This document attempts to communicate the concepts outlined in the
Decentralized Identifier space by using specialized terms to discuss specific
concepts. This terminology is included below and linked to throughout the
document to aid the reader:
- Blockchain
-
A specific type of distributed ledger technology (DLT) that
stores ledger entries in blocks of transactions that are grouped
together and hashed into a cryptographic chain. Because this type of DLT
was introduced by
Bitcoin,
the term "blockchain" is sometimes used to refer specifically to the Bitcoin
ledger.
- Decentralized Identifier (DID)
-
A globally unique identifier that does
not require a centralized registration authority because it is
registered with distributed ledger technology or other form of
decentralized network. The generic format of a DID is defined in this
specification. A specific DID scheme is defined in a
DID method specification.
- Decentralized Identity Management
-
Identity
Management based on decentralized identifiers.
Decentralized Identity Management extends the identifier creation authority
beyond the traditional roots of trust
required by X.500
directory services, the Domain Name
System, and most national ID systems.
- DID Registry
-
A role a system performs to mediate the creation, verification, updating, and
deactivation of Decentralized Identifiers.
A DID Registry is a type of Verifiable Data Registry (see [[VC-DATA-MODEL]]).
- Decentralized Public Key Infrastructure (DPKI)
-
Public key infrastructure based on
decentralized identifiers and identity records (e.g., DID Documents) containing
verifiable public key descriptions.
- Dependent
-
A person, organization, or thing whose DID is
registered and maintained by a delegate because the dependent is not in
a position to control the private keys. A dependent becomes an
identity owner when the dependent takes control of the private keys.
- DID Controller
-
The entity, or a group of entities, in control of a DID and/or DID Document.
Note that the DID Controller may or may not include the DID Subject.
- DID Document
-
A set of data that describes the subject of a
DID, including mechanisms, such as public keys and
pseudonymous biometrics, that the DID subject can use to authenticate itself
and prove their association with the DID. A DID Document MAY also contain other
attributes or
claims
describing the subject. These documents are graph-based data structures that
are typically expressed using [[JSON-LD]], but may be expressed using other
compatible graph-based data formats.
- DID Fragment
-
The portion of a DID URL that follows the first hash
sign character (
#). A DID fragment uses the same syntax as a URI
fragment. See Section .
- DID Method
-
A definition of how a specific DID scheme can be implemented
on a specific distributed ledger or network, including the precise
method(s) by which DIDs are resolved and deactivated and DID Documents
are written and updated.
- DID Path
-
The portion of a DID URL that begins with and includes the first forward
slash character (
/). A DID path uses the identical syntax as a URI path.
See Section .
- DID Query
-
The portion of a DID URL that follows the first question
mark character (
?). A DID path uses the identical syntax as a URI path.
See Section .
- DID Subject
-
The DID Subject is the entity that the DID Document is about, i.e.,
it is the entity identified by the DID and described by the DID Document.
- DID URL
-
A DID plus an optional DID path, optional
? character followed by a
DID query, and optional # character followed by a DID fragment.
- DID Scheme
-
The formal syntax of a Decentralized Identifier. The generic DID
scheme is defined in this specification. Separate DID method specifications
define a specific DID scheme that works with that specific DID method.
- Distributed Ledger (aka DLT)
-
A distributed
database in which the various nodes use a consensus
protocol to maintain a shared ledger in which each transaction is
cryptographically signed and chained to the previous transaction
- Delegate
-
An entity who creates a DID and associated DID document for a dependent who
does not yet have the capacity to control the private keys. The
dependent must rely on the delegate to safeguard the private keys until
the dependent can assume control as the DID subject.
- Identity Owner
-
The natural person, party, organization, or thing whose
identity is represented by a DID and who directly controls the
private keys to control the DID Document.
(Note: this specification avoids the term "user" since a DID subject is not
always an individual person.)
- JSON Pointer
-
JSON Pointer defines a string syntax for identifying a specific value
within a JavaScript Object Notation (JSON) document as defined in [[RFC6901]]
- Key Description
-
A JSON object contained inside a DID Document that contains all
the metadata necessary to use a public key or verification key. A list
of standard key descriptions is included in
Appendix .
- Service Endpoint
-
A network address at which a service operates on
behalf of a DID subject. Examples of specific services include
discovery services, social networks, file storage services, and
verifiable claim repository services. Service endpoints may also be provided
by a generalized data interchange protocol such as
Extensible Data Interchange.
- UUID
-
Universally Unique Identifier as specified by RFC 4122 .
- Extensible Data Interchange (aka XDI)
-
A semantic
graph format and semantic data interchange protocol defined by the
OASIS XDI Technical
Committee.
- URI
-
An identifier as defined by [[RFC3986]].