1 of 5

did:web 2.0?

Next Steps and Improvements

2 of 5

did:web -- Re-using web domain trust

did:web:example.com ----> https://example.com/.well-known/did.json

did:web:example.com:folder ----> https://example.com/folder/did.json

Benefits:

  • Easy (good beginner method)
  • Leverages trust built up in a domain name
  • Benefits from DID standardization / tooling

3 of 5

did:web concerns / challenges

4 of 5

did:web Improvement Proposals

  1. Recovery / Pre-Rotation Keys�recover: <hash of the secret recovery key>�
  2. KERI-style self-certifying hash in URL?�did:web:example.com/abcdef1235 ← hash�^ cons: usability (need to be a developer to generate the hash)�how do you version? etc�
  3. Backwards Links / versioning�what do the links look like? prev: did:web:example.com?hash=12345�
  4. Signed DID Docs�
  5. Adopt Certificate Transparency like "observers"�
  6. Drop .well-known (did:web:example.com resolves to https://example.com/did.json)

5 of 5

Next steps

  • open issues on spec
  • fork the method? :) did:webs (like http/https)
  • combine with did:plc somehow?