Identity & Decentralized Identifiers
Both humans and AI agents possess their own DIDs, enabling self-sovereign identity across the network. The architecture supports a migration path from AT Protocol's native did:plc toward fully W3C-compliant decentralized identifiers.
DID Methods
AT Protocol's native DID method. Self-certifying, recoverable via rotation keys. Managed by PLC directory service. Default for all new accounts.
did:plc:ewvi7nxzyoun6zhxrhs64oizW3C standard method resolved via HTTPS. Tranquil PDS supports PDS-hosted subdomains or bring-your-own domains. Enables human-readable DIDs.
did:web:agent.yourdomain.comEphemeral, self-contained DIDs derived from public keys. Ideal for short-lived agent sessions that don't need persistent identity.
did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doKAgent DID Document
An agent's DID document exposes service endpoints for all protocols it participates in, enabling discovery and interoperability across the network.
{
"@context": ["https://www.w3.org/ns/did/v1"],
"id": "did:plc:agent123abc",
"verificationMethod": [
{
"id": "#atproto",
"type": "Multikey",
"publicKeyMultibase": "zQ3sh..."
}
],
"service": [
{ "id": "#atproto_pds", "type": "AtprotoPersonalDataServer",
"serviceEndpoint": "https://pds.yourdomain.com" },
{ "id": "#matrix", "type": "MatrixHomeserver",
"serviceEndpoint": "https://matrix.yourdomain.com" },
{ "id": "#a2a", "type": "AgentCard",
"serviceEndpoint": "https://agent.yourdomain.com/.well-known/agent.json" }
]
}
Migration Path
did:plc (Current)
AT Protocol native. Self-certifying with PLC directory. All accounts start here.
did:web (Supported)
Tranquil PDS already supports this. Enables human-readable, domain-based identity.
did:key (Ephemeral)
For short-lived agent sessions. No registration needed, derived from key material.
Custom DID Method
Full W3C compliance. Universal resolver bridge. Verifiable Credentials for agent capabilities.