What a DID Actually Is (And Why You Should Care)

"DID" keeps appearing in conversations about the AT Protocol, decentralized identity, and sovereign professional tools. If you have spent any time in these spaces, you have seen it. If you have not looked it up, that is fine. Most explanations start in the wrong place. Here is the useful version. Start With the Problem It Solves Your username on any given platform is not really yours. It is a label the platform assigns, stores in their database, and revokes at will. @yourname on Twitter(or 'X') is not a stable identifier. It is a database row. When the company decides your account is closed, the row is flagged, and the name becomes available again. Your professional history, follower count, and years of content dissolve. We've seen this time and time again. The same is true of your email address, in a different way. you@gmail.com is yours only as long as Google honours your account. It is a tenant-and-landlord arrangement with unlimited penalty clauses for the tenant. A DID (Decentralized Identifier) solves a specific version of this problem: how do you create an identifier for a person that cannot be taken away by a third party? What a DID Actually Is A DID is a globally unique identifier that resolves to a cryptographic document rather than a database entry. When you create an AT Protocol account, a DID is generated for you. It looks something like this: did:plc:abcdefghijklmnopqrstuvwx Behind that string is a DID Document, a small public record that contains: - The public keys associated with your identity - The location of your Personal Data Server (PDS) - Proof that you control the private key that signed everything The critical difference from a username is this: no single company owns the resolution of your DID. The DID Consortium (for did:plc types) and the DNS system (for did:web types) are used to resolve identifiers, but your actual data lives on your PDS. If your PDS moves, your DID can point to the new location. Your identity travels with you. Your Handle Is a Pointer. Your DID Is the Truth. On Bluesky and Gander, your human-readable handle (like @jgbutterfieldwrites.gander.social) is a convenience layer. It resolves to your DID via a DNS lookup. The handle can change. The DID remains stable. This distinction matters professionally. If you switch networks, change your domain, or move your PDS to a different host, your connections, your history, and your verified credentials stay attached to your DID. The handle is the street address. The DID is the title deed. What Gets Signed to Your DID Everything you do in the AT Protocol ecosystem is anchored to your DID. That includes: - Your profile records (name, bio, avatar) - Your Sifa career records (positions, education, skills) - Your Kevara extended records - Your portfolio data and published articles - Endorsements you have received from other DIDs - Verification labels issued by labelers like Kevara's Ozone instance When Kevara verifies your domain, we do not add a badge to your profile in our database. We issue a signed label to your DID. That label is readable by any application in the AT Protocol ecosystem, permanently, regardless of what Kevara does next. The credential is yours. We are just the issuing authority. Why "Decentralized" Is Not Just Marketing Centralized identity means one company controls who you are. Decentralized identity means your identifier is cryptographically yours, anchored to keys only you hold, resolvable without anyone's permission. In practical terms: your Kevara profile cannot be deleted by Kevara. Your AT Protocol account cannot be deleted by Bluesky (though they can remove it from their AppView). Your DID, and everything attached to it, persists as long as your PDS is running. For professionals who have watched platforms disappear or arbitrarily terminate accounts, this is not a minor point. The Practical Takeaway You do not need to understand elliptic curve cryptography to benefit from a DID. What you need to understand is the ownership model: - Your DID is stable, portable, and cryptographically tied to keys you control - Your handle is a convenience layer that can change without breaking your identity - Everything verified against your DID travels with you across networks - No platform can revoke it If you are building a professional presence for the long term, that ownership model is the whole game. Everything else is a display layer. Including Kevara. --- Kevara builds on the AT Protocol's identity architecture to give professionals a portable, cryptographically anchored presence across Bluesky, Gander, and EuroSky. Your DID is your foundation. We just make it look the part.