DIDs Demystified

Decentralized Identifiers (DIDs) are unique identifiers that enable digital entities (such as people, organizations, and things) to create and control their own identities, independent of any centralized authority. DIDs can be created and managed by anyone and can be used to authenticate and verify the identity of their owner.

Why do we think DIDs are valuable? They enable entities to prove control over related information, and allow parties to mutually authenticate using cryptographic proofs such as digital signatures. DIDs can be scoped to specific contexts and can be used to control how much information is shared in any type of identity transaction.

The Portabl ‘recipe’ combines DIDs and VCs (verifiable credentials). A DID acts as the unique identifier and refers to a DID document (not PII), which contains pseudonymous, public cryptographic material for verification, encryption and decryption. DIDs also serve as a way for two entities to mutually authenticate and begin secure communication with the entity who is in control of a given identity (see: DIDComm). The DID does the heavy lifting to prove ownership of off-chain data, structured as VCs that represent machine-readable credentials — KYC credentials, a passport credential, etc.

As of 2022, DIDs attained full W3C recommendation (opens in a new tab). According to the spec abstract:

Each DID document can express cryptographic material, verification methods, or services, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Services enable trusted interactions associated with the DID subject. A DID might provide the means to return the DID subject itself, if the DID subject is an information resource such as a data model.

Figure 2 Overview of DID architecture and the relationship of the basic components. See also: narrative description. (opens in a new tab)

At Portabl, we use DIDs to provide our users with complete control over their identities and personal data.

Instead of relying on centralized identity providers, Portabl users get pair-wise off-chain DIDs generated for various contexts and act as identity provider of them selves (see SIOPv2 (opens in a new tab) spec), ensuring that their personal information and credentials remain secure and under their own control.

In particular scenarios it might involve anchoring DID on a decentralized network. The method of anchoring is defined by the DID method (opens in a new tab) — a mechanism by which a particular type of DID (opens in a new tab) and its associated DID document (opens in a new tab) are created, resolved, updated, and deactivated.

We primarily utilize DID:ION (opens in a new tab).

ION is a public, permissionless, Decentralized Identifier (DID) network (not a sidechain or consensus system) that implements the blockchain-agnostic Sidetree protocol on top of Bitcoin (as a 'Layer 2' overlay) to support DIDs/DPKI (Decentralized Public Key Infrastructure) at scale, so no company, organization, or group owns/controls the identifiers and DPKI entries in the system, and no one dictates who can participate.

DIDs are important to Portabl because they enable our users to own and control their digital identities, giving them greater privacy, security, and control over their personal information. By using DIDs, Portabl can eliminate the need for a centralized authority to manage user identities, reducing the risk of data breaches and giving users complete control over their personal information.