Inferensys

Glossary

Decentralized Identifier (DID)

A globally unique, persistent identifier that does not require a centralized registration authority and is often used as the subject of a verifiable credential.
Developer demonstrating multi-agent tool use, agent tool selection interface on laptop, casual tech demo moment.
SELF-SOVEREIGN IDENTITY

What is a Decentralized Identifier (DID)?

A foundational W3C standard for persistent, globally unique identifiers that are cryptographically verifiable and require no centralized issuing authority.

A Decentralized Identifier (DID) is a globally unique, persistent identifier that does not require a centralized registration authority and is cryptographically verifiable. It is a new type of Uniform Resource Identifier (URI) that enables a verifiable, self-sovereign digital identity, decoupled from centralized registries, identity providers, and certificate authorities.

A DID resolves to a DID Document, a JSON-LD file containing the public keys, authentication protocols, and service endpoints necessary to initiate trusted interactions with the identified subject. This architecture forms the core of the W3C Verifiable Credentials ecosystem, enabling the subject to prove control without an intermediary.

Architectural Pillars

Core Properties of DIDs

Decentralized Identifiers are not merely addresses; they are a new identity layer for the internet defined by a specific set of immutable architectural properties. These properties ensure that DIDs are globally unique, cryptographically verifiable, and resistant to censorship, forming the foundational trust layer for verifiable credentials and data provenance.

02

Cryptographic Verification

Control over a DID is asserted cryptographically, not through a password reset email. Every DID document contains verification methods (public keys) that enable the DID subject to prove ownership.

  • Possession-Based Control: The entity controlling the private key controls the identifier.
  • Key Rotation: Public keys can be rotated without changing the persistent DID, enabling security recovery.
  • Digital Signatures: Any assertion (like a Verifiable Credential) can be signed and verified against the DID document's keys.
03

Persistence

A DID is designed to be a persistent identifier that does not require a continued relationship with the original registrar. Once created and anchored to a Verifiable Data Registry, the identifier is permanent.

  • Long-Lived Identifiers: Ideal for lifelong credentials like academic degrees or professional certifications.
  • No Renewal Fees: Unlike domain names, there is no recurring lease to maintain ownership.
  • Immutable Record: The initial creation event is permanently recorded on the underlying ledger.
05

Platform Independence

DIDs are abstracted from the underlying systems that host them. The DID method (the part after the colon in did:example:123) defines the specific syntax and operations, but the core data model remains consistent.

  • Method Agnosticism: The ecosystem supports hundreds of methods (did:web, did:key, did:ethr) without breaking interoperability.
  • Cross-Ledger Portability: A DID can theoretically be migrated across different networks if the method supports it.
  • Universal Syntax: All DIDs follow the generic URI scheme did:method-name:method-specific-id.
06

Self-Sovereignty

DIDs empower the DID subject (person, organization, or device) with ultimate autonomy over their digital identity. The subject can create, update, and deactivate their own identifier without asking a third party for permission.

  • User-Controlled Data: The subject decides which claims to share and with whom via Verifiable Presentations.
  • Minimal Disclosure: Zero-Knowledge Proofs can be used with DIDs to prove statements without revealing the raw underlying data.
  • Direct Ownership: The identifier is a digital asset owned directly by the subject, not a rented account from a platform.
DECENTRALIZED IDENTIFIER (DID) FAQ

Frequently Asked Questions

Clear, technical answers to the most common questions about the architecture, resolution, and security model of W3C Decentralized Identifiers.

A Decentralized Identifier (DID) is a globally unique, persistent identifier that does not require a centralized registration authority and is cryptographically verifiable. It functions as a Uniform Resource Identifier (URI) that associates a DID subject with a DID document containing cryptographic material, service endpoints, and verification methods. The core mechanism relies on three components: the DID scheme (did:), a DID method (e.g., did:web, did:ethr, did:key), and a method-specific identifier. When resolved through a DID resolver, the identifier returns its associated DID document from a verifiable data registry—which can be a distributed ledger, blockchain, or decentralized file system. This architecture enables self-sovereign identity, where the controller of the DID can rotate keys, update service endpoints, and prove control without relying on a certificate authority or identity provider.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.