Decentralized Identifiers (DIDs) Explained: Own Your Digital Identity

The Problem with Identity Today

Right now, your digital identity is almost certainly owned by someone else. Your Google account, your Twitter handle, your LinkedIn profile — these identities exist at the pleasure of those platforms. If an account is suspended, a company is acquired, or a service shuts down, your identity and all the connections tied to it can vanish overnight.

Decentralized Identifiers (DIDs) are a W3C standard designed to solve this problem fundamentally.

What Is a DID?

A DID is a globally unique identifier that is:

• Self-sovereign: Controlled by the subject (you), not a third party.
• Persistent: Does not depend on any central registry, authority, or intermediary.
• Cryptographically verifiable: Tied to a public/private key pair that proves ownership.
• Resolvable: Can be looked up to retrieve a DID Document containing public keys and service endpoints.

A DID looks like this:

did:example:123456789abcdefghi

The structure is always did:[method]:[method-specific-identifier]. The method defines how the DID is created, resolved, and managed.

DID Documents

When you resolve a DID, you get back a DID Document — a JSON-LD file that describes the identity. It typically contains:

• The DID itself as the subject
• One or more public keys for verification
• Authentication methods
• Service endpoints (e.g., a messaging endpoint or a social profile link)

Popular DID Methods

Method	Storage	Notes
did:web	HTTPS / your domain	Simple, uses your website as the anchor
did:key	No external storage	Self-contained in the identifier itself
did:ion	Bitcoin blockchain (layer 2)	Sidetree-based, developed by Microsoft
did:peer	Peer-to-peer, off-ledger	Designed for pairwise relationships

Verifiable Credentials: DIDs in Action

DIDs become powerful when combined with Verifiable Credentials (VCs) — another W3C standard. A VC is a tamper-evident digital credential (like a diploma, driving licence, or membership card) issued by one DID to another and cryptographically signed.

The flow works like this:

1. An Issuer (e.g., a university) signs a credential with their private key and issues it to your DID.
2. You store that credential in your digital wallet.
3. A Verifier (e.g., an employer) requests proof.
4. You present the credential; the verifier checks the signature against the issuer's public DID Document.
5. No need to call the university directly — the cryptography speaks for itself.

Who Is Using DIDs?

DIDs are moving from specification to implementation across several sectors:

• Bluesky / AT Protocol uses DIDs as the foundation of its identity system.
• Microsoft Entra Verified ID is a production verifiable credentials service built on DIDs.
• The EU Digital Identity Wallet initiative references DID and VC standards.
• Open-source wallets like Lissi and Sphereon support W3C VCs.

DIDs represent a genuine architectural shift in how identity can work on the internet — moving from "identity as a service granted by platforms" to "identity as a capability owned by individuals." The standard is mature, the tooling is growing, and the implications are significant.