No DNS configuration is required to enable Domain Linkage. It works by running UniCore on your domain and thereby proofing ownership. Allowing Domain Linkage for other hosting scenarios (SaaS, etc.) is currently in research.
Domain Linkage
Domain Linkage is a mechanism within self-sovereign identity (SSI) systems that securely binds a digital
identity — typically represented by a Decentralized Identifier (DID) — to a specific web
domain. This binding is achieved by publishing cryptographic proofs or verifiable credentials on the domain, often in a
standardized location (e.g., a .well-known URL). The result is a trusted association that allows any verifier to
confidently confirm that the entity controlling the domain is the same one represented by the digital identity. This
process is crucial for enhancing trust and ensuring secure interactions in SSI applications.
Not all DID methods are suitable for Domain Linkage. Only methods that allow updating DID Documents can support this mechanism.
| DID method | Domain Linkage supported |
|---|---|
did:iota | ✅ |
did:jwk | ❌ |
did:key | ❌ |
did:web | ✅ |
Enabling Domain Linkage in UniCore
To enable Domain Linkage in UniCore, follow these steps:
-
Environment Variable:
Set theUNICORE__DOMAIN_LINKAGE_ENABLEDenvironment variable totrue. -
Configuration File:
Alternatively, setdomain_linkage_enabledtotruein theconfig.yamlfile.
When Domain Linkage is enabled, UniCore will generate and publish the necessary cryptographic proofs on the domain and create the appropriate DID Documents for the enabled DID methods.
Because the DID Configuration resource must reside at the domain root (see DID Configuration
Spec), Domain Linkage in UniCore will not work
if the UNICORE__URL environment variable contains a path segment. For example, Domain Linkage will not become active for:
UNICORE__URL=http://my-domain.com/unicore/
Instead, it must be configured as:
UNICORE__URL=http://my-domain.com/