In an autonomic identity architecture, the controller, Alice, generates a public-private key pair, derives a globally unique identifier, and shares the identifier and the currently associated public key with others to create relationships. Alice uses her private key to sign statements that authenticate herself and authorize use of the identifier. A digital signature also provides the means for Alice to cryptographically respond to challenges so she can prove she controls the identifier. These self-authentication and self-authorization capabilities make the identifier self-certifying and self-managing, meaning that there is no external third party, not even a ledger, needed for Alice to manage and use the identifier and prove to others the integrity of the bindings between herself and the identifier.
Any entity can create and establish control over an identifier in a manner that is independent, interoperable, and portable without recourse to any central authority. Autonomic identity systems rely solely on self-sovereign authority.
Alice can create as many Peer DIDs as she needs, each points to a public key that Alice controls. Alice can rotate the keys underneath the Peer DID anytime without impacting the identifier or her ability to prove she controls it. She keeps track of these key events in a key event log. The key event log is a chain of signed change records that can be cryptographically verified. Alice can use it to prove the provenance of her control of the identifier from its inception to the present.