DID Overview: Architecture and Implementation Guide

Introduction

Decentralized Identifiers (DIDs) are globally unique, cryptographically verifiable identifiers that allow entities to prove control over their identity without relying on centralized registries. In the CHLOM ecosystem, DIDs form the foundation for identity verification, licensing and compliance workflows.

Identity Primitives & DID Documents

A DID consists of a method, method-specific identifier and a DID document. The DID document contains public keys, service endpoints, and metadata:

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "verificationMethod": [{
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMHFG5..."
  }],
  "authentication": ["did:example:123456789abcdefghi#keys-1"],
  "service": [{
    "id": "did:example:123456789abcdefghi#vcs",
    "type": "CredentialRepositoryService",
    "serviceEndpoint": "https://example.com/credentials/123"
  }]
}

Choose a DID method (e.g. did:ion, did:web, did:key) that fits your infrastructure and scalability needs.

Authentication & Verification Flows

  • Challenge–response: the verifier generates a nonce, the holder signs it with their private key, and the verifier checks the signature against the DID document.
  • JWT-based proofs: encode claims in a JSON Web Token signed by the DID’s key pair for stateless verification.
  • OAuth bridge: integrate legacy OAuth providers by mapping OAuth identities to DIDs for cross-platform interoperability.

Integrating Fingerprint ID & Biometrics

Biometric authentication can be used to unlock the private keys associated with a DID. In CHLOM, Fingerprint IDs link a user’s biometric hash to their decentralized identifier, enabling secure multi-factor authentication. Store biometric hashes off-chain and encrypt them with the user’s public key.

Revocation & Recovery Strategies

If a private key is compromised or lost, you must be able to rotate verification methods and update the DID document:

  1. Publish a new public key in the DID document with a new verificationMethod entry.
  2. Add a assertionMethod field pointing to the new key.
  3. Revoke the compromised key via an on-chain registry or a revocation list.
  4. Inform connected services and rotate any credentials derived from the old key.

Implementation Steps

  • Select a DID method and set up a DID resolver compatible with your blockchain (e.g. Ion on Bitcoin, DID:ethr on Ethereum).
  • Implement a DID registry smart contract to anchor identifiers and manage updates.
  • Develop client-side wallets and SDKs for generating keys, storing DID documents, and signing messages.
  • Integrate DID authentication into your licensing flows (TLaaS) and compliance checks (S‑CaaS).
  • Set up revocation mechanisms and recovery procedures, including biometric recovery via Fingerprint ID.
  • Monitor DID usage and interactions through analytics to detect anomalies and enforce governance policies.

With these components in place, DIDs provide a secure, privacy-preserving identity layer that underpins licensing, compliance, and governance across the entire CHLOM framework.

Was this article helpful?