In this paper, we analyzed the vulnerabilities that could occur when a third party who is not the owner of a Decentralized Identifier (DID) has the authority to modify a DID Document. DID is a technology that allows individuals to have data sovereignty. The DID Document contains information for authenticating the DID owner. A DID Controller has the authority to modify DID Document. This authority is being standardized so that it can be held by third parties as well as DID owners. It is a matter of changing the DID document against the will of the DID owner. To help owners assert their sovereignty even stronger, we propose a way for DID owners to use a policy, history, and service to verify the DID Document updating process.
This research was supported by Korea Institute for Advancement of Technology(KIAT) grant funded by the Korea Government(MOTIE) (P0008703, The Competency Development Program for Industry Specialist)