As an issuer in Hyperledger Indy/Aries, do I need to create a separate DID for each user? Likewise does a user create multiple DID for each isssuers

Question

I am going through Hyperledger Indy document here.

It is mentioned here that: A user registers for a service's website by creating and giving the service a new, never-used-before DID, and receives back from the service the same thing - a new, never-used-before DID created by the service.

From my understanding, each user or issuer with have like a DID by default associated with a Public/Private key on Indy ledger when they create a wallet. Why do they need to create a separate new DID (both issuer and user) for a particular credential. We should be able to use the single DID for all issuers and a issuer should be able use their single DID for all users. This would incur management overhead on the Issuer side for managing multiple keys. Same on the user side too.

Is there any reason for this implementation. Is this implementation as per W3C standard or specific to Indy.

I have tried to look into the W3C standard for DIDs and it doesnt specify it should be like this. But does say User/Issuer can have multiple DIDs. Is it mandatory in Indy is something I couldnt figure out.

Answer 1

You create a new did/verkey pair for each new connection between parties because of this:

A Verinym is associated with the Legal Identity of the Identity Owner. For example, all parties should be able to verify that some DID is used by a Government to publish schemas for some document type. The second type is a Pseudonym - a Blinded Identifier used to maintain privacy in the context of an ongoing digital relationship (Connection). If the Pseudonym is used to maintain only one digital relationship we will call it a Pairwise-Unique Identifier.