LogoLogo
ProductsCommunityGitHubShare Feedback
SSI Kit
SSI Kit
  • General
    • Introduction
    • Transition To The Community Stack
    • SSI Kit | Basics
      • Overview
      • Functionality
      • Components
    • SSI Kit
      • SSI Flavors & Ecosystems
        • Trust Registries
        • Keys
        • Decentralized Identifiers (DIDs)
        • Verifiable Credentials (VCs)
        • Data Exchange Protocols
      • Architecture
        • Low-Level Service Abstraction
        • Ecosystem Abstraction
        • High-Level Interfaces / APIs
      • Use Cases
      • Self-Sovereign Identity (SSI)
        • SSI | Basics
        • Technologies & Concepts
          • Registries
          • Decentralised Identifiers (DIDs)
          • Verifiable Credentials (VCs)
          • Verifiable Presentations (VPs)
          • Data Exchange (Protocols)
  • Getting started
    • Quick Start
    • REST API
      • Signatory API - For Issuers
      • Custodian API - For Holders
        • Key management
        • Did management
        • Credentials management
      • Auditor API - For Verifiers
      • Core API
        • Cryptographic keys
        • Decentralised-Identifiers
        • Verifiable-Credentials
      • API Serving Configs
    • Dependency (JVM)
      • Java Examples
      • Kotlin Examples
    • CLI | Command Line Interface
      • Key Management
      • Decentralized Identifiers
      • Verifiable Credentials
      • OpenID Connect (OIDC)
    • Building the Project
      • Docker Build
      • Local Build
    • Project Configurations
    • Demo
  • Ecosystems
    • EBSI
      • Basics
      • Use Cases & Flow Diagrams
      • Command line interface
        • DID Registration
      • REST API
      • Usage / examples
        • Onboarding & DIDs
        • Build end-to-end use cases
    • IOTA
      • OIDC4VP profile for Login-with-IOTA
      • Login With IOTA Demo
    • Velocity
      • Basics
        • Onboarding
        • Issuing
        • Inspection
      • Integration with SSIKit
      • Command line interface
        • Onboarding
        • Issuing
        • Inspection
    • cheqd
      • Integration architecture
      • Create DID
      • Issue VC
      • Verify VC
  • Tutorials
    • My First VC
    • Advanced VC
  • Concepts
    • Credential Templates
    • Verification Policies
      • Static Policies
      • Parameterized Policies
      • Dynamic/Custom Policies
        • Creating Dynamic Policies
        • Using Dynamic Policies
        • Removing Dynamic Policies
        • Dynamic Policies | Data Classes
    • Selective Disclosure
      • Intro
      • Issuing a SD-JWT Credential
      • Verifying a SD-JWT Credential
    • Credential Statuses
      • StatusList2021Entry
      • SimpleCredentialStatus2022
      • Issue credentials with credentialStatus
      • REST API
        • Check the status of a credential
        • Revoke a credential
      • CLI
        • Check the status of a credential
        • Revoke a credential
    • DID Web
    • Open Policy Agent (OPA)
      • Setup
    • OpenID Connect (OIDC)
      • Credential Issuance
        • OIDC4CI | Example
      • Presentation Exchange
        • OIDC4VP | Example
    • Delegation and Mandates
  • Community
    • Discord
    • Twitter
    • Newsletter
    • GitHub Discussions
  • DEVELOPER RELATIONS
    • Contribute
    • Roadmap
    • Share Feedback
    • Contact
  • Product Editions
    • Open Source | Always Free
    • Enterprise | Self-Managed
    • Cloud Platform | Managed
Powered by GitBook
On this page
  • What is a DID Web
  • How a DID web looks like
  • Creating a DID Web
  • Hosting a DID Web via the Wallet-Kit

Was this helpful?

Export as PDF
  1. Concepts

DID Web

Learn about did:web: what it is and how to create one.

PreviousRevoke a credentialNextOpen Policy Agent (OPA)

Last updated 1 month ago

Was this helpful?

What is a DID Web

Following the foundational principles defined in the DID specification. DIDs are globally unique, self-sovereign identifiers for individuals, companies, and devices, and they come in various forms, called DID methods. Those methods define the protocol for creating, reading, updating and deactivating DIDs for the target network or system. This could be a blockchain, like in the case of did:ethr or a DNS and HTTP-based systems as it is for did:web.

did:web therefore is one protocol defining the rules on how to work with Decentralised Identifiers in the DNS system, blending decentralised identity principles with the traditional web and HTTP. Allowing domain owners to create, manage and expose their DID document, the public accessible part of their DID, under a domain they own. The major advantage of did:web is that it relies on the already established and widely used web and its standards, making the adoption and implementation process much simpler for companies. Instead of having to learn a whole new system, they can build on the existing knowledge and infrastructure they already have. Though one limitation of DID web is, that the security is fundamentally dependent on the safety of the website hosting the DID Document.

How a DID web looks like

Creating a DID Web

Create a DID web via the SSI-Kit CLI

ssikit did create -m {method} --domain {domain} --path {domainPath}

Flags

  • domain (optional): [string] the domain you want to host your did:web under.

  • path (optional): [string] location of the hosted DID document

Example

ssikit did create -m web --domain example.com --path user/alice

Response

DID created: did:web:example.com


DID document (below, JSON):

{
    "assertionMethod" : [
        "did:web:example.com:user:alice#48e92d043c93484c86a295f5115dc3c4"
    ],
    "authentication" : [
        "did:web:example.com:user:alice#48e92d043c93484c86a295f5115dc3c4"
    ],
    "@context" : "https://www.w3.org/ns/did/v1",
    "id" : "did:web:example.com:user:alice",
    "verificationMethod" : [
        {
            "controller" : "did:web:example.com:user:alice",
            "id" : "did:web:example.com:user:alice#48e92d043c93484c86a295f5115dc3c4",
            "publicKeyJwk" : {
                "alg" : "EdDSA",
                "crv" : "Ed25519",
                "kid" : "48e92d043c93484c86a295f5115dc3c4",
                "kty" : "OKP",
                "use" : "sig",
                "x" : "GGH7EC9dZPX-5aE-Pf3ggkppz_wecrs_n2TYNhX4rY0"
            },
            "type" : "Ed25519VerificationKey2019"
        }
    ]
}

Install this did:web at: https://example.com/.well-known/user/alice/did.json

You can now take the DID document, and upload it to your server on the specified domain path provided by the ouput (https://example.com/.well-known/user/alice/did.json) or if you did not use a sub-path the domain would be something like (https://yourdomain.com/.well-known/did.json)

Hosting a DID Web via the Wallet-Kit

Create a DID web via Wallet-Kit REST

curl -X 'POST' \
  'http://0.0.0.0:8080/issuer-api/default/config/did/createAdvanced' \
  -H 'accept: text/plain' \
  -H 'Content-Type: application/json' \
  -d '{
  "method": "web"
}'

Body paramters

  • domain (optiona): [string] the domain you want to host your did:web under.

  • path (optional): [string] location of the hosted DID document

Example

curl -X 'POST' \
  'http://0.0.0.0:8080/issuer-api/default/config/did/createAdvanced' \
  -H 'accept: text/plain' \
  -H 'Content-Type: application/json' \
  -d '{
  "method": "web"
}'

Response

did:web:localhost%3A3000:api:did-registry:a3aa55ad8b9946d2a453a4e1d4c592e6

Create a DID web via walt.id web wallet

Resolving your did:web

Using the did you just created via the Wallet UI, you can now use the SSI-Kit to resolve it.

ssikit did resolve -d {yourDID}

Flags

  • d: [string] did to resolve

Example

ssikit did resolve -d did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb

Response

Resolving DID "did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb"...

Results:

DID resolved: "did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb"
DID document (below, JSON):

{
    "assertionMethod" : [
        {
            "controller" : "",
            "id" : "did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb#3b0fc8a129074fb98d764ec07f6e7aeb",
            "type" : ""
        }
    ],
    "authentication" : [
        {
            "controller" : "",
            "id" : "did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb#3b0fc8a129074fb98d764ec07f6e7aeb",
            "type" : ""
        }
    ],
    "@context" : "https://www.w3.org/ns/did/v1",
    "id" : "did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb",
    "verificationMethod" : [
        {
            "controller" : "did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb",
            "id" : "did:web:wallet.walt.id:api:did-registry:3b0fc8a129074fb98d764ec07f6e7aeb#3b0fc8a129074fb98d764ec07f6e7aeb",
            "publicKeyJwk" : {
                "alg" : "EdDSA",
                "crv" : "Ed25519",
                "kid" : "3b0fc8a129074fb98d764ec07f6e7aeb",
                "kty" : "OKP",
                "use" : "sig",
                "x" : "nqwNGCV1myawqNqBcT1mEEA5M80sCoGSqiwAFb2ED-4"
            },
            "type" : "Ed25519VerificationKey2019"
        }
    ]
}

In practice, a DID Web looks like a regular URL but following the form standards of a DID did:<method>:<method-specific-string> If we decided to host one at walt.id, it would be accessible via and defined as did:web:walt.id.

What is also possible, to define sub paths at which the DID document should be hosted, e.g. for did:web:walt.id:user:alice the DID document would be hosted at

Use the latest version of the walt.id SSI-Kits CLI to create a did:web. Refer to the for instructions on how to run the project. Let's now create a did:web

Make sure you have set the aslias as explaind in , otherwise the ssikit command will not be defined in your terminal.

m: [string] specifiying the did method. Options web, key, cheqd, ebsi and others. See full list .

If you want to get the hosting right out of the box, you can deploy another product of ours, the Wallet-Kit, which builds on top of the SSI-Kit. With it, you can generate a did without specifying any domain and this will create a did:web for the domain the Wallet-Kit is hosted under and expose the DID Document on the right path automatically. You can try it out, by either using the of your hosted Wallet-Kit or by visiting our web wallet and creating your first did:web .

Use the latest version of the walt.id Wallet-Kits REST interface to create a did:web. Refer to the for instructions on how to serve the API. Let's now create a did:web

method: [string] specifiying the did method. Options web, ebsi and others. See full list .

Make sure you have set the aslias as explaind in , otherwise the ssikit command will not be defined in your terminal.

https://walt.id/.well-known/did.json
https://walt.id/.well-known/user/alice/did.json
Getting Started guide
the setup
here
Getting Started guide
here
the setup
REST interface
via the UI
Introduction to DID Web