Unofficial Draft 31 July 2024
Abstract
DIDs that target a distributed ledger face significant practical challenges in bootstrapping enough meaningful trusted data around identities to incentivize mass adoption. We propose a new DID method using a web domain's existing reputation.
ATProto
Supported by ATProtocol, with some constraints:
did:web, which is a W3C standard based on HTTPS (and DNS). The identifier section is a hostname. This method is supported in atproto to provide an independent alternative todid:plcDID PLC. The method is inherently tied to the domain name used, and does not provide a mechanism for migration or recovering from loss of control of the domain name. In the context of atproto, only hostname-leveldid:webDIDs are supported: path-based DIDs are not supported. The same restrictions on top-level domains that apply to handles (eg, no.arpa) also apply todid:webdomains. The speciallocalhosthostname is allowed, but only in testing and development environments. Port numbers (with separating colon hex-encoded) are only allowed forlocalhost, and only in testing and development. atproto.com/specs/did