Inferensys

Glossary

Decentralized Identifier (DID)

A W3C standard for a globally unique, persistent identifier that does not require a centralized registration authority and is often generated and registered in a distributed ledger.
Engineer deploying small language model to edge device, IoT sensor visible on desk, technical hardware setup in bright workspace.
W3C STANDARD

What is Decentralized Identifier (DID)?

A Decentralized Identifier (DID) is a globally unique, persistent identifier that does not require a centralized registration authority and is often generated and registered in a distributed ledger.

A Decentralized Identifier (DID) is a new type of globally unique identifier defined by the W3C that enables verifiable, decentralized digital identity. Unlike traditional identifiers (e.g., email addresses, domain names) that depend on a central authority for resolution, a DID is controlled entirely by the subject it identifies. The identifier's core syntax is a URI string composed of a scheme (did), a method (example), and a method-specific identifier (123abc), forming a complete reference like did:example:123abc.

Resolution of a DID to a DID Document—a JSON-LD file containing the subject's public keys and service endpoints—is performed by a method-specific resolver, often using a Verifiable Data Registry such as a distributed ledger or decentralized network. This architecture forms the foundational layer of Self-Sovereign Identity (SSI) , enabling the creation of Verifiable Credentials and cryptographically proving ownership without an intermediary.

ARCHITECTURAL PRINCIPLES

Core Characteristics of DIDs

Decentralized Identifiers are not just IDs; they are a new identity layer for the internet. These core characteristics define how DIDs fundamentally differ from traditional identifiers like email addresses or usernames.

01

Decentralized Control

DIDs eliminate the requirement for a centralized registration authority. Unlike traditional identifiers issued by a single organization, a DID is generated and managed directly by the identity owner (the DID subject). Control is established through cryptographic proofs, typically using a blockchain or other distributed ledger as a verifiable data registry, ensuring no single entity can revoke or take away the identifier.

No Central Authority
Governance Model
02

Persistent & Platform-Independent

A DID is designed to be a long-lived, permanent identifier. Once created, it does not need to change even if the underlying hosting provider, cryptographic keys, or service endpoints are updated. This persistence is achieved by decoupling the identifier from the network location or specific service provider, preventing vendor lock-in and ensuring the identity remains valid indefinitely.

03

Cryptographically Verifiable

Ownership and control of a DID are proven mathematically. Each DID is associated with a DID document containing public keys. The DID subject can sign credentials or authenticate using the corresponding private key. A verifier can resolve the DID to its document and use the public key to cryptographically confirm the signature, establishing non-repudiation without contacting a central authority.

04

Resolvable to a DID Document

A DID itself is just a URI. Its true power lies in its resolution to a DID document—a JSON-LD file stored on a verifiable data registry. This document acts as a service endpoint map, containing:

  • Public keys for authentication
  • Service endpoints for interaction
  • Proofs of ownership This mechanism separates the stable identifier from its dynamic, updatable metadata.
05

Interoperable by W3C Standard

DIDs are governed by the W3C Decentralized Identifiers specification, ensuring broad interoperability across different networks and systems. The standard defines a generic syntax (did:method:unique-id) and a common data model. This allows different DID methods (e.g., did:web, did:ethr, did:key) to be used within the same application architecture, preventing fragmentation in the decentralized identity ecosystem.

DECENTRALIZED IDENTIFIER CLARIFICATIONS

Frequently Asked Questions

Direct answers to the most common technical and architectural questions about the W3C Decentralized Identifier standard, its infrastructure, and its relationship to cryptographic attestation.

A Decentralized Identifier (DID) is a globally unique, persistent identifier that does not require a centralized registration authority and is formatted as a URI conforming to the W3C DID Core specification. A DID functions by resolving to a DID Document—a JSON-LD file containing the public keys, service endpoints, and authentication protocols associated with the identifier. The architecture relies on three components: the DID subject (the entity identified), the DID controller (who holds the private keys to update the DID Document), and a verifiable data registry (such as a distributed ledger, blockchain, or decentralized file system) where the DID Document is stored. When a verifier receives a credential signed with a DID, they resolve the DID to its document, extract the public key, and cryptographically verify the signature. This decouples identity from any single provider, enabling self-sovereign identity architectures.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.