Decentralized Identifiers (DIDs)

A Decentralized Identifier (DID) is a globally unique identifier that does not require a central registration authority. DIDs are the foundation of decentralized identity systems.

Supported DID Methods

Method	Resolution	Network	Use Case
did:key	Local (self-contained)	None	Ephemeral identities, testing
did:web	HTTPS fetch	Web	Organizational DIDs
did:jwk	Local (JWK in DID)	None	OID4VC flows

did:key

The simplest DID method. The public key is encoded directly in the DID string, so no network resolution is needed.

use baseid_did::DidKeyResolver;
use baseid_crypto::KeyPair;
use baseid_core::types::KeyType;

let kp = KeyPair::generate(KeyType::Ed25519)?;
let doc = DidKeyResolver::create(&kp.public)?;
// doc.id = "did:key:z6Mk..."

Pros: No network required, instant creation, deterministic. Cons: Cannot be updated or rotated.

did:web

Resolves by fetching a DID document from a well-known HTTPS URL. The DID did:web:example.com resolves to https://example.com/.well-known/did.json.

use baseid_did::DidWebResolver;

let doc = DidWebResolver::resolve("did:web:example.com").await?;

Pros: Human-readable, leverages existing web infrastructure. Cons: Depends on DNS and HTTPS availability.

did:jwk

Encodes a JWK (JSON Web Key) directly in the DID. Similar to did:key but uses the JWK format, which is common in OID4VC protocols.

use baseid_did::DidJwkResolver;

let doc = DidJwkResolver::create(&jwk)?;

DID Documents

All DID methods produce a DID Document containing:

• id — the DID string itself
• verificationMethod — public keys for signing and encryption
• authentication — methods for authenticating as the DID subject
• assertionMethod — methods for issuing credentials
• keyAgreement — methods for key exchange (encryption)

Choosing a Method

• Use did:key for development, testing, and short-lived identities
• Use did:web for organizations with a web domain
• Use did:jwk when working with OID4VCI/OID4VP flows