DID Document

A DID Document is the payload you get when you resolve a decentralized identifier. It is the serialization of the DID data model — typically a JSON or JSON-LD object — and it answers the only questions a verifier really cares about: which keys can speak for this identifier, and where can I interact with its subject. Everything else in the decentralized-identity stack ultimately reads from this document.

What the document contains

The core components are verification methods (public keys or other cryptographic material used to prove control of the DID), verification relationships (which keys are authorized for authentication, assertion, key agreement, and so on), and service endpoints (network locations for trusted interactions with the subject, such as messaging or credential exchange). A controller field records who is authorized to change the document. The exact contents are shaped by the governing DID Method.

Why it matters for self-custody

Because the document is the single source of truth for an identifier's keys, controlling the document means controlling the identity. A sovereign user wants to know exactly where the document lives and who can rewrite it — a self-hosted did:web file, a ledger entry, or a value derived from a key. Key rotation, revocation, and adding new services are all just edits to this document, which is why its integrity and resolution path are the real trust boundary.

The DID Document is what a verifier checks before accepting a verifiable presentation, making it the quiet keystone of the whole architecture.