DID Method

A DID Method is the ruleset that makes a particular family of decentralized identifiers actually work. Every DID carries a method name in its second segment — for example did:web:example.com or did:key:z6Mk... — and that name tells software which method specification governs the four core operations: create, resolve (read), update, and deactivate. Without a method, a DID is just a string; the method is what binds it to a verifiable source of truth.

Why methods differ

The W3C DID Core specification deliberately does not mandate a single backing system. Instead it defines a common data model and lets each method choose where control lives. Some methods anchor identifiers to a blockchain, some to a web domain, some derive everything from a cryptographic key with no external registry at all. This pluralism mirrors the sovereign-Bitcoiner instinct: pick the trust model you can actually verify rather than one imposed on you. The DID Specification Registries track conforming methods so resolvers know how to dereference each one.

Trade-offs a sovereign user weighs

A purely key-derived method needs nothing but the key but cannot rotate it. A ledger-anchored method survives key rotation and supports revocation but inherits the ledger's liveness and governance assumptions. A domain-based method is trivial to host yourself but only as durable as your DNS and TLS. Choosing a method is therefore a self-custody decision about who, if anyone, you must trust to keep your identifier resolvable.

DID Methods are the substrate beneath verifiable presentations and the broader decentralized-identity stack. To see how a single method resolves to a usable document, read our entry on the DID Document.