Programmable Governance for Group-Controlled Decentralized Identifiers

TL;DR

This paper proposes a programmable, trustless on-chain governance mechanism for decentralized identifiers (DIDs) that supports group control and dynamic update authorization, enhancing SSI security and flexibility.

Contribution

It introduces a novel on-chain, ledger-agnostic method for group-controlled DID governance, addressing a gap in DID update authorization mechanisms.

Findings

Developed a trustless on-chain governance protocol for group-controlled DIDs.

Ensured adaptability and ledger-agnostic operation of the governance mechanism.

Enhanced security and control in DID updates through programmable governance rules.

Abstract

Self-Sovereign Identity (SSI) is a paradigm for digital identity management that offers unique privacy advantages. A key technology in SSI is Decentralized Identifiers (DIDs) and their associated metadata, DID Documents (DDOs). DDOs contain crucial verification material such as the public keys of the entity identified by the DID (i.e., the DID subject) and are often anchored on a distributed ledger to ensure security and availability. Long-lived DIDs need to support updates (e.g., key rotation). Ideally, only the DID subject should authorize DDO updates. However, in practice, update capabilities may be shared or delegated. While the DID specification acknowledges such scenarios, it does not define how updates should be authorized when multiple entities jointly control a DID (i.e., group control). This article examines the implementation of an on-chain, trustless mechanism enabling DID controllers under group control to program their governance rules. The main research question is the following: Can a technical mechanism be developed to orchestrate on-chain group control of a DDO in a ledger-agnostic and adaptable manner?