The did:x509 Method Specification is a technical standard that bridges traditional X.509 certificates with Decentralized Identifiers (DIDs). This method enables interoperability between existing X.509 infrastructure and the emerging DID ecosystem, particularly valuable for organizations that cannot fully transition to DIDs immediately.
The key innovation of did:x509 is its ability to operate without additional infrastructure, as both creation and resolution are local operations. It relies on X.509 chain validation and matches DID elements to certificate properties within the chain. A distinctive feature is the requirement for a certificate chain to be passed using the x509chain resolution option during DID resolution.
Here's a comprehensive technical analysis:
did:x509:<version>:<ca-fingerprint-alg>:<ca-fingerprint>::<policy>sha256sha384sha512subjectsan (Subject Alternative Name)eku (Extended Key Usage)fulcio-issuerCertificate Chain Validation:
Data Model:
Trust Model:
Identity Management:
v1.0 Draft statusIf you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page