Programmable Governance for Group-Controlled Decentralized Identifiers

Abstract

Self-Sovereign Identity (SSI) is a paradigm for digital identity management that offers unique privacy advantages. A key technology in SSI is Decentralized Identifiers (DIDs) and their associated metadata, DID Documents (DDOs). DDOs contain crucial verification material such as the public keys of the entity identified by the DID (i.e., the DID subject) and are often anchored on a distributed ledger to ensure security and availability. Long-lived DIDs need to support updates (e.g., key rotation). Ideally, only the DID subject should authorize DDO updates. However, in practice, update capabilities may be shared or delegated. While the DID specification acknowledges such scenarios, it does not define how updates should be authorized when multiple entities jointly control a DID (i.e., group control). This article examines the implementation of an on-chain, trustless mechanism enabling DID controllers under group control to program their governance rules. The main research question is the following: Can a technical mechanism be developed to orchestrate on-chain group control of a DDO in a ledger-agnostic and adaptable manner?