Decentralized Identifiers (DIDs)
Decentralized Identifiers (DIDs) are the foundation of identity in Layr8. This guide provides a comprehensive understanding of DIDs, how they work, and how to use them effectively in your Layr8 implementations.
What are DIDs?
A Decentralized Identifier (DID) is a new type of identifier that enables verifiable, self-sovereign digital identity. Unlike traditional identifiers (email addresses, usernames, domain names), DIDs are:
- Globally unique - No two DIDs are the same
- Persistent - They don’t change over time
- Resolvable - You can look up the associated DID Document
- Cryptographically verifiable - Ownership can be proven
- Decentralized - No central authority controls them
DID Structure
Every DID follows this structure:
did:method:method-specific-identifierExamples:
did:web:example.comdid:web:acme-corp.node.layr8.iodid:ion:EiClkZMDxPKqC9c-umQfTkR8vvZ9JPhl_xLDI9Nfk38w5wComponents
- Scheme (
did): Always “did” to identify this as a DID - Method (
web,ion, etc.): Specifies how to resolve and manage the DID - Method-Specific Identifier: Unique string within that method namespace
DID Documents
When you resolve a DID, you get a DID Document - a JSON-LD document containing:
{ "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1" ], "id": "did:web:example.com", "verificationMethod": [{ "id": "did:web:example.com#key-1", "type": "JsonWebKey2020", "controller": "did:web:example.com", "publicKeyJwk": { "kty": "EC", "crv": "P-256", "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8", "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4" } }], "authentication": ["did:web:example.com#key-1"], "assertionMethod": ["did:web:example.com#key-1"], "keyAgreement": ["did:web:example.com#key-1"], "service": [{ "id": "did:web:example.com#layr8-messaging", "type": "DIDCommMessaging", "serviceEndpoint": "https://example.com/messaging" }]}Key Components
- Verification Methods: Public keys for cryptographic operations
- Authentication: Keys that can authenticate as the DID subject
- Service Endpoints: Where to connect for services (like messaging)
DID Methods in Layr8
Currently Supported: did:web
Layr8 currently supports did:web in production. This method:
- Uses existing web infrastructure
- Resolves DIDs via HTTPS
- Associates identity with domain names
- Provides transparency (anyone can verify by visiting the URL)
Why did:web?
- Simplicity: No blockchain or complex infrastructure needed
- Transparency: Organizations are comfortable associating with their domain
- Compatibility: Works with existing web security models
- Control: Organizations can host on their own domain
Layr8 Node DID
Your Layr8 Node has its own Identity:
did:web:<node-id>.node.layr8.ioWhen this DID is resolved, the associated DID Document is requested at:
https://<node-id>.node.layr8.io/.well-known/did.jsonSelf-Hosted DIDs
For greater sovereignty, you can host DIDs on your own domain. See Hosting DIDs on Your Domain for setup instructions.
Planned DID Methods
We’re expanding support based on customer needs:
did:webs
- Extension of did:web with signed DID documents
- Provides cryptographic proof of document integrity
- Useful for high-security environments
did:ion
- Anchored on Bitcoin blockchain via Sidetree protocol
- Fully decentralized with no dependency on domains
- Ideal for scenarios requiring maximum decentralization
Other Methods
We continuously evaluate DID methods like:
did:key- For ephemeral, self-contained DIDsdid:peer- For direct peer relationshipsdid:indy- For Hyperledger Indy networks
Further Reading
- Decentralized Identifiers (DIDs) v1.1
- DID Method Registry
- did:web Method Specification
- Verifiable Credentials Data Model