DID Web
Learn about did:web: what it is and how to create one.
What is a DID Web
Following the foundational principles defined in the DID specification. DIDs are globally unique, self-sovereign identifiers for individuals, companies, and devices, and they come in various forms, called DID methods. Those methods define the protocol for creating, reading, updating and deactivating DIDs for the target network or system. This could be a blockchain, like in the case of did:ethr or a DNS and HTTP-based systems as it is for did:web.
did:web therefore is one protocol defining the rules on how to work with Decentralised Identifiers in the DNS system, blending decentralised identity principles with the traditional web and HTTP. Allowing domain owners to create, manage and expose their DID document, the public accessible part of their DID, under a domain they own. The major advantage of did:web is that it relies on the already established and widely used web and its standards, making the adoption and implementation process much simpler for companies. Instead of having to learn a whole new system, they can build on the existing knowledge and infrastructure they already have. Though one limitation of DID web is, that the security is fundamentally dependent on the safety of the website hosting the DID Document.
How a DID web looks like
In practice, a DID Web looks like a regular URL but following the form standards of a DID did:<method>:<method-specific-string>
If we decided to host one at walt.id, it would be accessible via https://walt.id/.well-known/did.json and defined as did:web:walt.id
.
What is also possible, to define sub paths at which the DID document should be hosted, e.g. for did:web:walt.id:user:alice
the DID document would be hosted at https://walt.id/.well-known/user/alice/did.json
Creating a DID Web
Use the latest version of the walt.id SSI-Kits CLI to create a did:web. Refer to the Getting Started guide for instructions on how to run the project. Let's now create a did:web
Create a DID web via the SSI-Kit CLI
Make sure you have set the aslias as explaind in the setup, otherwise the ssikit command will not be defined in your terminal.
Flags
m
: [string] specifiying the did method. Optionsweb
,key
,cheqd
,ebsi
and others. See full list here.domain (optional):
[string] the domain you want to host your did:web under.path (optional):
[string] location of the hosted DID document
Example
Response
You can now take the DID document, and upload it to your server on the specified domain path provided by the ouput (https://example.com/.well-known/user/alice/did.json) or if you did not use a sub-path the domain would be something like (https://yourdomain.com/.well-known/did.json)
Hosting a DID Web via the Wallet-Kit
If you want to get the hosting right out of the box, you can deploy another product of ours, the Wallet-Kit, which builds on top of the SSI-Kit. With it, you can generate a did without specifying any domain and this will create a did:web for the domain the Wallet-Kit is hosted under and expose the DID Document on the right path automatically. You can try it out, by either using the REST interface of your hosted Wallet-Kit or by visiting our web wallet and creating your first did:web via the UI.
Create a DID web via Wallet-Kit REST
Use the latest version of the walt.id Wallet-Kits REST interface to create a did:web. Refer to the Getting Started guide for instructions on how to serve the API. Let's now create a did:web
Body paramters
method
: [string] specifiying the did method. Optionsweb
,ebsi
and others. See full list here.domain (optiona):
[string] the domain you want to host your did:web under.path (optional):
[string] location of the hosted DID document
Example
Response
Create a DID web via walt.id web wallet
Resolving your did:web
Using the did you just created via the Wallet UI, you can now use the SSI-Kit to resolve it.
Make sure you have set the aslias as explaind in the setup, otherwise the ssikit command will not be defined in your terminal.
Flags
d
: [string] did to resolve
Example
Response
Last updated