Decentralized Identity Linking: Website + Social + NFTs

4 min readOct 15, 2021


Serto’s Blue Sky Satellite Contest Submission

We are excited to answer Blue Sky’s call for submissions to the Satellite Contest. We were challenged to demonstrate ownership of multiple public identifiers, and created a series of bi-directional, verifiable linking proofs. You can view a video walkthrough of our solution here.

We used a self-hosted instance of Serto Agent to generate a DID using the WEB:DID method. This DID represents the Serto team.

We signed several verifiable credentials with our DID keys, each written about the location where the messages should appear. We created the W3C standards-compliant verifiable credential schemas using Serto Schemas. We published these signed VCs in publicly searchable places related to our social profiles and website, and have also used the DID’s associated Ethereum keys to mint an NFT. We created verifiable, bi-directional links between our DID and other public identifiers.

We optimized this solution to bidirectionally link many identifiers with approachable UX, offer clarity for all audiences, and incorporate flexibility for any social identifiers and ownership of content. We also ensured that these bi-directional links between identifiers could be independently verified unlike Linkdrop, ENS, 3Box Profiles, etc.

Serto Search gives anyone the ability to verify credentials, learn about DIDs, VCs or NFTs, or even build a competing front-end that performs credential verification. Similar credentials can be created by anyone using a DID Agent or app, like Serto Agent.

To verify ownership of, we placed Serto’s DID configuration document in the .Wellknown resource of the DNS, in accordance with the DIF Specification (although any encryption key-pair can be attached to this DID config file). This document contains a self-attested, W3C-compliant verifiable credential signed by our DID, affiliating it with the website, and another DID associated with an Ethereum address — DIDs can be linked to other DIDs!). This credential is searchable and verifiable with Serto Search. Anyone can use to interrogate the credential by pasting the JSON Web Token (JWT) into the search bar, which will check the cryptography to ensure it hasn’t been tampered with, and display the signature and taxonomy of the credential.

We’ve posted similarly self-attested verifiable credentials from our LinkedIn, YouTube, Twitter and Medium accounts to prove ownership with the same DID keys. Serto’s DID keys also minted this NFT.

We used W3C-compliant verifiable credentials to link identifiers, which increases potential cross-chain interoperability and global legibility. We’ve pioneered the combined use of these standards with the .Wellknown Configuration, with the first product experience for this technical configuration. Though this exercise inherits the security risks of centralized infrastructure like DNS (as hilariously illustrated by Facebook recently), we have created a decentralized way to link together these centralized infrastructures and therefore such risks are native to the task.

VCs are off-chain, private by default, gas-free, non-transferable and revocable, and interoperable across protocols with W3C standard compliance. There is no limit to the types of identifiers you can link together using VCs, even if tooling isn’t explicitly engineered to enable a link to that specific platform. VCs combined with Serto Search solves the discovery problem — allowing anyone to start with any identifier, and follow its credentials to discover how it is related to other identifiers.

On-chain links between identifiers sacrifice privacy, incur on-chain costs, and risks agency and control. On-chain identifiers like ENS lack dedicated keys which introduces a critical risk of losing your identifier with no formal recourse. Your ENS address can expire while still bearing the text records of your contact information, though the ENS has been claimed and is now controlled by another party. Additionally, ENS does not require that you prove ownership of a text record (e.g. Twitter Account) linked to your ENS address. ENS stores these self-asserted text records on-chain, which defaults to public and globally available to archive nodes — not a best practice for personal data.

Serto Search is a centralized interface for interrogating decentralized data assets and the atomic links between them. With no Serto account, download or registration required to validate the VC signatures, there is no single point of failure. Serto Search uses open source code and implements the DIF .Wellknown Configuration Specification, so anyone could build their own verifying interface if desired.

If any other solution lacks a discovery and search element, it falls short of a global utility. We have linked identifiers so anyone can verify without arduous prerequisite expertise. Our simple UX enables global accessibility; people can only verify what they can understand, and verification and trust are subjective experiential concepts. We believe simple interfaces maximize global accessibility over the technical validation of cryptographic proofs alone.

To learn more about Serto Suite and decentralized identity technology, visit us at


I’m linking this account to my Decentralized Identifier (DID)

My credential 👉




Serto makes decentralized identity technology easier for everyone to enjoy. Our work is powered by ConsenSys. Join us at Serto.ID.