FedID
Identity ProtocolsA federated decentralized identity system combining the portability of OpenID Connect (OIDC) with the distribution of ActivityPub to provide usernames and identifiers that individuals own and control permanently, regardless of what happens to their original server. Users get a user@domain.ext identifier backed by a DID document containing their public keys, which is federated across multiple servers for resilience .
Federated Company Medium capture risk
Details
License Partially open
Dev Status Alpha
Owner JLINC Labs (co-founded by Jim Fournier, CEO, and Victor Grey, Chief Architect); JLINC Inc was founded as Portable Data Corp in 2015; Oakland, California
Country USA
Start Year 2023
Stack Node.js, containerized server deployment, OIDC-compatible server infrastructure, ActivityPub federation layer
Funding Bootstrapped
Last Investigated Jan 15, 2026
Identity Protocol Attributes
Permissions Proprietary / Open Protocol — JLINC Labs holds a patent on the JLINC protocol (granted January 2023); FedID is a service built on JLINC infrastructure without a published OSI-approved open source license. The FIDC protocol specification and DID method documentation are openly published and freely implementable, but the primary jlinc-node implementation does not carry a standard OSI license.
Authentication & Identity DID-based with OIDC compatibility: user creates a FedID (user@domain.ext format) and the FedID App generates private keys on device; FedID Server creates a DID document containing public keys; user signs DID with private key; server federates DID to all federated servers; login via QR code challenge instead of passwords
Storage Model Federated replication: DID documents stored on the user's home FedID Server and replicated to all federated FedID Servers; user's private keys stored only on their device(s) via FedID App; JLINC audit records can be stored on designated archive servers (e.g., archive.jlinc.io)
Interoperability High: OIDC-compatible (any OIDC relying party can integrate FIDC by changing two URL lines); ActivityPub federation (interoperates with Mastodon, Lemmy, Threads, and any ActivityPub-compatible software); JLINC protocol for data provenance auditing across services; potential EU regulatory alternative to Google/Facebook OIDC monopoly
Data Portability Core design principle: username persists even if original server disappears, changes domain, blocks user, or shuts down — as long as DID has been federated to at least one other server; user migrates by connecting to any other FedID Server that holds their federated DID; content ownership tracked via JLINC capability delegations
Governance & Decision Making Corporate (JLINC Labs as for-profit company with patented protocol); FedID Servers are independently operated (similar to Mastodon instance model); no documented community governance structure for the protocol itself
Protocol Maturity / Standardization Community Standard (published did:fedid method specification; JLINC protocol backing; not submitted to formal standards body)
Identity Standards W3C DID v1; JLINC DID v2; OpenID Connect (OIDC); ActivityPub; W3C Verifiable Credentials (via capability delegations)
DID Methods Supported did:jlinc (format: did:jlinc:fedid.domain.ext:<base64-key>); custom JLINC DID method specification at did-spec.jlinc.org; version 2.0.0 with create, update, revoke record types
Key Management Device-resident private keys: FedID App generates key pairs on user's device; public keys published in DID document verificationMethod array; each device gets its own verification method entry (type: 'device') with a controller reference to the user's DID; multiple devices supported via multiple verificationMethod entries; keys are base64-encoded
Credential Types DID documents (JSON-LD representation of user identity with verification methods, services, and capability delegations); OIDC tokens (standard OIDC ID tokens and access tokens); JLINC audit records (cryptographically signed data exchange agreements providing provenance)
Verification Method JWS/CT (JSON Web Signature / Controller Verification): DID documents include a proof block with JWS signature, created timestamp, proofPurpose of 'controllerVerification', and reference to the signing device's verification method; QR code challenge-response for login authentication
Privacy Features User-controlled key management (private keys never leave device); JLINC protocol capability delegations enable tracking of data usage and AI training consent; minimal disclosure (OIDC scopes control what information is shared with relying parties); no password storage on servers
Authentication Methods QR code challenge (primary: FedID Server presents QR code, FedID App scans and signs challenge with device private key — replaces passwords entirely); OIDC flows (authorization code flow for relying party integration); device-based key signing
Revocation Mechanism DID document deactivation (deactivated field in DID document, default false); DID version tracking (version field increments with each update, enabling audit trail); device revocation via removal of verificationMethod entries; JLINC DID method supports revoke record type
Agent Types Supported Humans (primary); services (DID document service array lists connected services with types 'login' and 'service'); JLINC-enabled services can act as agents with capability delegations from user's DID; potential for AI agent delegation via JLINC protocol
Wallet/Client Types FedID App (device-resident application for key management and QR code authentication); any OIDC-compatible client (two-line URL change to integrate); Fediverse clients (Mastodon, Lemmy apps can use FedID for login)
Recovery Mechanisms Recovery hash (DID document includes recoveryHash field — a hashed recovery secret for account recovery); federation-based resilience (DID replicated across multiple servers means identity survives individual server failure); device addition (new devices can be authorized via existing device)
Compliance / Regulations GDPR (JLINC protocol specifically designed for GDPR compliance — provides auditable signed agreements governing data exchange; working solution for GDPR since 2018; US patent covers data usage control); EU regulatory alternative to Google/Facebook OIDC
Credential Exchange Protocols OIDC / FIDC (FedID Connect is drop-in compatible with standard OIDC flows); ActivityPub (federation of DID documents between servers); JLINC protocol (signed data exchange agreements with cryptographic audit trail)
Trust Framework Federated trust: trust anchored in FedID Server operators (similar to email/Mastodon server trust model); JLINC audit records provide cryptographic proof of data exchange agreements; capability delegations enable verifiable chain of data provenance; no blockchain required
Cost Model TBD (JLINC Labs is commercial with enterprise licensing; FedID Server operation costs borne by server operators similar to Mastodon; end-user cost model not documented; JLINC protocol licensing terms not publicly detailed)
Censorship Resistance High (by design): user identity survives original server disappearance, domain changes, user blocking, or server shutdown — as long as DID has been federated to at least one other server; no single point of failure for identity; user can migrate to any federated server