Specification / DID Method
The self-certifying, offline-verifiable DID method for autonomous agents. Every identifier is derived from a public key, making the DID itself a cryptographic commitment.
Scroll to decode
W3C Decentralized Identifier scheme. Always the literal string 'did'. The universal prefix that signals this URI follows the DID specification.
Open Agent Specification method identifier. Declares that this DID conforms to OAS resolution rules, cryptographic requirements, and entity kind taxonomy.
Issuing authority or network scope. DNS-label-safe string (1-63 chars). Enables multi-tenant resolution without collision. Examples: 'l1fe', 'acme', 'self'.
One of 11 typed identifiers: hmr, mhr, enr, ao, agent, agent:instance, tool, skill, workflow, model, dataset, service. Determines lineage requirements and capabilities.
Base58btc-encoded multibase representation of the entity's Ed25519 public key. Self-certifying: the identifier IS the cryptographic key. The 'z' prefix signals base58btc encoding.
CRUD Operations
Generate Ed25519 keypair. Derive identifier from public key via multibase encoding. Construct DID document with verification methods. Sign with private key.
No network call required. The DID is self-certifying.
Parse DID into components. Look up the DID document via the namespace's resolver endpoint, or verify locally if the document is provided inline.
Supports offline resolution when the document is bundled.
Create a new version of the DID document with updated fields. Sign the update with the controlling key. Version number increments monotonically.
Previous versions remain valid for historical verification.
Set the DID document status to 'deactivated'. Sign the deactivation record. The DID remains resolvable but will fail verification checks.
Deactivation is irreversible. Key rotation is preferred.