Verifiable Credentials and Decentralised Identifiers: Technical Landscape

Introduction - what are VCs and DIDs?

Verifiable Credentials (VCs) are digital statements that serve as tamper-evident, cryptographically secure attestations issued by a trusted authority. VCs can represent various types of information, such as identity documents, academic qualifications, licenses or other claims and are designed to be easily verifiable, portable and privacy-preserving. Decentralised Identifiers (DIDs) are a type of globally unique identifier designed to enable individuals, organisations and things to have self-sovereign and verifiable identities in a decentralised ecosystem. Together, these technologies have the potential to enhance digital ecosystems by providing scalability through automated, cryptographically-verifiable data exchanges, enabling efficient interactions across complex networks. Being based on open standards, they promote interoperability and integration between diverse systems and stakeholders while provenance is maintained with tamper-proof records tracking data authenticity and origin. VCs can simplify regulatory compliance by encoding and verifying standards such as certifications or legal requirements and foster greater trust by enabling transparency, privacy-preserving data sharing and resilient, fraud-resistant digital interactions across a wide range of use cases, including supply chains, healthcare and identity management.

In the context of ’Trusted Identification’ and ‘Trusted Data’, Verifiable Credentials provide a decentralised, cryptographic, tamper-proof way to digitally maintain trust across contexts and chains of transactions. This means, if you have some valuable authoritative information (such as a GS1 prefix licence, certification or global unique identifier for your product), VCs let you wrap that information up in a digital security wrapper that can prove its own authenticity (i.e. who the issuer was) at the point of verification. As organisations look to scale, expand and support digitisation of supply chains, VCs provide an exciting potential value-add to GS1’s recognised identification system that is already trusted by millions of trading partners across the world.

This report assesses the technical maturity of VC and DID standards, considering their adoption levels, the convergence and divergence of the ecosystem, the quality and quantity of solution providers, VC benefits and relevance.

Target Audience

This document was originally written as an internal report for GS1. It has been edited only slightly to share the findings with other individuals and organisations who may be seeking this kind of analysis.

Executive Summary

The ‘self sovereign’ and verified claims space that VCs inhabit is complex and still evolving. Even though the ideas and W3C standards have been around for a while (10 and 5 years, respectively) there is no dominant approach or widespread adoption. Delivering a holistic solution requires making numerous choices; from what DID method to use (for issuer identification) to which format to use for credentials, proofs and presentation; how to do revocation and key rotation and what transport mechanism (i.e. messaging or API based) to support. This level and breadth of choice has meant that many ‘flavours’ of VC-based solutions exist that are not necessarily interoperable despite all generally using the W3C VC data model. New mechanisms and standards are still emerging (notably KERI and did:webs and did:tdw, aiming to provide non-blockchain based secure ‘self-certifying’ identifiers). These new mechanisms and standards may end up more popular than the more complex blockchain-based methods. This innovation and variation is influenced by the increasing level of government investment and relevant legislation that could cause greater conversion, but at present is not decisive. Therefore, we recommend waiting to see what variations come to dominate the areas of most interest to your organisation before investing significant resources.

Existing activities of direct relevance

The EU eIDAS 2.0 regulation introduced the European Digital Identity Wallet (EUDI Wallet) - a secure digital tool that allows EU citizens and businesses to store, manage, and share identity data and electronic documents. VCs are currently one of the endorsed standards in the EUDI Architecture and Reference Framework and have been implemented for conformance for both individual and organisational wallets in most EU-based VC suppliers (including Sphereon, Northern Block and Spherity) influencing the specific tech stack and standards supported.
Loosely, the ISO mobile driving license standard 18013-5, SD-JWT and OID4VC and OID4VP.

There are only a few suitable standardised formats for releasing electronic attestations of attributes currently available. These are:
- ISO/IEC 18013-5 defines an attribute schema, data format and proof mechanisms for mDL-s, which can be used also with other attribute schemas.
- Selective Disclosure for JWTs (SD-JWT) defines a proof mechanism similar to [ISO/IEC 18013-5], but for a different data format.
- W3C Verifiable Credentials Data Model v1.1 defines a generic attribute schema agnostic to data formats and proof mechanisms, while v 2.0 introduces requirements on format and recommendations on proof mechanisms.
- SD-JWT-based Verifiable Credentials define a generic attribute schema and establish requirements on data format and proof mechanisms.
The UN Transparency Protocol (UNTP), designed to assist governments and industries in combating greenwashing by implementing scalable supply chain traceability and transparency measures, has also adopted Verifiable Credentials and DIDs. Their chosen flavour of VCs for their basic profile includes the use of did:web, JSON-LD syntax and W3C VC JOSE / COSE proof mechanism. Sphereon and Northern Block are on record as planning to implement UNTP.
In the US, TruAge for the National Association of Convenience Stores (NACS) uses JSON-LD credentials with Integrity Proofs. This choice is strongly tied to their solution partner, Digital Bazaar. Meanwhile US Customs and Border Protection, working with Transmute and Measure.io, have favoured the JOSE method of signing their JSON-LD payloads which is also seen in implementations of UNTP and at GS1 Netherlands.
The European Blockchain Services Infrastructure (EBSI) is an EU initiative aimed at leveraging blockchain technology to enhance trust and efficiency in digital services across Europe. A central component of EBSI is the Verifiable Credentials (VC) Framework, which uses did:esbi for legal entities and supports JSON-LD and JWT formats as well as both OIDC4VCI and DIDComm for transport (see OID4VC).
The standards continue to evolve and reflect the community as a whole gaining implementation experience. In that context, it is particularly noteworthy that,while did:web is the simplest DID method for organisations that have an established web presence, it’s not recommended for mature use. KERI and KERI inspired web-based DID methods (did:webs and did:twd) all maintain the benefits of simplicity and avoiding using a blockchain for identification, while providing significant security benefits. However they are not yet widely adopted or interoperable.

Note on Solution Providers and Supply Chain Use-Cases

There are a significant number of suppliers who provide VC-related software and services and most have user-friendly apps and organisational wallets. Several focus on supply chains - specifically Spherity, Sphereon and Transmute, so the solution provider landscape is mature enough to support at least first steps into using Verifiable Credentials. From our research and assessment of existing offerings, there’s a clear opportunity to use VCs in supply chains and a number of potential use cases and benefits.

Use Cases

Product Provenance: Track the origin and journey of products, providing consumers with verifiable proof of ethical sourcing or sustainability.
Customs and Trade: Automate customs clearance processes by providing VCs for compliance documents and shipment details.
Anti-Counterfeiting: Assign DIDs to high value authentic products and issue VCs for authenticity, enabling verifiers to detect counterfeit goods.
Supplier and Vendor Management: Use DIDs and VCs for verifying supplier credentials, certifications, and compliance with contractual terms.
Food and Pharmaceutical Safety: Issue VCs for temperature logs, expiration dates, and quality certifications to ensure regulatory compliance and consumer safety.

Benefits of VCs in Supply Chain Contexts

Implementing Verifiable Credentials can help organisations increase trust and transparency in their supply chains, building stronger relationships with consumers, partners and regulators. By ensuring the authenticity of certifications and product provenance, VCs can reduce fraud and differentiate offerings in competitive markets. Improved traceability will increase accountability, helping organisations identify inefficiencies and mitigate compliance risks with greater precision.

Depending on the implementation, VCs enable privacy-preserving data sharing, giving organisations greater choice in managing sensitive information. Businesses can choose to share only the data required, protecting proprietary details while meeting compliance and operational needs. This approach can build trust, accelerate regulatory approvals and strengthen partnerships by demonstrating accountability without compromising confidentiality. A GS1 white paper from April 2022 sets out how VCs can be used for end-to-end traceability with a strong emphasis on protecting commercially-sensitive data.

Operational efficiency and resilience may benefit from the ability to automate key processes like customs clearance and supplier onboarding, reducing administrative burdens. The scalability of VCs supports easy integration across global, multi-stakeholder supply chains, enabling organisations to adapt quickly to market demands. Decentralised systems and real-time updates would further bolster supply chain agility, allowing organisations to respond dynamically to disruptions, optimise logistics and maintain continuity in an ever-evolving global landscape.

Verifiable Credential ‘layers’

Verifiable Credentials are composed of numerous interdependent layers or aspects, each of which functions as a component in the process of issuing, managing, verifying and securing credentials. This is a fairly granular assessment. You can abstract this out 5 layers although as yet there’s no clear consensus. This view is intended to help highlight the complexity and possible variability of the tech stack and standards.

Data Model Layer:: The W3C Verifiable Credentials Data Model forms the foundational structure of VCs. It defines how credentials are formatted and the roles of the Issuer, Holder and Verifier in managing and interacting with credentials.
Identity Layer:: The identity layer is governed by the W3C Decentralised Identifiers (DIDs) standard, which provides a mechanism for generating and managing identifiers in a decentralised fashion. Different DID Methods—such as did:key, did:ion, did:web, and emerging alternatives like KERI—highlight the diversity in how identifiers are created, resolved and stored.
Credential Issuance Layer:: This covers how credentials are issued. Different formats, such as JSON-LD and JWT (JSON Web Tokens), can be used depending on the application’s need for extensibility, semantic context or integration with existing web technologies.
Proof Layer:: The proof layer is responsible for verifying the authenticity of the credential. Cryptographic techniques like Linked Data Proofs and JWT Proofs are used, along with mechanisms like Selective Disclosure and Zero-Knowledge Proofs (ZKP) to enhance privacy.
Revocation Layer:: To ensure credentials remain current and reliable, Revocation plays a key role. Solutions like Status Lists, Blockchain Anchoring, and Centralised Revocation Lists are used to manage the status of credentials in real time.
Presentation Layer:: The Presentation Layer determines how credentials are shared with a verifier. Verifiable Presentations (VPs), which package multiple VCs in a presentation format, can be shared via formats like JSON-LD VPs or JWT VPs.
Transport Layer:: This layer governs how credentials and presentations are transported between entities. Options like DIDComm (a peer-to-peer communication protocol) and HTTPS are used for secure transmission. OIDC (OpenID Connect) is also widely employed in enterprise settings.
Verification Layer:: Verification focuses on how the verifier ensures the authenticity and validity of a credential, typically using tools like DID Resolvers and Credential Verifiers.
Governance Layer:: The governance layer provides the rules and policies that define how verifiable credentials and decentralised identifiers should be issued, managed and verified. Trust Frameworks like the Sovrin Governance Framework and industry-specific standards play a critical role in this layer.
Storage and Wallet Layer:: Finally, the Storage and Wallet Layer defines how credentials are securely managed by the holder. Edge wallets (local device storage) and cloud wallets are both in use, chosen depending on the desire for user control versus convenience.

Technical Layer Comparison

We can consider five ‘core’ layers:

Data Model: What information is contained and how it's structured
Identity: How entities are identified and authenticated
Proof: How credentials are cryptographically verified
Transport: How credentials are securely transmitted
Storage: How credentials are securely maintained

They represent the minimum distinct components required for a functioning VC system. So, while we can break these down further (e.g., separating presentation from proofs) or add additional layers (e.g., governance), these five layers capture the essential technical components. The following table highlights the key options and level of interoperability

VC Technical layer comparison
Layer	Options	Pros	Cons	Best For	Interoperability	Market Status
Data Model	JSON-LD	Rich semantic context Extensible schemas Strong linking	Complex implementation Learning curve	Standards orgs Government Healthcare	High - W3C standard	Mature
Data Model	JWT	Simple implementation Familiar to developers Lightweight	Limited semantics Less flexible	Enterprise Simple use cases	High with web standards	Widely adopted
Identity (DID)	did:web	Uses existing DNS (not blockchain) Simple setup	DNS, TLS, web server security dependency Centralised	Enterprise Private networks	Medium - DNS based	Production ready
	did:ebsi	Aligns with EU regs Supports legal entities Decentralised Scalable	Complex setup Regulatory constraints	EU orgs Government and Public Sector Cross-border	Medium high	Growing adoption
	did:key	Simplest option Portable	Limited features No revocation	Testing MVP	High - Standard format	Widely used
	KERI	No blockchain needed Efficient	Newer standard Limited tooling	IoT Supply chain	Emerging	Early adoption
Proof	Linked Data Signatures	Privacy features Selective disclosure	Complex crypto Performance cost	Healthcare Government	Medium - Implementation variations	Mature
	JWT Signatures	Simple to implement Wide support	Limited privacy All-or-nothing	Enterprise Internal systems	High - Standard JWT	Mature
	BBS+ Signatures	Zero-knowledge support Privacy preserving	New standard Complex	Privacy-focused Regulated industries	Low/Med - supported by many vendors	Emerging
Transport	DIDComm (message based)	Purpose-built Privacy focused	New protocol Complex	SSI systems Privacy focused	Medium - Current leader	Growing
	OID4VCI/VP (API based)	Based on standard OIDC protocol Scalability	Centralised Less flexible	Enterprise Existing systems	Medium - will likely win due to EUWID adoption	Growing
	HTTPS APIs (e.g. CHAPI, WACI, VC-API)	Simple	No standard protocol Fewer features	Basic integration MVPs	Poor due to lack of standardisation	Universal
Storage	Edge Wallets	User control Privacy	Recovery complex Management difficult	Individual use Mobile apps	Medium - Various standards	Growing
	Cloud Wallets	Easy recovery Centralised management	Less user control Vendor lock-in	Enterprise Managed systems	Medium - Vendor dependent	Mature
	Hybrid	Flexible Best of both	Complex architecture More costly	Large deployments Government	Medium - Mixed standards	Emerging

State of Convergence and Divergence

This layered approach provides flexibility, allowing solutions to be tailored for different use cases, industries and regulatory environments. However, this flexibility also leads to divergence, with different ecosystems choosing different components or standards for each layer which, in turn, affects interoperability.

Convergence and Divergence in Implementations

Convergence

The Verifiable Credentials and Decentralised Identifiers space is gradually converging on certain standards, particularly those defined by W3C. Convergence is most evident in:

Data Model Standardization: the W3C Verifiable Credentials (VC) Data Model remains the foundation for most VC implementations. This standard provides a universal framework for structuring, issuing, and verifying credentials, making it the backbone of verifiable credential systems. All leading players—whether they are in enterprise, government or decentralised ecosystems—adhere to this model, thereby ensuring compatibility at the data layer.

Adoption of the DID Standard: the W3C Decentralised Identifiers (DID) standard has been widely adopted as the mechanism for defining identifiers in a decentralised manner. Multiple DID methods, such as did:key, did:ion, and did:web, have emerged to meet diverse needs. Despite the diversity of methods, the core DID standard ensures a level of consistency that supports interoperability across platforms.

Common Transport Protocols: DIDComm, OICD and HTTPS are used for credential transport. DIDComm is popular in decentralised, privacy-focused systems, while HTTPS is simple and compatible with existing web infrastructure. For enterprises, OIDC (OpenID Connect) and specifically OID4VCI and OID4VP has also gained traction, especially along with JWT-based Verifiable Credentials for tokenized communication.

Proof Formats and Cryptography: Linked Data Proofs and JSON Web Tokens (JWT) are both widely used for proving the validity of credentials, with different communities opting for different formats based on use case. For instance, Linked Data Proofs are more common in the government and public sectors due to their ability to provide semantic richness and selective disclosure, while JWT is favoured in enterprises for its compatibility with OAuth and simpler integration.

Interoperability Profiles: There has been significant work in establishing interoperability profiles. Notable among them is the collaboration between Microsoft, DIF and W3C to build interoperable credential presentation standards. These profiles aim to support seamless sharing of credentials across different ecosystems, which is an important step towards full industry convergence.

Divergence

Despite significant convergence in core areas, there are several important areas of divergence, often driven by specific business requirements, regulatory constraints or different technical philosophies:

DID Method Diversity:

The variety of DID methods represents one of the most pronounced areas of divergence. Each DID method—such as did:ion, did:sov or did:ebsi—uses a different infrastructure for resolving identifiers. While did:ion (built on Bitcoin) emphasises decentralisation and scalability, methods like did:web provide a simpler approach that relies on traditional DNS infrastructure. This divergence complicates interoperability, as DID resolvers need to support many different infrastructures to be fully interoperable. This lack of interoperability is mitigated by the provision of the Universal Resolver, a free, open source tool that anyone can run. The instance of the service run by DIF is widely used and most ecosystems will prescribe the DID methods it supports as part of their interoperability profile.
KERI (Key Event Receipt Infrastructure) adds another layer of divergence. Unlike traditional DID methods that depend on a third-party ledger for verification, KERI uses an event-based architecture with self-certifying identifiers. This unique architecture emphasises efficient key rotation and scalability without relying on a blockchain, setting KERI apart from many other DID methods. While KERI aims to reduce ledger dependence, its divergence from the blockchain model also limits its compatibility with ledger-specific DID methods.
Proof Formats: The choice of proof formats is another major point of divergence. The two dominant proof mechanisms — Data Integrity Proofs and JWT Proofs — serve different needs. Data Integrity Proofs allow for semantic integrity and selective disclosure, making it ideal for privacy-centric solutions. Conversely, JWT is favoured for its lightweight nature and compatibility with existing web authentication standards. The divergence in proof format usage often forces developers to choose between depth of privacy features (data Integrity) and integration simplicity (JWT).
Revocation Approaches: Credential revocation mechanisms vary widely, creating another challenge for convergence. Some systems utilise centralised revocation lists for simplicity and rapid verification, which is common in lower-risk environments like enterprise solutions. On the other hand, blockchain-anchored revocation methods (like status lists on Hyperledger Indy) provide transparency and immutability, potentially favourable in high-trust environments such as healthcare or supply chain. KERI introduces a unique approach, using event logs to capture the entire lifecycle of identifiers and credentials, including their revocation. This adds another layer to the already complex landscape of revocation approaches.

Evidence of Accelerating Adoption and Convergence Efforts

There is evidence that organisations are converging around certain standards for issuing, verifying and managing Verifiable Credentials and DIDs. For example:

Microsoft Entra Verified ID is using both the W3C VC and DID standards, with a specific focus on interoperability through JWT-based VCs and OIDC for transport. Microsoft’s collaboration with DIF and W3C reflects the broader enterprise interest in building a common identity management standard that integrates seamlessly with existing web and enterprise architectures.
Projects such as the TruAge Program by NACS show accelerating adoption of DIDs and VCs in specific industries. TruAge uses DIDs and VCs to validate age without compromising privacy, demonstrating interest in privacy-centric identity verification models for compliance purposes.
The European Blockchain Services Infrastructure (EBSI) uses did:ebsi and hopes for cross-border interoperability within Europe. Similar initiatives, such as IDunion, aim to create interoperable digital identity frameworks across different sectors.
Existence of organisations such as the Decentralized Identity Foundation (DIF) and W3C Credentials Community Group (CCG) supports convergence since these organisations work on shared governance frameworks, interoperability standards, and open testing environments, all of which are crucial to creating a unified ecosystem.

Areas of Continued Challenge and the Role of KERI

The need for a scalable infrastructure that doesn’t depend heavily on existing public ledgers remains a challenge. KERI presents a promising direction by offering an event-based model that does not require ledger reliance, making it well-suited for environments where performance and flexibility are key considerations. However, the adoption of KERI is still in its early stages, and its integration with more established ledger-based DID systems will require substantial community effort and adoption to achieve full interoperability.

While Data Integrity Proofs and JWT provide a variety of options for controlling what data is shared, the divergence between proof methods has created silos. For example, enterprise systems that primarily use JWT for VCs may not easily adopt more complex selective disclosure or zero-knowledge proof mechanisms that JSON-LD supports. KERI’s model, which emphasises the self-certifying nature of identifiers, adds an interesting privacy layer, but it has yet to be fully integrated with selective disclosure mechanisms that are popular in privacy-first environments.

Technical Maturity

The technical maturity of Verifiable Credentials and Decentralised Identifiers is progressing steadily, with core standards achieving stability and a growing ecosystem of tools supporting developer needs. Convergence efforts, particularly in terms of interoperability and community collaboration, indicate an ecosystem that is ready for production in specific sectors like enterprise, government and niche IoT applications.

Standards Stability

The W3C VC Data Model and DID Core specifications have reached official recommendation status, providing a stable foundation for implementations. The ongoing work to advance VC Data Model 2.0 aims to address emerging requirements such as selective disclosure and better privacy guarantees, but the existing 1.0 standard is widely used and accepted as mature by the community.

The existence of over 150 DID methods can make interoperability challenging, but many of these methods (e.g., did:web, did:ion) adhere closely to W3C’s standard requirements. However, the DID Resolution mechanism is a developing area, with ongoing work in the >W3C and DIF Identifiers & Discovery Working Groups to ensure that different DID methods can interoperate smoothly and reliably.

Tooling and Developer Resources

Solutions like Veramo, Hyperledger Aries, Dock and MATTR provide robust SDKs that simplify the development of VC/DID-based solutions. These tools are actively maintained and have good developer documentation, which reduces the barriers to entry for new projects.

Developers have a range of options for deployment, from edge wallets (such as those implemented by Dock) to cloud wallets (offered by Microsoft Entra). This flexibility reflects a degree of maturity in the ecosystem, with different tools available to meet different privacy, security and usability requirements.

Interoperability and Production Readiness

Interoperability has improved significantly thanks to initiatives like the W3C Test Suites and Plugfests that bring different providers together to test cross-platform compatibility. For example, DIDComm v2 has made considerable strides in standardising secure communication between DID-based agents across different platforms.

JSON Web Tokens (JWT) remain a popular proof format in enterprise environments due to their familiarity and compatibility with existing OAuth infrastructures. The JWT-based approach aligns well with traditional enterprise requirements, indicating a maturing solution for integrating decentralised identity into pre-existing systems.

KERI introduces a new paradigm by removing reliance on public ledgers, providing a cost-efficient way of handling key rotation and identity management. Its adoption in niche applications like IoT showcases its growing maturity, although widespread production readiness may still be some way off due to limited cross-platform support.

Conclusion

Verifiable Credentials and DIDs are an exciting and complicated set of standards and approaches that offer a ton of impressive, powerful capabilities, but are yet to fully mature, stabilise or see widespread adoption. The fact that they’ve been around for many years and we still see so much diversity is evidence that this is still an emerging field which is showing good signs of convergence and momentum, but ubiquitous use may be a decade away. Proceed with caution!

Annex

Benefits of VCs

Benefits of Verifiable Credentials in the supply chain
Benefit	Description	Supply Chain Example
Scalability	Cryptographic verification and decentralised architectures allow for secure, automated processes at scale.	Supports verification of thousands of credentials (e.g., certifications, invoices) across global supply chain stakeholders.
Interoperability	Based on W3C standards (VC and DID), ensuring compatibility between systems and stakeholders worldwide.	Enables seamless integration between diverse IT systems for manufacturers, transport providers, and retailers.
Provenance	Ensures tamper-proof traceability by linking credentials to DIDs and immutable logs.	Tracks products from origin to delivery with verifiable proof of sourcing and handling (e.g., fair trade or organic).
Regulatory Compliance	Encodes regulatory attestations (e.g., certifications, customs forms) as cryptographically verifiable credentials.	Simplifies customs clearance and compliance with safety standards through digitally signed credentials.
Trust Through Verification	Verifiable signatures and DID authentication ensure data integrity and issuer credibility.	Ensures that certifications (e.g., ISO compliance) are valid and issued by trusted authorities.
Privacy-Preserving Sharing	Selective disclosure and zero-knowledge proofs allow sharing only necessary data, protecting sensitive details.	Verifies customs requirements or certifications without exposing proprietary supplier or pricing information.
Fraud Prevention	Cryptographic proofs prevent forgery or tampering with credentials.	Stops counterfeit products or certifications by verifying authenticity through DID signatures.
Real-Time Updates and Resilience	DIDs enable decentralised identity resolution, and VCs can be revoked or updated dynamically.	Enables real-time rerouting of shipments or product recalls while maintaining verifiable chain-of-custody records.
Automated Verification	Machine-readable VCs with embedded cryptographic proofs streamline operations and reduce manual intervention.	Automates validation of shipment documents, vendor credentials, or product certifications in real time.

DID methods comparison

DID Methods comparison table
DID Method	Pros	Cons	Ease of Setup	Key Rotation Support	Other Considerations
did:web	Simple to implement Uses existing web infrastructure No blockchain required Good for organisations with existing web presence	Centralised control Relies on DNS and TLS Less censorship-resistant	Easy	Supported through website updates	Requires ongoing web hosting
did:tdw	Enhanced version of did:web aimed at increasing security and flexibility No blockchain required	Centralised control Relies on DNS and TLS Less censorship-resistant		Easy	Supported through website updates
did:webs	Enhanced version of did:web using KERI for greater security and better key chaining No blockchain required	Centralised control Relies on DNS and TLS Less censorship-resistant	Easy	Supported through website updates
did:ethr	Leverages Ethereum's security and decentralisation Well-established in the Web3 community Supports multiple key types	Dependent on Ethereum network Only used for web3 Scalability concerns	Moderate	Well-supported	Good for Web3 applications Consider Ethereum network costs
did:key	Extremely simple No external dependencies Suitable for ephemeral use cases	Limited functionality No revocation mechanism Not suitable for long-term identities	Very Easy	Not applicable (stateless)	Good for testing and development Limited features for production use
did:ion	Built on Bitcoin Scalable and decentralised Supports complex key management	Relatively new Limited adoption compared to others Complexity in operation	Moderate to Complex	Well-supported	Promising for long-term, scalable solutions Consider the learning curve
did:ebsi	Developed by the European Blockchain Services Infrastructure (EBSI) Aligns with EU regulations (eIDAS) Supports legal entities and natural persons	# Limited to EU member states Requires compliance with EU-specific standards	Moderate	Supported	Suitable for EU-based applications Requires adherence to EBSI governance and compliance frameworks
did:sov	Built for Sovrin network Strong privacy features Governance framework	Tied to specific network Less flexible than some alternatives	Moderate	Supported	No longer supported
did:keri	Self-certifying Highly secure Network agnostic	Complex concept Still evolving Limited tooling	Complex	Well-supported	Promising for high-security needs Consider the maturity of the ecosystem
did:peer	Designed for peer-to-peer interactions Privacy-preserving No ledger required	Limited discoverability Not suitable for public identities	Easy	Supported	Excellent for direct, private communications Consider if public resolution is needed

Resources, Links & Acknolwedgements

Document researched and developed by Irina Bolychevsky for GS1, June-December 2024

Published 3 February 2025