Identities
Identities are how users and spaces exist in DFOS. Every identity is cryptographically verified and permanently identifiable through a decentralized identifier (DID).
What is an Identity?
An identity consists of:
- DID: A permanent identifier derived from cryptographic operations
- Keys: Cryptographic keys for authentication and content signing
- Profile: Optional display information (name, description, avatar)
- Username: Optional human-readable handle
Identities aren't just for users. Spaces have identities too. Any entity that creates content or participates in the system gets an identity.
Permanent Identifiers
Your DID is derived from your initial setup and never changes. Even if you rotate all your keys, update your profile, or change your username, your DID stays constant.
did:dfos:r7z9c4kfhne2t38va6d9kn
This permanence means content attribution, permissions, and relationships can't be broken by surface-level changes. You can reinvent your username, but your DID anchors your history.
See DID Method for technical specification.
Keys and Security
Each identity has cryptographic keys for different purposes:
- Authentication: Proving you control the identity (logging in, API access)
- Content signing: Creating verifiable content (posts, profile updates)
- Key management: Rotating keys if they're compromised
If a key is compromised, you can rotate it while keeping the same DID. The identity persists, but the vulnerable key is replaced.
Profiles
Profiles are optional display information:
- Name: How you appear to others
- Description: Bio or about section
- Avatar: Profile image
- Banner: Header image
- Background: Additional styling
You can have an identity with no profile—just a DID. Or you can fill out all fields. All profile information is stored with cryptographic verification, creating an audit trail of changes.
Usernames
Usernames are human-readable handles. Unlike DIDs, usernames can be changed.
Properties:
- Unique across the system
- Optional (you can exist with just a DID)
- Changeable (claim a new username anytime)
- Case-insensitive alphanumeric with hyphens and underscores
When someone references you in conversation, they use your username. But the system uses your DID for all operations, ensuring references don't break when you change your handle.
Visibility
Your identity's visibility depends on context:
Your own identity: Always visible to you. This is how you appear to yourself and control your profile.
Other identities: Only visible if you share a space. If you're both members of the same space, you can see each other's profiles.
Public discovery: There is no global directory. You discover identities by being in spaces together.
This privacy model keeps identities contextual. You only see people you're collaborating with.
Identity Lifecycle
Creation: When you create an account, your first identity is automatically generated. The system creates your DID, generates keys, and sets you up.
Profile updates: Update your profile anytime. Each update is cryptographically signed and creates a version in the history.
Username changes: Claim or change your username whenever you want. The username is just a label—your DID is the real identifier.
Key rotation: If you suspect a key is compromised, rotate it. The new key replaces the old one, but your DID and content history remain intact.
Multiple identities: Each account can have multiple identities. You might want separate identities for different contexts (personal, professional, pseudonymous).
Accounts vs Identities
Your account is tied to email authentication. It's how you log in.
Your identities are DIDs with cryptographic keys. They're how you exist in spaces and create content.
Why separate them?
- You can have multiple identities under one account
- Account recovery uses email verification
- Identity operations are cryptographic, not tied to email
- Different contexts might warrant different identities
This separation lets you manage authentication (account) separately from participation (identities).