A Decentralized Identifier (DID) empowers an entity to prove control over a unique and self-issued identifier without relying on any identity provider. The public key material for the proof is encoded into an associated DID document (DDO). This is preferable shared via a distributed ledger because it guarantees algorithmically that everyone has access to the latest state of any tamper-proof DDO but only the entities in control of a DID are able to update theirs. Yet, it is possible to grant deputies the authority to update the DDO on behalf of the DID owner. However, the DID specification leaves largely open on how authorizations over a DDO are managed and enforced among multiple deputies. This article investigates what it means to govern a DID and discusses various forms of how a DID can be controlled by potentially more than one entity. It also presents a prototype of a DID-conform identifier management system where a selected set of governance policies are deployed as Smart Contracts. The article highlights the critical role of governance for the trustworthy and flexible deployment of ledger-anchored DIDs across various domains.

翻译：去中心化标识符（DID）使实体能够证明其对唯一且自主签发的标识符的控制权，而无需依赖任何身份提供商。用于证明的公钥材料被编码到关联的DID文档（DDO）中。通过分布式账本共享该文档是更优选择，因为它通过算法保证所有人都能访问任何防篡改DDO的最新状态，但只有控制DID的实体能够更新其自身的DDO。然而，可以授权代理人代表DID所有者更新DDO。不过，DID规范在很大程度上未明确如何在多个代理人之间管理和执行对DDO的授权。本文探讨了治理DID的含义，并讨论了DID可能由多个实体控制的各种形式。文章还展示了一个符合DID标准的标识符管理系统原型，其中选定的一组治理策略以智能合约形式部署。本文强调了治理对于在各领域可信赖且灵活地部署账本锚定DID的关键作用。