Internet Identity Roadmap Update, August 2022

Hi all,

Here’s the August update for the Internet Identity team’s roadmap! You can find the July update here.

First thing I want to point out is that we’re right in the middle of holiday season, so we’re operating at a slower pace. That being said, let’s have a look at what’s happened in July, and what we plan on achieving in August!

  • Protected Recovery phrases are a thing! Thanks to everyone who contributed code and idea. You can read the announcement here and the feature thread here.
  • We’ve implemented a new feature called “Alternative Origins” which lets (d)apps tell II to use another URL as the origin (used when computing the II pseudonyms). The feature is mostly stable though we’re hashing out the last details with the people building dfx and agent-js to make sure it is fully supported there as well. Here’s the original announcement, and stay tuned for updates!
  • We’re allocating more resources for working on the UI, so expect some changes there! II devs have pretty much all been backend people, who did their best to get the frontend together. Well, that’s about to change! We got some frontend people helping us polish things and figure out the III: Internet Identity … Identity. :sweat_smile: We’ll keep everyone in the loop and look forward to your feedback on this.

The rest is still being planned or worked on (domain migration, canister migration, etc…) and we’ll let you know once we have more news to share – but as mentioned, it’s the holiday season, and we need to sharpen our axes to start chopping down some big proverbial trees this autumn!

Bye :wave:


What is the plan for the “domain migration?” Is that intended to mean that ‘’ is going to change? What is it changing to and why? Is this part of the → migration plan? Is this implying integration/implementation of a new canister naming scheme?


I’ll try and shed some light, although this is still very much in flux and we’re trying to figure out how to best deal with the situation.

Because of the IC’s nature, anyone can host anything on <canister-id>, meaning we’re bound to get spam and phishing sites. Those sites tend to be blacklisted, and unfortunately this may extend to as a domain altogether. If browsers start blocking then II won’t be accessible; for lots of canisters this is not the end of the world because at the end of the day is just a DNS detail.

However for II this would be pretty bad since all WebAuthn credentials would be stuck on So here we’re trying to figure out what to do, whether we’ll be migrating II to another domain or some other solution. I’m a little behind on this so would need to catch up with the latest discussions before saying anything stoopid; for instance I don’t know anything about the migration…