Decentralized Identifiers (DIDs) in the AT Protocol serve as a persistent, long-term account identifier that enables actors to maintain their identity across services and handle changes. DIDs follow the W3C DID Standard, which provides a method for self-sovereign digital identity.
DIDs serve as the foundation for identity in the AT Protocol, enabling actors to maintain their identity across handles or service providers, cryptographically verify their content, and migrate between different Personal Data Servers (PDSes) while preserving their identity and social graph.
The AT Protocol currently supports two DID Methods:
DIDs within the AT Protocol follow the standard DID syntax:
did:<method>:<method-specific-identifier>
For example:
did:plc:z72i7hdynmk6r22z27h6tvur
did:web:bsky.app
All DIDs must:
Each DID resolves to a DID Document which contains critical information about the actor:
alsoKnownAs
array contains the user's handle, allowing human-readable addressingverificationMethod
array contains the public signing key used to authenticate the accountservice
array specifies the PDS or PDSes hosting the user's repository.Below is a sample DID document:
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/multikey/v1",
"https://w3id.org/security/suites/secp256k1-2019/v1"
],
{
"id": "did:plc:67h1rfibjpxfwztnip4tncij",
"alsoKnownAs": [
"alice.bsky.social"
],
"verificationMethod": [
{
"id": "did:plc:67h1rfibjpxfwztnip4tncij#atproto",
"type": "Multikey",
"controller": "did:plc:67h1rfibjpxfwztnip4tncij",
"publicKeyMultibase": "ftcElJyrhbkvaVdrPCAWRInDQCdILvyYVAKNfyFzQHIUiyMza"
}
],
"service": [
{
"id": "#atproto_pds",
"type": "AtprotoPersonalDataServer",
"serviceEndpoint": "https://morel.us-east.host.bsky.network"
}
]
}