Decentralized Identifier (DID)

A decentralized identifier is an identifier its owner creates and controls, rather than one assigned by a directory, an email provider, or a government registry. It resolves to a document containing the public keys and service endpoints needed to interact with the owner, and that resolution does not depend on a single central authority. The format is a W3C standard.

DIDs are the anchor that verifiable credentials bind to. Because the owner holds the corresponding private keys, they can prove control of the identifier and present credentials issued against it, without a provider sitting in the middle of every interaction. Different DID methods resolve through different systems, including ledgers, the web, and peer-to-peer exchange.

In CIAM, a DID is what lets a customer bring an identifier no platform owns. Its practical value depends on the surrounding ecosystem: wallets to hold the keys, issuers to sign credentials against it, and verifiers willing to accept it. The identifier on its own is necessary but not sufficient.

Sources

• W3C Decentralized Identifiers (DIDs) 1.0: https://www.w3.org/TR/did-core/