DID registry

A DID Registry is a service that stores and retrieves DIDs and DID documents. It is a key component of the Volt4 decentralized identity ecosystem, as it allows users to manage their DIDs and DID documents in a consistent, reliable, secure and decentralized way.

What is a DID?

A decentralized identfier, or DID, is a new type of identifier that enables verifiable, self-sovereign digital identity. DIDs are fully under the control of the DID subject, independent of any centralized registry, identity provider, or certificate authority.

DIDs are presented as URIs that are resolvable to a DID document, which is a JSON object that contains cryptographic material, authentication suites, and service endpoints.

Below is an example DID document for the DID did:volt:48c7e0bb-9c62-4db0-be2f-d2f46528ccdb.

{
  "@context": ["https://www.w3.org/ns/did/v1", "https://tdxvolt.com/ns/did/v1"],
  "authentication": ["did:volt:48c7e0bb-9c62-4db0-be2f-d2f46528ccdb#key-1"],
  "controller": "did:volt:ee300134-69c7-41b7-8736-13959174d90d",
  "id": "did:volt:48c7e0bb-9c62-4db0-be2f-d2f46528ccdb",
  "verificationMethod": [
    {
      "id": "did:volt:48c7e0bb-9c62-4db0-be2f-d2f46528ccdb#key-1",
      "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAmrsi5oMFVYWGt3mA6kvxpMIjMOLiylaTUQJelDsslQg=\n-----END PUBLIC KEY-----\n",
      "type": "Ed25519Signature2018"
    }
  ]
}

DID documents do not contain any sensitive or personal information about the DID subject, but rather contain cryptographic material that can be used to verify the identity of the DID subject. It simply binds an opaque identifier to a set of cryptographic keys and services.

For more information, see the W3C Decentralized Identifiers (DIDs) specification.

DID Registry

The DID registry is a database that stores and retrieves DIDs and DID documents.

The Volt4 ecosystem is designed to be decentralized and self-sovereign, so each Volt4 instance maintains its own DID registry. This allows each Volt4 instance to have complete control over its own identity and the identities of other peers that it interacts with. As well as this, any Volt4 instance can be configured to use one or more other DID registries to store and resolve DIDs.

In order for two Volt4 instances, or any two entities in the Volt4 ecosystem, to communicate with each other, they must be able to resolve each other’s DIDs. This is necessary in order to acquire the public key of the other peer and thereby verify their identity and encrypt the communication between the two peers.

To resolve a given DID, the Volt4 or client will begin by querying the local DID registry, and then querying any other DID registries that are configured. If the DID is not found in any of the configured DID registries, the resolution fails.

Hence in order for two peers to verify each other’s identity and encrypt/decrypt data, they must have a common DID registry that they can use to resolve each other’s DIDs.

Currently a number of DID registries are publicly available, and can be used by any Volt4 instance to resolve DIDs.

• coreid.com - a public DID registry operated by the Volt4 community
• tdxvolt.com - a public DID registry and relay operated by nquiringminds Ltd in the UK
• tdxid.com - a development DID registry based in the nquiringminds London office

These DID registries are designed to be highly available and secure and are typically operated by trusted third parties, such as those run by the community or a foundation of some sort.

The idea is that over time a network of DID registries will emerge, each operated by different entities. Some may interoperate with each other, some may not, some may be public, some may be private. Each Volt4 instance can choose which DID registries to use, and can even run its own DID registry if it wishes. This will allow for a highly decentralized and self-sovereign identity ecosystem that is not dependent on any single entity or organization, and enables a high degree of flexibility and interoperability between different Volt4 instances.

Resolution API

Applications and services of the Volt4 platform can resolve and register DIDs using the various APIs.

The DID Registry resolution is exposed as an HTTP endpoint, as well as the grpc ResolveDID and SearchDIDRegistry APIs.

The HTTP endpoint is a simple GET request that takes a DID as a query parameter and returns the DID document as a JSON object - example.

The grpc API is a more advanced API that allows for more complex queries and operations on the DID registry.

Registration API

In order to register a DID in the DID registry, use the Authenticate API.

There is no HTTP endpoint for registering a DID directly.

It is also possible for the client must first create a DID document and then submit it to the DID registry using the RegisterDIDDocument API.

The DID registry will validate the DID document and store it in the database. The DID document will then be available for resolution by other Volt4 instances and clients.

Synchronisation

DID registries can elect to synchronise with each other in order to maintain a consistent view of the DID registry across several Volt4 instances. This also provides a level of fault tolerance and availability, including the ability to resolve DIDs when offline or only partially connected to the network or intranet.

In this configuration, each Volt4 instance maintains its own copy of the DID registry, and the DID registry is designed to be eventually consistent across all Volt4 instances.

When a new DID is registered in the DID registry, the Volt4 instance that registered the DID will broadcast the new DID to all other Volt4 instances in the network. Each Volt4 instance will then update its local copy of the DID registry to include the new DID.