DID Rotation - HackMD

# DID Rotation ## Motivation As digital ecosystems evolve, updating and switching DID methods allows to remain aligned with the latest technological advancements and best practices, guaranteeing optimal performance and compatibility. Additionally, it ensures the security and integrity of digital identities, protecting them from potential compromises and unauthorized access over time. *For the `did:oyd` method it allows users to switch from non-blockchain based OYDID to a distributed ledger based method.* ## Requirements | ID | Requirements Text | | -- | ----------------- | | `Rot1` | Original DID must include reference to updated DID *Motivation: enable resolver to switch between DID methods* | | `Rot2` | Updated DID must include reference to original DID *Motivation: provide provenance & legitimacy* | | `Rot3` | Proof that original DID is deactivated upon rotation *Motivation: prohibit forks* | #### Process of publishing an update that fulfilles above requirements: <ol start="0" style="margin-bottom:4px"> <li>existing DID (<code>v1</code>)</li> </ol> 1) create new DID (`v2`) with new did method 2) update original DID (`v1'`) to include alsoKnownAs pointing to new DID (`v2`) 3) deactivate updated original DID 4) update new DID (`v2'`) with alsoKnownAs of original DID (`v1`) ``` + aka v2 [0] v1 [2] v1' [3] did:oyd o ------- o --- | deactivate / \ / \ did:ebsi o --------- o ---> * [1] v2 [4] v2' + aka v1' ``` ```plantuml @startuml hide empty description [*] -right-> v1 state "original\nDID" as v1 v1: version: 1 note top of v1 Step 0: existing DID with method: did:oyd end note v1 -down-> v2 state "new DID" as v2 v2: version: 2 note left of v2 Step 1: create new DID with method: did:ebsi end note v1 -right-> v1a v2 -up-> v1a state "updated\noriginal DID" as v1a v1a: version: 1' note top of v1a Step 2: update original DID with alsoKnownAs from new DID v2 end note note right of v1a Step 3: deactivate updated original DID end note v1a -down-> v2a v2 -right-> v2a state "updated\nnew DID" as v2a v2a: version: 2' note right of v2a Step 4: update new DID with alsoKnownAs from original DID end note v2a -right-> [*] @enduml ``` ## DID Rotation Walk-through <details><summary>prepare (reset any previous did:oyd)</summary> ```bash= oydid delete did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN --doc-pwd doc-rot2 --rev-pwd rev-rot2 oydid delete did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51 --doc-pwd doc-rot --rev-pwd rev-rot ``` </details> 1) create original DID DID: [`did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51`](https://dev.uniresolver.io/#did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51) <details><summary>Command line</summary> ```bash= echo '' | oydid create --doc-pwd doc-rot --rev-pwd rev-rot -z 1 ``` </details> <details><summary>Details</summary> * DID: `did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51` * Doc: ```json {"doc":null,"key":"z6Mv6FYkGQys9qG2XeTHfbRkTi1RLii64am6kmuwfzRJrbmQ:z6Mux6WdFAJyT28WiQb6L9YCMS6NT1eD3jtLXREisQieBoEK","log":"zQmdBDJz5z15NZF3JvJtGC94st3DcWXMgkMvYXcvdySHakJ"} ``` * W3C DID Document: ```jsonld= { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/ed25519-2020/v1" ], "id": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "verificationMethod": [ { "id": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51#key-doc", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "publicKeyMultibase": "z6Mv6FYkGQys9qG2XeTHfbRkTi1RLii64am6kmuwfzRJrbmQ" }, { "id": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51#key-rev", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "publicKeyMultibase": "z6Mux6WdFAJyT28WiQb6L9YCMS6NT1eD3jtLXREisQieBoEK" } ] } ``` * private doc-key: `z1S5dbywFhiLjUNqoV8ErPcEpeDvnuVtfexNThNwhffb6Xn5` * private rev-key: `z1S5bSMPTe2uQVQobcR6d9CAuhw5FnTYQ13cr76TZpESof8H` * Revocation log entry: ```json {"ts":1,"op":1,"doc":"zQmXps8qbKryo3tJJqVciyvK2yWiZDeiV86EKUbsVyCLhGG","sig":"z3xGCRFrNmkGYMHnJveJzH5Qfnp6rBStTXVpLnD9vdhgJfrJrtw1NixpUsVmziVVtUZxkqxoia75W8zhpucQE3wAh"} ``` </details> 2) create new DID (for rotation) DID: [`did:ebsi:zg1rJyVu5sUdVAc14X3e5ob`](https://dev.uniresolver.io/#did:ebsi:zg1rJyVu5sUdVAc14X3e5ob) <details><summary>Commands</summary> * retrieve session token from https://app-pilot.ebsi.eu/users-onboarding/v2 * log in to https://godiddy.com/ * create did:ebsi with session token from above </details> <details><summary>Command line</summary> **create DID** * set `GODIDDY_TOKEN` from https://godiddy.com/dashboard > API Keys * set `EBSI_TOKEN` from https://app-pilot.ebsi.eu/users-onboarding/v2 ```bash= echo '{"didDocument": {"@context":["https//www.w3.org/ns/did/v1"],"service": [],"verificationMethod": []}}' | \ jq --arg ebsi_token "$EBSI_TOKEN" '. += {"secret": {"token": $ebsi_token}}' | \ curl -H "Authorization: Bearer $GODIDDY_TOKEN" \ -H "Content-Type: application/json" -d @- \ -X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=ebsi" ``` **retrieve DID Keys** * set `DID_EBSI` to newly created did:ebsi:... ```bash= curl -H "Authorization: Bearer $GODIDDY_TOKEN" \ "https://api.godiddy.com/0.1.0/wallet-service/keys?controller=$DID_EBSI" ``` * set `KEY_ID` to `id` in response ```bash= curl -H "Authorization: Bearer $GODIDDY_TOKEN" \ "https://api.godiddy.com/0.1.0/wallet-service/keys/$KEY_ID?exportPrivate=true" ``` </details> <details><summary>Details</summary> * DID: `did:ebsi:zg1rJyVu5sUdVAc14X3e5ob` * W3C DID Document: ```jsonld= { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1" ], "authentication": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "service": [], "verificationMethod": [ { "id": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1", "controller": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob", "type": "JsonWebKey2020", "publicKeyJwk": { "kty": "EC", "crv": "secp256k1", "x": "b8UbP2HidIWxYbugrmQFYtfPflggwhYQ6Uu7cKZMQWY", "y": "aaKd5y7jNXGYAF8nC4P3_3CdKcETasPZ7sxSDO6kBDA" } } ], "id": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob", "assertionMethod": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "capabilityDelegation": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "capabilityInvocation": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ] } ``` * private key: `HQ4aFYgub88TMrGyi03oyqqe82055KgQOR0nrOZjDTA` </details> 3) add `alsoKnownAs` to original DID pointing to new DID DID: [`did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN`](https://dev.uniresolver.io/#did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN) <details><summary>Command line</summary> * set `DID_OYD` and `DID_EBSI` from above ```bash= echo "{\"alsoKnownAs\": \"$DID_EBSI\"}" | \ oydid update $DID_OYD -z 2 \ --old-doc-pwd doc-rot --doc-pwd doc-rot2 \ --old-rev-pwd rev-rot --rev-pwd rev-rot2 ``` </details> <details><summary>Details</summary> * DID: `did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN` * Doc: ```json {"doc":{"alsoKnownAs":"did:ebsi:zg1rJyVu5sUdVAc14X3e5ob"},"key":"z6Mv8BaBR8AJi6yfrea3EDJBqCLDh42dfztPxvzcraQfsipz:z6Mv7MT3jdrgd2KVAHdnoW23Mpzzyy68GtX4kv14FnFtrjSA","log":"zQmVen6YmzEAmmK6pFCr1N2cqrrdfZuPJDdGgDFVbiqESE7"} ``` * W3C DID Document: ```jsonld= { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/ed25519-2020/v1" ], "id": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN", "verificationMethod": [ { "id": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN#key-doc", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN", "publicKeyMultibase": "z6Mv8BaBR8AJi6yfrea3EDJBqCLDh42dfztPxvzcraQfsipz" }, { "id": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN#key-rev", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN", "publicKeyMultibase": "z6Mv7MT3jdrgd2KVAHdnoW23Mpzzyy68GtX4kv14FnFtrjSA" } ], "alsoKnownAs": [ "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob" ] } ``` * private doc-key: `z1S5UmxcPCF313QMSmLVJeVuWjn1uvQJnAphwNMUp3p8EPJn` * private rev-key: `z1S5cdYpYfJs5mDxnAno9sKxgjpsQ39iddj24C3gpSrB1mU9` * Revocation log entry: ```json {"ts":2,"op":1,"doc":"zQmcXHjXnaEcd6hJST1mL9yZN1yjdhaRikZzUmEEK4huwqk","sig":"z5gZeCKqdjsgoi3o4rbjb3FFReQ3NuZLMq3uiJ4azxQfngcxFfTB5kBAd2TCSWmPKJEWPph9Q1K4dEEpkUquknWn9"} ``` </details> 4) deactivate original DID DID: [`did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN`](https://dev.uniresolver.io/#did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN) <details><summary>Command line</summary> ```bash= oydid revoke $DID_OYD --doc-pwd doc-rot2 --rev-pwd rev-rot2 ``` </details> 5) update new DID with alsoKnowAs from original DID DID: [`did:ebsi:zg1rJyVu5sUdVAc14X3e5ob`](https://dev.uniresolver.io/#did:ebsi:zg1rJyVu5sUdVAc14X3e5ob) <details><summary>Details</summary> * W3C DID Document: ```jsonld= { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1" ], "authentication": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "service": [], "verificationMethod": [ { "id": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1", "controller": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob", "type": "JsonWebKey2020", "publicKeyJwk": { "kty": "EC", "crv": "secp256k1", "x": "b8UbP2HidIWxYbugrmQFYtfPflggwhYQ6Uu7cKZMQWY", "y": "aaKd5y7jNXGYAF8nC4P3_3CdKcETasPZ7sxSDO6kBDA" } } ], "id": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob", "assertionMethod": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "capabilityDelegation": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "capabilityInvocation": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "alsoKnownAs": [ "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN" ] } ``` </details> ## Resolution Process ### Process for Updated DID Method * resolve latest DID -> use existing resolver / trivial * resolve previous versions -> implement `follow-alsoKnownAs=TRUE` parameter * if implementation does not exist: history is lost ### Process for Original DID Method * resolver requires implementation of `follow-alsoKnownAs=TRUE` parameter * if implementation does not exisit: DID is deactivated and outdated information should not be used ## Roadmap / Next Steps - [x] DanubeTech: how does `did:ebsi` update work? - [x] manually create [example](#Simple-Example) to demonstrate did:oyd -> did:ebsi rotation - [x] implement basic resolution for example above - [x] implement resolver to support `follow-alsoKnownAs` parameter - [`did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51`](https://dev.uniresolver.io/#did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51) resolves to did:ebsi document ([`did:ebsi:zg1rJyVu5sUdVAc14X3e5ob`](https://dev.uniresolver.io/#did:ebsi:zg1rJyVu5sUdVAc14X3e5ob)) - resolution on command line ```bash # use OYDID Docker image to use command line tools below docker run -it --rm oydeu/oydid-cli # does not resolve (because of oydid revoke): oydid read did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51 # resolve with --follow-alsoKnownAs oydid read --follow-alsoKnownAs did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51 # improved readability oydid read --follow-alsoKnownAs --w3c-did did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51 | jq # display human-readable verification of resolution process oydid read --follow-alsoKnownAs --show-verification did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51 ``` - [ ] implement rotation for did:oyd (`oydid rotate`) - [ ] reach out to other DID method implementers (did:ebsi, did:plc, did:cheqd) - [ ] implement checks in DID Lint - [ ] infrastructure to test for resolver parameters - [ ] test for reading fragments: keys, services - [ ] test for versioning: versionId, versionTime ## Blog Post: DID Rotation *Understanding DID Rotation: Transitioning between DID Methods* In the realm of digital identity, the concept of Decentralized Identifiers (DIDs) stands as a cornerstone. DIDs are a new type of identifier that enables verifiable, self-sovereign digital identities. This blog post explores possibilities to transition between different DID Methods and invites DID method implementors to join this journey towards more robust, interoperable, and secure digital identities. ### What is DID Rotation? DID Rotation is a process of updating or changing a DID while ensuring the continuity and integrity of the digital identity it represents. This process is crucial for several reasons, such as security upgrades, compliance with new standards, or transitioning to a more advanced infrastructure. ### From did:oyd to did:ebsi: An Example Implementation `did:oyd` (Own Your Decentralised Identifier), have been instrumental in pioneering decentralized identity. However, with the advent of European Blockchain Services Infrastructure (EBSI), a more unified and scalable approach to DIDs became necessary. Thus, the transition to `did:ebsi` was initiated. `did:ebsi` is part of the European Union's efforts to build a secure and interoperable blockchain infrastructure. This shift doesn't merely represent a change in technology but aligns with a broader commitment to data privacy, security, and user sovereignty. **Why is this Transition Significant?** 1. **Enhanced Security and Compliance**: The transition to `did:ebsi` ensures compliance with the stringent security and privacy standards set by the European Union. 2. **Interoperability**: `did:ebsi` is designed to work seamlessly within the broader EBSI ecosystem, promoting interoperability across different systems and services. 3. **Future-Proofing Digital Identities**: With the EU's backing, `did:ebsi` is poised to evolve continuously, adapting to new technological advancements and regulatory requirements. ### The Process of DID Rotation **Requirements** | ID | Requirements Text | | -- | ----------------- | | `Rot1` | Original DID must include reference to updated DID *Motivation: enable resolver to switch between DID methods* | | `Rot2` | Updated DID must include reference to original DID *Motivation: provide provenance & legitimacy* | | `Rot3` | Proof that original DID is deactivated upon rotation *Motivation: prohibit forks* | **Rotation Process** 0. **Start with an existing/original DID** 1. **Creating a New DID:** Establish a new DID to replace the old one. 2. **Updating the Original DID:** Link the old DID to the new one and include proof of deactivation for the original DID. 3. **Deactivating the Original DID:** Securely deactivate the old DID. 4. **Updating the New DID:** Finally, update the new DID with references to the original, ensuring a seamless transition. ```plantuml @startuml hide empty description [*] -right-> v1 state "original\nDID" as v1 v1: version: 1 note top of v1 Step 0: existing DID with method: did:oyd end note v1 -down-> v2 state "new DID" as v2 v2: version: 2 note left of v2 Step 1: create new DID with method: did:ebsi end note v1 -right-> v1a v2 -up-> v1a state "updated\noriginal DID" as v1a v1a: version: 1' note top of v1a Step 2: update original DID with alsoKnownAs from new DID v2 end note note right of v1a Step 3: deactivate updated original DID end note v1a -down-> v2a v2 -right-> v2a state "updated\nnew DID" as v2a v2a: version: 2' note right of v2a Step 4: update new DID with alsoKnownAs from original DID end note v2a -right-> [*] @enduml ``` **An Example** Resolve: [`did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51`](https://dev.uniresolver.io/#did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51) <details><summary>Original DID</summary> ```jsonld= { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/ed25519-2020/v1" ], "id": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "verificationMethod": [ { "id": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51#key-doc", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "publicKeyMultibase": "z6Mv6FYkGQys9qG2XeTHfbRkTi1RLii64am6kmuwfzRJrbmQ" }, { "id": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51#key-rev", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "publicKeyMultibase": "z6Mux6WdFAJyT28WiQb6L9YCMS6NT1eD3jtLXREisQieBoEK" } ] } ``` </details> <details><summary>Updated Original DID</summary> ```jsonld= { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/ed25519-2020/v1" ], "id": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN", "verificationMethod": [ { "id": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN#key-doc", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN", "publicKeyMultibase": "z6Mv8BaBR8AJi6yfrea3EDJBqCLDh42dfztPxvzcraQfsipz" }, { "id": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN#key-rev", "type": "Ed25519VerificationKey2020", "controller": "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN", "publicKeyMultibase": "z6Mv7MT3jdrgd2KVAHdnoW23Mpzzyy68GtX4kv14FnFtrjSA" } ], "alsoKnownAs": [ "did:oyd:zQmZ7wwgCxkExNeXHm9XLxAKs7Y7pubTKCHQLTxRrA3Fz51", "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob" ] } ``` </details> <details><summary>Updated New DID</summary> ```jsonld= { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1" ], "authentication": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "service": [], "verificationMethod": [ { "id": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1", "controller": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob", "type": "JsonWebKey2020", "publicKeyJwk": { "kty": "EC", "crv": "secp256k1", "x": "b8UbP2HidIWxYbugrmQFYtfPflggwhYQ6Uu7cKZMQWY", "y": "aaKd5y7jNXGYAF8nC4P3_3CdKcETasPZ7sxSDO6kBDA" } } ], "id": "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob", "assertionMethod": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "capabilityDelegation": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "capabilityInvocation": [ "did:ebsi:zg1rJyVu5sUdVAc14X3e5ob#key-1" ], "alsoKnownAs": [ "did:oyd:zQmaC996sgjL7puygD1TNpWFzgB3Z8tpydYGApxtoP54nRN" ] } ``` </details> ### Call to Action The DID community is invited to engage with this transition. Whether you're a developer, policy-maker, or just an enthusiast in the field of digital identities, your insights and contributions are vital. We encourage the community to: - **Explore and Test**: Engage with `did:ebsi` systems, test them, and understand their capabilities. - **Provide Feedback**: Share your experiences, challenges, and suggestions. Your input is crucial for the continuous improvement of DID systems. - **Stay Informed and Educated**: With the fast-evolving nature of DIDs, staying updated with the latest trends and advancements is essential. ### Conclusion The rotation from `did:oyd` to `did:ebsi` is more than just a technical upgrade. It's a step towards a future where digital identities are more secure, private, and user-centric. Let's embrace this change together, contributing to a digital world that respects and empowers individual identity.