Technically, a DID is a simple string with a fixed structure: did:method:identifier, where the method (such as key, web, or ion) tells software how to look up and verify it. Resolving a DID returns a DID document, a machine-readable file listing the public keys, authentication methods, and service endpoints tied to that identifier, so anyone can check a signature without asking a company or government to confirm it first.
The concept was standardized by the World Wide Web Consortium, whose DID Core specification became an official recommendation in 2022 and continues to evolve through newer draft versions. Dozens of DID methods now exist. Some, like did:key, are generated instantly from a key pair with nothing published anywhere; others, like did:web, anchor to a domain name; and blockchain-based methods such as did:ethr or did:ion record proof of the identifier on a public ledger for extra durability and censorship resistance.
DIDs rarely stand alone. They pair with verifiable credentials, cryptographically signed claims (a diploma, a KYC check, an age attestation) issued by a trusted party and held in a digital identity wallet. A user can then present just the proof a service needs, such as "over 18," without revealing a birth date or handing over a copy of a passport, making DIDs a core piece of the self-sovereign identity vision associated with Web3.
Adoption remains early: key management, credential revocation, and cross-method interoperability are still active engineering problems, and losing the private key behind a DID means losing control of everything it represents.