We develop crypto
and blockchain
trusted by hackers.

logo

W3C-DID METHOD

Federated, multi-storage, extendable, Zenroom-based W3C-DID implementation

Zenroom logo

Decentralized Identifiers (DID) is now an official web standard from the World Wide Web Consortium (W3C). DIDs are cryptographic digital identifiers not tied to any central authority.

They are designed to enable individuals and organizations to generate their own identifiers using systems they trust,” the specification explains. “These new identifiers enable entities to prove control over them by authenticating using cryptographic proofs such as digital signatures.

In 2022 Dyne.org have implemented a W3C-DID method, which has been approved by the W3C governing board and included in the official DID method list.

3-Levels federated DIDs

In our implementation, users’ DIDs are created by 2nd level organizations named context. Each Context is granted a DID along with the ability to create DIDs by a 1st level organizations, named domain. A Domain receives its DID and privileges by the global admin.

In the graph below, the UE is the global admin, each country is a domain while each city is a context:


		| [D]France
		|   
(GA)UE 	|
		|  
		|			          | user1
		|		   | (C) Rome |
		|		   | 	      | user2
		| [D]Italy | 
				   |
				   |		   | user-3
				   | (C) Milan |
							   | user-4
							   | user-5
							  							  

Easy to extend

Our entire W3C-DID method has been implemented using the Zenroom stack, meaning that data structures are easy to modify, more complex authentication methods can be employed (including multi-signature and zero knowledge proof) and W3C-VC can be combined with the DID.

End-to-end cryptography

Each write operation requires a cryptographic signature of it’s relevant controller: the creation and deletion (disabling) of a DID requires a cryptographic signature from the parent organization, the update operation requires the signature of an admin (context, domain or global admin) hierarchically above it.

In the example above, the user-5 can be modified by Milan or Italy or UE, but not by Rome or France.

Focus on cryptography

The first focus for the method was to register Zenswarm Oracles identities, in a way that is both machine and human readable and anchored to a blockchain. The DID document for the blockchain oracle produced by the method contains a set of public keys ECDSA, EDDSA, Schnorr, Ethereum address as well as a Dilithium quantum-proof public key.

Passwordless microservices

When security is a must, services creating DIDs of any level can optionally operate offline, in order not to have private keys on the servers. DIDs can be signed manually using the built in CLI. This scenario is recommended for the global admin microservice.

Multiple storage possibilities

The Zenroom ecosystem components allows the DID documents to be stored in differently ways, including:

Blockchain anchoring and SSI

At creation, the DID Documents are notarized on blockchain (Ethereum, Fabric and Planetmint are possible). The txId containing the DID Document is then stored in the DID Document in the metadata.