DIDComm is the messaging protocol that provides utility for DID-based relationships. DIDComm is more than just a way to exchange credentials, it’s a protocol layer capable of supporting specialized application protocols for specific workflows. Because of its general nature and inherent support for self-sovereign relationships, DIDComm provides a basis for a self-sovereign internet much more private, enabling, and flexible than the one we’ve built using Web 2.0 technologies.

DID-based relationships are the foundation of self-sovereign identity (SSI). The exchange of DIDs to form a connection with another party gives both parties a relationship that is self-certifying and mutually authenticated. Further…


An SSI wallet provides a place for people to stand in the digital realm. Using the wallet, people can operationalize their digital relationships as peers with others online. The result is better, more authentic, digital relationships, more flexible online interactions, and the preservation of human freedom, privacy, and dignity.

Recently, I’ve been making the case for self-sovereign identity and why it is the correct architecture for online identity systems.

  • In Relationships and Identity, I discuss why identity systems are really built to manage relationships rather than identities. …


The architecture of an identity system has a profound impact on the nature of the relationships it supports. This post categorizes the high-level architecture of identity systems, discusses the properties of each category to understand architectural influences, and explores what their respective architectures mean to their legitimacy as a basis for online life.

Introductory note: I recently read a paper from Sam Smith, Key Event Receipt Infrastructure, that provided inspiration for a way to think about and classify identity systems. In particular his terminology was helpful to me. This blog post uses terminology and ideas from Sam’s paper to classify…


Self-sovereign identity, supported by a heterarchical identity metasystem, creates a firm foundation for rich digital relationships that allow people to be digitally embodied so they can act online as autonomous agents.

An earlier blog post, Relationships and Identity proposed that we build digital identity systems to create and manage relationships-not identities-and discussed the nature of digital relationships in terms of their integrity, lifespan, and utility. You should read that post before this one.

In his article Architecture Eats Culture Eats Strategy, Tim Bouma makes the point that the old management chestnut Culture Eats Strategy leaves open the question: how do…


Sovereign is the right word for describing the essential distinction between our inalienable self and the administrative identifiers and attributes others assign to us online.

Descartes didn’t say “I have a birth certificate, therefore I am.” We do not spring into existence because some administrative system provisions an identifier for us. No single administrative regime, or even a collection of them, defines us. Doc Searls said this to me recently:

We are, within ourselves, what William Ernest Henley calls “the captain” of “my unconquerable soul”, and what Walt Whitman meant when he said “I know this orbit of mine cannot…


We build digital identity systems to create and manage relationships-not identities. We need our digital relationships to have integrity and to be useful over a specified lifetime. Identity systems should provide relationship integrity and utility to participants for the appropriate length of time. Participants should be able to create relationships with whatever party will provide utility. SSI provides improved support for creating, managing, and using digital relationships.

The most problematic word in the term Self-Sovereign Identity (SSI) isn’t “sovereign” but “identity” because whenever you start discussing identity, the conversation is rife with unspoken assumptions. Identity usually conjures thoughts of authentication…


If your identity system doesn’t use DIDs and verifiable credentials in a way that gives participants autonomy and freedom from intervening administrative authorities, then it’s not SSI.

A few days ago I was in a conversation with a couple of my identerati friends. When one used the term “SSI”, the other asked him to define it since there were so many systems that were claiming to be SSI and yet were seemingly different. That’s a fair question. So I thought I’d write down my definition in hopes of stimulating some conversation around the topic.

I think we’ve arrived at a…


We need to replace platforms that intermediate transactions with protocols built on a universal trust framework like Sovrin to avoid a future of hostage taking and retaliatory regulations.

Platforms service two-sided markets. We’re all familiar with platform companies like Uber, AirBnB, Monster, eBay, and many others. Visa, Mastercard, and other credit card systems are platforms. Platforms are a popular Web 2.0 business model because they create an attractive way for the provider to extract service fees from one side, and sometimes both sides, of the market. They can have big network effects and tend to natural monopolies.

Platforms provide several…

An identity metasystem like the Sovrin Network provides the foundation for creating tens of millions of interoperable identity systems for every conceivable context and use. This post discusses how These identity systems are built, illustrative use cases, and the potential marketplace for credentials.

A metasystem is a system of systems. Metasystems employ protocols, governance, and convention to provide interoperability between the systems they comprise. Perhaps the most familiar example of a metasystem is the internet. The internet is not so much a communications system as it is a system for building communication systems that all interoperate.

An identity metasystem is…

Summary: DID Messaging can provide a secure, authenticated, and verified channel for every relationship you have.

In my last post, I wrote about a demo given by BCGov, Spark NZ, and Streetcred ID at the last Internet Identity Workshop. That demo caused a lot of people to download and try out Streetcred ID’s digital wallet. One of the features that Streetcred ID built into their wallet was peer-to-peer messaging based on DID Messaging and that led to some interesting insights.

A Brief Primer on DIDs

If you’re not familiar with DIDs, take a minute to go read my article on Decentralized Identifiers from earlier this…

Phil Windley

I build things; I write code; I void warranties

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store