Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Governance of Ledger-Anchored Decentralized Identifiers

Sandro Rodriguez Garzon, Carlo Segat, Axel Küpper

TL;DR

This paper investigates governance of ledger-anchored Decentralized Identifiers (DIDs), focusing on how multiple entities can jointly control and update a DID's on-chain DID Document (DDO). It analyzes policy definition and enforcement at the ledger application layer, and outlines enhancements such as fine-grained authorizations, token/VC-based delegation, programmable coordination, and group-specific or adaptable coordination. A proof-of-concept implementation on Ethereum demonstrates DID-conform identifiers managed by multiple deputies through modular Smart Contracts, including various update-coordination mechanisms. The work argues that explicit, interoperable governance policies in the DDO are essential for trustworthy, flexible deployment of ledger-based DIDs and calls for standardization to enable cross-ledger interoperability.

Abstract

A Decentralized Identifier (DID) empowers an entity to prove control over a unique and self-issued identifier without relying on any identity provider. The public key material for the proof is encoded into an associated DID document (DDO). This is preferable shared via a distributed ledger because it guarantees algorithmically that everyone has access to the latest state of any tamper-proof DDO but only the entities in control of a DID are able to update theirs. Yet, it is possible to grant deputies the authority to update the DDO on behalf of the DID owner. However, the DID specification leaves largely open on how authorizations over a DDO are managed and enforced among multiple deputies. This article investigates what it means to govern a DID and discusses various forms of how a DID can be controlled by potentially more than one entity. It also presents a prototype of a DID-conform identifier management system where a selected set of governance policies are deployed as Smart Contracts. The article highlights the critical role of governance for the trustworthy and flexible deployment of ledger-anchored DIDs across various domains.

Governance of Ledger-Anchored Decentralized Identifiers

TL;DR

This paper investigates governance of ledger-anchored Decentralized Identifiers (DIDs), focusing on how multiple entities can jointly control and update a DID's on-chain DID Document (DDO). It analyzes policy definition and enforcement at the ledger application layer, and outlines enhancements such as fine-grained authorizations, token/VC-based delegation, programmable coordination, and group-specific or adaptable coordination. A proof-of-concept implementation on Ethereum demonstrates DID-conform identifiers managed by multiple deputies through modular Smart Contracts, including various update-coordination mechanisms. The work argues that explicit, interoperable governance policies in the DDO are essential for trustworthy, flexible deployment of ledger-based DIDs and calls for standardization to enable cross-ledger interoperability.

Abstract

A Decentralized Identifier (DID) empowers an entity to prove control over a unique and self-issued identifier without relying on any identity provider. The public key material for the proof is encoded into an associated DID document (DDO). This is preferable shared via a distributed ledger because it guarantees algorithmically that everyone has access to the latest state of any tamper-proof DDO but only the entities in control of a DID are able to update theirs. Yet, it is possible to grant deputies the authority to update the DDO on behalf of the DID owner. However, the DID specification leaves largely open on how authorizations over a DDO are managed and enforced among multiple deputies. This article investigates what it means to govern a DID and discusses various forms of how a DID can be controlled by potentially more than one entity. It also presents a prototype of a DID-conform identifier management system where a selected set of governance policies are deployed as Smart Contracts. The article highlights the critical role of governance for the trustworthy and flexible deployment of ledger-anchored DIDs across various domains.

Paper Structure

This paper contains 16 sections, 3 figures, 1 table.

Table of Contents

  1. Introduction
  2. Decentralized Identifier
  3. Related Work
  4. Governance
  5. Policy Definition
  6. Policy Enforcement
  7. Potential Enhancements
  8. Fine-granular Authorizations and Roles
  9. Delegation with Tokens and VCs
  10. Programmable Coordination
  11. Group-specific Coordination
  12. Adaptable Coordination
  13. Imperatively Specified Coordination
  14. Implementation
  15. Conclusion and Future Work
  16. ...and 1 more sections

Figures (3)

  • Figure 1: Exemplary schematic DDO with roles and authorizations.
  • Figure 2: Lifecycle of a ledger-anchored DDO
  • Figure 3: Examples of governance policies in the DDO with similar effect: a) List of DID controllers, b) List of DID controllers and their verification methods used for the DDO update, and c) List of the DID controllers verification methods.