A Decentralized Identifier (DID) is a globally unique, persistent identifier that does not require a centralized registration authority and is often used to identify subjects in a verifiable, decentralized identity system. It is a new type of URI scheme defined by the W3C, enabling a cryptographically verifiable, self-owned digital identity.
Glossary
Decentralized Identifier (DID)

What is Decentralized Identifier (DID)?
A foundational component of self-sovereign identity, enabling persistent, cryptographically verifiable identifiers independent of centralized registries.
Unlike traditional identifiers like email addresses or usernames, a DID is fully under the control of the DID subject, independent of any organization. The identifier resolves to a DID Document stored on a Verifiable Data Registry, which contains the cryptographic public keys and service endpoints necessary to authenticate the owner and establish secure, peer-to-peer communication.
Core Characteristics of DIDs
Decentralized Identifiers are not merely addresses; they are a new cryptographic primitive for identity. The following characteristics define their technical architecture and distinguish them from federated or centralized identity models.
Permanent & Persistent
A DID is designed to be a globally unique, long-lived identifier that does not require a centralized registration authority. Once generated, it persists indefinitely without the need for a third-party intermediary to renew or maintain it.
- Cryptographic Root of Trust: The identifier is generated from a public-private key pair, ensuring the controller can prove ownership without a certificate authority.
- No Vendor Lock-in: Unlike email addresses or domain names, the identifier is not leased from a service provider and cannot be revoked arbitrarily by an administrator.
- Portability: The DID remains valid across different networks and service endpoints, allowing the subject to migrate between identity providers without losing their identifier.
Resolvable to a DID Document
A DID is a URI that dereferences to a DID Document. This document is a JSON-LD resource containing the cryptographic material and service endpoints necessary to interact with the DID subject.
- Public Key Descriptions: Lists the public keys associated with the identifier for verification and authentication.
- Service Endpoints: Specifies URLs for interacting with the identity owner, such as credential repositories or secure messaging gateways.
- Resolution Process: The
resolve(DID)function fetches the document from a Verifiable Data Registry (like a distributed ledger or decentralized database), abstracting the underlying storage mechanism.
Cryptographically Verifiable
The relationship between a DID and its controller is established through asymmetric cryptography, not a database lookup. The controller proves ownership by signing challenges with the private key associated with the public key in the DID Document.
- Proof of Control: Authentication relies on standard digital signature algorithms (Ed25519, Secp256k1) rather than shared secrets.
- Key Rotation: The DID Document supports updating public keys, allowing the controller to rotate compromised keys while maintaining the same identifier.
- Delegation: The controller can delegate specific capabilities to other DIDs, enabling fine-grained access control for autonomous agents and services.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear, technically precise answers to the most common questions about the architecture, resolution, and security of Decentralized Identifiers.
A Decentralized Identifier (DID) is a globally unique, persistent identifier that does not require a centralized registration authority and is formatted as a Uniform Resource Identifier (URI). It works by associating a subject (a person, organization, device, or software agent) with a DID Document. This document, typically stored on a Verifiable Data Registry (like a distributed ledger), contains cryptographic material such as public keys and service endpoints. To prove control, the subject uses the associated private key to sign a challenge, a process known as DID Authentication. The core mechanism is the did:method syntax, where the method specifies how to read, write, and resolve the identifier on a specific underlying system, enabling interoperability across different networks without a central root of trust.
Related Terms
Core concepts that form the technical foundation for Decentralized Identifiers and their operation within sovereign identity architectures.
Self-Sovereign Identity (SSI)
A model of digital identity where an individual or organization has sole control over their identity data and how it is shared, without reliance on a central administrative authority.
- Built on three pillars: DIDs, Verifiable Credentials, and Identity Hubs
- Eliminates the need for federated identity providers like Google or Facebook
- Aligns with GDPR principles of data minimization and purpose limitation
- The philosophical framework driving eIDAS 2.0 and global digital wallet mandates
Verifiable Data Registry
A system that mediates the creation, verification, and revocation of identifiers and credential schemas. Examples include distributed ledgers, decentralized databases, and append-only logs.
- Serves as the trust anchor for DID resolution to DID Documents
- Can be implemented on Hyperledger Indy, EBSI, or did:web endpoints
- Stores revocation registries and schema definitions for credential validation
- Must guarantee immutability and high availability for critical identity operations

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us