Public-facing DIDs Vs. Private "pairwise" DIDs

Hello Sovrin,

I’ve been reading some forum threads, and it’s obvious there’s a known use case for private (“pairwise”) DIDs for establishing “secure” (or verifiable) communication channels among different Sovrin entities. An identity owner, in this case, would be able to control multiple DIDs (according to the different relationships established with other entities). The very Alice/Faber example works this way.

However, I’ve seen too few examples of entities establishing and utilizing a single DID as a form of public identifier among other Sovrin identities. Also, there’s the other possible use case where an identity owner might use a single DID for establishing a “face” with regard to a specific context (a “financial facet” for interacting with banks only, for example).

I was wondering (from a technical point of view) what would be the differences between these two apparent “types” of DID. How would public DIDs be defined in comparison to private pairwise DIDs? What differences would there be in their respective creation workflows and possibly record structure on the ledger?..

Also, am I correctly using the term “pairwise” in this context?

Thanks in advance.

You are using the term “pairwise” the same way that I do, fwiw. :slight_smile:

In the Alice/Faber example, Alice uses a new pairwise DID, but I believe Faber’s DID is a public one; that is, each person accesses Faber at the same identifier. This is the pattern I would expect; private individuals use pairwise DIDs, but public institutions use public DIDs.

The idea of using a DID in multiple contexts–your example of a financial facet, for example–is not excluded by Sovrin. However, I think there are some dangers if this is done incorrectly, because correlation could leak, undermining a person’s privacy. I can’t speak for others who’ve been thinking about this, but I feel a bit reluctant to explain/explore/advocate this usage pattern until the pairwise one is fully institutionalized in the ecosystem, for fear that the community will default to something other than strong privacy.

Thanks for your reply, @danielh.

Now, are there any relevant differences between these two “types” of DID (technically speaking)? In terms of DID creation and agent-to-agent or angent-to-ledger interaction, do public and private DIDs work the same?

Nobody can tell the scope of another identity owner’s DIDs unless correlation reveals that information to them. Therefore, the two DID usage patterns are indistinguishable as far as the ledger is concerned. In agent contexts, a private DID and a public one look identical and are handled identically as far as the consumer of a DID is concerned–but if you want your agent to expose a public versus a private DID to others, you might have to configure the agent to follow your wishes. So the main place where I would expect to see a difference is in the instructions you give to your own agent.

I want to emphasize that I consider it an unwise choice for individuals who value privacy to use the same DID in more than one relationship. You are signing up for correlation, and your ability to alter the relationship gets complicated. For example, sovrin is built on the idea that each relationship could have its own consent receipts and “terms of service” for data–but if you share a DID with more than one other entity, you don’t have an easy way to customize what each receives or what each has consented to. Those are solvable problems, but I’m not sure it’s a good idea to explore this topic deeply before we have robust tools and processes (and mental models) around the more desirable, privacy-preserving pairwise approach.

Good answer Daniel. I’d also add that, as all DIDs are on the ledger they are all publicly viewable. But the data attached to the DID, stored in the DDO, can contain all sorts of info. The DID owner may wish to publish some information in the DDO that they are happy to be public. For example a store may publish some information about its location, opening hours, name etc. An individual may just keep the DDO completely minimal with no information other than their verification key and endpoint.

In any event, as Daniel says, a DID is a DID is a DID. Any info you put on a DDO can be seen by everyone. Therefore if you want to keep your info private, don’t put it on the ledger.

Thanks, @danielh and @AndyTobin for your input. This surely helps to clear things up.

I still have to figure out how to effectively design the KYC case in a privacy-enabling way. I’ll proabbly be asking for your feedback on it soon. :wink:

I’m late to this thread, so just a few quick clarifying notes:

First, I agree that, from the standpoint of the Sovrin ledger itself, there is really no difference between a “public” DID—one intended to be widely correlate-able, and “private” DID that will only be used in a single pairwise relationship. The difference all comes in how the identity owner shares the DID. The public DID will be shared widely (similar to a website address), whereas the private one will only be shared with the other party to the relationship.

Secondly, Andy mentions that you could put public info into the DDO associated with a “public” DID. While that’s possible, it’s not best practice. Better to make public claims (claims anyone can access) available through the agent endpoint for a “public” DID. Essentially you want to publish public info via the agent associated with the DID rather than the DDO associated with the DID. All you want in the DDO is the public key and agent endpoint for the identity owner.

Lastly, just to make sure everyone has the current links for the DID Data Model and Generic Syntax Implementer’s Draft 01 spec:

To update this thread and avoid confusion, the technology has been evolving, and pairwise DIDs are now not typically written to the ledger. They are known by and held only by their respective endpoints.


Thanks @mgbailey!
I am looking for some clarification on this topic. All DIDs used to be written to the public ledger. True private DIDs (not written to the public ledger) stored locally in your wallet have been introduced, see also the concept of microledger. Now, microledger (Relationship State Machine) has not been finalised or implemented yet as far as I know, so I wonder: are private DIDs actually possible today? And if so, then it is up to the wallets themselves to manage that (what RSM/microledgers will aim to do later on)?