Okay, then I don’t get at all, why you want encryption.
In all SSI concepts that I have seen so far, the DID document does not contain personal information. The personal information is in Verifiable Credentials (VCs, https://www.w3.org/TR/vc-data-model/) and those are not supposed to be living on a blockchain, but shall be carried around in personal wallets.
There already is https://iamx.id/ building an SSI infrastructure on Cardano (in fact, the one NMKR already uses and probably had in mind when drafting the CIP you were commenting on) and there will be Atala Prism (although they haven’t released their DID method to https://www.w3.org/TR/did-spec-registries/#did-methods up to now – in contrast to IAMX).
I am not really sure how successful yet another Cardano DID method would be. I would at least wait until a little more is known about how Atala Prism wants to do it and how the integration into Lace will look like which is also already announced. If they are doing everything horribly wrong (which I would not exclude), a concurrent concept can still be proposed.
I just saw that your idea of including “payload” in the DID document stems from the CIP draft. There already is a comment in the PR discussion that that is very non-SSI-like, since DIDs should not contain any personal information.
Moreover, you use the payment address as a method-specific identifier. For longer-living DIDs that is not really a good idea, since you will want to retire and replace keys.
Actually, the did:key
method (https://w3c-ccg.github.io/did-method-key/) does exactly the same – using the public key itself as identifier, but it is specifically designed for short-term uses: “For example, a DID that will only be used for a single, ephemeral interaction might not need to be registered, updated, or deactivated, or where private keys are protected by software or hardware isolation. These are a few of the cases where using did:key
might offer unique benefits.” And that method does not need a DID document to be stored anywhere. The document is just generated from the key. Much more light-weight.
This could be somehow reunited with Cardano wallets by generating such a key from a Cardano wallet and then using the did:key
method. But that would be an additional functionality of the wallet app that does not have much if any interaction with the Cardano blockchain and does not need it.
This still has the problem that hardware wallets are excluded, until they provide a way to sign/decrypt arbitrary data, which may well never be the case. Could be a point for completely separating the wallet and keys used for identity management from the Cardano wallet.
Finally, the SSI on blockchain, SSI on Cardano people could not really convince me, why we want to use a blockchain at all for SSI. Methods like did:web
(https://github.com/w3c-ccg/did-method-web), did:dns
(https://danubetech.github.io/did-method-dns/, and did:ipid
(https://did-ipid.github.io/ipid-did-method/) exist and seem to work perfectly well for publishing DIDs.