Table of Contents
Fetching ...

did:self A registry-less DID method

Nikos Fotiou, George C. Polyzos, Vasilios A. Siris

TL;DR

did:self addresses the registry dependency in DIDs by providing a registry-less method whose identifier is the thumbprint of the controller’s public key. It introduces two implicit-DID-document constructions using JSON Web Tokens and X.509 certificates to enable interoperability with existing authentication systems while supporting multiple documents and controlled delegation. The approach eliminates reliance on registries, enhancing self-sovereignty and privacy, and is applicable to identifying people, content, and IoT devices. Revocation remains a challenge, with current practice relying on expiration and ongoing exploration of more efficient mechanisms.

Abstract

We introduce did:self, a Decentralized Identifier (DID) method that does not depend on any trusted registry for storing the corresponding DID documents. Information for authenticating a did:self subject can be disseminated using any means and without making any security assumption about the delivery method. did:self is lightweight, it allows controlled delegation, it offers increased security and privacy, and it can be used for identifying people, content, as well as IoT devices. Furthermore, DID documents in did:self can be implicit, allowing re-construction of DID documents based on other authentication material, such as JSON Web Tokens and X.509 certificates.

did:self A registry-less DID method

TL;DR

did:self addresses the registry dependency in DIDs by providing a registry-less method whose identifier is the thumbprint of the controller’s public key. It introduces two implicit-DID-document constructions using JSON Web Tokens and X.509 certificates to enable interoperability with existing authentication systems while supporting multiple documents and controlled delegation. The approach eliminates reliance on registries, enhancing self-sovereignty and privacy, and is applicable to identifying people, content, and IoT devices. Revocation remains a challenge, with current practice relying on expiration and ongoing exploration of more efficient mechanisms.

Abstract

We introduce did:self, a Decentralized Identifier (DID) method that does not depend on any trusted registry for storing the corresponding DID documents. Information for authenticating a did:self subject can be disseminated using any means and without making any security assumption about the delivery method. did:self is lightweight, it allows controlled delegation, it offers increased security and privacy, and it can be used for identifying people, content, as well as IoT devices. Furthermore, DID documents in did:self can be implicit, allowing re-construction of DID documents based on other authentication material, such as JSON Web Tokens and X.509 certificates.
Paper Structure (7 sections, 1 equation, 1 figure, 1 table)

This paper contains 7 sections, 1 equation, 1 figure, 1 table.

Figures (1)

  • Figure 1: An IoT use case where did:self is applied. It can be observed that all IoT devices share a DID with the same prefix. Furthermore, the two drones have the same DID.