Decentralized Identifiers (DIDs) are type of identifier for verifiable, decentralized digital identity. These identifiers are designed to enable the controller of a DID to prove control over it and to be implemented independently of any centralized registry, identity provider, or certificate authority. It can sometimes be useful to be able to reference an identifier that represents nothing. This document defines such a DID.

Introduction

Decentralized Identifiers (DIDs) [[DID-CORE]] are a type of identifier for verifiable, decentralized digital identity. These identifiers are designed to enable the controller of a DID to prove control over it and to be implemented independently of any centralized registry, identity provider, or certificate authority. It can sometimes be useful to be able to reference an identifier that represents nothing. This document defines such a DID.

The rest of this document outlines the syntax for the did:null method, the operations it supports, and some security and privacy considerations that implementers might want to be aware of when implementing.

The name "null" was somewhat arbitrarily chosen based on how common its use is in computer programming languages. There are many other similar names which could equally be used for the same concept presented here: 0, zero, void, none, empty, false, undefined, nil, and likely others.

The did:null Format

The format for the did:null method conforms to the [[DID-CORE]] specification and is simple. It consists of only did:null:null. No method-specific-id other than null is specified in this specification version and other values should be rejected.

The ABNF for the null format is described below: 

did-null-format    = "did:" method-name ":" method-specific-id
method-name        = "null"
method-specific-id = "null"

The single example of a valid did:null DID is: 

did:null:null

Operations

The following section outlines the DID operations for the did:null method. Implementers might note that this DID Method is purely static, requiring no look ups in a registry. Since the did:null value is not stored in any registry, it cannot be updated or deactivated.

Create

Creation of a did:null DID Document always results in the same document for the DID did:null:null. It is described in full here: 

          {
            "@context": [
              "https://www.w3.org/ns/did/v1"
            ],
            "id": "did:null:null"
          }

Read

Reading the did:null:null value is a matter of deterministically expanding the value to a DID Document described in Section .

Update

This DID Method does not support updating the DID Document.

Deactivate

This DID Method does not support deactivating the DID Document.

Test Vectors

For a full list of test vectors see test vectors.

null

There is only one test vector and it has no contents.

          did:null:null

Security and Privacy Considerations

There are a number of security and privacy considerations that implementers will want to take into consideration when implementing this specification.

Public DID Document

The did:null:null DID Document in this specification is static, publicly known, and includes no private data.

Deactivation Not Supported

The did:null method is a purely static method, which means that deactivation is not supported. This can be an issue if a future system wants to change the behavior of did:null:null.

Acknowledgements

The authors would like to thank the number zero and the empty void of space for inspiration.

Version History

1.0 - 2020-04-01
Unreleased initial version.
2.0 - 2020-04-01
Updated for modern [[DID-CORE]] and removed optional properties.