Federated, multi-storage, extendable, Zenroom-based W3C-DID implementation
Decentralized Identifiers (DID) is now an official web standard from the World Wide Web Consortium (W3C). DIDs are cryptographic digital identifiers not tied to any central authority.
They are designed to enable individuals and organizations to generate their own identifiers using systems they trust,” the specification explains. “These new identifiers enable entities to prove control over them by authenticating using cryptographic proofs such as digital signatures.
In 2022 Dyne.org have implemented a W3C-DID method, which has been approved by the W3C governing board and included in the official DID method list.
In our implementation, users’ DIDs are created by 2nd level organizations named
context. Each Context is granted a DID along with the ability to create DIDs by a 1st level organizations, named
domain. A Domain receives its DID and privileges by the
In the graph below, the
UE is the global admin, each country is a
domain while each city is a
| [D]France | (GA)UE | | | | user1 | | (C) Rome | | | | user2 | [D]Italy | | | | user-3 | (C) Milan | | user-4 | user-5
Our entire W3C-DID method has been implemented using the Zenroom stack, meaning that data structures are easy to modify, more complex authentication methods can be employed (including multi-signature and zero knowledge proof) and W3C-VC can be combined with the DID.
write operation requires a cryptographic signature of it’s relevant controller: the creation and deletion (disabling) of a DID requires a cryptographic signature from the parent organization, the update operation requires the signature of an admin (
global admin) hierarchically above it.
In the example above, the
user-5 can be modified by
UE, but not by
The first focus for the method was to register Zenswarm Oracles identities, in a way that is both machine and human readable and anchored to a blockchain. The DID document for the blockchain oracle produced by the method contains a set of public keys ECDSA, EDDSA, Schnorr, Ethereum address as well as a Dilithium quantum-proof public key.
When security is a must, services creating DIDs of any level can optionally operate offline, in order not to have private keys on the servers. DIDs can be signed manually using the built in CLI. This scenario is recommended for the global admin microservice.
The Zenroom ecosystem components allows the DID documents to be stored in differently ways, including:
At creation, the DID Documents are notarized on blockchain (Ethereum, Fabric and Planetmint are possible). The txId containing the DID Document is then stored in the DID Document in the metadata.