# Decentralized Identifier (DID)

> A globally unique identifier that its owner controls directly, without a central registration authority, verifiable by cryptography.

_The Agentic Web Lexicon · /glossary/decentralized-identifier · [JSON](/api/glossary/decentralized-identifier) · [all The Agentic Web Lexicon](/glossary)_

- **term:** Decentralized Identifier (DID)
- **category:** identity
- **short_def:** A globally unique identifier that its owner controls directly, without a central registration authority, verifiable by cryptography.
- **long_def:** A DID is a URI (did:method:id) that resolves to a DID document containing public keys and service endpoints, letting the controller prove ownership by signing. Because no central registry issues it, a DID gives an agent a portable, self-controlled identity — a building block for agent identity and verifiable credentials.
- **see_also:** agent-identity, verifiable-credentials, web-bot-auth
- **etymology_origin:** — (verify-against-primary-at-build)
- **related_to:** agent-identity, verifiable-credentials, web-bot-auth, http-message-signatures
- **contrast_with:** Unlike an account issued and revocable by a central provider, a DID is controlled by its holder's keys — no issuer can take it away or is needed to verify it.
- **example:** An agent could present a DID and sign a challenge to prove it is the same agent across sites, without any site-specific account.
- **source:** https://www.w3.org/TR/did-core/
- **status:** active
- **why_it_matters:** Portable, self-controlled identity is a precondition for trusted agents on the agentic web; DIDs and verifiable credentials are how an agent proves who it is without a central gatekeeper.
- **sameAs:** https://www.w3.org/TR/did-core/
- **bridge_entity:** agent-identity
- **last_verified:** 2026-07-06
- **md_twin:** /glossary/decentralized-identifier.md
