DID (Decentralized Identifier)

A DID (Decentralized Identifier) is an identifier designed to represent an entity (a person, organization, service, or object) in a decentralized way, meaning it does not rely on a single proprietary central registry. A DID is associated with a DID Document that publishes the technical data needed for cryptographic verification (verification methods, public keys, service endpoints, etc.). The goal is to allow a verifier to confirm that a proof (for example a Verifiable Credential) was actually signed by the entity that claims to have signed it, while staying interoperable. Different DID methods exist to fit different needs. For example, did:web relies on DNS and files hosted on a domain, which is convenient for organizations because domain control provides a governance signal. did:key is simpler and self-contained, often used for technical use cases or prototypes. Other methods exist depending on the ecosystem, governance constraints, resilience requirements, and compliance considerations. In a trust architecture, a DID acts as a pointer to an entity’s keys and verification mechanisms. When an organization issues a Verifiable Credential, it signs using a key linked to its DID; later, a verifier can resolve the DID, retrieve the necessary information, and verify the signature. This avoids manual key distribution and reduces dependency on closed formats. In the Digital Product Passport (DPP) context, DIDs help ensure authenticity of statements: manufacturers, repairers, or conformity bodies can have DIDs, and each event or attestation can be signed in a traceable way. This creates a chain of trust: “this actor, identified by this DID, issued this proof at this time about this product.” Frameworks such as Veramo help manage DIDs (creation, resolution, key rotation) and integrate them into business workflows aligned with W3C standards.