DIDComm — or Decentralized Identifier Communication — provides a method for creating a direct, secure line of communication between the owners of Decentralized Identifiers (DIDs).
In this article, we provide an overview of DIDComm's unique capabilities, and how it's being deployed in a range of real-world use cases.
How DIDComm works
Each holder of a DID agrees to accept a connection. Once created, the connection enables ongoing secure communication along the channel where the connection was established.
DIDComm is more than just a mechanism for an individual message, it’s a framework for safe, structured interactions built on decentralization technology. DIDComm connections benefit from the built-in features of DIDComm technology, including message encryption, mutual authentication, and message routing (adapted from this article on the Indicio blog).
Why DIDComm matters
- Trusted communication
Trustworthy communication is foundational for parties on the internet to quickly establish trust. Yet this is still not widely available today, due to a lack of mutual authentication and/or end-to-end encryption in prevalent communication channels.
APIs enable business applications to securely exchange information in a prescribed format, but they need to be hosted and maintained, requiring infrastructure such as servers or cloud-based storage, as well as technical skills.
Like APIs, DIDComm can be used to securely pass rich information. Unlike APIs, it’s designed to work with the devices and services people use in their daily lives, like smartphones, tablets and laptops, without the need to host (or download) anything.
What’s more, while online services require us to authenticate ourselves, we are rarely given the option to authenticate them. Automatic mutual authentication is a core feature of DIDComm, greatly reducing the risk of falling prey to online scams.
“DIDComm is not anti-business, it’s pro-people, as it works brilliantly with the tech individuals and small businesses already use,” comments Sam Curren, Deputy CTO of Indicio and DIF Steering Committee member.
- Unmediated relationships
During the Web2 era, people lost their first class citizenship of the internet as communication was mostly consolidated into social media platform silos. Today, we depend on third parties such as tech companies and social media websites for our digital activities and online presence. As a result, we have little choice but to trust these providers with our information — trust that’s eroded a little further with each new database security breach.
DIDComm restores agency to individuals and organizations by enabling us to interact and share our information directly with the recipient, without needing to entrust it to centralized services and databases.
- Persistent connections
Once established, a DIDComm connection lasts for as long as it is not canceled by either party.
Currently, when a user visits a website, they use a shared secret to prove who they are. The user’s interactions are generally limited to their browser, meaning the website can no longer communicate with them once they leave the site. A DIDComm channel to the user’s phone becomes an excellent out-of-band channel that persists after the user has left the site.
- Flexible use cases and applications
DIDComm is widely used to exchange Verifiable Credentials (VCs) and Verifiable Presentations (VPs) — files containing verifiable information derived from one or more VCs.
However, this is just one of many potential applications of DIDComm, a generalized protocol that enables diverse use cases to benefit from the security and decentralization of Decentralized Identifiers (DIDs).
“DIDComm is fully capable of working in this way, but it can enable so much more. Once two parties have used VCs to establish trust, what’s next?” says Sam Curren.
“A lot of Verifiable Credential-based services regulate people back into the client / server model. The vision of DIDComm is to enable VCs and all sorts of other interactions that can better our lives on the internet, with browsers, email, video calls and a host of other channels.
“There’s no need to create a dedicated app in order to leverage DIDComm — developers can enable users to have a trusted relationship through any existing app,” he adds.
A selection of current use cases
Following is a selection of some of the many compelling use cases where DIDComm is used.
- The Government of British Columbia has been actively involved in the development of decentralized identity technology, including DIDComm Messaging.
- The Department of Homeland Security’s Silicon Valley Innovation Program is piloting use of DIDComm to enable trusted interactions and verifiable document exchange for international trade.
- DIDComm is used to exchange Verifiable Credentials between issuers, citizens’ National Digital Identity wallets and verifiers in Bhutan.
- DIDComm is being used by the IDUnion consortium to enable users of digital identity wallets in the EU to establish secure communication channels with businesses and other users.
- DIDComm is being piloted within the travel sector to enable secure exchange of verifiable credentials between IATA (International Air Transport Association) as issuer, travel agencies as holders and airline booking systems as verifiers. It is also used in production to enable seamless presentation of travel credentials and entry to the island of Aruba (Indicio).
- DIDComm is used by Entidad to enable farm workers to conduct routine tasks digitally (Entidad.io).
- DIDComm is being used to enable users to secure files uploaded to cloud storage (Anonyome).
“This is a technology that not only Americans are using. There’s broad interest, including within the EU and across Asia,” Sam Curren concludes.