Skip to content

Roadmap DID binding: did:key vs. did:web as signing root #8

Description

@piiiico

Your roadmap: 'derive did:key from signing key, bind to issuerId.'

did:key is self-certifying. That works for local persistence, but breaks in multi-container setups. Two containers, different private keys, different DIDs, same logical agent.

Been working on an alternative at AgentLair: EdDSA JWTs issued per session, bound to a persistent did:web at a stable domain. Token is short-lived (1hr TTL). The identity it references isn't.

Wrote it up with x402 as the payment layer: https://dev.to/piiiico/three-layers-one-missing-root-58m4

Curious whether cross-system identity portability matters for your use case, or whether local persistence is enough.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions