Overview
An eXtensible IDentifier (XID) is a stable decentralized identifier generated from the hash of an inception key. XIDs resolve to an envelope-based controller document for managing keys, credentials, and other assertions, and leverage provenance chains for key rotation and revocation without changing the identifier. It does not necessarily to the DID spec, but it is inspired by the same needs and desires.
Why is XID Important?
The main advantage of XIDs is that they allow for the redaction of content in a DID-like controller document while also maintaining cryptographic verification..
Currently, controller documents tend to include public keys and service end-points. This is a great way to associate a variety of content into a singular identity. But you may not want to publicly reveal all of that information. Public keys can create vulnerabilities when exposed and you may wish to divide different parts of your identity, to only be revealed to specific groups!
With Envelope-enabled controller documents you can still gather and validate all of your information as part of a singular identifier. But, you can elide most of it most of the time, only revealing private elements through inclusion proofs to specific groups. Your data remains organized and you don’t have to manage a whole bunch of different identities, but at the same time, vulnerable material remains secure and private.
This supports compartmentalized disclosure for progressive trust architectures where the holder, not the issuer, controls which aspects are revealed to different parties.
How Does XID Work?
A XID (“eXtensible IDentifier”) is a unique 32-byte identifier for a subject entity:
XID(71274df133169a0e2d2ffb11cbc7917732acafa31989f685cca6cb69d473b93c)
XIDs are encoded using CBOR. The hex is marked as length 32-bytes and then tagged with the CBOR tag #6.40024.
40024(h'71274df133169a0e2d2ffb11cbc7917732acafa31989f685cca6cb69d473b93c')
Converted to binary this is:
D9 9C58 # tag(40024)
58 20 # bytes(32)
71274DF133169A0E2D2FFB11CBC7917732ACAFA31989F685CCA6CB69D473B93C
XIDs can also be encoded as URs:
ur:xid/hdcxjsdigtwneocmnybadpdlzobysbstmekteypspeotcfldynlpsfolsbintyjkrhfnvsbyrdfw
A XID is generated from the SHA-256 hash of the CBOR representation of a specific PublicSigningKey structure called the inception key. It can be resolved into a XID Document that declares public keys and their associated attributes.
This specifics on all of this, XID resolution methods, permissions, delegation, rotation, and much more can be found in “BCR-2024-10: XIDs”.
XID Videos & Presentations
|
XID Video:
|
XID Presentation:
|
|
Overview Video:
|
Overview Presentation:
|
Also see the transcript on our XID Presentation page
Links
- BCR-2024-010: XID: Extensible Identifiers (Blockchain Commons Research Document)
- “Gordian Envelope, Elision, and Controller Docs” Presentation (PDF)
- “Gordian Envelope, Elision, and Controller Docs” Video (YouTube)
- W3C: DID v1.0 (W3C)
- W3C: Controller Doc v1.0 (W3C)