DID Management

Decentralized Identifiers are the foundation of every verifiable credential ecosystem. The BaseID DID Management service gives organizations a single operational interface for creating, updating, rotating, and deactivating DIDs across the methods that matter most in Canadian and international identity frameworks. Whether your architecture calls for did:web anchored to your own domain, ephemeral did:key identifiers for short-lived sessions, or did:jwk for direct key representation, every method is managed through the same API and governance controls.

Key lifecycle management is built into the core of the service. Cryptographic keys can be generated in software or bound to hardware security modules, and rotation schedules can be automated to meet organizational policy without interrupting credential verification chains. Each rotation event is recorded in an immutable audit log, providing the evidence trail that auditors and compliance teams require. DID documents are versioned, so historical states can always be retrieved for dispute resolution or forensic review.

The integrated resolver service completes the picture by providing sub-millisecond DID resolution for both internal and external identifiers. The resolver maintains a validity cache, performs signature checks on retrieved documents, and exposes health metrics for operational monitoring. For organizations participating in multi-party trust frameworks, the resolver can be federated with peer instances to ensure consistent resolution across jurisdictional boundaries.