DID Authentication


DID Authentication (DID Auth) is the mechanism by which an entity can cryptographically prove that they are associated with a DID and DID Description.

Authentication is separate from Authorization because an entity may wish to enable other entities to update the DID Document, for example, to assist with key recovery without enabling them to prove ownership (and thus be able to impersonate the entity.

The rules for Authentication are:

DID Authentication Example#

  "@context": "https://w3id.org/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    // this key can be used to authenticate as DID ...fghi
    "type": "RsaSignatureAuthentication2018",
    "publicKey": "did:example:123456789abcdefghi#keys-1"
  }, {
    // this key can be used to authenticate as DID ...fghi
    "type": "PseudonymousBiometricAuthentication2018",
    "biometricTemplate": "did:example:123456789abcdefghi#bio-1"

DID Authentication and Self-Issued OpenID Provider#

The current DID Authentication Working Group working in coordination with editors of the OpenID Connect specification to combine the knowledge from the DIF community and the OpenID Foundation and are using Self-Issued OpenID Provider for DID Authentication within the Verifiable Credentials.

SIOP in the Context of W3C Verifiable Credentials

More Information#

There might be more information for this subject on one of the following: