Decentralized Identifiers (DIDs) in the AT Protocol serve as a persistent, long-term account identifier that enables actors to maintain their identity across services and handle changes. DIDs follow the W3C DID Standard, which provides a method for self-sovereign digital identity.
DIDs serve as the foundation for identity in the AT Protocol, enabling actors to maintain their identity across handles or service providers, cryptographically verify their content, and migrate between different Personal Data Servers (PDSes) while preserving their identity and social graph.
The AT Protocol currently supports two DID Methods:
DIDs within the AT Protocol follow the standard DID syntax:
did:<method>:<method-specific-identifier>
For example:
did:plc:z72i7hdynmk6r22z27h6tvurdid:web:bsky.appAll DIDs must:
Each DID resolves to a DID Document which contains critical information about the actor:
alsoKnownAs array contains the user's handle, allowing human-readable addressingverificationMethod array contains the public signing key used to authenticate the accountservice array specifies the PDS or PDSes hosting the user's repository.Below is a sample DID document:
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/multikey/v1",
"https://w3id.org/security/suites/secp256k1-2019/v1"
],
{
"id": "did:plc:67h1rfibjpxfwztnip4tncij",
"alsoKnownAs": [
"alice.bsky.social"
],
"verificationMethod": [
{
"id": "did:plc:67h1rfibjpxfwztnip4tncij#atproto",
"type": "Multikey",
"controller": "did:plc:67h1rfibjpxfwztnip4tncij",
"publicKeyMultibase": "ftcElJyrhbkvaVdrPCAWRInDQCdILvyYVAKNfyFzQHIUiyMza"
}
],
"service": [
{
"id": "#atproto_pds",
"type": "AtprotoPersonalDataServer",
"serviceEndpoint": "https://morel.us-east.host.bsky.network"
}
]
}