Re: How/why "methods" became part of the original Decentralized Identifier conversations? from Bob Wyman on 2026-03-31 (public-credentials@w3.org from March 2026)

From: Bob Wyman <bob@wyman.us>
Date: Tue, 31 Mar 2026 00:11:25 -0400
To: "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>
Cc: Drummond Reed <drummond.reed@gmail.com>, "Manu Sporny (msporny@digitalbazaar.com)" <msporny@digitalbazaar.com>, Markus Sabadello <markus@danubetech.com>, "Daniel Hardman - Personal ()" <daniel.hardman@gmail.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
Message-ID: <CAA1s49VF=oZ+zTzFZ1ufx2-d+kWed8bSWnZRnqgYBwbQEjhRzQ@mail.gmail.com>

Michael,
Given that did:web has become one of the most widely adopted DID methods,
and given that it differs from WebFinger (RFC 7033) primarily in path
conventions (/.well-known/did.json vs /.well-known/webfinger), vocabulary
(DID document + JSON-LD @context vs JRD), and data model rather than in any
fundamental architectural property, why was WebFinger not found suitable as
the basic DID method for online use?

Both protocols:
- Bind a human-readable or domain-based identifier to discovery metadata
including public keys and service endpoints
- Use HTTPS and well-known URIs
- Return a structured JSON document
- Support federation across domains
- Require a DNS domain name (and therefore a domain registrar) for
resolution

Publishing public keys via WebFinger was not a gap requiring a new
protocol; it was already standard practice. OpenID Connect uses WebFinger
for provider and key discovery. Mastodon publishes public keys via
WebFinger for ActivityPub signature verification. The Fediverse's
federation infrastructure runs on it at scale.

The last point in the list above is also the primary criticism levelled at
did:web within the Working Group—that it is not truly decentralised because
it depends on DNS. That criticism applies equally to WebFinger. If the
Working Group accepted that limitation for did:web, the question is: Why
didn't it simply adopt WebFinger directly rather than introducing a new
identifier scheme that covers the same ground?

For the genuinely offline, domain-independent case—where DNS dependency is
truly unacceptable—something else would have been appropriate, perhaps
did:key or even your urn:<hash> suggestion: a self-certifying identifier
whose resolution requires no external infrastructure at all.

The question I would put to those who were in the original conversations:
was the decision to introduce DID methods as a framework, rather than
adopting WebFinger for the online case and a self-certifying identifier for
the offline case, driven by technical requirements that this simpler
approach could not satisfy? Or did it reflect other considerations? If so,
what were they?

bob wyman

On Mon, Mar 16, 2026 at 10:02 PM Michael Herman (Trusted Digital Web) <
mwherman@parallelspace.net> wrote:

> To: The Original DID People,
>
> Who remembers how/why "methods" became part of the original Decentralized
> Identifier conversations?  What was the original catalyst/reason d’etre for
> having “methods”?
>
> Why aren’t we all just using something simple and universal like:
> urn:<hash>?  …that is, one universal syntax plus multiple diverse
> back-end technology implementations?
>
>
>
> Michael
>
> Web 7.0
>

Received on Tuesday, 31 March 2026 04:11:42 UTC