Decentralized Identifiers resolve to DDOs (DID descriptor objects)—simple JSON documents that contain all the metadata needed to prove ownership and control of a DID. Specifically, a DDO contains a set of key descriptions— machine-readable descriptions of the identity owner’s public keys—and a set of service endpoints—resource pointers necessary to initiate trusted interactions with the identity owner. Each DID uses a specific DID method, defined in a separate DID method specification, to define how the DID is registered, resolved, updated, and revoked on a specific distributed ledger or network.
Motivations for Decentralized Identifiers#The growing need for a Decentralized Identifier has produced three specific requirements for a new type of URI that fits within the URI/URL/URN architecture, albeit in a less than traditional way:
- A URI that is persistent like a URN yet can be resolved or de-referenced to locate a resource like a URL. In essence, a DID is a URI that serves both functions.
- A URI that does not require a centralized authority to register, resolve, update, or revoke. The overwhelming majority of URIs today are based on DNS names or IP addresses that depend on centralized authorities for registration and ultimate control. DIDs can be created and managed without any such authority.
- A URI whose ownership and associated metadata, including public keys, can be cryptographically verified. Control of DIDs and DDOs leverages the same public Key/private Key cryptography as Distributed Ledger Technology.
More Information#There might be more information for this subject on one of the following:
- [#1] - DID (Decentralized Identifier) Data Model and Generic Syntax 1.0 - based on information obtained 2016-12-01-