# 3.1 DID, DDO and VC Primer

Commercio.network mission is to bring the Blockchain technology to give companies the freedom to have their own sovereign identity. We follow a principle that states that an individual (or a company or a car) should own and control their identity without the intervening administrative authorities. Self Sovereign Identity allows anyone to interact with each other in the digital world in the same way, with the same freedom and trust as they do in the real world.

The Self Sovereign Identity should be a basic human right.

From the Sovrin FAQ

Everyone has different relationships or unique sets of identifying information. This information could be things like date of birth, citizenship, university degrees or business licenses. In the physical world, this is represented in the form of cards and certificates that are kept by the identity holder in the wallet or in a safe place such as a safe-deposit box and is presented when the person needs to prove his or her identity or something about his or her identity.

Self-identity (SSI) brings the same freedoms and personal autonomy on the Internet into a secure and reliable identity management system. SSI means that the individual (or organization) manages the elements that make up his or her identity and controls access to those credentials digitally. In the case of SSI, the power to control personal data lies with the individual and not with an administrative third party granting or tracing access to these credentials. _ The SSI identity system gives you the ability to use your digital wallet and authenticate your identity using the credentials issued to you. You no longer have to surrender control of your personal information to dozens of databases every time you want to access new goods and services, with the risk that your identity will be stolen by hackers._

This is called a self-sovereign identity because each person is now in control of his or her own identity: it is his or her own sovereign nation. People can control their own information and relationships. A person's digital existence is now independent of any organization: no one can take away their identity.


DID: Decentralized Identifier (ref: https://w3c-ccg.github.io/did-spec/ (opens new window))

  • Identifies a person, object, entity etc.
  • Has a method (i.e. reference to «how interpreting the DID).
  • It’s decentralized on a blockchain.


DDO: Did Document (ref: https://w3c-ccg.github.io/did-spec/ (opens new window))

  • It is univocally associated to the DID. It contains, at least, cryptographic material and – possibly – endpoint to check revocation or to gather VCs.
  • It should be «resolvable», i.e. given a DID, via the DID method, I can retrieve the associated DDO.
  • It is recommended to store it on the blockchain

# Important facts about DID and DDO

  • Neither the DID, nor the DDO give any information about the DID subject.
  • One person, object or entity, can control any number of DIDs and DDOs
  • DIDs and DDOs can be public (i.e. written on the blockchain) or private / pairwise, and live locally.

# VC

VC: Verifiable Credential (ref: https://www.w3.org/TR/vc-data-model/ (opens new window))

  • A Verifiable credential is a set of attributes, that a subject issue for itself or for another subject.
  • It may include cryptographic proof (i.e. signature) of these attributes.
  • It should NOT be public, in order to avoid privacy issues

# DID in Commercio.network

Commercio.network DID scheme consists of the following parts:

  • url scheme identifier: did

  • identifier for the DID method: com

  • Method-specific identifier: <commercio**.**network address>, which conforms to the cosmos.network address scheme

  • An example of commercio.network DID is the following:


# DDO in Commercio.network

         "publicKeyPem":"-----BEGIN PUBLIC KEY----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMr3V+Auyc+zvt2qX+jpwk3wM+m2DbfLjimByzQDIfrzSHMTQ8erL0kg69YsXHYXVX9mIZKRzk6VNwOBOQJSsIDf2jGbuEgI8EB4c3q1XykakCTvO3Ku3PJgZ9PO4qRw7QVvTkCbc91rT93/pD3/Ar8wqd4pNXtgbfbwJGviZ6kQIDAQAB-----END PUBLIC KEY-----\r\n"
         "publicKeyPem":"-----BEGIN PUBLIC KEY----MIGfM3TvO3Ku3PJgZ9PO4qRw7+Auyc+zvt2qX+jpwk3wM+m2DbfLjimByzQDIfrzSHMTQ8erL0kg69YsXHYXVX9mIZKRzk6VNwOBOQJSsIDf2jGbuEgI8EB4c3q1XykakCQVvTkCbc9A0GCSqGSIbqd4pNXtgbfbwJGviZ6kQIDAQAB-----END PUBLIC KEY-----\r\n"
      "verificationMethod":"<did bech32 pubkey>",

# Commercio.network Trust Scheme

CommercioID, implemented on Commercio.network, provide the following trust scheme:

  • Government: it is the Root of truth in commercio.network, and it has it’s DID, DDO and VC public on the Genesis Block. Government issue VC credential for TSP
  • TSP: are the entities (Consortium Companies) that provide trust services, i.e. verifies identity of persons and companies and issues VCs for them.
  • Company, Sign transaction with its own verification key (included in the DDO), satisfying a chain of trust that goes up until the government DID and provide, if required, all the properties included in its verifiable credential, including the proof signed by the company.
  • Person, Sign transaction with its own verification key (included in the DDO), satisfying a chain of trust that goes up until the government DID and provide, if required, all the properties included in its verifiable credential, including the proof signed by the person.