DID, short for Decentralized Identifiers, also known as distributed digital identities, is defined as a new globally unique identifier. It is a type of Uniform Resource Identifier (URI) that represents a permanent and immutable string. This identifier can be used for individuals, vehicles, animals, and even everything, and can be associated with files describing the target objects through DID URLs.

On the surface, DID is just a new type of global unique identifier, but at a deeper level, DID is a new distributed digital identity of the Internet. It is also a core component of the Public Key Infrastructure (PKI) layer. This distributed PKI (DPKI) may have an equally significant impact on global network security, privacy, and the SSL/TLS protocol for encrypted network traffic (which is currently the world's largest PKI).

The DID system mainly includes the following hierarchical elements:

Basic Layer: DID Specification

1. DID Identifier

Entities are identified by DIDs. They can be authenticated through proofs such as digital signatures and privacy-preserving biometric protocols.

2. DID Document

DIDs point to DID documents. DID documents contain a set of service endpoints for interacting with entities. Following the principle of privacy by design, each entity can have as many DIDs as necessary to respect the separation of identities, roles, and backgrounds desired by the entity. (Note that there is no personally identifiable information in the DID document, such as real name, address, phone number, etc. Therefore, relying solely on the DID specification is not sufficient to verify a person's identity; it must be done through the VC in the DID application layer.)

Application Layer: Verifiable Claims

Verifiable Claims (or Verifiable Credentials), abbreviated as VC.