The document discusses decentralized identifiers (DIDs) and DID resolution. It describes how a DID resolves to a DID document containing public keys, service endpoints, and other metadata. It provides an example of a DID document stored on the Sovrin ledger along with the transactions needed to resolve the DID. It also gives an example of a DID resolved on the Bitcoin blockchain by including a DID document reference in an OP_RETURN transaction output.

1. Markus Sabadello
Danube Tech, Decentralized Identity Foundation,
Sovrin Foundation, W3C VCWG, W3C CCG, OASIS
XDI TC
Given a DID, how do you retrieve its DID Document?
26th
November 2018, markus@danubetech.com
DID Resolution
https://creativecommons.org/licenses/by-sa/4.0/

2. ● Empower global SSI communities
● Open to everyone interested in SSI
● All content is shared with CC BY SA
SSIMeetup.org
Alex Preukschat @SSIMeetup @AlexPreukschat
Coordinating Node SSIMeetup.org
https://creativecommons.org/licenses/by-sa/4.0/
SSIMeetup objectives

3. Decentralized Identifiers (DIDs)
■ Registered in a blockchain or other decentralized network.
■ No dependency on any central authority or intermediary.
■ Generation and control over DID lies with identity owner (e.g. through private keys in a wallet).
■ Example DID:
https://creativecommons.org/licenses/by-sa/4.0/

4. DID Resolution
■ DID Resolution: DID → DID Document
● Set of public keys
● Set of service endpoints
● Authentication methods
● Timestamps, proofs
● Other identifier metadata
■ May be dynamically constructed
rather than actually stored in this form.
■ Can support resolution parameters.
■ Can return resolution metadata.
{
"@context": "https://w3id.org/did/v1",
"id": "did:sov:WRfXPg8dantKVubE3HX8pw",
"service": {
"type": "hub",
"serviceEndpoint":
"https://azure.microsoft.com/dif/hub/did:sov:WRfXPg8dantKVubE3H"
},
"publicKey": [
{
"id": "did:sov:WRfXPg8dantKVubE3HX8pw#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58":
"H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDmqPV"
}
],
"authentication": {
"type": "Ed25519SignatureAuthentication2018",
"publicKey": [
"did:sov:WRfXPg8dantKVubE3HX8pw#key-1"
]
}
}
■ Example DID Document:
https://creativecommons.org/licenses/by-sa/4.0/

5. DID Methods
■ Different DID “methods”:
● did:sov:WRfXPg8dantKVubE3HX8pw
● did:btcr:xz35-jzv2-qqs2-9wjt
● did:v1:test:nym:3AEJTDMSxDDQpyUftjuoeZ2Bazp4Bswj1ce7FJGybCUu
● did:uport:2omWsSGspY7zhxaG6uHyoGtcYxoGeeohQXz
● did:erc725:ropsten:2F2B37C890824242Cb9B0FE5614fA2221B79901E
■ DID methods need a method specification.
■ Define method-specific syntax.
■ Define method-specific CRUD operations:
● Create, Read (Resolve), Update, Delete (Revoke)
Method DID Prefix
Sovrin did:sov:
Veres One did:v1:
uPort did:uport:
Bitcoin did:btcr:
Blockstack did:stack:
ERC725 did:erc725:
IPFS did:ipid:
https://creativecommons.org/licenses/by-sa/4.0/

6. NYM: [18,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"BrYDA5NubejDVHkCYBbpY5","reqId":1501522732982387,"signature":"5HGRA...",
"verkey":"~P7F3BNs5VmQ6eVpwkNKJ5D"}]
ATTRIB: [19,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"WRfXPg8dantKVubE3HX8pw","raw":"0249fedf5246b...","reqId":1504718156368788,
"signature":"3jL1ZNjLAzyAm5"}]
did:sov:WRfXPg8dantKVubE3HX8pw
...
...
...
{
"@context": "https://w3id.org/did/v1",
"id": "did:sov:WRfXPg8dantKVubE3HX8pw",
"publicKey": [
{
"id":"did:sov:WRfXPg8dantKVubE3HX8pw#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
Target System DID Document
Sovrin Ledger
https://creativecommons.org/licenses/by-sa/4.0/

7. {
"@context": "https://w3id.org/did/v1",
"id": "did:sov:WRfXPg8dantKVubE3HX8pw",
"publicKey": [
{
"id":"did:sov:WRfXPg8dantKVubE3HX8pw#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
NYM: [18,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"BrYDA5NubejDVHkCYBbpY5","reqId":1501522732982387,"signature":"5HGRA...",
"verkey":"~P7F3BNs5VmQ6eVpwkNKJ5D"}]
ATTRIB: [19,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"WRfXPg8dantKVubE3HX8pw","raw":"0249fedf5246b...","reqId":1504718156368788,
"signature":"3jL1ZNjLAzyAm5"}]
did:sov:WRfXPg8dantKVubE3HX8pw
...
...
...
Target System DID Document
Sovrin Ledger
https://creativecommons.org/licenses/by-sa/4.0/

8. {
"@context": "https://w3id.org/did/v1",
"id": "did:sov:WRfXPg8dantKVubE3HX8pw",
"publicKey": [
{
"id":"did:sov:WRfXPg8dantKVubE3HX8pw#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
NYM: [18,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"BrYDA5NubejDVHkCYBbpY5","reqId":1501522732982387,"signature":"5HGRA...",
"verkey":"~P7F3BNs5VmQ6eVpwkNKJ5D"}]
ATTRIB: [19,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"WRfXPg8dantKVubE3HX8pw","raw":"0249fedf5246b...","reqId":1504718156368788,
"signature":"3jL1ZNjLAzyAm5"}]
did:sov:WRfXPg8dantKVubE3HX8pw
...
...
...
Target System DID Document
Sovrin Ledger
https://creativecommons.org/licenses/by-sa/4.0/

9. {
"@context": "https://w3id.org/did/v1",
"id": "did:sov:WRfXPg8dantKVubE3HX8pw",
"publicKey": [
{
"id":"did:sov:WRfXPg8dantKVubE3HX8pw#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
NYM: [18,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"BrYDA5NubejDVHkCYBbpY5","reqId":1501522732982387,"signature":"5HGRA...",
"verkey":"~P7F3BNs5VmQ6eVpwkNKJ5D"}]
ATTRIB: [19,{"dest":"WRfXPg8dantKVubE3HX8pw","identifier":
"WRfXPg8dantKVubE3HX8pw","raw":"0249fedf5246b...","reqId":1504718156368788,
"signature":"3jL1ZNjLAzyAm5"}]
did:sov:WRfXPg8dantKVubE3HX8pw
...
...
...
Target System DID Document
Sovrin Ledger
https://creativecommons.org/licenses/by-sa/4.0/

10. TX #80: 5310788c3f8c47d2e0336a4de7ecaceb52405699b571bd1254bf4580caf6
TXIN #1: P2PKH muorV4hjg9EFxE7U1MScUnpQ5gFqCtMdzh
TXOUT #1: P2PKH mkhu17qayX84QK6Hvj3BQPPjhf93hQmYvU
TXOUT #2: OP_RETURN https://btcr.host.com/peacekeeper/self.ddo
did:btcr:xz35-jzv2-qqs2-9wjt
{
"@context": "https://w3id.org/did/v1",
"id": "did:btcr:xz35-jzv2-qqs2-9wjt",
"publicKey": [
{
"id":"did:btcr:xz35-jzv2-qqs2-9wjt#key-1",
"type": "EdDsaSAPublicKeySecp256k1",
"publicKeyHex": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
TX #81: a8150d3d1e7e635314ca0bd2b8976aa5d98d46f7bd64dfc850969586afb2
TXIN #1: P2PKH muAA7os3wCEDB46bmveP4eVKNwC6jz75KF
TXOUT #1: P2PKH mvysHdp7Fnqda8ivgWAduTvC3DvGhr6Qjk
BLOCK 1202316
...
Target System DID Document
Bitcoin Blockchain
https://creativecommons.org/licenses/by-sa/4.0/

11. TX #80: 5310788c3f8c47d2e0336a4de7ecaceb52405699b571bd1254bf4580caf6
TXIN #1: P2PKH muorV4hjg9EFxE7U1MScUnpQ5gFqCtMdzh
TXOUT #1: P2PKH mkhu17qayX84QK6Hvj3BQPPjhf93hQmYvU
TXOUT #2: OP_RETURN https://btcr.host.com/peacekeeper/self.ddo
did:btcr:xz35-jzv2-qqs2-9wjt
{
"@context": "https://w3id.org/did/v1",
"id": "did:btcr:xz35-jzv2-qqs2-9wjt",
"publicKey": [
{
"id":"did:btcr:xz35-jzv2-qqs2-9wjt#key-1",
"type": "EdDsaSAPublicKeySecp256k1",
"publicKeyHex": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
TX #81: a8150d3d1e7e635314ca0bd2b8976aa5d98d46f7bd64dfc850969586afb2
TXIN #1: P2PKH muAA7os3wCEDB46bmveP4eVKNwC6jz75KF
TXOUT #1: P2PKH mvysHdp7Fnqda8ivgWAduTvC3DvGhr6Qjk
BLOCK 1202316
...
Target System DID Document
Bitcoin Blockchain
https://creativecommons.org/licenses/by-sa/4.0/

12. TX #80:
5310788c3f8c47d2e0336a4de7ecaceb52405699b571bd1254bf4580caf6
TXIN #1: P2PKH muorV4hjg9EFxE7U1MScUnpQ5gFqCtMdzh
TXOUT #1: P2PKH mkhu17qayX84QK6Hvj3BQPPjhf93hQmYvU
TXOUT #2: OP_RETURN https://btcr.host.com/peacekeeper/self.ddo
did:btcr:xz35-jzv2-qqs2-9wjt
BLOCK 1202316
{
"@context": "https://w3id.org/did/v1",
"id": "did:btcr:xz35-jzv2-qqs2-9wjt",
"publicKey": [
{
"id":"did:btcr:xz35-jzv2-qqs2-9wjt#key-1",
"type": "EdDsaSAPublicKeySecp256k1",
"publicKeyHex": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
TX #81: a8150d3d1e7e635314ca0bd2b8976aa5d98d46f7bd64dfc850969586afb2
TXIN #1: P2PKH muAA7os3wCEDB46bmveP4eVKNwC6jz75KF
TXOUT #1: P2PKH mvysHdp7Fnqda8ivgWAduTvC3DvGhr6Qjk
...
Target System DID Document
Bitcoin Blockchain
https://creativecommons.org/licenses/by-sa/4.0/

13. TX #80:
5310788c3f8c47d2e0336a4de7ecaceb52405699b571bd1254bf4580caf6
TXIN #1: P2PKH muorV4hjg9EFxE7U1MScUnpQ5gFqCtMdzh
TXOUT #1: P2PKH mkhu17qayX84QK6Hvj3BQPPjhf93hQmYvU
TXOUT #2: OP_RETURN https://btcr.host.com/peacekeeper/self.ddo
did:btcr:xz35-jzv2-qqs2-9wjt
BLOCK 1202316
{
"@context": "https://w3id.org/did/v1",
"id": "did:btcr:xz35-jzv2-qqs2-9wjt",
"service": [ {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
} ],
"signature": { ... }
}
{
"@context": "https://w3id.org/did/v1",
"id": "did:btcr:xz35-jzv2-qqs2-9wjt",
"publicKey": [
{
"id":"did:btcr:xz35-jzv2-qqs2-9wjt#key-1",
"type": "EdDsaSAPublicKeySecp256k1",
"publicKeyHex": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
TX #81: a8150d3d1e7e635314ca0bd2b8976aa5d98d46f7bd64dfc850969586afb2
TXIN #1: P2PKH muAA7os3wCEDB46bmveP4eVKNwC6jz75KF
TXOUT #1: P2PKH mvysHdp7Fnqda8ivgWAduTvC3DvGhr6Qjk
...
https://btcr.host.com/peacekeeper/self.ddo
Target System DID Document
Bitcoin Blockchain
https://creativecommons.org/licenses/by-sa/4.0/

14. TX #80:
5310788c3f8c47d2e0336a4de7ecaceb52405699b571bd1254bf4580caf6
TXIN #1: P2PKH muorV4hjg9EFxE7U1MScUnpQ5gFqCtMdzh
TXOUT #1: P2PKH mkhu17qayX84QK6Hvj3BQPPjhf93hQmYvU
TXOUT #2: OP_RETURN https://btcr.host.com/peacekeeper/self.ddo
did:btcr:xz35-jzv2-qqs2-9wjt
BLOCK 1202316
{
"@context": "https://w3id.org/did/v1",
"id": "did:btcr:xz35-jzv2-qqs2-9wjt",
"service": [ {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
} ],
"signature": { ... }
}
{
"@context": "https://w3id.org/did/v1",
"id": "did:btcr:xz35-jzv2-qqs2-9wjt",
"publicKey": [
{
"id":"did:btcr:xz35-jzv2-qqs2-9wjt#key-1",
"type": "EdDsaSAPublicKeySecp256k1",
"publicKeyHex": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
TX #81: a8150d3d1e7e635314ca0bd2b8976aa5d98d46f7bd64dfc850969586afb2
TXIN #1: P2PKH muAA7os3wCEDB46bmveP4eVKNwC6jz75KF
TXOUT #1: P2PKH mvysHdp7Fnqda8ivgWAduTvC3DvGhr6Qjk
...
https://btcr.host.com/peacekeeper/self.ddo
Target System DID Document
Bitcoin Blockchain

15. did:v1:test:nym:3AEJTDMSxDDQpyUftjuoeZ2Bazp
{
"@context": "https://w3id.org/did/v1",
"id": "did:v1:test:nym:3AEJTDMSxDDQpyUftju",
"publicKey": [
{
"id":"did:v1:test:nym:3AEJTDMSxDDQpyUftju#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
{
"@context": "https://w3id.org/did/v1",
"id": "did:v1:test:nym:3AEJTDMSxDDQpyUftju",
"publicKey": [
{
"id":"did:v1:test:nym:3AEJTDMSxDDQpyUftju#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
Target System DID Document
Veres One Ledger
https://creativecommons.org/licenses/by-sa/4.0/

16. did:v1:test:nym:3AEJTDMSxDDQpyUftjuoeZ2Bazp
{
"@context": "https://w3id.org/did/v1",
"id": "did:v1:test:nym:3AEJTDMSxDDQpyUftju",
"publicKey": [
{
"id":"did:v1:test:nym:3AEJTDMSxDDQpyUftju#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
{
"@context": "https://w3id.org/did/v1",
"id": "did:v1:test:nym:3AEJTDMSxDDQpyUftju",
"publicKey": [
{
"id":"did:v1:test:nym:3AEJTDMSxDDQpyUftju#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAj..."
}
],
"service": {
"type": "xdi",
"serviceEndpoint": "http://127.0.0.1/xdi/"
}
}
Target System DID Document
Veres One Ledger
https://creativecommons.org/licenses/by-sa/4.0/

17. DID Universal Resolver
■ Looks up (“resolves”) DID to its
DID Document.
■ Provides a universal API that works
with all DID methods.
■ Uses a set of configurable “drivers”
that know how to connect to the
target system.
■ https://uniresolver.io/
https://creativecommons.org/licenses/by-sa/4.0/

18. Universal Resolver
https://creativecommons.org/licenses/by-sa/4.0/

19. Bitcoin
Universal Resolver
Driver
did:btcr
Driver
did:sov
Sovrin
https://creativecommons.org/licenses/by-sa/4.0/

20. Veres One
Universal Resolver
Driver
did:btcr
Driver
did:sov
SovrinBitcoin
https://creativecommons.org/licenses/by-sa/4.0/

21. Veres One
Universal Resolver
Driver
did:btcr
Driver
did:sov
Service App
SovrinBitcoin
https://creativecommons.org/licenses/by-sa/4.0/

22. Veres OneSovrin
Universal Resolver
Driver
did:btcr
Driver
did:sov
Service App
LOCALLOCAL
LOCAL
Bitcoin
https://creativecommons.org/licenses/by-sa/4.0/

23. REMOTEREMOTE REMOTE
Bitcoin Veres One
Universal Resolver
Driver
did:btcr
Driver
did:sov
Service App
Sovrin https://creativecommons.org/licenses/by-sa/4.0/

24. Bitcoin Veres One
Universal Resolver
Driver
did:btcr
Driver
did:sov
Service App
REMOTEREMOTE REMOTE
LOCAL LOCAL
Sovrin https://creativecommons.org/licenses/by-sa/4.0/

25. Service App
REMOTEREMOTE
Bitcoin Sovrin Veres One
Universal Resolver
Driver
did:btcr
Driver
did:sov
REMOTEREMOTE REMOTE
https://creativecommons.org/licenses/by-sa/4.0/

26. SPV?
State proofs?
Signatures?
Universal Resolver
REMOTEREMOTE
Bitcoin Sovrin Veres One
Driver
did:btcr
Driver
did:sov
Service App
REMOTEREMOTE REMOTE
https://creativecommons.org/licenses/by-sa/4.0/

27. Service App
LOCAL LOCAL
Veres OneSovrin
Universal Resolver
Driver
did:btcr
Driver
did:sov
LOCALLOCAL
LOCAL
Bitcoin
https://creativecommons.org/licenses/by-sa/4.0/

28. DID Universal Resolver
■ Example Driver Configuration:
{
"pattern": "^(did:btcr:.+)$",
"image": "universalresolver/driver-did-btcr",
"tag": "latest",
"testIdentifiers": [
"did:btcr:xz35-jzv2-qqs2-9wjt",
"did:btcr:x705-jzv2-qqaz-7vuz",
"did:btcr:xkrn-xzcr-qqlv-j6sl"
],
"env": {
"uniresolver_driver_did_btcr_bitcoinConnection":
"blockcypherapi",
"uniresolver_driver_did_btcr_rpcUrlMainnet":
"http://user:pass@localhost:8332/",
"uniresolver_driver_did_btcr_rpcUrlTestnet":
"http://user:pass@localhost:18332/"
}
}

29. DID Resolution: Input
■ Additional input parameters:
● Select specific resource in the DID Document by ID, e.g.
did:sov:WRfXPg8dantKVubE3HX8pw#key-1
● Select public key by type, e.g.
Ed25519VerificationKey2018
● Select authentication method by type, e.g.
Ed25519SignatureAuthentication2018
● Select service by type, e.g.
SocialWebInboxService
● Select service by name, e.g.
did:example:123456789abcdefghi;xdi
● Request specific version of DID Document, e.g. by version number, or by timestamp.
● Request specific caching behavior, e.g. force fresh DID resolution.
https://creativecommons.org/licenses/by-sa/4.0/

30. DID Resolution: Output
■ Resolver Metadata:
● Which driver was used?
● Duration of the resolution process?
● Versioning information about
the DID Document
● Caching information about
the DID Document
■ Method Metadata:
● Sovrin: State proofs from the ledger
● Bitcoin: Was a full node used, or a
external blockchain explorer?
● Bitcoin: Transaction number and
number of confirmations?
● Bitcoin: Mainnet or Testnet?
https://creativecommons.org/licenses/by-sa/4.0/

31. Other Topics:
■ Versioning:
● Input parameter to request specific version of DID Document, e.g. by version number, or by
timestamp.
● DID Document can contain version number or timestamp of last update.
■ Caching:
● Input parameter to request specific caching behavior, e.g. force fresh DID resolution.
● Controlled by DID resolver configuration, input parameters, and DID Document content
(“time-to-live”).
■ Revocation:
● DID resolver can return an error, or a DID Document with a “revoked” flag.
■ Validation:
● DID resolver validates DID Documents before returning them.
■ Redirects:
● DID can be used as the value of serviceEndpoint.
{
"id": "did:btcr:x705-jzv2-qqaz-7vuz;hub",
"type": "HubService",
"serviceEndpoint": "did:btcr:xz35-jzv2-qqs2-9wjt"
}
https://creativecommons.org/licenses/by-sa/4.0/

32. Other Topics:
■ Off-ledger DIDs (“microledgers”, “relationship state machine”):
● DID method did:sov:edge: has been proposed
● DID operations not in a public network, but between peers
■ Which DID methods should a DID Resolver support?
● DID Method Registry
■ DID Names have been proposed.
■ Petnames can point to DIDs.
■ Domain names can point to DIDs:
● DNS Resolution, e.g.: _did.ssi.labs.nic.at. 300 IN URI 10 1 "did:sov:stn:r1dwAJxcoG7EPiioGMz7h"
● WebFinger
● HTML code in web page
https://creativecommons.org/licenses/by-sa/4.0/

33. DID Universal Registrar
■ Create/update/revoke a DID and its
DID Document.
■ Provides a universal API that works
with all DID methods.
■ Uses a set of configurable “drivers”
that know how to connect to the
target system.
■ https://uniregistrar.io/
https://creativecommons.org/licenses/by-sa/4.0/

34. Thank You
■ https://danubetech.com/ – markus@danubetech.com
■ Are you implementing a DID resolver?
● W3C Credentials Community Group!
● https://w3c-ccg.github.io/
● https://w3c-ccg.github.io/did-resolution/
■ Are you creating a DID method?
● Decentralized Identity Foundation!
● https://identity.foundation/
● https://uniresolver.io/
● https://w3c-ccg.github.io/did-method-registry/
https://creativecommons.org/licenses/by-sa/4.0/