[Question] Confusion about DID creation process

w3c / did-core

W3C Decentralized Identifier Specification v1.0

https://www.w3.org/TR/did-core/

Other

407 stars 95 forks source link

[Question] Confusion about DID creation process #825

Closed Michele971 closed 2 years ago

Michele971 commented 2 years ago

I don't understand who will have the power to create a new identifier? Every user could create their own DID themselves? What ensures us that these DIDs are unique globally?

Has DID already become a W3C standard?

talltree commented 2 years ago

@Michele971 A core concept of DIDs as decentralized identifiers is that they can be cryptographically generated (analogous to the way that UUIDs are machine-generated), so they can be globally unique to a very high degree of probability without needing a centralized registry. See section 8.1 of the DID 1.0 specification, which is in the final process of full W3C standardization.

kdenhartog commented 2 years ago

We should probably be careful stating that they are cryptographically generated these days. While that's true for almost all methods today, section 8.1 doesn't define it that way. Instead it states that they need to be globally unique, but not requiring cryptographic generation as the method which in turn means it's up to the method to define how that requirement is met.

For example @Michele971, in did:web the method relies upon the domain name system to guarantee the identifiers are globally unique while in turn accepting tradeoffs in other areas. I'm fairly certain that in every other method I've looked at though they're relying on cryptographic generation to meet this requirement since it's the best method to not have to compromise decentralization for global uniqueness.

talltree commented 2 years ago

@kdenhartog You are right; I updated my comment to reflect that they "can be" cryptographically generated, not that they have to be.

Michele971 commented 2 years ago

@kdenhartog thank you guys. So if I am a Company, I can create my DIDs. The only things that I have to ensure is that DIDs have to be unique. Right?

peacekeeper commented 2 years ago

@Michele971 Yes if you are a company, then you can create a DID for the company itself. And individuals (your customers, employees, or anyone else in the world) can also create their own DIDs.

But I think it is not helpful to think that a company creates DIDs for others, or that a company ensures that DIDs are unique.

It is the DID technology itself (or to be precise, the DID methods) that ensure that DIDs are unique. If your company, or some individuals, create a new DID, then it WILL be unique. This is ensured by the design of the DID methods themselves, and by the cryptography that is typically (not always) used.

Michele971 commented 2 years ago

@peacekeeper Got it! Thank you, very helpful!!