## What are identity protocols?

Identity protocols let agents verify who is behind a domain or service. They answer: "Who are you, and how can I verify that?"

## WebFinger

Discover information about a user or service from their domain. Served at `/.well-known/webfinger`:

```json
{
  "subject": "acct:service@yourdomain.com",
  "links": [
    { "rel": "self", "type": "application/activity+json", "href": "https://yourdomain.com/actor" }
  ]
}
```

**Spec**: [RFC 7033](https://www.rfc-editor.org/rfc/rfc7033)

## DID Document

Decentralized Identifiers — self-sovereign identity URIs. Served at `/.well-known/did.json`:

```json
{
  "id": "did:web:yourdomain.com",
  "verificationMethod": [{
    "id": "did:web:yourdomain.com#key-1",
    "type": "Ed25519VerificationKey2020",
    "publicKeyMultibase": "z6Mk..."
  }]
}
```

**Spec**: [W3C DID Core](https://www.w3.org/TR/did-core/)

## Nostr NIP-05

Maps human-readable names to Nostr public keys. Served at `/.well-known/nostr.json`:

```json
{
  "names": {
    "service": "npub1..."
  }
}
```

**Spec**: [NIP-05](https://github.com/nostr-protocol/nips/blob/master/05.md)

## AT Protocol DID

Links a domain to a Bluesky/AT Protocol identity. Served at `/.well-known/atproto-did`:

```
did:plc:abc123xyz
```

**Spec**: [AT Protocol Identity](https://atproto.com/specs/did)

## Apple App Links & Android Asset Links

Mobile deep-linking protocols that prove a domain is associated with a mobile app.

- Apple: `/.well-known/apple-app-site-association`
- Android: `/.well-known/assetlinks.json`

## Spec maturity

All identity protocols listed here have **formal specifications**. WebFinger and DID are W3C/IETF standards. Nostr and AT Protocol are ecosystem-specific but well-defined.

## Related

- [A2A](/kb/a2a)
- [SKILL.md](/kb/skills)