Fed DID Method

A self-authenticating Decentralized Identifier (DID) system based on decentralized consensus with cryptopgraphic verification.

DID Fed is an identifier system designed for federated systems. It uses cryptographic keys for identity control. Identities are maintained through a consortium of validators that reach consensus on operations, creating a distributed trust model without a single point of authority.

The system implements the W3C Decentralized Identifier (DID) standard, making it interoperable with other applications and services that support DIDs.

Format

DIDs follow the pattern: did:fed:<32-char-base32>

Example: did:fed:t6dnbamijr6wlgrp5kqmkwwqcwr36ty3

The identifier is derived from the CID (Content Identifier) of the CBOR-encoded creation operation, making it self-certifying and globally unique.

Features

Sovereign Identity

Identity owners hold private keys that provide full control over their DID. Keys and identity metadata can be updated through signed operations without requiring permission from any central authority. Validators cannot modify a DID without access to these private keys.

The system uses two types of keys:

• Rotation keys control the identity and can update all aspects of the DID
• Verification keys are used for signing and authentication

Self-Authenticating

The DID contains all necessary information to verify its authenticity without trusting external authorities. Because the identifier is derived from the CID of the creation operation, anyone can independently verify:

• That the DID matches its creation operation
• The chain of updates by checking signatures against the embedded keys
• Each operation was signed by the appropriate key from the operation history

The complete verification can be performed using only the DID and its operation log.

Strong Consistency

Every operation references the previous operation by its CID (Content Identifier), forming an immutable chain that creates a cryptographically-verifiable audit trail. This structure ensures:

• Operations cannot be reordered or altered without detection
• The complete history is preserved and verifiable
• Tampering breaks the cryptographic chain

Decentralized Trust

A consortium of validators maintains the DID registry and must reach consensus to finalize operations. No single validator controls the registry, protecting against compromise or failure of individual nodes.

Operations are processed through:

• Broadcast to multiple validators
• Consensus among validators
• Finalization once consensus is reached

The system continues operating if some validators fail.

For Developers

Resolving a DID

DID resolution can be as simple as:

curl -s "https://didfed.org/did:fed:..."

The response contains verification keys, service endpoints, and alternative identifiers.

Creating a DID

1. Generate Ed25519 key pairs for rotation and verification
2. Construct a signed creation operation with keys and metadata
3. Submit to any validator in the consortium
4. The validator processes the operation and broadcasts it to the network
5. Validators reach consensus
6. The DID becomes globally resolvable

Updating a DID

To update keys, service endpoints, or metadata:

1. Create an update operation referencing the previous operation by CID
2. Sign the update with the current rotation key
3. Submit to any validator
4. Wait for consensus to finalize the update

Rotating Keys

To rotate keys:

1. Create an update operation with new rotation and/or verification keys
2. Sign it with the current rotation key
3. Submit for consensus
4. Once finalized, the new keys become active