Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 183 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
An identifier is a unique reference that points to and distinguishes a specific entity, resource, or identity within a given scope, enabling unambiguous identification without necessarily being human-meaningful or requiring centralized registration.
An identifier is a fundamental primitive in digital systems that serves as a unique reference to distinguish one entity from all others within a specific context or scope. In the KERI/ACDC ecosystem, identifiers are the foundational building blocks that enable verifiable, decentralized identity management without requiring centralized authorities or registries.
Key characteristics of identifiers include:
KERI introduces several specialized identifier types that extend beyond traditional identifier systems:
Autonomic Identifiers (AIDs): Self-managing cryptonymous identifiers that are self-certifying and encoded in CESR. AIDs represent KERI's primary identifier innovation, providing cryptographic root-of-trust without external dependencies.
Self-Certifying Identifiers (SCIDs): Identifiers cryptographically derived from public keys, enabling verification without trusted third parties. The identifier itself contains or derives from the cryptographic material needed to verify control.
Self-Addressing Identifiers (SAIDs): Content-addressable identifiers that are both cryptographically bound to and embedded within the data they identify, creating tamper-evident data structures.
Uniqueness Guarantees: KERI identifiers achieve uniqueness through cryptographic derivation from high-entropy sources (≥128 bits), eliminating collision risks without centralized coordination.
Scope Management: Identifiers operate within defined scopes (autonomic namespaces). The same identifier string in different namespaces may reference different entities.
Verification Requirements: Verifying identifier control requires access to the identifier's KEL and the ability to validate cryptographic signatures against current authoritative keys.
Privacy Implications: Identifier reuse across contexts enables correlation. KERI supports privacy-preserving patterns through non-transferable identifiers for ephemeral interactions and selective disclosure in ACDCs.
Governance Considerations: In the vLEI ecosystem, identifiers are governed by GLEIF frameworks that specify creation, delegation, and revocation policies for organizational identity credentials.
In ACDC credentials, identifiers serve multiple critical roles:
i field): The AID of the credential issuerKERI's identifier architecture addresses fundamental challenges in decentralized systems:
Portability: KERI identifiers are not locked to specific ledgers or infrastructure, enabling true self-sovereignty and migration between trust domains.
Verifiability: Through Key Event Logs (KELs), any party can cryptographically verify the current authoritative key state for an identifier without trusting intermediaries.
Transferability: Identifiers can be either transferable (supporting key rotation) or non-transferable (ephemeral, single-use), depending on use case requirements.
Namespace Agnostic: KERI identifiers can operate within any namespace that accepts pseudo-random strings, including DID methods, URLs, or custom schemes.
KERI's theoretical framework introduces the aid|lid couplet concept, resolving Zooko's triangle by separating:
This separation enables identifiers to be simultaneously secure, decentralized, and human-meaningful through cryptographic binding rather than requiring all properties in a single identifier.
Autonomic Namespace (AN): Self-certifying namespaces where all derived identifiers share the same root-of-trust, source-of-truth, and locus-of-control.
Verifiable Identifier (VID): An identifier over which the controller can provide cryptographic proof of control authority.
Cryptonym: A cryptographic pseudonymous identifier derived from random entropy through one-way functions, providing universal uniqueness without centralized coordination.
Binding: The technique of connecting identifiers to subjects, data, or other identifiers, with privacy implications through correlation.
Understanding identifiers is foundational to grasping KERI's approach to decentralized key management infrastructure and ACDC's verifiable credential architecture, where cryptographic identifiers replace traditional trust in centralized authorities with mathematically verifiable proofs of control and authenticity.