NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

did:webvh DID Method Specification

type
Standard
Documentation

Description

Description
Source

DID Method: did:webvh (DID Web + Verifiable History)

did:webvh is an enhancement to the did:web DID method, providing additional features to address limitations of did:web for long-lasting DIDs. It maintains backward compatibility while offering stronger security assurances through verifiable history and self-certifying identifiers.

Key features include:

  • Same DID-to-HTTPS transformation as did:web
  • Full history of DID Document versions with verifiable chain of updates
  • Self-certifying identifier (SCID) embedded in the DID
  • Optional DID portability via SCID
  • Signed proofs for DID updates
  • Optional pre-rotation keys for compromise recovery
  • Optional witness collaboration for updates
  • High assurance DNS mechanism support
  • Automatic DID URL path handling
  • /whois capability for verifiable credentials about the DID

Technical Specifications

Purpose and Scope

  • Enhances did:web with verifiable history without requiring a ledger
  • Provides cryptographic verification of DID document updates
  • Enables portability while maintaining verifiable history
  • Supports decentralized trust registry capabilities via /whois

Key Technical Components

  • DID Log: JSON Lines file containing all DID document versions
  • SCID Generation: Hash-based self-certifying identifier derived from initial state
  • Entry Hash: Links each update in a verifiable chain
  • Data Integrity Proofs: Signs updates using authorized keys
  • Pre-rotation Keys: Optional mechanism for key compromise recovery
  • Witness System: Optional collaborative verification of updates

Implementation Requirements

  1. Must support standard DID-to-HTTPS transformation
  2. Must maintain complete DID document version history
  3. Must verify SCID and entry hashes during resolution
  4. Must validate all signatures and proofs
  5. Must support specified DID URL resolution mechanisms

Security Considerations

  • Requires secure DNS resolution with DNSSEC
  • Mandates HTTPS for all communications
  • Supports privacy-enhancing technologies for resolution
  • Implements CORS policies for browser-based applications
  • Provides key compromise mitigation through pre-rotation

Interoperability Features

  • Compatible with existing did:web infrastructure
  • Supports parallel publishing of did:web DIDs
  • Implements standard DID URL resolution
  • Uses W3C Verifiable Credentials for /whois
  • Follows IETF standards for DNS and HTTPS

Current Status

The specification is at version 0.5 (Editors Draft) and is being actively developed by the Decentralized Identity Foundation. Implementations exist in:

  • TypeScript
  • Python
  • Go

The method is designed for production use with focus on long-term viability and security of decentralized identifiers.

Statistics

Projects Following
Source
1

Under Management at

Projects Following or working on this Standard

Project
Website
Source

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page