DID Universal Resource Identifier

All DID Methods on sidetree share the same identifier format. The unique identifier segment is known as a DID Suffix. This is derived from the initial state of the DID’s state data. Additionally, the DID Suffix is cryptographically bound to the initial PKI state of the DID, making sidetree DIDs self certifying. This enables a person who creates a DID knows their unique identifier at the moment of DID generation, and is secured cryptographically for instant use. The URI resolves to a DID document based on the implementation of the specific DID method. This infrastructure could be a web server (similar threat model to current URL API calls), peer-to-peer discovery, anchor to the Bitcoin blockchain, IPFS or custom implementation devised by the controller. In our case we use DID:ION our implementation.

Short Form URI

Upon DID creation a short form DID URI is generated.

Short-Form DID URI Format:

did:METHOD:<did-suffix>

Short-Form DID URI Example:

did:ion:EiDahaOGH-liLLdDtTxEAdc8i-cfCz-WUcQdRJheMVNn3A

Long Form URI

After DID generation there is an indeterminate period of time before DID operation is anchored, propagated, and processed by anchoring systems. To account for this, Sidetree generates a long-form DID URI that is an equivalent to Sidetree-based DIDs that is both self-certifying and self resolving. This allows DIDs to be immediately resolvable by including the DIDs initial state data within long-form DID URI. Long form DID URI are the same as short for DID URI with an additional colon-separated segment appended at the end. This segment is a JSON data payload that contains information required for DID operation.This JSON data is encoded and added after the DID Suffix.

Long-Form URI JSON Payload data

{
  "delta": {
    "patches": [
      {
        "action": "replace",
        "document": {
          "publicKeys": [
            {
              "id": "anySigningKeyId",
              "publicKeyJwk": {
                "crv": "secp256k1",
                "kty": "EC",
                "x": "H61vqAm_-TC3OrFSqPrEfSfg422NR8QHPqr0mLx64DM",
                "y": "s0WnWY87JriBjbyoY3FdUmifK7JJRLR65GtPthXeyuc"
              },
              "purposes": [
                "auth"
              ],
              "type": "EcdsaSecp256k1VerificationKey2019"
            }
          ],
          "services": [
            {
              "id": "anyServiceEndpointId",
              "type": "anyType",
              "serviceEndpoint": "http://any.endpoint"
            }
          ]
        }
      }
    ],
    "updateCommitment": "EiBMWE2JFaFipPdthcFiQek-SXTMi5IWIFXAN8hKFCyLJw"
  },
  "suffixData": {
    "deltaHash": "EiBP6gAOxx3YOL8PZPZG3medFgdqWSDayVX3u1W2f-IPEQ",
    "recoveryCommitment": "EiBg8oqvU0Zq_H5BoqmWf0IrhetQ91wXc5fDPpIjB9wW5w"
  }
}

Format of Long-Form DID URI:

Example of Long-Form DID URI:

Long-Form DID URIs support the follow features:

• Resolving DID Documents of unpublished DIDs

• Authentication of unpublished DIDs

• Verification of credentials signed against unpublished DIDs