Definition:
Decentralized Identity (DID) is a W3C standard for self-sovereign digital identifiers that exist independently of any central registry or issuer — allowing individuals to create, control, and prove ownership of their identity without relying on platforms like Google, government databases, or certificate authorities. DIDs are paired with Verifiable Credentials (VCs) issued by trusted third parties (employers, governments, institutions), which users can selectively disclose to verifiers — proving claims about themselves without giving away underlying data.
Core Concepts
DID Identifier — What It Looks Like:
A DID is a URI string of the form:
“`
did:method:method-specific-id
“`
Examples:
did:ethr:0xabcd1234...— Ethereum-based DIDdid:key:z6Mkp...— Key-based DID (self-certifying)did:web:example.com— Web-hosted DIDdid:ion:EiC...— ION (Bitcoin-anchored DID from Microsoft)
The “method” defines how the DID is created and resolved.
DID Document:
Each DID resolves to a DID Document — a JSON-LD object that contains:
- Public keys (for authentication and key agreement)
- Service endpoints (contact URLs, credential issuance URLs)
- Verification methods
- Authorization relationships
DID Resolution:
DID Resolvers convert a DID string into its DID Document. Resolvers may query a blockchain, a distributed hash table, a web server, or other storage depending on the method.
Verifiable Credentials (VCs)
DIDs become useful when paired with Verifiable Credentials — cryptographically signed attestations:
| Component | Description |
|---|---|
| Issuer | Entity making the claim (e.g., university issuing a diploma) |
| Subject | Holder of the credential (identified by their DID) |
| Claim | The statement being made (“Alice has a Bachelor’s degree”) |
| Proof | Cryptographic signature from the issuer |
The holder stores VCs in a wallet. When presenting to a verifier, they can use:
- Full disclosure — share the entire VC
- Selective disclosure — share only specific fields (e.g., “over 18” without revealing birthdate)
- ZK proofs — prove membership or range conditions without revealing underlying data
Privacy Properties
Standard VCs reveal data. Privacy-enhancing VCs use:
- BBS+ signatures — allow selective disclosure of individual attributes from a multi-attribute credential
- SD-JWT — W3C + IETF approach to selective disclosure using JSON Web Tokens
- ZK-based credentials — Polygon ID, Sismo, and Anon Aadhaar use ZK proofs to verify claims without exposing the VC itself
Major DID Methods and Ecosystems
| Method | Anchoring | Notable Use |
|---|---|---|
did:ethr |
Ethereum | ERC-1056, Ethereum DID Registry |
did:key |
Self-certifying | Lightweight, no on-chain dependency |
did:ion |
Bitcoin (PoW ordering) | Microsoft’s ION network |
did:web |
DNS/HTTPS | Enterprise, easy interop |
did:polygonid |
Polygon | ZK identity (Polygon ID) |
Practical Applications
- Soulbound Tokens (SBTs) — Non-transferable NFTs can serve as on-chain VCs
- KYC without centralization — A user can prove KYC compliance without sharing passport data with a DEX
- Professional credentials — Universities issue on-chain diplomas resolvable forever
- DAO voting — Token-independent reputation voting using VCs (guild.xyz, Orange Protocol)
- Login (SIWE / Sign-In with Ethereum) — Ethereum address as a DID, wallets as authentication devices
W3C DID Core Specification
The W3C DID Core 1.0 specification became an official W3C Recommendation in July 2022. It defines:
- The DID syntax and structure
- The DID Document format
- The DID Resolution protocol
- Conformance requirements for DID methods
Related Terms
Sources
- W3C DID Core Specification — The official W3C standard defining the DID model.
- Verifiable Credentials Data Model — W3C specification for cryptographic credentials.
- DIF — Decentralized Identity Foundation — Industry consortium developing DID-adjacent standards.
- DID Methods Registry — Registry of all registered DID methods.
Last updated: 2026-04