§ did-traits 0.1 Editor’s Draft

Specification Status: Pre-Draft

Latest Draft: identity.foundation/did-traits

Ratified Versions:

Editors:
Jan Christoph Ebersbach (identinet)
Participate:

GitHub repo

File a bug

Commit history

Except where otherwise noted, this work by the Decentralized Identity Foundation is licensed under CC BY 4.0.

§ Abstract

This document guides implementers of W3C Decentralized Identifiers (DIDs) in selecting suitable DID methods for their specific use cases by defining proven and relevant Decentralized Identifiers traits. It includes a JSON schema for representing traits of a concrete DID method in a structured, machine-readable format, enabling integration with third-party systems such as DID resolvers. This specification builds upon existing literature and specifications detailed in the References section.

§ Status of This Document

This is a draft specification being developed within the Decentralized Identity Foundation (DIF). Design work is ongoing, and participants are encouraged to open issues or otherwise contribute at the DIF-hosted github repository, whether as input to stable versions or as recommendations for future versions.

§ Terminology

Decentralized Identifiers
Unique ID URI string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger).
Traits
A distinct, measurable characteristic of a Decentralized Identifier method that influences its behavior, capabilities, or implementation requirements.

§ Structure of this Document

This specification is organized into three main sections:

  1. Definition of Traits: Provides detailed definitions and descriptions of identified DID method traits. Each trait is explained in terms of its significance, characteristics, and impact on DID method implementation and usage.
  2. JSON Schema Data Model: Presents a formal schema for representing DID method traits in a machine-readable format. This section includes the complete JSON schema definition along with examples illustrating its application.
  3. Comparison of DID Methods: Contains a comprehensive table comparing different DID methods based on their traits. This comparison enables implementers to evaluate and select DID methods that best match their requirements.

The specification references supporting literature and related specifications throughout these sections, with complete references provided at the end of the document.

§ Definition of Traits

This section systematically defines the characteristics that distinguish and differentiate DID methods. While all DID methods fundamentally support core operations for creating and retrieving DID documents, they exhibit diverse additional traits that reflect their unique design. These traits have been identified through analysis of existing DID methods and their real-world implementations. Each trait definition includes its name and description.

Trait Definition
Updateable DID Documents are updateable, see https://w3c.github.io/did-core/#method-operations.
Updateable Service Endpoints Service endpoints are updateable, see https://w3c.github.io/did-core/#services.
Deactivatable DIDs are deactivatable, see https://w3c.github.io/did-core/#method-operations.
Deletable DID method’s capability to permanently remove a DID and its associated DID document from the underlying system, rendering the identifier and its historical irresolvable.
Explicit Fees Indicates whether a DID method imposes mandatory transactional costs for creating, updating, or deactivating identifiers. These fees are typically associated with blockchain or distributed ledger-based methods, where computational resources and network consensus mechanisms necessitate economic compensation.
Self-Certifying DID method where the cryptographic material used to generate the DID is embedded within the identifier itself, creating an inherent and verifiable cryptographic binding between the DID, its initial DID document, and the associated cryptographic keys. This approach eliminates the need for external verification infrastructure, as the identifier’s authenticity can be cryptographically validated through its own intrinsic key material.
Rotatable Verification Methods Verification methods are updateable, allowing cryptographic keys to be replaced or updated, see https://w3c.github.io/did-core/#verification-methods.
Pre-rotation of Keys Cryptographic mechanism that enables a DID controller to securely commit to a future key rotation without revealing the actual replacement public key. This technique creates a verifiable, one-way commitment to the next cryptographic key pair, preventing malicious actors who compromise the current private key from arbitrarily rotating to a new key of their choosing.
Multi-Signature Verification Method A DID method that supports distributed control of a decentralized identifier through a cryptographic mechanism requiring multiple independent signatures to authorize critical identity operations such as updating, deactivating or using the DID.
Human-readable A DID method’s ability to generate identifiers that are cognitively accessible and memorable to humans, typically incorporating meaningful, domain-specific, or intuitive components.
Enumerable A DID method where all identifiers within the system can be comprehensively discovered and listed through a publicly accessible registry, typically implemented using a distributed ledger technology (DLT) or similar transparent infrastructure.
Locally Resolvable A DID method where identifiers and their associated DID documents are resolvable and verifiable only within a specific, transient local context.
Globally Resolvable A DID method where identifiers can be resolved from any network location, enabling universal access to the associated DID document across diverse computational environments and geographic boundaries.
DID Document History A DID method’s capability to preserve and retrieve previous versions of a DID document, enabling comprehensive historical traceability of identity metadata and modifications.
Cryptograhpically signed DID Document History A DID method’s capability to record all modifications to the DID document in an append-only, cryptographically verifiable data structure that prevents retroactive alteration or deletion of historical states.
Not Hosted dID document is generated and verified entirely through cryptographic mechanisms, without requiring persistent storage or external hosting infrastructure.
Centrally Hosted The DID document is stored and managed through a single, centralized service infrastructure, typically implemented using a web server or controlled repository.
Decentrally Hosted The DID document is stored, managed, and resolved through a distributed infrastructure, typically implemented using decentralized ledger technologies (DLT) or peer-to-peer networks.
Privacy Preserving Cryptography A DID method’s ability to use cryptographic techniques that enable identity verification and authentication while minimizing the disclosure of sensitive personal information. Example: BBS.
Government-approved Cryptography A DID method that implements cryptographic algorithms and protocols explicitly validated and recommended by national cryptographic standards bodies. Example: FIPS 186-4.
GDPR-compliant A DID method’s ability to fully adhere to the European Union’s General Data Protection Regulation (GDPR) requirements, ensuring comprehensive protection of personal data and individual privacy rights.

§ JSON Schema Data Model

The specification defines a normative JSON Schema data model for documenting and representing DID method traits in a machine-readable format. The canonical schema is formally defined at https://identity.foundation/did-traits/schemas/traits.json.

DID method authors SHALL use this schema to describe their method’s trait support. The schema is structured with two primary components:

All traits are represented as boolean values with the following semantics:

Conforming implementations MUST validate their trait documentation against this JSON Schema, ensuring consistent and unambiguous representation of DID method capabilities.

§ Example

This example demonstrates a complete JSON representation of the did:web DID method, illustrating the schema’s structure.

{
  "$schema": "https://identity.foundation/did-traits/schemas/traits.json",
  "name": "web",
  "updateable": true,
  "updateableServiceEndpoints": true,
  "deactivatable": true,
  "deletable": true,
  "explicitFees": false,
  "selfCertifying": false,
  "updateableVerificationMethods": true,
  "prerotationOfKeys": false,
  "multisigVerificationMethod": false,
  "humanreadable": true,
  "resolvableLocally": false,
  "resolvableGlobally": true,
  "history": false,
  "historySigned": false,
  "hostedNot": false,
  "hostedCentrally": true,
  "hostedDecentrally": false
}

§ Comparison of DID Methods

The following table provides a comprehensive overview of trait support across multiple DID methods, enabling a systematic comparison of their capabilities.

Method Updateable Updateable Service Endpoints Deactivatable Deletable Explicit Fees Self-Certifying Rotatable Verification Methods Pre-rotation of Keys Multi-Signature Verification Method Human-readable Enumerable Locally Resolvable Globally Resolvable DID Document History Cryptograhpically signed DID Document History Not Hosted Centrally Hosted Decentrally Hosted Privacy Preserving Cryptography Government-approved Cryptography GDPR-compliant
did:key
did:peer
did:tdw
did:web

§ Appendix

§ Relate Specifications and Research

§ References

§ Normative References

[[spec]]

§ Informative References

JSON Schema
JSON Schema: A Media Type for Describing JSON Documents. A. Wright, H. Andrews, B. Hutton, G. Dennis. Status: 28 January 2020. Status: Internet-Draft.

§ Patent Policy

The Decentralized Identity Foundation has adopted the W3C Patent Policy (2004), as detailed below:

§ Acknowledgements

We thank the Decentralized Identity Foundation and the Identity and Discovery working group for their support in this specification.

Table of Contents
undefined