Decentralized Identifiers (DIDs)

Decentralized Identifiers (DIDs) are the foundation of identity in Layr8. This guide provides a comprehensive understanding of DIDs, how they work, and how to use them effectively in your Layr8 implementations.

What are DIDs?

A Decentralized Identifier (DID) is a new type of identifier that enables verifiable, self-sovereign digital identity. Unlike traditional identifiers (email addresses, usernames, domain names), DIDs are:

Globally unique - No two DIDs are the same
Persistent - They don’t change over time
Resolvable - You can look up the associated DID Document
Cryptographically verifiable - Ownership can be proven
Decentralized - No central authority controls them

DID Structure

Every DID follows this structure:

did:method:method-specific-identifier

Examples:

did:web:example.com
did:web:acme-corp.node.layr8.io
did:ion:EiClkZMDxPKqC9c-umQfTkR8vvZ9JPhl_xLDI9Nfk38w5w

Components

Scheme (did): Always “did” to identify this as a DID
Method (web, ion, etc.): Specifies how to resolve and manage the DID
Method-Specific Identifier: Unique string within that method namespace

DID Documents

When you resolve a DID, you get a DID Document - a JSON-LD document containing:

{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/jws-2020/v1"
  ],
  "id": "did:web:example.com",
  "verificationMethod": [{
    "id": "did:web:example.com#key-1",
    "type": "JsonWebKey2020",
    "controller": "did:web:example.com",
    "publicKeyJwk": {
      "kty": "EC",
      "crv": "P-256",
      "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8",
      "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"
    }
  }],
  "authentication": ["did:web:example.com#key-1"],
  "assertionMethod": ["did:web:example.com#key-1"],
  "keyAgreement": ["did:web:example.com#key-1"],
  "service": [{
    "id": "did:web:example.com#layr8-messaging",
    "type": "DIDCommMessaging",
    "serviceEndpoint": "https://example.com/messaging"
  }]
}

Key Components

Verification Methods: Public keys for cryptographic operations
Authentication: Keys that can authenticate as the DID subject
Service Endpoints: Where to connect for services (like messaging)

DID Methods in Layr8

Currently Supported: did:web

Layr8 currently supports did:web in production. This method:

Uses existing web infrastructure
Resolves DIDs via HTTPS
Associates identity with domain names
Provides transparency (anyone can verify by visiting the URL)

Why did:web?

Simplicity: No blockchain or complex infrastructure needed
Transparency: Organizations are comfortable associating with their domain
Compatibility: Works with existing web security models
Control: Organizations can host on their own domain

Layr8 Node DID

Your Layr8 Node has its own Identity:

did:web:<node-id>.node.layr8.io

When this DID is resolved, the associated DID Document is requested at:

https://<node-id>.node.layr8.io/.well-known/did.json

Self-Hosted DIDs

For greater sovereignty, you can host DIDs on your own domain. See Hosting DIDs on Your Domain for setup instructions.

Planned DID Methods

We’re expanding support based on customer needs:

did:webs

Extension of did:web with signed DID documents
Provides cryptographic proof of document integrity
Useful for high-security environments

did:ion

Anchored on Bitcoin blockchain via Sidetree protocol
Fully decentralized with no dependency on domains
Ideal for scenarios requiring maximum decentralization

Other Methods

We continuously evaluate DID methods like:

did:key - For ephemeral, self-contained DIDs
did:peer - For direct peer relationships
did:indy - For Hyperledger Indy networks