| title | Certified Identity |
|---|---|
| description | How identity works in the Hypercerts ecosystem — DIDs, signing, portability, and wallet linkage. |
Every hypercert record has an author. Every evaluation carries a signature. Every funding receipt traces back to a DID. Identity is a core primitive of the protocol — it determines who owns records, who can be trusted, and who receives funding.
The Hypercerts Protocol uses AT Protocol's identity system. Every participant — whether an individual contributor, an evaluator, or an organization — is identified by a DID (Decentralized Identifier).
A DID like did:plc:z72i7hdynmk6r22z27h6tvur is:
- Permanent — it never changes, even if you switch servers or handles
- Portable — your records, reputation, and history follow your DID across platforms
- Cryptographically verifiable — every record you create is signed by your DID's key pair, and anyone can verify the signature
Your DID resolves via the PLC directory to a DID document containing your current PDS, public signing keys, and handle.
| Layer | How identity is used |
|---|---|
| Data | Every record (activity claims, evaluations, measurements) carries the author's DID. The PDS signs records into a Merkle tree, making authorship tamper-evident. |
| Trust | Evaluators build reputation tied to their DID. Applications can weight evaluations based on the evaluator's history and credentials. |
| Funding | Funding receipts link funder DIDs to the work they support. Wallet linkage (work-in-progress) connects DIDs to on-chain addresses for payment flows and tokenization. |
| Portability | Switching PDS providers doesn't change your DID. Your entire history — claims, evaluations, contributions — migrates with you. |
Certified is the identity provider built for the Hypercerts ecosystem. It provisions the full identity stack in a single sign-up:
- A DID — your permanent identifier
- A PDS — your Personal Data Server, where records are stored
- Low-friction sign-in — email and code, no passwords or protocol knowledge required
Certified exists because most Hypercerts users are not Bluesky users. Researchers, land stewards, open-source maintainers, and funders need an entry point that doesn't require knowledge of ATProto or decentralized protocols. Certified provides that — a neutral identity provider that isn't tied to any single application.
Handles are not needed to log in to the Hypercerts ecosystem, but every user has one. They serve as human-readable names for publicly addressing others and for interacting with other applications in the AT Protocol ecosystem that haven't implemented email-based login with Certified. Your handle (e.g., alice.certified.app) is human-readable but not permanent — it's a pointer to your DID. Organizations can use custom domain handles (e.g., numpy.org) to prove organizational identity through DNS verification.
For setup details, see Account & Identity Setup.
{% callout type="note" %}
Hypercerts is fully interoperable with the AT Protocol ecosystem. If you already have a Bluesky account or any other ATProto identity, you can log in with your existing handle (e.g., alice.bsky.social) and use all Hypercerts applications — no additional account needed.
{% /callout %}
To receive on-chain funding, a DID needs to be linked to an on-chain wallet address. This is handled by IdentityLink — a cryptographic attestation system that binds a DID to one or more on-chain addresses via a signed proof stored in your PDS. For the Ethereum ecosystem this looks like:
- Authenticates the user via ATProto OAuth
- Connects an EVM wallet (EOA, Smart Wallet, or Safe)
- Signs an EIP-712 typed message proving ownership
- Stores the attestation in the user's PDS
The attestation is self-sovereign (stored in your PDS, not a central database) and verifiable by anyone. See the Roadmap for current IdentityLink status.
- Account & Identity Setup — create an account, configure custom domains, manage app passwords, and set up organization accounts
- Architecture Overview — how identity fits into the protocol stack
- Quickstart — create your first hypercert
Next: Why AT Protocol? — how identity and records stay portable across apps.