index.html

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>did:web Method Specification</title>
    <script src="https://www.w3.org/Tools/respec/respec-w3c" async class="remove"></script>
    <script class="remove">
      var respecConfig = {
        specStatus: "CG-DRAFT",
        shortName: "did-method-web",
        wg: "Credentials Community Group",
        wgURI: "https://www.w3.org/community/credentials/",
        wgPublicList: "public-credentials",
        editors: [{
          name: "Michael Prorock",
          email: "mprorock@mesur.io",
          company: "mesur.io",
          companyURL: "https://mesur.io/"
        },
        {
          name: "Orie Steele",
          url: "https://www.linkedin.com/in/or13b/",
          company: "Transmute",
          companyURL: "https://www.transmute.industries/",
          w3cid: 109171
        },
        {
          name: "Oliver Terbu",
          email: "oliver.terbu@consensys.net",
          company: "Consensys",
          companyURL: "https://consensys.net"
        }],
        authors: [
        {
          name: "Christian Gribneau",
          email: "christian@gribneau.net",
          company: "Ology Newswire, Inc.",
          companyURL: "https://ology.com"
        },
        {
          name: "Michael Prorock",
          email: "mprorock@mesur.io",
          company: "mesur.io",
          companyURL: "https://mesur.io/"
        },
        {
          name: "Orie Steele",
          url: "https://www.linkedin.com/in/or13b/",
          company: "Transmute",
          companyURL: "https://www.transmute.industries/",
          w3cid: 109171
        },
        {
          name: "Oliver Terbu",
          email: "oliver.terbu@consensys.net",
          company: "Consensys",
          companyURL: "https://consensys.net"
        },
        {
          name: "Mike Xu",
          email: "mike.xu@consensy.net",
          company: "Consensys",
          companyURL: "https://consensys.net"
        },
        {
          name: "Dmitri Zagidulin",
          email: "dzagidulin@gmail.com",
          company: "Digital Bazaar",
          companyURL: "https://digitalbazaar.com/"
        }],
        github: "https://github.com/w3c-ccg/did-method-web",

        localBiblio: {
          "DID-PRIMER": {
            title: "DID Primer",
            href: "https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/topics-and-advance-readings/did-primer.md",
            authors: [
              "Drummond Reed",
              "Manu Sporny",
              ],
            publisher: "Rebooting the Web of Trust 2017"
          },
          "DID-DNS": {
            title: "The Decentralized Identifier (DID) in the DNS",
            href: "https://tools.ietf.org/html/draft-mayrhofer-did-dns-01",
            authors: ["A. Mayrhofer", "D. Klesev", "M. Sabadello"],
            status: "Internet Draft",
            publisher: "IETF"
          },
          "OWASP-TRANSPORT": {
            title: "Transport Layer Protection Cheatsheet",
            href: "https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet",
          }
        },
      };
    </script>
  </head>
  <body>
    <section id="abstract">
      <p>
We propose a DID method that leverages globally deployed infrastructure that is
readily available to billions of people who use the Web with a trust model based
on DNS and TLS certificates that is widely understood and accepted today.
      </p>
    </section>

    <section id="sotd">
    </section>
    <section>
      <h1>
Introduction
      </h1>
      <section>
        <h2>
Preface
        </h2>
        <p>
The Web DID method specification conforms to the requirements specified in the
Decentralized Identifiers v1.0 Specification [[DID-CORE]]. For more
information about DIDs and DID method specifications, please also see the
[[?DID-PRIMER]]
        </p>
      </section>
      <section id="conformance">
<!-- This section is filled automatically by ReSpec. -->
      </section>
      <section>
        <h2>
Example
        </h2>

        <p class="issue" title="More examples">
Add non-ethereum example keys (ed25519, RSA, etc)
        </p>

        <pre class="example" title="Example did:web DID document">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:web:example.com",
  "verificationMethod": [{
     "id": "did:web:example.com#owner",
     "type": "Secp256k1VerificationKey2018",
     "owner": "did:web:example.com",
     "ethereumAddress": "0xb9c5714089478a327f09197987f16f9e5d936e8a"
  }],
  "authentication": [
     "did:web:example.com#owner"
  ]
}
        </pre>
      </section>
    </section>

    <section>
      <h1>
Web DID Method Specification
      </h1>

      <section>
        <h2>
Target system
        </h2>
        <p class="issue" title="DIDs in DNS">
Explain the difference from / relationship with the Decentralized Identifier
in DNS [[?DID-DNS]] spec.
        </p>
        <p>
The target system of the Web DID method is the web host that the domain name
described by the DID resolves to when queried through the Domain Name System
(DNS).
        </p>
      </section>

      <section>
        <h2>
Method name
        </h2>
        <p>
The namestring that shall identify this DID method is: <code>web</code>.

A DID that uses this method MUST begin with the following prefix:
<code>did:web</code>. Per the DID specification, this string MUST be in
lowercase. The remainder of the DID, after the prefix, is specified below.
        </p>
      </section>

      <section>
        <h2>
Method-specific identifier
        </h2>
        <p>
The method specific identifier is a fully qualified domain name that is
secured by a TLS/SSL certificate with an optional path to the DID document.
The formal rules describing valid domain name syntax are described in
[[RFC1035]], [[RFC1123]], and [[RFC2181]].
        </p>
        <p>
The method specific identifier MUST match the common name used in the SSL/TLS
certificate, and it MUST NOT include IP addresses. A port MAY be included and
the colon MUST be percent encoded to prevent a conflict with paths. Directories
and subdirectories MAY optionally be included, delimited by colons rather than
slashes.
        </p>

        <pre class="nohighlight">
web-did = "did:web:" domain-name
web-did = "did:web:" domain-name * (":" path)
        </pre>

        <pre class="example nohighlight" title="Example Web Method DIDs">
did:web:w3c-ccg.github.io
did:web:w3c-ccg.github.io:user:alice
did:web:example.com%3A3000
did:web:example.com%3A3000:bob%3Awork
        </pre>
      </section>

      <section>
        <h2>
DID method operations
        </h2>
        <section>
          <h3>
Create (Register)
          </h3>
          <p>
Creating a DID is done by:
          </p>
          <ol>
            <li>
applying at a domain name registrar for use of a domain name and
            </li>
            <li>
storing the location of a hosting service, the IP address at a DNS lookup
service
            </li>
            <li>
creating the DID document JSON, and storing the file as the index of the
<code>/.well-known/did/</code> directory to represent the entire domain, or as
the index of the specified path, or as a file with the filename and path matching
the method specific identifier.
            </li>
          </ol>

          <p>
The well-known URL for a domain name is the simplest example:
          </p>
          <pre class="example nohighlight" title="DID at well known path">
did:web:w3c-ccg.github.io
 -> https://w3c-ccg.github.io/.well-known/did/
          </pre>

          <p>
If an optional path is specified in addition to the bare domain, the
file will be available as the index of the specified path:
          </p>
          <pre class="example nohighlight" title="DID with optional path">
did:web:w3c-ccg.github.io:user:alice
 -> https://w3c-ccg.github.io/user/alice/
          </pre>

          <p>
If an optional port is specified on the domain, the colon splitting the host and
the port MUST be percent encoded to prevent collision with the path.
          </p>
          <pre class="example nohighlight" title="DID with port and path">
did:web:example.com%3A3000:user:alice
 -> https://example.com:3000/user/alice/
          </pre>

          <p>
If an element of the path contains a colon, the colon MUST be percent encoded to
avoid being replaced with a slash:
          </p>
          <pre class="example nohighlight" title="DID with port, path, and colon">
did:web:example.com:user:alice%3Awork
 -> https://example.com/user/alice:work/
          </pre>
        </section>

        <section>
          <h3>
Read (Resolve)
          </h3>
          <p>
The following steps MUST be executed to resolve the DID document from a Web
DID:
          </p>

          <ol>
            <li>
Replace ":" with "/" in the method specific identifier to obtain the fully
qualified domain name and optional path.
            </li>
            <li>
Replace "%3A" with ":" in the first segment of method specific identifier
containing the fully qualified domain name to support optional port numbers.
            </li>
            <li>
Generate an HTTPS URL to the expected location of the DID document by
prepending <code>https://</code>.
            </li>
            <li>
If no path has been specified in the URL, append <code>/.well-known/did</code>.
            </li>
            <li>
Append <code>/</code> to complete the URL.
            </li>
            <li>
Perform an HTTP <code>GET</code> request to the URL using an agent that can
successfully negotiate a secure HTTPS connection, which enforces the security
requirements as described in <a href="#security-and-privacy-considerations"></a>.
            </li>
            <li>
When performing the DNS resolution during the HTTP <code>GET</code> request, the
client SHOULD utilize DNS over HTTPS [[RFC8484]] to minimize tracking of the lookup.
            </li>
            <li>
If a specific DID representation is preferred a client MAY specify the associated
content type in the <code>Accept:</code> HTTP request header.
            </li>
            <li>
If the <code>Accept:</code> HTTP request header includes a preferred DID
representation the web server SHOULD attempt to meet that preference when
selecting an index file to return by matching the content type to the filename
extension.
            </li>
          </ol>
          <p class="issue" data-number="13">
The read mechanism does not provide any sort of auditability on the DID, which
leaves this DID Method open to insider-threat attacks, among others.
          </p>

          <p class="issue" data-number="14">
Reads enable pervasive tracking of DID use across the Internet. There is
currently no mitigation for this privacy-violating mechanism.
          </p>
        </section>

        <section>
          <h3>
Update
          </h3>
          <p>
To update the DID document, the associated file or files have to be updated.
Please note that the DID will remain the same, but the contents of the DID
document could change, e.g., by including a new verification key or adding
service endpoints.
          </p>
          <p>
In the event that multiple representations of the same DID are present in a
directory, updates of all representations MUST be made when any representation is
updated. Key material and service endpoints MUST be consistent across representations
of a DID. Other metadata SHOULD be consistent across representations.
          </p>

          <p class="issue" data-number="12">
This DID method does not specify any authentication or authorization mechanism
for writing to the DID Document, leaving it up to implementations to protect
from modification by an attacker.
          </p>

          <p class="note" title="HTTP API">
There is no HTTP API specified for the update process leaving programmatic
registrations and management to be defined by each implementation.
</p>
        </section>

        <section>
          <h3>
Deactivate (Revoke)
          </h3>
          <p>
To delete the DID document, the associated file or files have to be removed or
made no longer publicly available due to any other means.
          </p>
        </section>
      </section>

      <section>
      <h2>
Webserver Configuration
      </h2>
      <h3>
Index Files
      </h3>
      <p>
Webserver software typically supports returning specified files when a URL path
matches a directory rather than a file. These are generally refered to as index
files, and <code>index.html</code> is a common default. To resolve method specific
identifiers that have no filename and extension, webservers MUST be configured
to return the appropriate DID file when a request path matches a DID directory.
      </p>
      <h3>
MIME Types
      </h3>
      <p>
Webservers MUST be configured to associate proper content types with registered
filename extensions. The filename extensions and content types are noted in the
[[DID-CORE]] <a href="https://w3c.github.io/did-core/#iana-considerations">IANA
considerations section</a>.
      </p>
      <h3>
Multiple DID Representations
      </h3>
      <p>
DIDs in directories MAY support multiple representations. The server MUST support
at least one of the DID representatons listed in the note above, and MAY support
more than one. If multiple representations are supported, the server MUST prefer
the representation in the HTTP <code>Accept:</code> request header when selecting
an index file to return.
      </p>
      <h3>
Cross Origin Browser Access
      </h3>
      <p>
Implementations involving web browser clients operating in other domains will
need access to the DID documents. [[CORS]] specifies headers to enable browser
cross-domain access.
      </p>
      <h3>
Cache Control
      </h3>
      <p>
Web browsers, proxies, and CDNs Webservers often cache HTTP responses. Select
appropriate cache control header values based on the specific requirements of the
implementation to avoid stale DID documents. [[RFC7234]] specifies headers to
control cache behavior.
      </p>
      </section>

      <section class="informative">
        <h2>
Security and privacy considerations
        </h2>

        <section>
          <h3>
DNS Considerations
          </h3>
          <h4>
DNS Security Considerations
          </h4>
            <p>
DNS presents many of the attack vectors that enable active security and privacy
attacks on the did:web method and it's important that implementors address these
concerns via proper configuration of DNS. For example, without proper security
of the DNS resolution via <a href="https://tools.ietf.org/html/rfc8484">DNS over HTTPS</a> it's possible for
active attackers to intercept the result of the DNS resolution via a Man in the
Middle attack which would point at a malicious server with the incorrect DID
Document.
            </p>
            <p>
Additionally, implementors should be aware of issues presented by a Spoofed DNS
records where the record returned by a malicious DNS Server is inauthentic and
allows the record to be pointed at a malicious server which contains a different
DID Document. To prevent this type of issue, usage of DNSSEC which is defined in
<a href="https://tools.ietf.org/html/rfc4033">RFC4033</a>,
<a href="https://tools.ietf.org/html/rfc4034">RFC4034</a>, and
<a href="https://tools.ietf.org/html/rfc4035">RFC4035</a>.
            </p>

          <h4>
DNS Privacy Considerations
          </h4>
            <p>
Due to the nature of the did:web method relying upon a DNS in order to resolve
the web server, all resolutions of a did:web identifier have the potential to be
tracked by a DNS provider. Additionally, due to the DID Document being stored on
a web server, each time the DID Document resource is retrieved, the web server
has the ability to track the resolution of the DID Document. To mitigate the
issue of the relying party being tracked when resolving the DID Document the
relying party should look to either use a trusted universal resolver service to
gain herd privacy, utilize a VPN service or perform a resolution over the TOR
network. Another emerging solution that will be useful to address this is <a
  href="https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-03">
  draft-pauly-dprive-oblivious-doh-03</a>
            </p>
        </section>

        <section>
          <h3>
DID Document Integrity Verification
          </h3>

          <p class="issue" title="Hashlinks">
Add discussion of using <a
href="https://tools.ietf.org/html/draft-sporny-hashlink">Hashlinks</a> to aid
integrity protection and verification of the DID document.
          </p>

        </section>
        <section>
          <h3>
In-transit Security
          </h3>

          <p>
At least TLS 1.2 should be configured to use only strong ciphers suites and to
use sufficiently large key sizes. As recommendations may be volatile these days,
only the very latest recommendations should be used. However, as a rule of
thumb, the following must be used:
          </p>

          <ul>
            <li>
Ephemeral keys are to be used.
            </li>
            <li>
ECDHE with one of the strong curves {X25519, brainpoolP384r1, NIST P-384,
brainpoolP256r1, NIST P-256} shall be used as key exchange.
            </li>
            <li>
AESGCM or ChaCha20 with 256 bit large keys shall be used for bulk encryption
            </li>
            <li>
ECDSA with one of the strong curves {brainpoolP384r1, NIST P-384,
brainpoolP256r1, NIST P-256} or RSA (at least 3072) shall be used.
            </li>
            <li>
Authenticated Encryption with Associated Data (AEAD) shall be used as Mac.
            </li>
            <li>
At least SHA256 shall be used, but SHA384 or POLY1305 are recommended.
            </li>
          </ul>

          <p>
Examples of strong SSL/TLS configurations for now are:
          </p>
          <ul>
            <li>
<code>ECDHE-ECDSA-AES256-GCM-SHA384, TLSv1.2, Kx=ECDH, Au=ECDSA,
Enc=AESGCM(256), Mac=AEAD</code>
            </li>
            <li>
<code>ECDHE-RSA-AES256-GCM-SHA384, TLSv1.2, Kx=ECDH, Au=RSA Enc=AESGCM(256),
Mac=AEAD</code>
            </li>
            <li>
<code>ECDHE-ECDSA-CHACHA20-POLY1305, TLSv1.2, Kx=ECDH, Au=ECDSA,
Enc=ChaCha20-Poly1305, Mac=AEAD</code>
            </li>
            <li>
<code>ECDHE-RSA-CHACHA20-POLY1305, TLSv1.2, Kx=ECDH, Au=RSA,
Enc=ChaCha20-Poly1305, Mac=AEAD</code>
            </li>
            <li>
<code>ECDHE-RSA-AES256-GCM-SHA384, TLSv1.2, Kx=ECDH, Au=RSA,
Enc=AESGCM(256), Mac=AEAD</code>
            </li>
            <li>
<code>ECDHE-ECDSA-AES256-GCM-SHA384, TLSv1.2, Kx=ECDH, Au=ECDSA,
Enc=AESGCM(256), Mac=AEAD</code>
            </li>
          </ul>

          <p>
It is recommended to adhere to OWASP's Transport Layer Protection Cheat Sheet
[[OWASP-TRANSPORT]] latest recommendations for hardening TLS configurations.
          </p>

          <p>
Delete action can be performed by domain name registrars or DNS lookup
services.
          </p>

        </section>

        <section>
          <h3>
Optional Path Considerations
          </h3>
          <p>
When optional paths to DID documents are used to resolve documents rather than
bare domains, verification with signed data proves that the entity in control
of the file indicated in the path has the private keys. It does not prove that
the domain operator has the private keys.
          </p>

          <p>
This example:
          </p>

          <pre class="nohighlight">
did:web:example.com:u:bob
          </pre>
          <p>
resolves to the DID document at the index of:
          </p>
          <pre class="nohighlight">
https://example.com/u/bob/
          </pre>
          <p>
In this scenario, it is probable that example.com has given user Bob control
over the DID in question, and proofs of control refer to Bob rather than all
of example.com.
          </p>
        </section>
      </section>
    </section>

    <section class="appendix informative">
      <h1>
Reference implementations
      </h1>
      <p>
The code at <a href="https://github.com/uport-project/https-did-resolver">uport-project/https-did-resolver</a>
is intended to present a reference implementation of this DID method. Any
other implementations should ensure that they pass the test suite described in
<code>/src/__tests__</code> before claiming compatibility.
      </p>
    </section>
  </body>
</html>