NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

ToIP did:webs Method Specification

type
Standard
Documentation

Description

Description
Source

The did:webs DID method is a secure, web-based approach that combines the accessibility of did:web with the cryptographic security of KERI (Key Event Receipt Infrastructure). This method enables the publication of DIDs using traditional web infrastructure while providing strong cryptographic trust through self-certifying identifiers and key management.

Key features that differentiate did:webs include:

  • Cryptographic Trust: Uses KERI for secure key management and rotation without relying on DNS or certificate authorities
  • Blockchain Independence: Does not require blockchains but can reference them optionally
  • Web Integration: Leverages existing web infrastructure for discovery and publication
  • Multi-signature Support: Enables sophisticated key control schemes
  • Pre-rotation Security: Allows secure key rotation even after key compromise

Purpose and Scope:

  1. Primary purpose is to provide web-published DIDs with cryptographic security
  2. Combines web accessibility with strong decentralized trust
  3. Supports both simple and complex key management scenarios

Key Technical Specifications:

  • Method Name: did:webs
  • Method-Specific Identifier: Consists of:
    • Host component
    • Optional path
    • Required KERI AID (Autonomic Identifier)
  • Data Format:
    • did.json for DID Document
    • keri.cesr for KERI event stream

Implementation Requirements:

  1. Web Server:
    • Must support HTTPS
    • Must serve both DID document and KERI event stream
  2. KERI Implementation:
    • Must support basic key event processing
    • Must implement event verification
  3. Resolver:
    • Must validate KERI event stream
    • Must transform events to DID Document format

Security Considerations:

  • Uses KERI for cryptographic trust
  • Supports multi-signature schemes
  • Enables key pre-rotation
  • Independent of DNS/CA trust
  • Requires HTTPS for transport

Interoperability Features:

  • Compatible with did:web infrastructure
  • Supports multiple key types
  • Enables service endpoint discovery
  • Allows blockchain integration
  • Supports international domain names

Current Adoption Status:

  • Implementer's draft status
  • Reference implementation available
  • Multiple contributors from GLEIF, DIF, and other organizations

Statistics

Projects Following
Source
0

Under Management at

Project
Website
Source

Projects Following or working on this Standard

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page