did:web Verification
To further increase trust and bind declarations to verifiable identities, Liccium supports the did
By publishing a DID document at https://yourdomain.com/.well-known/did.json, the public key used in the declaration becomes discoverable and verifiable – ensuring transparency and accountability.
What is did
The did
- Generate a cryptographic key pair (public/private)
- Use the private key to sign Liccium declarations
- Make the public key discoverable via a URL based on their domain
This ensures that the party controlling the key also controls the corresponding domain – a vital signal for authenticity and traceability.
Example
If your DID is:
Code
Then your public key must be accessible at:
Code
DID Document Structure
The DID document is a JSON file that includes your public key and other metadata.
Example
Code(json)
This file enables any third party to:
- Retrieve your public key from your domain
- Validate that the key used to sign the declaration matches what's published
- Confirm that the declaring party has control over both the domain and the cryptographic key
Why did
- No blockchain dependency – identities are linked to real-world web domains.
- Human-readable – the DID resolves directly to a trusted HTTPS location.
- Compatible with Liccium's VC and certificate authentication model.
Binding to Declarations
The declaration must be signed using the private key corresponding to the public key in your DID document.
In addition, if you're using:
- A Verifiable Credential: it must be issued to the subject identified by the DID.
- A Qualified Certificate: the public key in the certificate must match the DID's key.
This cryptographic binding enables Liccium to validate declarations without requiring a central authority, relying instead on domain-based proof and standard public key infrastructure.