Skip to main content

Decentralised Identifiers

Decentralised Identifiers (DIDs) are how actors identify themselves on EBSI. This page explains what they are; the Onboarding guides show how to create one.

What is a DID?

A Decentralised Identifier (DID) is a globally unique identifier defined by the W3C DID specification. Unlike a username or email address, a DID is not issued or controlled by a central authority — it is cryptographically bound to a key pair held by the subject, so the holder can prove control without relying on a third party.

You need a DID whenever you must prove who is acting: when writing to an EBSI registry, or when issuing, receiving, or presenting a Verifiable Credential. You do not need a DID to read public data — anonymous users can call public REST endpoints without one.

What is a DID method?

A DID method is a specification that defines how a particular type of DID is created, resolved, updated, and deactivated. Different methods make different trade-offs between privacy, on-chain persistence, and revocability.

DID methods in EBSI

EBSI uses two DID methods depending on the actor type:

ActorDID methodWhere it livesUse case
Legal Entitydid:ebsiEBSI DID Registry (on-chain)Trust chains, accreditations, VC issuance
Natural Persondid:keyWallet only (never written to a registry)Holding and presenting VCs, GDPR-compliant