Tenzro Testnet is live. Get testnet TNZO

W3C DID

Tenzro Network implements full compliance with the W3C Decentralized Identifiers (DIDs) v1.0 specification, enabling standards-based identity interoperability across blockchain networks and traditional systems. All Tenzro identities can be exported as W3C DID Documents and resolved through standard DID resolution protocols.

W3C DID Specification Overview

The W3C DID specification defines a standard format for decentralized identifiers that are verifiable, persistent, and do not require centralized registration authorities. DIDs enable entities to prove control over their identifiers using cryptographic proofs rather than trusted intermediaries.

A DID is a URI that associates a DID subject with a DID Document, which contains metadata about the subject including verification methods, service endpoints, and controller relationships. The general DID URI syntax is:

did:method-name:method-specific-identifier

Tenzro Network registers two DID methods with the W3C DID Specification Registries: did:tenzro: for TDIP identities and did:pdis: for PDIS identities.

Tenzro DID Methods

did:tenzro: Method

The did:tenzro: method is the primary DID method for Tenzro Network, supporting both human and machine identities through TDIP:

# Human identity did:tenzro:human:{uuid} # Controlled machine identity did:tenzro:machine:{controller}:{uuid} # Autonomous machine identity did:tenzro:machine:{uuid}

The method-specific identifier uses UUID v4 or v7 format, ensuring global uniqueness and preventing collisions across the network. Controller references in machine identities can point to any valid Tenzro DID (human or machine), enabling multi-level delegation hierarchies.

did:pdis: Method

The did:pdis: method provides backward compatibility with the PDIS standard:

# Guardian identity (PDIS-1) did:pdis:guardian:{uuid} # Agent identity (PDIS-2) did:pdis:agent:{controller}:{uuid}

Both methods are registered with identical resolution semantics, verification method types, and service endpoint formats. Applications can use either method interchangeably, with cross-method references fully supported.

DID Document Structure

A W3C DID Document for a Tenzro identity contains comprehensive metadata enabling cryptographic verification and service discovery:

{ "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/ed25519-2020/v1", "https://tenzro.network/ns/identity/v1" ], "id": "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000", "controller": "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000", "alsoKnownAs": [ "did:pdis:guardian:550e8400-e29b-41d4-a716-446655440000" ], "verificationMethod": [ { "id": "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000#key-1", "type": "Ed25519VerificationKey2020", "controller": "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000", "publicKeyMultibase": "z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH" } ], "authentication": [ "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000#key-1" ], "assertionMethod": [ "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000#key-1" ], "service": [ { "id": "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000#wallet", "type": "TenzroWallet", "serviceEndpoint": "https://wallet.tenzro.network" }, { "id": "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000#messaging", "type": "MessagingService", "serviceEndpoint": "https://a2a.tenzro.network" } ] }

Document Properties

@context: Defines the JSON-LD context for semantic interpretation. Tenzro includes the W3C DID v1 context, Ed25519 cryptographic suite context, and a custom Tenzro identity context for protocol-specific extensions.

id: The DID of the subject. This is the primary identifier for resolution and verification.

controller: The DID(s) that control this identity. For human identities, this is typically self-referential. For machine identities, this references the controlling human or parent machine.

alsoKnownAs: Alternative identifiers for the same subject. Tenzro uses this to link TDIP and PDIS identities, enabling cross-standard resolution.

verificationMethod: Cryptographic public keys or other verification material. Tenzro supports Ed25519, Secp256k1, and BLS12-381 key types.

authentication: Verification methods that can be used to authenticate as this DID subject.

assertionMethod: Verification methods for signing credentials and other assertions.

service: Service endpoints for interacting with the DID subject, such as wallet interfaces, messaging services, or AI inference endpoints.

DID Resolution

DID resolution is the process of retrieving a DID Document given a DID. Tenzro implements the W3C DID Resolution specification with blockchain-anchored resolution for guaranteed persistence and availability.

Resolution Protocol

Tenzro provides multiple resolution interfaces for different use cases:

# JSON-RPC resolution (programmatic) curl -X POST https://rpc.tenzro.network \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "method": "tenzro_resolveDidDocument", "params": ["did:tenzro:human:550e8400-e29b-41d4-a716-446655440000"], "id": 1 }' # HTTP resolution (RESTful) curl https://api.tenzro.network/did/resolve/did:tenzro:human:550e8400-e29b-41d4-a716-446655440000 # CLI resolution (command-line) tenzro-cli identity document \ did:tenzro:human:550e8400-e29b-41d4-a716-446655440000

All resolution methods return the same W3C-compliant DID Document format. Resolution metadata includes creation timestamp, update timestamp, proof type, and blockchain anchor information.

Resolution Metadata

Tenzro resolution responses include extended metadata beyond the core W3C specification:

{ "didDocument": { ... }, "didResolutionMetadata": { "contentType": "application/did+ld+json", "created": "2024-01-15T10:30:00Z", "updated": "2024-03-20T14:22:00Z", "blockHeight": 1234567, "transactionHash": "0xabc123...", "proofType": "Ed25519Signature2020", "revoked": false }, "didDocumentMetadata": { "created": "2024-01-15T10:30:00Z", "updated": "2024-03-20T14:22:00Z", "versionId": "2", "nextUpdate": "2025-01-15T10:30:00Z", "nextVersionId": "3" } }

Verification Methods

Tenzro supports multiple cryptographic suite types for verification methods, enabling interoperability with different blockchain ecosystems and cryptographic standards.

Ed25519 Keys

Ed25519 is the default and recommended key type for Tenzro identities. It provides strong security (~128-bit) with compact signatures and fast verification:

{ "id": "did:tenzro:human:550e8400...#key-1", "type": "Ed25519VerificationKey2020", "controller": "did:tenzro:human:550e8400...", "publicKeyMultibase": "z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH" }

The public key is encoded using multibase with base58-btc encoding (z prefix). This format is compact, URL-safe, and widely supported across W3C credential ecosystems.

Secp256k1 Keys

Secp256k1 keys enable compatibility with Ethereum and Bitcoin ecosystems:

{ "id": "did:tenzro:human:550e8400...#key-2", "type": "EcdsaSecp256k1VerificationKey2019", "controller": "did:tenzro:human:550e8400...", "publicKeyMultibase": "zQ3shwNhfEjUfEkXXQfAPfAarNNPKd2e1dZ3fDa4qKvN7Wz7B" }

BLS12-381 Keys

BLS keys support signature aggregation for threshold signatures and multi-signature schemes:

{ "id": "did:tenzro:human:550e8400...#key-3", "type": "Bls12381G2Key2020", "controller": "did:tenzro:human:550e8400...", "publicKeyMultibase": "zUC7K4ndUaGZgV7Cp2yJy6JtMoUHY6u7tkcSYUvPrEidqBmLCTLmi6d5WvwnUqejscAkERJ3bfjEiSYtdPkRSE8kSa11hFBr4sTgnbZ95SWpcEa7" }

Service Endpoints

Service endpoints describe how to interact with the DID subject. Tenzro defines several standard service types for network operations:

TenzroWallet Service

{ "id": "did:tenzro:human:550e8400...#wallet", "type": "TenzroWallet", "serviceEndpoint": { "uri": "https://wallet.tenzro.network", "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb2", "chains": [1337, 1, 137] } }

MessagingService

{ "id": "did:tenzro:human:550e8400...#messaging", "type": "MessagingService", "serviceEndpoint": { "uri": "https://a2a.tenzro.network", "protocols": ["A2A", "MCP"] } }

InferenceService (Machine Identities)

{ "id": "did:tenzro:machine:550e8400...#inference", "type": "InferenceService", "serviceEndpoint": { "uri": "https://inference.provider.example", "models": ["gpt-4", "claude-3-opus"], "pricing": "https://pricing.provider.example/models.json" } }

Creating DID Documents

DID Documents are automatically generated when registering a new identity through any Tenzro interface. The document is constructed from the identity registration parameters and cryptographic key material:

// Rust SDK example use tenzro_identity::{IdentityRegistry, TenzroIdentity}; let registry = IdentityRegistry::new(); // Register a human identity let identity = registry.register_human( "Alice Johnson", tenzro_types::KycTier::Basic ).await?; // Export as W3C DID Document let did_document = identity.to_did_document()?; println!("{}", serde_json::to_string_pretty(&did_document)?);

Updating DID Documents

DID Documents can be updated to add new verification methods, service endpoints, or modify controller relationships. Updates are versioned and anchored to the blockchain:

# Add a service endpoint tenzro-cli identity add-service \ --did "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000" \ --service-id "#messaging" \ --service-type "MessagingService" \ --endpoint "https://custom-messaging.example" # Add a verification method tenzro-cli identity add-verification-method \ --did "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000" \ --key-type "secp256k1" \ --purpose "authentication"

Each update increments the document version and records a new blockchain transaction. Old versions remain available for historical auditing through versioned resolution.

Cross-Chain DID Resolution

Tenzro DIDs can reference identities and verification methods across multiple blockchain networks. This enables unified identity management while leveraging different chains for specific operations:

{ "id": "did:tenzro:human:550e8400-e29b-41d4-a716-446655440000", "verificationMethod": [ { "id": "#key-tenzro", "type": "Ed25519VerificationKey2020", "controller": "did:tenzro:human:550e8400...", "publicKeyMultibase": "z6Mk...", "blockchainAccountId": "tenzro:1337:0x742d35Cc..." }, { "id": "#key-ethereum", "type": "EcdsaSecp256k1RecoveryMethod2020", "controller": "did:tenzro:human:550e8400...", "blockchainAccountId": "eip155:1:0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb2" }, { "id": "#key-polygon", "type": "EcdsaSecp256k1RecoveryMethod2020", "controller": "did:tenzro:human:550e8400...", "blockchainAccountId": "eip155:137:0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb2" } ] }

The blockchainAccountId property follows the CAIP-10 standard for blockchain account identification, enabling verification of signatures and transactions across multiple chains using a single DID.

DID Document Validation

All Tenzro DID Documents undergo validation before blockchain anchoring to ensure compliance with W3C specifications and Tenzro security requirements:

Structure Validation: Document conforms to JSON-LD schema with required properties (id, controller, verificationMethod).

Cryptographic Validation: All verification methods include valid public key material in the correct encoding format.

Controller Authorization: Only the current controller(s) can modify the DID Document. Update transactions must be signed by an authorized verification method.

Service Endpoint Validation: All service endpoints use valid URIs with supported protocols (https, wss, ipfs).

Privacy Considerations

DID Documents are public by design, enabling verification without coordination. However, Tenzro implements privacy-preserving features to protect sensitive identity data:

Minimal Disclosure: DID Documents contain only verification material and service endpoints. Personal information (names, addresses, KYC data) is stored in separate verifiable credentials that can be selectively disclosed.

Pairwise DIDs: Users can create multiple DIDs for different contexts, preventing correlation across services.

Off-Chain Service Discovery: Sensitive service endpoints can be exchanged off-chain rather than published in the DID Document.

← PDIS StandardNext: Credentials →