# Identity Each participant (even mediators, registries, and namespaces) in the Decentrl network is identified by a [DID](https://www.w3.org/TR/did-core/). A DID is a unique identifier, that can be resolved to a public [DID document](https://w3c.github.io/did-spec-registries) that contains identities and public info such as public encryption keys, services (more on that later), and alias. Because DIDs are decentralized identifiers, their underlying DID documents can be hosted anywhere, and therefore different types DIDs need different DID resolvers in order to fetch the identity's public DID document. The Decentrl network is based on the **web did method** that is defined [here](https://w3c-ccg.github.io/did-method-web/). {% hint style="info" %} While the Decentrl network was based on DID web method, it does not mean it is limited only to that method. Any method could potentially be used if the clients implemented other method resolvers. {% endhint %} *Example of what a Decentrl DID looks like:* ``` did:web:registry.decentrl.network:identity:95ef7d16-e5d2-434d-9f3b-4a413690cec2 ``` *This DID resolves to* [*this DID document*](https://registry.decentrl.network/identity/95ef7d16-e5d2-434d-9f3b-4a413690cec2/did.json)*.* ## The DID Document The DID document is the main part of the Decentrl network, as all network participants use each other's documents to know how to communicate with each other. The document is constructed out of the following parts: ### Alias (optional) An optional property that defines what you wish to be called. This property is useful for clients to provide a nice readable name instead of DID identifier. ### Service A property that defines ways to communicate with the DID. Decentrl has predefined a few different service types that will enable you to communicate using Decentrl protocol. **DecentrlMediator**\ Used by mediators to define how other network participants can connect to them and which features they have available. The default communication channel between mediators and identities is over websockets and using encrypted [DIDComm](https://identity.foundation/didcomm-messaging/spec/#mediator-process) payloads. The routingKeys define which keys should be used for encrypted communication. ```json { "id": "did:web:mediator.decentrl.network#mediator", "type": "DecentrlMediator", "serviceEndpoint": { "uri": "wss://mediator.decentrl.network", "routingKeys": ["did:web:mediator.decentrl.network#key-ECDH-1"], "features": ["TWO_WAY_PRIVATE", "ONE_WAY_PUBLIC"] } } ``` **DecentrlMediatorRegister**\ Used by mediators to define an endpoint on which identities can register. ```json { "id": "did:web:mediator.decentrl.network#mediator", "type": "DecentrlMediatorRegister", "serviceEndpoint": { "uri": "https://mediator.decentrl.network/register", "routingKeys": ["did:web:mediator.decentrl.network#key-ECDH-1"] } } ``` **DecentrlMediatorClient**\ Used by identities to define on which mediators they have registered. ```json { "id": "did:web:registry.decentrl.network:identity:95ef7d16-e5d2-434d-9f3b-4a413690cec2#mediator-client", "type": "DecentrlMediatorClient", "serviceEndpoint": "did:web:mediator.decentrl.network", "registeredFeautres": ["TWO_WAY_PRIVATE", "ONE_WAY_PUBLIC"] } ``` **DecentrlRegistry**\ Used by registries to define an endpoint through which identity can register. ```json { "id": "did:web:registry.decentrl.network#registry", "type": "DecentrlRegistry", "serviceEndpoint": { "uri": "https://registry.decentrl.network/", "routingKeys": ["did:web:registry.decentrl.network#key-ECDH-1"] } } ``` **DecentrlNamespace**\ Used by namespaces to define an endpoint through which identity can register. \[TBD] ### Verification methods Verification methods property defines public keys that can be used to enable E2E encrypted communication with an identity. By default, Decentrl network supports **EC P-256** keys in **JWK** format to enable E2EE communication. *Example of a public key defined under verification methods* ```json { "id": "did:web:mediator.decentrl.network#key-ECDH-1", "type": "JsonWebKey2020", "publicKeyJwk": { "kty": "EC", "x": "2c1Y1YkTnNFvUp2bVSP-OFZRYL6TsTU-LEUoyu2wP8o", "y": "HR2_EIXu6ZZL-GJCvAyxVKGie8KWp50dyBvQ4xCQ700", "crv": "P-256", "kid": "82abd98e-31ee-4769-a40b-08a3dc8e4fe6" }, "controller": "did:web:mediator.decentrl.network" } ``` Each identity participant in the Decentrl network should have at least two sets of keys available. An encryption key pair and signing key pair. The encryption public key should be referenced under the **keyAgreement** property and the signing public key should be referenced under the **authentication** property. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://decentrl.gitbook.io/decentrl/identity.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.