DID:WEB resolves to DID Resolution Result #63
Conversation
…ution Document that contains a DID Document and not the DID Document itself. 2. Establishing the presence of DID Document Metadata with possibilities of adding cryptographic proofs to verify DID Documents. 3. Allowing multiple representations (JSON, JSONLD, XML, CBOR, etc) of the DID Resolution Document for the same DID:WEB.
Co-authored-by: Orie Steele <[email protected]>
index.html
Outdated
| by prepending <code>https://</code>. | ||
| </li> | ||
| <li> | ||
| If no path has been specified in the URL, append | ||
| <code>/.well-known</code>. | ||
| </li> | ||
| <li> | ||
| Append <code>/did.json</code> to complete the URL. | ||
| Map the DID Document Option's accept property to a file extension: |
There was a problem hiding this comment.
If we are going to do content negotiation, we should follow the HTTP standard: https://www.rfc-editor.org/rfc/rfc7231#section-5.3 or at least ask the HTTP WG what the suggested path is for Conneg these days.
There was a problem hiding this comment.
If we are going to do content negotiation, we should follow the HTTP standard
Strong +1 on following HTTP. DID core is very consistent with HTTP content negotiation.
There was a problem hiding this comment.
In general, +1 to this PR -- the response being a DID Resolution result makes a lot of sense.
The only concerning bits are: 1) the way the proof is detached from the DID Document (don't do that), and 2) the content negotiation bit.
Regarding concern 1, if you leave the proof as a part of the DID Document (and add an appropriate context), that would address that issue. Unless you were really trying to digitally sign the DID Document metadata, in which case, the proof is probably fine where it is?
Regarding concern 2, move the content negotiation changes into a separate PR, as that is a permathread that has been burning for a while: #52 ...we might just want to ask the HTTP WG what the suggested path is for Conneg these days.
I know that in VCs and Data Integrity, the assumption has always been that the Semantically, having the Structurally, having the From a pure RDF/JSON-LD perspective, I think there shouldn't be a strict necessity to have the |
There was a problem hiding this comment.
I don't really have a strong opinion whether or not did:web should be changed, but if the decision is to support metadata, then this needs to be better aligned with the DID Resolution specification, e.g.:
- Use of different names for the same thing "DID Resolution Document" vs. "DID Resolution Result".
- The DID Resolution specification already defines an HTTP(S) mapping of the DID Resolution process (e.g. the use of the Accept: header), so there should be no need to re-define these things here.
- This PR seems to introduce a strange new JSON-LD context
https://www.w3.org/ns/didMetadata/v1, even thoughhttps://w3id.org/did-resolution/v1already defines terms for metadata.
vitorpamplona
changed the title
|
@peacekeeper Thanks Markus! I fixed them all. I think the text could use a lot of improvements outside the context of this PR to be better aligned with the DID Resolution specification. I am just trying to not change everything. :) For instance, I think we need to force DNSSec just like we force HTTPS. But that is for another day. |
Hi Mike, any suggestion on how to add the DID Document Metadata with backwards compatibility? |
|
Doesn't this prevent the actual resolver from adding its own metadata? |
There are two "buckets" of metadata. DID document metadata and DID resolution metadata. Metadata about the resolution process itself should only go into the second bucket. |
|
I suggest we close this PR, and perhaps tackle some of the concepts addressed here using additional headers. |
|
Closing this PR (it does not seem like it can reach consensus). I am open to discussing on issues, feel free to file, and link here. |
Fixes #20:
did.jsondocument to become a DID Resolution Result that contains a DID Document and not the DID Document itself.Impact on current implementers
This is a backward incompatible change.
Current producers must wrap the root property of their
did.jsonfile into adidDocumentproperty.DID Resolvers should check for the presence of a
didDocumentproperty to indicate compliance of the producer with this new version. If the property is present, an optionaldidDocumentMetadataproperty can also be available and should be parsed accordingly.The spec's
did.jsongoes from:{ "@context": "https://www.w3.org/ns/did/v1", "id": "did:web:example.com", "verificationMethod": [{ "id": "did:web:example.com#controller", "type": "Secp256k1VerificationKey2018", "controller": "did:web:example.com", "ethereumAddress": "0xb9c5714089478a327f09197987f16f9e5d936e8a" }], "authentication": [ "did:web:example.com#controller" ] }To:
{ "@context": "https://w3id.org/did-resolution/v1", "didDocument": { "@context": "https://www.w3.org/ns/did/v1", "id": "did:web:example:com", "authentication": [{ "id": "did:web:example:com#keys-1", "type": "Ed25519VerificationKey2018", "controller": "did:web:example:com", "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" }], "service": [{ "id": "did:web:example:com#vcs", "type": "VerifiableCredentialService", "serviceEndpoint": "https://example.com/vc/" }], }, "didDocumentMetadata": { "@context": [ "https://w3id.org/did-resolution/v1" "https://w3id.org/security/suites/ed25519-2020/v1" ], "created": "2019-03-23T06:35:22Z", "updated": "2023-08-10T13:40:06Z", "proof": { "type": "Ed25519Signature2020", "created": "2022-08-21T12:54:33Z", "verificationMethod": "did:web:example.com:trustedSigner#WEB", "proofPurpose": "assertionMethod", "proofValue": "z3e7VcjAVz7RVb7uuH7NQzDuF9AXK3vfH65xnSJSRiLK3vTPUoCDgcE4JC1UfZhbD1wgFsWxQwdWEtrRqhbnqvyYs" } } }