Decentralized Identity (DID)
Every company on FenixTrace receives a W3C-compliant Decentralized Identity (DID), registered on the IOTA network. The DID certifies the company's authenticity, is publicly verifiable in the scanner, and forms the cryptographic foundation for transparent product traceability in the supply chain.
What is a DID?
A DID (Decentralized Identifier) is a unique digital identifier that does not depend on a central authority. Unlike a username or email, a DID is created and controlled directly by its owner through cryptography. In the context of FenixTrace, the DID represents a company's verifiable digital identity in the supply chain.
FenixTrace uses the W3C DID Core 1.0 standard implemented on the IOTA network. Each DID is linked to a DID Document containing the public keys and verification methods needed to prove the owner's identity. DID registration happens automatically when subscribing to a plan, making the process transparent to the user.
The main advantage of a decentralized identity is that no single entity can modify or revoke it without the owner's consent (except in governance cases, where the Super Admin has emergency powers). This ensures that a company's identity in the supply chain is authentic, verifiable, and censorship-resistant.
DID Technical Structure
| Field | Value | Description |
|---|---|---|
| Method | did:iota | DID method specific to the IOTA network |
| Network | IOTA L1 (Tangle) | IOTA Layer 1 network based on the Tangle (DAG) |
| Format | did:iota:<hash> | Unique cryptographic hash of the identity |
| Standard | W3C DID Core 1.0 | Compliant with W3C standard for decentralized identities |
| Storage | IOTA Tangle | Stored directly on the Tangle via identity.rs |
| Verification | Wallet signature | Verifiable through the cryptographic signature of the owner wallet |
DID Example
The DID consists of three parts: the "did" prefix, the "iota" method identifying the network, and a unique cryptographic hash generated from the DID Document.
Identity Lifecycle
The DID identity onboarding process on FenixTrace follows a 6-phase flow, from plan selection to full operation. Each phase involves verifiable on-chain interactions.
Plan Selection
The company visits the Pricing page and selects one of the available plans (Base, Professional, Enterprise). Each plan includes a different number of registrable products, manageable delegates, and subscription duration. Payment occurs in IOTA tokens via smart contract.
On-Chain Transaction Signing
The user signs the payment transaction with their wallet. The smart contract verifies the payment, registers the address as a subscriber and sets the subscription expiry date. From this moment the wallet address is recognized as a "registered company" in the contract.
Automatic DID Creation
After payment, the platform automatically generates a DID (Decentralized Identifier) compliant with the W3C DID standard. The DID is created on the IOTA network using IOTA Foundation's identity.rs library. The format is: did:iota:<hash>. This identifier is unique, immutable, and cryptographically linked to the company's wallet.
DID Notarization
A second wallet signature is requested for DID notarization. This operation creates an on-chain record that verifiably associates the DID with the company's wallet address. Notarization is the cryptographic proof that the identity has been verified and that the wallet owner has actually authorized the DID creation.
DID ↔ Company Linking
The smart contract links the DID to the company's wallet address. From this point, any smart contract query can verify that a given address has a valid and active DID. The public scanner automatically shows the "DID Active" badge next to the company.
Full Operation
The company can now fully operate: register products with on-chain notarization, manage delegates, upload product batches, and all its products are visible in the public scanner with complete DID verification information.
Identity Statuses
A company's DID identity can be in one of the following three states. The status is visible both in the admin dashboard and the public scanner, ensuring total transparency.
Active
Identity is verified and fully operational. The company can register products, receive delegations, and its products are visible in the public scanner with the "Verified Partner" badge. The smart contract confirms the on-chain DID matches the company's wallet address.
Full dashboard access • Products visible in scanner • Green "DID Active" badge • Can manage delegates
Suspended
Identity is temporarily suspended by the administrator. The company can still access the dashboard in read-only mode but cannot register new products or manage delegates. Already registered products remain visible in the scanner but with a suspension notice. This action is reversible: a Super Admin can reactivate the identity at any time.
Dashboard read-only • No new registrations • Yellow "Suspended" badge • Products visible with notice
Revoked
Identity has been permanently revoked. This is an irreversible action performed only in severe cases (fraud, terms of service violation, illegal activity). The company loses dashboard access and its products are marked as "Identity Revoked" in the scanner. To operate again on the platform, a new DID registration with a new wallet is required.
No dashboard access • Products marked "Revoked" • Red badge in scanner • Requires new registration
Administrative Actions (Governance)
Governance actions on DID identity are exclusively reserved for Super Admin role users. These actions modify a company's DID identity state and have immediate effects on its operation. Every action is recorded on-chain to ensure transparency and traceability of administrative decisions.
Identity Reactivation
A Super Admin can reactivate a previously suspended identity. The action restores all company functionalities: full dashboard access, ability to register new products, delegate management. The scanner badge returns to "DID Active" (green). Reactivation is immediate and does not require re-notarization.
Identity Suspension
A Super Admin can temporarily suspend an identity for compliance reasons, investigation of reports, or at the company's own request. During suspension, the company retains read access to the dashboard but cannot perform write operations (new products, delegates). Existing products remain in the scanner with a notice.
Identity Revocation
Irreversible action reserved for severe cases. The Super Admin permanently revokes a company's DID identity. The wallet address is blocked, the DID is marked as "revoked" on-chain, and all company products are marked with a warning badge in the scanner. The company can no longer access the platform with the same wallet.
Public Scanner Visibility
FenixTrace's public scanner is the main access point for identity verification. Every registered company is visible with the following identity information:
"Verified Partner" Badge
Indicates the company has an active and verified DID
"DID Active" Badge
Shows the current DID status (active/suspended/revoked)
Wallet Address
The company's address with IOTA explorer link
Full DID
The full DID identifier with notarization link
Registration Date
When the company registered on the platform
DID Transactions
Direct links to on-chain registration and notarization transactions
All this information is accessible without authentication, ensuring maximum transparency. The scanner's public APIs also allow programmatic access to this data.
Frequently Asked Questions
The DID is cryptographically linked to your wallet. If you lose wallet access, you can no longer manage your identity on FenixTrace. You will need to contact support for the recovery procedure, which may require creating a new DID with a new wallet and migrating existing products.
Yes, the DID and its status (active, suspended, revoked) are publicly visible in the scanner. Any user can verify a company's identity by checking the scanner, without authentication. This is one of the fundamental principles of supply chain transparency.
DID registration is included in the subscription cost. There are no additional costs for DID creation. The only additional cost is IOTA network gas fees for notarization transactions, which are extremely low (fractions of a cent).
No, each wallet address can have only one active DID. If you need multiple identities (e.g., for different branches), you must use different wallets and subscribe to separate plans. However, you can manage multiple companies as a delegate through the delegation system.
When the subscription expires, the DID identity remains registered on-chain but dashboard functionalities become limited. Already registered products remain visible in the scanner. To restore full functionalities, simply renew the subscription from the Pricing page.
Verify Identities
Visit the public scanner to verify the DID status of any company registered on FenixTrace. You can also use the public APIs to integrate verification into your system.