Vulnerability Analysis of DID Document’s Updating Process in the Decentralized Identifier Systems

In this paper, we analyzed the vulnerabilities that could occur when a third party who is not the owner of a Decentralized Identifier (DID) has the authority to modify a DID Document. DID is a technology that allows individuals to have data sovereignty. The DID Document contains information for authenticating the DID owner. A DID Controller has the authority to modify DID Document. This authority is being standardized so that it can be held by third parties as well as DID owners. It is a matter of changing the DID document against the will of the DID owner. To help owners assert their sovereignty even stronger, we propose a way for DID owners to use a policy, history, and service to verify the DID Document updating process.