LoomalConcepts
Decentralized Identity (DID)
How Loomal uses did:web for verifiable agent identity
Every Loomal identity gets an Ed25519 key pair and a W3C DID — a globally unique, cryptographically verifiable identifier.
DID Format
did:web:api.mailgent.dev:identities:id-abc123This resolves to a DID Document at:
https://api.loomal.ai/identities/id-abc123/did.jsonDID Document
{
"@context": ["https://www.w3.org/ns/did/v1"],
"id": "did:web:api.mailgent.dev:identities:id-abc123",
"verificationMethod": [{
"id": "did:web:...#key-1",
"type": "Ed25519VerificationKey2020",
"publicKeyMultibase": "z6Mkf5rG..."
}],
"authentication": ["did:web:...#key-1"],
"service": [{
"type": "EmailService",
"serviceEndpoint": "mailto:sales-x3unq@mailgent.dev"
}]
}How It Works
- Key generation: When you create an identity, Loomal generates an Ed25519 key pair
- Private key: Encrypted with AES-256-GCM and stored in the vault — only accessible via
identity.sign - Public key: Published in the DID Document, publicly accessible
- Signing: Your agent calls
identity.signto sign data with its private key - Verification: Anyone resolves the DID Document, gets the public key, and verifies the signature
Why DID?
- Cryptographic proof: An agent can prove it is who it claims to be
- No central authority: Verification uses standard HTTPS — no special infrastructure needed
- Interoperable: Works with any system that supports
did:webresolution - Linked to email: The DID Document references the agent's email address, tying DKIM-verified email identity to cryptographic identity
MCP Tools
| Tool | Description |
|---|---|
identity.whoami | Get your DID, name, email, and scopes |
identity.sign | Sign data with your Ed25519 private key |
identity.verify | Verify a signature against any did:web identity |