A method for Decentralized Identifiers that does not require a secure registry (e.g., a blockchain or a Web server) and allows private key rotation.
Decentralized Identifiers (DIDs) are a W3C recommendation that enables verifiable, decentralized digital identity. DIDs are investigated for providing self-sovereign digital identities, for improving supply chain security, or even as a Web5 enabler. Current W3C recommendations act as a framework, which is implemented by many DID methods. Existing DID methods either require a form a trusted registry (such as a blockchain or a secure Web server) where auxillary information is stored, or they do not support private key rotation. did:self is the first DID method that removes the need for a trusted registry allowing at the same time advanced operations such as: private key rotation, DID co-ownership, and DID delegation.
IoT group communication
Using did:self IoT devices belonging to the same group (e.g., all temperature sensors of a building) can be configured with the same DID identifier. This way group membership can be easily proved. At the same time, each IoT device can have its own private key that can be trivially rotated. This protects the group from private key breaches.
A did:self identifier can be used for identifying content items or service endpoints. did:self allows secure delegation of content/service to 3rd party providers (e.g., a CDN). At the same time, did:self enables self-verifiable content items, i.e., the authenticity of an item can be verified without support from a Trusted Third Party.
A did:self identifier can be used with multiple user devices. At the same time, a user can limit the validity period of keys used in less secure devices. For example, users can configure their mobile phones to use their did:self identifier only for the duration of a business trip.