Inferensys

Glossary

Decentralized Identifier (DID)

A W3C standard for a globally unique, persistent identifier that does not require a centralized registration authority and is often generated and controlled by the subject of the identifier using a distributed ledger.
Engineer deploying small language model to edge device, IoT sensor visible on desk, technical hardware setup in bright workspace.
W3C IDENTITY STANDARD

What is a Decentralized Identifier (DID)?

A foundational specification for user-controlled, globally unique digital identifiers that operate independently of centralized registries.

A Decentralized Identifier (DID) is a W3C standard for a globally unique, persistent identifier that does not require a centralized registration authority and is generated, owned, and controlled by the subject of the identifier, typically using cryptographic proofs registered on a distributed ledger or decentralized network. Unlike traditional email addresses or usernames tied to a specific provider, a DID resolves to a DID Document containing the public keys and service endpoints necessary to authenticate the subject and establish secure, private interactions without intermediaries.

The architecture relies on three core components: the DID subject (the entity identified), the DID method (a specific implementation defining how DIDs are created, read, updated, and deactivated on a particular verifiable data registry), and the DID resolver (a software component that takes a DID as input and fetches the corresponding DID Document). This framework serves as the identity layer for Verifiable Credentials, enabling entities to issue and cryptographically prove claims about themselves without revealing correlatable personal data, forming the backbone of self-sovereign identity ecosystems.

FOUNDATIONAL ARCHITECTURE

Core Properties of DIDs

Decentralized Identifiers are not just IDs; they are a new digital identity layer defined by a specific set of architectural properties that ensure user control, security, and interoperability.

01

Decentralization

DIDs fundamentally operate without a central registration authority. Unlike traditional identifiers (email addresses, domain names) that rely on a single organization like ICANN or Google, DIDs are rooted in distributed ledger technology (DLT) or peer-to-peer networks. This eliminates a single point of failure and censorship, ensuring that no third party can arbitrarily revoke or deny the existence of an identifier. The subject of the DID retains ultimate control over its lifecycle.

No Central Authority
Governance Model
02

Cryptographic Verifiability

Control over a DID is proven mathematically, not through a username and password stored in a corporate database. Each DID is associated with a DID document containing public keys. The subject proves ownership by signing challenges with the corresponding private key. This enables robust, passwordless authentication where a verifier can cryptographically confirm the identity of the controller without needing to contact a centralized identity provider.

Public Key Infrastructure
Underlying Mechanism
03

Persistence

Once created, a DID is designed to be a permanent, long-lived identifier. It does not depend on a single service provider that could go out of business or change its terms of service. The identifier persists for as long as its underlying distributed ledger or network exists. This property is critical for long-term digital relationships, such as issuing a university degree or a professional certification that must remain verifiable for decades.

04

Resolvability

A DID is not just a random string; it is a URI that can be resolved to a standard data structure called a DID document. This document acts as a machine-readable identity profile, containing the public keys, service endpoints, and verification methods necessary to interact with the subject. The resolution process, defined by the DID method, is the mechanism that makes the identifier actionable for secure communication and authentication.

DID Document
Resolves To
05

Self-Sovereignty

The architecture of DIDs empowers the subject—the person, organization, or device—with direct control over their digital identity. The subject can create, update, and deactivate their own DID without needing permission from an intermediary. This principle of self-sovereignty is the core philosophical driver, enabling individuals to manage their own identity data and decide what information to share, with whom, and under what conditions.

06

Interoperability

As a W3C standard, DIDs are designed for universal compatibility across different networks, blockchains, and software ecosystems. A DID created on one method (e.g., did:ethr) can be understood and verified by any system that implements the DID Core specification. This prevents vendor lock-in and allows a single digital identity to be used across a diverse range of applications, from logging into a website to signing a legal document.

DECENTRALIZED IDENTIFIER FUNDAMENTALS

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the W3C Decentralized Identifier standard, its architecture, and its role in verifiable digital trust ecosystems.

A Decentralized Identifier (DID) is a W3C standard for a globally unique, persistent identifier that does not require a centralized registration authority and is generated, owned, and controlled by the subject of the identifier. A DID functions as a URI that resolves to a DID Document—a JSON-LD file containing the public keys, authentication protocols, and service endpoints necessary to interact with the identified subject. The core mechanism relies on three components: the did scheme prefix, a DID method (e.g., did:web, did:ethr, did:key) that defines how the identifier is created, read, updated, and deactivated on a specific verifiable data registry (often a distributed ledger or blockchain), and a method-specific identifier string. When a verifier receives a DID, they resolve it through the method's specified resolver to retrieve the associated DID Document and verify cryptographic proofs, enabling self-sovereign identity without intermediaries.

IDENTITY ARCHITECTURE COMPARISON

DID vs. Traditional Identifiers

A structural comparison of Decentralized Identifiers against conventional identity systems across key architectural and trust dimensions.

FeatureDecentralized Identifier (DID)Federated Identity (OAuth/OIDC)Centralized Identifier (Email/Username)

Registration Authority

None required; generated by subject

Federation hub (e.g., Google, Okta)

Single service provider

Persistence

Permanently bound to subject

Persistent until provider revokes

Provider-dependent; can be reassigned

Cryptographic Verifiability

Subject Control of Identity

Resolution Mechanism

DID Document via DID Resolver

Provider discovery endpoint

Internal database lookup

Interoperability Standard

W3C DID Core Specification

OAuth 2.0 / OpenID Connect

Proprietary per platform

Revocation Capability

Subject-controlled key rotation

Provider-administered

Provider-administered

Portability Across Services

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.