifiers, credentials, and attributes that represents a person, organization, or device in online systems.
- network-security№ 878
Public Key Infrastructure (PKI)
The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.
- cryptography№ 1265
Zero-Knowledge Proof (ZKP)
A cryptographic protocol in which a prover convinces a verifier that a statement is true without revealing anything beyond the validity of the statement itself.