ID cards, mail addresses, website URLs and barcodes have one thing in common - they are identifiers.
What are identifiers in specific?
Individuals and organizations around the world use identifiers in various areas. The barcodes and serial numbers on products, trade register and tax numbers of companies, or ID cards, driver’s licenses and insurance cards in the private sector.
Many of these identifiers share one thing: they are not within our control. They are often created, assigned, withdrawn, and enabled for use by third, central entities. This can be for instance, the eIdentification function in the ID card. If such an entity fails, the individual no longer has control over these identifiers and can no longer use them.
In the case of physical documents, there is also the fact that these identifiers can be replicated and misused by third parties. We know this as identity theft. Again, the affected person no longer has control over these identifiers. In addition, the increase in data leaks clearly shows that central databases are potential sources of danger for all users.1
What are decentralized identifiers (DID)?
Decentralized identifiers are supposed to offer organizations and individuals a way to generate their own identifiers. Cryptographic methods, such as a digital signature, can be used to prove ownership and control of the identifier. They can refer to persons, organizations, data models, products or a thing in general and can be generated by the person in charge. DID signifies a verifiable, decentralized and digital identity.
Control of a DID can be transferred with the physical thing and can then be managed by the new owner without having to ask a third party entity for permission. These identifiers make it possible to guarantee control, security and traceability without depending on the said centralized third party entities.
Structure of decentralized identifiers
A decentralized identifier consists of a URI (Uniform Resource Identifiers), the DID subject and the DID document. The DID documents contain additional information, including cryptographic data, which makes it possible to prove control over the DID. Therefore, the DID subject records what is identified by the DID and described by the DID document. The entity that controls both the DID and its associated document is called the DID Controller and is often identical to the DID Subject. Documents associated with a DID subject within a DID accordingly enable trusted interactions.2
Feel free to read on to the use cases of identifiers to better understand the benefits of using DIDs.
Where can these DIDs be used?
To illustrate the goals of decentralized identifiers, we have included a few examples. In general, decentralized identifiers can be used in a wide variety of areas. For example, in the supply chain and in sales. Decentralized identifiers also make sense in the legal area and in approval and authorization.
DID for vehicle production, use and maintenance
Car insurance companies can also benefit from the use of DIDs. With the help of DIDs, insurance companies can track the use of the motor vehicles and can offer discounts for responsible maintenance and use, for example.
In online shopping, decentralized identifiers are particularly useful when buying expensive brand-name clothing or collectibles. Here, the authenticity of the item offered can be verified independently of third parties with the help of the identification documents. These public, decentralized identifiers can range from the declaration of authenticity from the manufacturer to the declaration of ownership to the sales history, and in the event of a sale it can be ensured that the items are indeed originals. In this way, owner and buyer are on the safe side.
Employee ID card in the company
In particularly sensitive areas, additional approvals might be necessary, represented by cryptographic signatures – decentralization does not mean loss of control. When an employee moves to a new department, the DID is transferred to the new manager, and when the employee leaves the company, the DID can be deactivated, automatically removing all rights.
1 Bundesamt für Sicherheit in der Informationstechnik: Die Lage der IT-Sicherheit in Deutschland 2020, Bonn 2020, S.20. Online: Hier.
2 Reed, Drummond; Sabadello, Markus: Decentralized identifiers, 2021