A DID Namespace is the method-specific prefix in a Decentralized Identifier (DID), defined by the did: scheme and a unique method name. It follows the format did:<method-name>:. This namespace is a critical part of the DID syntax, did:<method>:<method-specific-identifier>, and serves as a routing mechanism. It tells a DID resolver which DID method specification to use to interact with the underlying blockchain or ledger where the DID's cryptographic keys and service endpoints are anchored. For example, the namespace did:ethr: indicates the DID is managed via the Ethereum blockchain using the ethr method specification.
LABS
Glossary
DID Namespace
A DID namespace is the scheme-specific identifier segment of a Decentralized Identifier (DID) URI that specifies the DID method to be used for resolution and operations.
Chainscore © 2026
definition
DECENTRALIZED IDENTIFIER
What is a DID Namespace?
A DID Namespace is a foundational component of the Decentralized Identifier (DID) system, acting as a unique prefix that identifies the method used to create, resolve, and manage a specific type of DID.
The primary function of a DID namespace is to ensure global uniqueness and interoperability across different decentralized systems. Each namespace is registered in the W3C DID Specification Registries, which maintains a controlled list of approved method names. This prevents collisions where two different methods might use the same identifier string. The namespace decouples the identifier from any single vendor, network, or technology, enabling a user's DID to be portable and verifiable across various platforms as long as they support the specified method. It is the key that unlocks the correct protocol for DID resolution and DID document retrieval.
From a developer's perspective, the namespace dictates the technical requirements for implementing a DID. A did:key: namespace implies a simple, self-contained DID, while did:ion: (ION, based on Bitcoin) or did:web: (hosted on a web domain) involve more complex resolution logic and trust models. When building applications, correctly interpreting the namespace is the first step in determining how to authenticate a user, verify a signature, or discover linked services. The namespace system creates a modular, extensible identity layer for the decentralized web, allowing new verification methods to emerge without disrupting existing identifiers.
how-it-works
DECENTRALIZED IDENTIFIERS
How a DID Namespace Works
A DID Namespace is a foundational component of the Decentralized Identifier (DID) system, providing the structural framework that ensures global uniqueness and resolvability for digital identities across different networks and methods.
A DID Namespace is the first component of a Decentralized Identifier (DID), specifically the segment before the colon (:), which defines the DID method and its governing system. For example, in the DID did:ethr:0xab..., the namespace is ethr. This prefix acts as a routing mechanism, instructing a DID resolver which specific set of rules, or DID method specification, to use for creating, reading, updating, and deactivating the DID document. It ensures that identifiers from different ecosystems, like did:web, did:key, and did:ion, remain globally unique and interoperable by segregating them into distinct, method-specific domains.
The primary function of a namespace is to enable discovery and resolution. When a system encounters a DID, it parses the namespace to select the correct resolver library or network driver. This resolver then interacts with the appropriate verifiable data registry—such as a blockchain, distributed ledger, or decentralized file system—to fetch the associated DID Document. This document contains the public keys, service endpoints, and authentication protocols necessary to interact with the identity. Without a standardized namespace, resolvers would have no deterministic way to locate the correct verification logic across the internet's fragmented systems.
Namespaces are formally registered in the W3C DID Specification Registries to prevent collisions and promote interoperability. A registered namespace guarantees that the associated DID method has a publicly documented specification. This registry is crucial for developers building wallets, verifiers, and other identity tools, as it provides a trusted reference for supported methods. It transforms the decentralized identity landscape from a chaotic set of incompatible systems into a coherent, addressable network where any entity can be uniquely and verifiably referenced, regardless of the underlying technology stack.
key-features
DECENTRALIZED IDENTIFIER
Key Features of a DID Namespace
A DID Namespace is a logical grouping of Decentralized Identifiers (DIDs) that share a common method and governance structure, enabling scalable and interoperable identity management on blockchains.
01
Method-Specific Prefix
The core of a namespace is its method-specific prefix (e.g., did:ethr:, did:key:). This prefix acts as a global identifier for the DID method's specification, routing resolution requests to the correct verifiable data registry (like Ethereum or a specific key management system).
02
Decentralized Governance
Each namespace is governed by the rules defined in its DID method specification. This governance can be on-chain (via smart contracts for key rotation) or off-chain (via consortium agreements), ensuring the namespace's operation is permissionless or permissioned based on its design goals.
03
Unique Identifier Suffix
Within a namespace, each DID is uniquely defined by a method-specific identifier string appended to the prefix (e.g., did:ethr:0xab...). This suffix is typically derived from a cryptographic public key or a smart contract address, guaranteeing global uniqueness without a central issuer.
04
Verifiable Data Registry
A namespace is anchored to one or more verifiable data registries—such as a blockchain, distributed ledger, or peer-to-peer network. This registry stores the DID Document (containing public keys and service endpoints), making the identity data publicly resolvable and tamper-evident.
05
Interoperability Layer
Namespaces provide the foundation for DID interoperability. By adhering to the W3C DID Core standard, different namespaces (e.g., did:ion: for Bitcoin, did:web: for domains) can be resolved by standard DID resolvers, allowing systems to understand and verify credentials across methods.
06
Cryptographic Control
Control within a namespace is exercised through cryptographic proof, not organizational permission. The controller proves ownership by signing with the private key corresponding to the public key in the DID Document, enabling secure key rotation, deactivation, and service updates.
examples
IMPLEMENTATIONS
Common DID Namespace Examples
A DID namespace is the method-specific identifier within a Decentralized Identifier (DID). These examples illustrate how different networks and standards implement their unique DID methods.
technical-details-syntax
DID NAMESPACE
Technical Details: Syntax and Registration
A DID namespace is a foundational component of the Decentralized Identifier (DID) specification, defining the syntax rules and registration process for a specific DID method.
A DID namespace is the unique identifier prefix that specifies the DID method to be used for creating, reading, updating, and deactivating a DID. It follows the did: scheme and precedes the method-specific identifier, as in did:example:123456. This namespace is formally registered in the W3C's DID Specification Registries, ensuring global uniqueness and preventing collisions between different method implementations. Registration involves submitting a detailed specification that defines the method's operations, security properties, and governance model.
The syntax for a complete DID is defined as: did:<method-name>:<method-specific-identifier>. The method-name is a lowercase string that constitutes the namespace, such as key, ethr, or web. This segment is crucial for resolvers and other systems to know which DID method driver to invoke for interacting with the identifier. The method-specific identifier is a string generated and interpreted according to the rules of that particular namespace, often derived from a public key, a blockchain address, or a database record.
Registering a namespace is a formal process that promotes interoperability and trust. Proposers must document the method's CRUD operations (Create, Read, Update, Deactivate), its verification methods (like public keys), and its security considerations. This public registration allows developers to discover and reliably implement support for the method. It transforms a proprietary identifier system into a standardized, web-scale component, enabling verifiable credentials and decentralized applications to function across different ecosystems without central coordination.
W3C DID SPECIFICATION
DID Namespace vs. DID Method
A comparison of two core concepts in the W3C Decentralized Identifier (DID) specification that define a DID's structure and its operational rules.
| Feature | DID Namespace | DID Method |
|---|---|---|
Primary Function | Identifies the DID Method and its governing system | Defines the operational rules for the DID on its specific ledger or network |
Location in DID Syntax | The second component in a DID (did:example:123) | The entire second component in a DID (did:example:123) |
Example DID Component | example in did:example:123 | example in did:example:123 |
Registry | W3C DID Method Registry | Defined by the method specification, not centrally registered |
Governance | Method name registration is governed by W3C | Governed by the entity or community that authors the DID Method specification |
Uniqueness Scope | Must be globally unique in the W3C registry | Must be unique within its namespace; method-specific identifiers must be unique within that method |
Defines | The high-level system or protocol family | CRUD operations, resolution, key rotation, and deactivation for DIDs on that system |
ecosystem-usage
DID NAMESPACE
Ecosystem Usage and Protocols
A DID Namespace is a controlled, hierarchical system for organizing and resolving Decentralized Identifiers (DIDs). It defines the structure and governance for a family of DIDs, enabling interoperability and trust across different systems.
01
Core Structure & Syntax
A DID Namespace is defined by the method name in a DID string (did:<method>:<method-specific-id>). This namespace governs the syntax rules, resolution protocol, and cryptographic operations for all DIDs under it. For example, did:ethr: and did:key: are distinct namespaces with different technical specifications.
02
Governance & Trust Anchors
Each namespace is defined by a DID Method Specification, a technical document registered with the W3C. This specification acts as the trust anchor, detailing:
- The target ledger or system (e.g., Ethereum, Bitcoin, a private network).
- The rules for creating, updating, and deactivating DIDs.
- The cryptographic verification methods (like public keys) it supports.
03
Interoperability & Resolution
Namespaces enable universal resolvers to correctly process DIDs from different sources. A resolver checks the method name (did:ethr, did:ion) to:
- Route the request to the correct DID resolver driver.
- Fetch the associated DID Document from the appropriate network.
- Apply the namespace's specific validation rules to ensure integrity.
04
Key Ecosystem Examples
Prominent DID namespaces in the blockchain ecosystem include:
did:ethr: For identities anchored to Ethereum and other EVM chains, managed by the Ethereum ERC-1056 standard.did:ion: A Sidetree-based method for scalable DIDs, often using Bitcoin or Ethereum as a trust layer.did:key: A simple, self-contained method where the public key itself is the identifier, requiring no blockchain resolution.
05
Protocol Integration
DID namespaces are foundational for higher-level protocols like Verifiable Credentials (VCs) and Decentralized Web Nodes (DWNs). They ensure that the issuer's identity in a VC (issuer: did:ethr:...) can be universally understood and cryptographically verified by any compliant verifier, regardless of the underlying blockchain.
06
Namespace vs. Method
While often used interchangeably, there is a subtle distinction:
- Namespace: The conceptual container and family identifier (e.g., the
ethrfamily). - Method: The concrete technical specification and software implementation that defines how to operate within that namespace. A single namespace is defined by one primary DID method.
DID NAMESPACE
Frequently Asked Questions (FAQ)
Decentralized Identifiers (DIDs) rely on namespaces to ensure global uniqueness and interoperability. This FAQ addresses common questions about DID namespaces, their structure, and their role in the decentralized identity ecosystem.
A DID namespace is the scheme-specific identifier within a Decentralized Identifier (DID) that specifies the governing DID method. It is the part of a DID URI that follows the did: scheme and precedes the colon before the method-specific identifier (e.g., did:example:123456 where example is the namespace). Its importance is foundational: it ensures global uniqueness by preventing identifier collisions across different DID methods and networks, and it defines the rules (the DID method specification) for how to create, resolve, update, and deactivate DIDs under that namespace. Without namespaces, there would be no standardized way to interpret or resolve a DID across different decentralized systems.
security-considerations
DID NAMESPACE
Security and Interoperability Considerations
A DID namespace is a foundational component of decentralized identity systems, defining the method-specific context for DID resolution and verification. Its design directly impacts security guarantees and cross-system compatibility.
01
Method-Specific Security Guarantees
The security properties of a DID are dictated by its namespace (the segment after did:). For example:
did:key: Security relies on the cryptographic strength of the key pair itself, with no external verification.did:ethr: Security is anchored to the Ethereum blockchain, depending on its consensus and the security of the controlling private key.did:web: Security depends on the TLS/SSL certificate and the operational security of the web server hosting the DID document. Each namespace defines its own trust model, key rotation, and revocation mechanisms.
02
Namespace Collision & Uniqueness
A core security consideration is preventing namespace collisions, where two different methods claim the same identifier. The W3C DID Specification delegates authority to method maintainers to ensure uniqueness within their namespace (e.g., did:example:123). Interoperability requires that resolvers can unambiguously identify the correct method-specific driver to process the DID. Poorly managed namespaces can lead to identifier hijacking or resolution failures.
03
Interoperability Through Standardized Resolution
For DIDs to work across different systems (wallets, verifiers, platforms), a universal DID resolver must understand how to process any namespace. This is achieved via the W3C DID Resolution specification and DID Universal Resolver implementations, which map namespaces to their corresponding driver software. A namespace's interoperability is high if its resolution method is widely implemented in standard resolvers.
04
Verifiable Data Registry (VDR) Dependence
Most DID namespaces rely on an underlying Verifiable Data Registry (VDR) for anchoring and discovering DID Documents. The choice of VDR (e.g., Bitcoin, Ethereum, IPFS, a centralized database) creates interoperability boundaries:
- Blockchain-based namespaces (e.g.,
did:btcr,did:sov) inherit that chain's finality and availability characteristics. - Off-chain namespaces (e.g.,
did:peer) enable high-speed, private interactions but may not be globally resolvable. Cross-namespace interactions require bridging protocols or trust in shared VDRs.
05
Privacy & Correlation Risks
The namespace itself can be a source of correlation. A DID like did:ethr:0xabc... immediately reveals the use of Ethereum and the specific identifier, potentially linking all associated credentials to a single on-chain identity. Privacy-preserving namespaces (e.g., did:ion on Bitcoin) or pairwise DIDs (unique DIDs for each relationship) are used to mitigate this. The namespace design influences the selective disclosure capabilities of the overall identity system.
06
Governance & Decentralization Trade-offs
The entity controlling the namespace specification holds significant power. Decentralized governance of the namespace (e.g., through an open consortium or on-chain DAO) enhances censorship resistance but can slow updates. Centrally governed namespaces allow for rapid iteration but introduce a single point of failure and control. This governance model affects long-term security, upgradability, and the ecosystem's trust in the namespace's stability.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall