Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 180 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A URL (Uniform Resource Locator) is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it, commonly called a web address.
A Uniform Resource Locator (URL) is a specific type of Uniform Resource Identifier (URI) that provides both the identity of a resource and the means to locate it on a network. A URL specifies:
While URLs and URIs are often used interchangeably in common usage, a URL is technically a subset of URI that includes location and retrieval information.
URLs play a critical role in the KERI ecosystem as the foundation for Out-Of-Band Introductions (OOBI), which enable discovery and validation of IP resources for KERI autonomic identifiers (AIDs).
Because KERI AIDs are pseudonymous and completely independent of internet and DNS infrastructure, a mechanism is required to bootstrap the association between an AID and its network endpoints. The simplest form of a KERI OOBI is a URL that associates a network location with an AID:
http://8.8.5.6:8080/oobi/EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM
This URL provides the discovery mechanism, while KERI's cryptographic verification provides the mechanism. The URL itself is not trusted—it merely jump-starts discovery, with actual authentication performed through KERI's mechanisms.
KERI implementations must maintain strict separation between URL-based discovery and cryptographic trust. URLs are used only for initial introduction—never for authentication. After resolving an OOBI URL, implementations must verify all received data cryptographically through KERI's key event logs and witness receipts.
The URL is discarded after initial resolution—subsequent communication uses the cryptographically verified AID and endpoints.
When embedding AIDs in URLs:
URLs serve as service endpoints in KERI infrastructure, identifying:
URLs are used throughout the KERI ecosystem for:
/.well-known/keri/oobi/ for OOBI discoveryA fundamental principle in KERI is that IP infrastructure is not trusted. URLs provide convenience for discovery by leveraging existing internet infrastructure (DNS, web servers, search engines), but KERI's security guarantees do not depend on the integrity of these URLs. After initial discovery via URL, all authentication and authorization occurs through KERI's cryptographic mechanisms, making the system resilient to DNS hijacking, BGP attacks, and other network-level compromises.