agentgrade

← Knowledge Base

What are identity protocols?

Identity protocols let agents verify who is behind a domain or service. They answer: "Who are you, and how can I verify that?"

WebFinger

Discover information about a user or service from their domain. Served at /.well-known/webfinger:

{
  "subject": "acct:service@yourdomain.com",
  "links": [
    { "rel": "self", "type": "application/activity+json", "href": "https://yourdomain.com/actor" }
  ]
}

Spec: RFC 7033

DID Document

Decentralized Identifiers — self-sovereign identity URIs. Served at /.well-known/did.json:

{
  "id": "did:web:yourdomain.com",
  "verificationMethod": [{
    "id": "did:web:yourdomain.com#key-1",
    "type": "Ed25519VerificationKey2020",
    "publicKeyMultibase": "z6Mk..."
  }]
}

Spec: W3C DID Core

Nostr NIP-05

Maps human-readable names to Nostr public keys. Served at /.well-known/nostr.json:

{
  "names": {
    "service": "npub1..."
  }
}

Spec: NIP-05

AT Protocol DID

Links a domain to a Bluesky/AT Protocol identity. Served at /.well-known/atproto-did:

did:plc:abc123xyz

Spec: AT Protocol Identity

Apple App Links & Android Asset Links

Mobile deep-linking protocols that prove a domain is associated with a mobile app.

• Apple: /.well-known/apple-app-site-association
• Android: /.well-known/assetlinks.json

Spec maturity

All identity protocols listed here have formal specifications. WebFinger and DID are W3C/IETF standards. Nostr and AT Protocol are ecosystem-specific but well-defined.