Skip to content

Instantly share code, notes, and snippets.

@msporny

msporny/REC-did-core-20220630.html

Created June 28, 2022 23:32
Show Gist options
  • Save msporny/976c9587eff80b1a2d8c1795f294fe15 to your computer and use it in GitHub Desktop.
Save msporny/976c9587eff80b1a2d8c1795f294fe15 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
REC-did-core-20220630.html
<!DOCTYPE html><html lang="en" dir="ltr"><head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta name="generator" content="ReSpec 32.1.10">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<style>
span.example-title{text-transform:none}
:is(aside,div).example,div.illegal-example{padding:.5em;margin:1em 0;position:relative;clear:both}
div.illegal-example{color:red}
div.illegal-example p{color:#000}
:is(aside,div).example{border-left-width:.5em;border-left-style:solid;border-color:#e0cb52;background:#fcfaee}
aside.example div.example{border-left-width:.1em;border-color:#999;background:#fff}
.example pre{background-color:rgba(0,0,0,.03)}
</style>
<style>
.issue-label{text-transform:initial}
.warning>p:first-child{margin-top:0}
.warning{padding:.5em;border-left-width:.5em;border-left-style:solid}
span.warning{padding:.1em .5em .15em}
.issue.closed span.issue-number{text-decoration:line-through}
.issue.closed span.issue-number::after{content:" (Closed)";font-size:smaller}
.warning{border-color:#f11;border-width:.2em;border-style:solid;background:#fbe9e9}
.warning-title:before{content:"⚠";font-size:1.3em;float:left;padding-right:.3em;margin-top:-.3em}
li.task-list-item{list-style:none}
input.task-list-item-checkbox{margin:0 .35em .25em -1.6em;vertical-align:middle}
.issue a.respec-gh-label{padding:5px;margin:0 2px 0 2px;font-size:10px;text-transform:none;text-decoration:none;font-weight:700;border-radius:4px;position:relative;bottom:2px;border:none;display:inline-block}
</style>
<style>
dfn{cursor:pointer}
.dfn-panel{position:absolute;z-index:35;min-width:300px;max-width:500px;padding:.5em .75em;margin-top:.6em;font-family:"Helvetica Neue",sans-serif;font-size:small;background:#fff;color:#000;box-shadow:0 1em 3em -.4em rgba(0,0,0,.3),0 0 1px 1px rgba(0,0,0,.05);border-radius:2px}
.dfn-panel:not(.docked)>.caret{position:absolute;top:-9px}
.dfn-panel:not(.docked)>.caret::after,.dfn-panel:not(.docked)>.caret::before{content:"";position:absolute;border:10px solid transparent;border-top:0;border-bottom:10px solid #fff;top:0}
.dfn-panel:not(.docked)>.caret::before{border-bottom:9px solid #a2a9b1}
.dfn-panel *{margin:0}
.dfn-panel b{display:block;color:#000;margin-top:.25em}
.dfn-panel ul a[href]{color:#333}
.dfn-panel>div{display:flex}
.dfn-panel a.self-link{font-weight:700;margin-right:auto}
.dfn-panel .marker{padding:.1em;margin-left:.5em;border-radius:.2em;text-align:center;white-space:nowrap;font-size:90%;color:#040b1c}
.dfn-panel .marker.dfn-exported{background:#d1edfd;box-shadow:0 0 0 .125em #1ca5f940}
.dfn-panel .marker.idl-block{background:#8ccbf2;box-shadow:0 0 0 .125em #0670b161}
.dfn-panel a:not(:hover){text-decoration:none!important;border-bottom:none!important}
.dfn-panel a[href]:hover{border-bottom-width:1px}
.dfn-panel ul{padding:0}
.dfn-panel li{margin-left:1em}
.dfn-panel.docked{position:fixed;left:.5em;top:unset;bottom:2em;margin:0 auto;max-width:calc(100vw - .75em * 2 - .5em - .2em * 2);max-height:30vh;overflow:auto}
</style>
<title>Decentralized Identifiers (DIDs) v1.0</title>
<style id="respec-mainstyle">
@keyframes pop{
0%{transform:scale(1,1)}
25%{transform:scale(1.25,1.25);opacity:.75}
100%{transform:scale(1,1)}
}
:is(h1,h2,h3,h4,h5,h6,a) abbr{border:none}
dfn{font-weight:700}
a.internalDFN{color:inherit;border-bottom:1px solid #99c;text-decoration:none}
a.externalDFN{color:inherit;border-bottom:1px dotted #ccc;text-decoration:none}
a.bibref{text-decoration:none}
.respec-offending-element:target{animation:pop .25s ease-in-out 0s 1}
.respec-offending-element,a[href].respec-offending-element{text-decoration:red wavy underline}
@supports not (text-decoration:red wavy underline){
.respec-offending-element:not(pre){display:inline-block}
.respec-offending-element{background:url(data:image/gif;base64,R0lGODdhBAADAPEAANv///8AAP///wAAACwAAAAABAADAEACBZQjmIAFADs=) bottom repeat-x}
}
#references :target{background:#eaf3ff;animation:pop .4s ease-in-out 0s 1}
cite .bibref{font-style:normal}
code{color:#c63501}
th code{color:inherit}
a[href].orcid{padding-left:4px;padding-right:4px}
a[href].orcid>svg{margin-bottom:-2px}
.toc a,.tof a{text-decoration:none}
a .figno,a .secno{color:#000}
ol.tof,ul.tof{list-style:none outside none}
.caption{margin-top:.5em;font-style:italic}
table.simple{border-spacing:0;border-collapse:collapse;border-bottom:3px solid #005a9c}
.simple th{background:#005a9c;color:#fff;padding:3px 5px;text-align:left}
.simple th a{color:#fff;padding:3px 5px;text-align:left}
.simple th[scope=row]{background:inherit;color:inherit;border-top:1px solid #ddd}
.simple td{padding:3px 10px;border-top:1px solid #ddd}
.simple tr:nth-child(even){background:#f0f6ff}
.section dd>p:first-child{margin-top:0}
.section dd>p:last-child{margin-bottom:0}
.section dd{margin-bottom:1em}
.section dl.attrs dd,.section dl.eldef dd{margin-bottom:0}
#issue-summary>ul{column-count:2}
#issue-summary li{list-style:none;display:inline-block}
details.respec-tests-details{margin-left:1em;display:inline-block;vertical-align:top}
details.respec-tests-details>*{padding-right:2em}
details.respec-tests-details[open]{z-index:999999;position:absolute;border:thin solid #cad3e2;border-radius:.3em;background-color:#fff;padding-bottom:.5em}
details.respec-tests-details[open]>summary{border-bottom:thin solid #cad3e2;padding-left:1em;margin-bottom:1em;line-height:2em}
details.respec-tests-details>ul{width:100%;margin-top:-.3em}
details.respec-tests-details>li{padding-left:1em}
.self-link:hover{opacity:1;text-decoration:none;background-color:transparent}
aside.example .marker>a.self-link{color:inherit}
.header-wrapper{display:flex;align-items:baseline}
:is(h2,h3,h4,h5,h6):not(#toc>h2,#abstract>h2,#sotd>h2,.head>h2){position:relative;left:-.5em}
:is(h2,h3,h4,h5,h6):not(#toch2)+a.self-link{color:inherit;order:-1;position:relative;left:-1.1em;font-size:1rem;opacity:.5}
:is(h2,h3,h4,h5,h6)+a.self-link::before{content:"§";text-decoration:none;color:var(--heading-text)}
:is(h2,h3)+a.self-link{top:-.2em}
:is(h4,h5,h6)+a.self-link::before{color:#000}
@media (max-width:767px){
dd{margin-left:0}
}
@media print{
.removeOnSave{display:none}
}
</style>
<style>
pre .highlight {
font-weight: bold;
color: green;
}
pre .comment {
color: SteelBlue;
user-select: none;
}
code a[href] {
color: inherit;
border-bottom: none;
}
code a[href]:hover {
border-bottom: 1px solid #c63501;
}
table.column-width-50 td {
width: 50%;
}
.longdesc {
display: none;
}
.longdesc:target {
display: block;
background-color: #ff9;
}
</style>
<meta name="description" content="Decentralized identifiers (DIDs) are a new type of identifier that
enables verifiable, decentralized digital identity. A DID refers to any
subject (e.g., a person, organization, thing, data model, abstract entity, etc.)
as determined by the controller of the DID. In contrast to
typical, federated identifiers, DIDs have been designed so that they may
be decoupled from centralized registries, identity providers, and certificate
authorities. Specifically, while other parties might be used to help enable the
discovery of information related to a DID, the design enables the
controller of a DID to prove control over it without requiring permission
from any other party. DIDs are URIs that associate a DID
subject with a DID document allowing trustable interactions
associated with that subject.">
<link rel="canonical" href="https://www.w3.org/TR/did-core/">
<style>
.hljs{display:block;overflow-x:auto;padding:.5em;color:#383a42;background:#fafafa}
.hljs-comment,.hljs-quote{color:#717277;font-style:italic}
.hljs-doctag,.hljs-formula,.hljs-keyword{color:#a626a4}
.hljs-deletion,.hljs-name,.hljs-section,.hljs-selector-tag,.hljs-subst{color:#ca4706;font-weight:700}
.hljs-literal{color:#0b76c5}
.hljs-addition,.hljs-attribute,.hljs-meta-string,.hljs-regexp,.hljs-string{color:#42803c}
.hljs-built_in,.hljs-class .hljs-title{color:#9a6a01}
.hljs-attr,.hljs-number,.hljs-selector-attr,.hljs-selector-class,.hljs-selector-pseudo,.hljs-template-variable,.hljs-type,.hljs-variable{color:#986801}
.hljs-bullet,.hljs-link,.hljs-meta,.hljs-selector-id,.hljs-symbol,.hljs-title{color:#336ae3}
.hljs-emphasis{font-style:italic}
.hljs-strong{font-weight:700}
.hljs-link{text-decoration:underline}
</style>
<style>
var{position:relative;cursor:pointer}
var[data-type]::after,var[data-type]::before{position:absolute;left:50%;top:-6px;opacity:0;transition:opacity .4s;pointer-events:none}
var[data-type]::before{content:"";transform:translateX(-50%);border-width:4px 6px 0 6px;border-style:solid;border-color:transparent;border-top-color:#000}
var[data-type]::after{content:attr(data-type);transform:translateX(-50%) translateY(-100%);background:#000;text-align:center;font-family:"Dank Mono","Fira Code",monospace;font-style:normal;padding:6px;border-radius:3px;color:#daca88;text-indent:0;font-weight:400}
var[data-type]:hover::after,var[data-type]:hover::before{opacity:1}
</style>
<script id="initialUserConfig" type="application/json">{
"group": "did",
"wgPublicList": "public-did-wg",
"shortName": "did-core",
"specStatus": "REC",
"prEnd": "2021-08-31",
"crEnd": "2021-07-13",
"implementationReportURI": "https://w3c.github.io/did-test-suite/",
"edDraftURI": "https://w3c.github.io/did-core/",
"subtitle": "Core architecture, data model, and representations",
"publishDate": "2022-06-30",
"previousPublishDate": "2021-06-15",
"previousMaturity": "CR",
"pluralize": true,
"localBiblio": {
"REST": {
"title": "Architectural Styles and the Design of Network-based Software Architectures",
"date": "2000",
"href": "http://www.ics.uci.edu/~fielding/pubs/dissertation/",
"authors": [
"Fielding, Roy Thomas"
],
"publisher": "University of California, Irvine."
},
"VC-USECASES": {
"title": "Verifiable Claims Use Cases",
"href": "https://www.w3.org/TR/verifiable-claims-use-cases/",
"authors": [
"Shane McCarron",
"Daniel Burnett",
"Gregg Kellogg",
"Brian Sletten",
"Manu Sporny"
],
"status": "FPWD",
"publisher": "Verifiable Claims Working Group"
},
"HTTP-SIGNATURES": {
"aliasOf": "http-signatures"
},
"MACAROONS": {
"title": "Macaroons",
"href": "http://macaroons.io/",
"authors": [
"Arnar Birgisson",
"Joe Gibbs Politz",
"Úlfar Erlingsson",
"Ankur Taly",
"Michael Vrable",
"Mark Lentczner"
],
"status": "unofficial",
"publisher": "Credentials Community Group"
},
"OPEN-BADGES": {
"title": "Open Badges",
"href": "https://github.com/openbadges/openbadges-specification",
"authors": [
"Brian Brennan",
"Mike Larsson",
"Chris McAvoy",
"Nate Otto",
"Kerri Lemoie"
],
"status": "BA-DRAFT",
"publisher": "Badge Alliance Standard Working Group"
},
"RDF-NORMALIZATION": {
"title": "RDF Dataset Normalization",
"href": "http://json-ld.github.io/normalization/spec/",
"authors": [
"Dave Longley",
"Manu Sporny"
],
"status": "CG-DRAFT",
"publisher": "Credentials W3C Community Group"
},
"LD-PROOFS": {
"title": "Linked Data Proofs",
"href": "https://w3c-dvcg.github.io/ld-proofs/",
"authors": [
"Manu Sporny",
"Dave Longley"
],
"status": "CG-DRAFT",
"publisher": "Digital Verification Community Group"
},
"LD-SIGNATURES": {
"title": "Linked Data Signatures",
"href": "https://w3c-dvcg.github.io/ld-signatures/",
"authors": [
"Manu Sporny",
"Dave Longley"
],
"status": "CG-DRAFT",
"publisher": "Digital Verification Community Group"
},
"MATRIX-URIS": {
"title": "Matrix URIs - Ideas about Web Architecture",
"date": "December 1996",
"href": "https://www.w3.org/DesignIssues/MatrixURIs.html",
"authors": [
"Tim Berners-Lee"
],
"status": "Personal View",
"id": "matrix-uris"
},
"HASHLINK": {
"title": "Cryptographic Hyperlinks",
"date": "December 2018",
"href": "https://tools.ietf.org/html/draft-sporny-hashlink-05",
"authors": [
"Manu Sporny"
],
"status": "Internet-Draft",
"publisher": "IETF",
"id": "hashlink"
},
"BASE58": {
"title": "The Base58 Encoding Scheme",
"date": "October 2020",
"href": "https://tools.ietf.org/html/draft-msporny-base58",
"authors": [
"Manu Sporny"
],
"status": "Internet-Draft",
"publisher": "IETF"
},
"DNS-DID": {
"title": "The Decentralized Identifier (DID) in the DNS",
"date": "February 2019",
"href": "https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/",
"authors": [
"Alexander Mayrhofer",
"Dimitrij Klesev",
"Markus Sabadello"
],
"status": "Internet-Draft",
"id": "dns-did"
},
"DID-RESOLUTION": {
"title": "Decentralized Identifier Resolution",
"href": "https://w3c-ccg.github.io/did-resolution/",
"authors": [
"Markus Sabadello",
"Dmitri Zagidulin"
],
"status": "Draft Community Group Report",
"publisher": "Credentials Community Group",
"id": "did-resolution"
},
"DID-RUBRIC": {
"title": "Decentralized Characteristics Rubric v1.0",
"href": "https://w3c.github.io/did-rubric/",
"authors": [
"Joe Andrieu"
],
"status": "Draft Community Group Report",
"publisher": "Credentials Community Group",
"id": "did-rubric"
},
"PRIVACY-BY-DESIGN": {
"title": "Privacy by Design",
"href": "https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf",
"authors": [
"Ann Cavoukian"
],
"date": "2011",
"publisher": "Information and Privacy Commissioner",
"id": "privacy-by-design"
},
"MULTIBASE": {
"title": "The Multibase Encoding Scheme",
"date": "February 2021",
"href": "https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03",
"authors": [
"Juan Benet",
"Manu Sporny"
],
"status": "Internet-Draft",
"publisher": "IETF",
"id": "multibase"
}
},
"xref": "web-platform",
"github": {
"repoURL": "https://github.com/w3c/did-core/",
"branch": "main"
},
"includePermalinks": false,
"preProcess": [],
"postProcess": [
null,
null
],
"editors": [
{
"name": "Manu Sporny",
"url": "http://manu.sporny.org/",
"company": "Digital Bazaar",
"companyURL": "https://digitalbazaar.com/",
"w3cid": 41758
},
{
"name": "Amy Guy",
"url": "https://rhiaro.co.uk/",
"company": "Digital Bazaar",
"companyURL": "https://digitalbazaar.com/",
"w3cid": 69000
},
{
"name": "Markus Sabadello",
"url": "https://www.linkedin.com/in/markus-sabadello-353a0821",
"company": "Danube Tech",
"companyURL": "https://danubetech.com/",
"w3cid": 46729
},
{
"name": "Drummond Reed",
"url": "https://www.linkedin.com/in/drummondreed/",
"company": "Evernym/Avast",
"companyURL": "https://www.evernym.com/",
"w3cid": 3096
}
],
"authors": [
{
"name": "Manu Sporny",
"url": "http://manu.sporny.org/",
"company": "Digital Bazaar",
"companyURL": "https://digitalbazaar.com/",
"w3cid": 41758
},
{
"name": "Dave Longley",
"url": "https://github.com/dlongley",
"company": "Digital Bazaar",
"companyURL": "https://digitalbazaar.com/",
"w3cid": 48025
},
{
"name": "Markus Sabadello",
"url": "https://www.linkedin.com/in/markus-sabadello-353a0821",
"company": "Danube Tech",
"companyURL": "https://danubetech.com/",
"w3cid": 46729
},
{
"name": "Drummond Reed",
"url": "https://www.linkedin.com/in/drummondreed/",
"company": "Evernym/Avast",
"companyURL": "https://www.evernym.com/",
"w3cid": 3096
},
{
"name": "Orie Steele",
"url": "https://www.linkedin.com/in/or13b/",
"company": "Transmute",
"companyURL": "https://www.transmute.industries/"
},
{
"name": "Christopher Allen",
"url": "https://www.linkedin.com/in/christophera",
"company": "Blockchain Commons",
"companyURL": "https://www.BlockchainCommons.com",
"w3cid": 85560
}
],
"otherLinks": [
{
"key": "Related Documents",
"data": [
{
"value": "DID Use Cases and Requirements",
"href": "https://www.w3.org/TR/did-use-cases/"
},
{
"value": "DID Specification Registries",
"href": "https://www.w3.org/TR/did-spec-registries/"
},
{
"value": "DID Core Implementation Report",
"href": "https://w3c.github.io/did-test-suite/"
}
]
}
],
"errata": "https://w3c.github.io/did-core/errata.html",
"publishISODate": "2022-06-30T00:00:00.000Z",
"generatedSubtitle": "W3C Recommendation 30 June 2022"
}</script>
<link rel="stylesheet" href="https://www.w3.org/StyleSheets/TR/2021/W3C-REC"></head>
<body data-cite="infra rfc3986 HTML INFRA URL WEBIDL DOM FETCH" class="h-entry"><div class="head">
<p class="logos"><a class="logo" href="https://www.w3.org/"><img crossorigin="" alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72">
</a></p>
<h1 id="title" class="title">Decentralized Identifiers (DIDs) v1.0</h1> <h2 id="subtitle" class="subtitle">Core architecture, data model, and representations</h2>
<p id="w3c-state"><a href="https://www.w3.org/standards/types#REC">W3C Recommendation</a> <time class="dt-published" datetime="2022-06-30">30 June 2022</time></p>
<details open="">
<summary>More details about this document</summary>
<dl>
<dt>This version:</dt><dd>
<a class="u-url" href="https://www.w3.org/TR/2022/REC-did-core-20220630/">https://www.w3.org/TR/2022/REC-did-core-20220630/</a>
</dd>
<dt>Latest published version:</dt><dd>
<a href="https://www.w3.org/TR/did-core/">https://www.w3.org/TR/did-core/</a>
</dd>
<dt>Latest editor's draft:</dt><dd><a href="https://w3c.github.io/did-core/">https://w3c.github.io/did-core/</a></dd>
<dt>History:</dt><dd>
<a href="https://www.w3.org/standards/history/did-core">https://www.w3.org/standards/history/did-core</a>
</dd><dd>
<a href="https://github.com/w3c/did-core/commits/main">Commit history</a>
</dd>
<dt>Implementation report:</dt><dd>
<a href="https://w3c.github.io/did-test-suite/">https://w3c.github.io/did-test-suite/</a>
</dd>
<dt>Editors:</dt><dd class="editor p-author h-card vcard" data-editor-id="41758">
<a class="u-url url p-name fn" href="http://manu.sporny.org/">Manu Sporny</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>)
</dd><dd class="editor p-author h-card vcard" data-editor-id="69000">
<a class="u-url url p-name fn" href="https://rhiaro.co.uk/">Amy Guy</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>)
</dd><dd class="editor p-author h-card vcard" data-editor-id="46729">
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/markus-sabadello-353a0821">Markus Sabadello</a> (<a class="p-org org h-org" href="https://danubetech.com/">Danube Tech</a>)
</dd><dd class="editor p-author h-card vcard" data-editor-id="3096">
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/drummondreed/">Drummond Reed</a> (<a class="p-org org h-org" href="https://www.evernym.com/">Evernym/Avast</a>)
</dd>
<dt>Authors:</dt><dd class="editor p-author h-card vcard" data-editor-id="41758">
<a class="u-url url p-name fn" href="http://manu.sporny.org/">Manu Sporny</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>)
</dd><dd class="editor p-author h-card vcard" data-editor-id="48025">
<a class="u-url url p-name fn" href="https://github.com/dlongley">Dave Longley</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>)
</dd><dd class="editor p-author h-card vcard" data-editor-id="46729">
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/markus-sabadello-353a0821">Markus Sabadello</a> (<a class="p-org org h-org" href="https://danubetech.com/">Danube Tech</a>)
</dd><dd class="editor p-author h-card vcard" data-editor-id="3096">
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/drummondreed/">Drummond Reed</a> (<a class="p-org org h-org" href="https://www.evernym.com/">Evernym/Avast</a>)
</dd><dd class="editor p-author h-card vcard">
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/or13b/">Orie Steele</a> (<a class="p-org org h-org" href="https://www.transmute.industries/">Transmute</a>)
</dd><dd class="editor p-author h-card vcard" data-editor-id="85560">
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/christophera">Christopher Allen</a> (<a class="p-org org h-org" href="https://www.BlockchainCommons.com">Blockchain Commons</a>)
</dd>
<dt>Feedback:</dt><dd>
<a href="https://github.com/w3c/did-core/">GitHub w3c/did-core</a>
(<a href="https://github.com/w3c/did-core/pulls/">pull requests</a>,
<a href="https://github.com/w3c/did-core/issues/new/choose">new issue</a>,
<a href="https://github.com/w3c/did-core/issues/">open issues</a>)
</dd><dd><a href="mailto:public-did-wg@w3.org?subject=%5Bdid-core%5D%20YOUR%20TOPIC%20HERE">public-did-wg@w3.org</a> with subject line <kbd>[did-core] <em>… message topic …</em></kbd> (<a rel="discussion" href="https://lists.w3.org/Archives/Public/public-did-wg">archives</a>)</dd>
<dt>Errata:</dt><dd><a href="https://w3c.github.io/did-core/errata.html">Errata exists</a>.</dd>
<dt>Related Documents</dt><dd>
<a href="https://www.w3.org/TR/did-use-cases/">DID Use Cases and Requirements</a>
</dd><dd>
<a href="https://www.w3.org/TR/did-spec-registries/">DID Specification Registries</a>
</dd><dd>
<a href="https://w3c.github.io/did-test-suite/">DID Core Implementation Report</a>
</dd>
</dl>
</details>
<p>
See also
<a href="https://www.w3.org/Translations/?technology=did-core">
<strong>translations</strong></a>.
</p>
<p class="copyright">
<a href="https://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
©
2022
<a href="https://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="https://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>,
<a href="https://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="https://www.keio.ac.jp/">Keio</a>,
<a href="https://ev.buaa.edu.cn/">Beihang</a>). W3C
<a href="https://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
<a href="https://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and
<a rel="license" href="https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document" title="W3C Software and Document Notice and License">permissive document license</a> rules apply.
</p>
<hr title="Separator for header">
</div>
<section id="abstract" class="introductory"><h2>Abstract</h2>
<p>
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-1">Decentralized identifiers</a> (DIDs) are a new type of identifier that
enables verifiable, decentralized digital identity. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-2">DID</a> refers to any
subject (e.g., a person, organization, thing, data model, abstract entity, etc.)
as determined by the controller of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-3">DID</a>. In contrast to
typical, federated identifiers, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-4">DIDs</a> have been designed so that they may
be decoupled from centralized registries, identity providers, and certificate
authorities. Specifically, while other parties might be used to help enable the
discovery of information related to a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-5">DID</a>, the design enables the
controller of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-6">DID</a> to prove control over it without requiring permission
from any other party. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-7">DIDs</a> are <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-1">URIs</a> that associate a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-1">DID
subject</a> with a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-1">DID document</a> allowing trustable interactions
associated with that subject.
</p>
<p>
Each <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-2">DID document</a> can express cryptographic material, <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-1">verification
methods</a>, or <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-1">services</a>, which provide a set of mechanisms enabling a
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-1">DID controller</a> to prove control of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-8">DID</a>. <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-2">Services</a> enable
trusted interactions associated with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-2">DID subject</a>. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-9">DID</a> might
provide the means to return the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-3">DID subject</a> itself, if the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-4">DID
subject</a> is an information resource such as a data model.
</p>
<p>
This document specifies the DID syntax, a common data model, core properties,
serialized representations, DID operations, and an explanation of the process
of resolving DIDs to the resources that they represent.
</p>
</section>
<section id="sotd" class="introductory"><h2>Status of This Document</h2><p><em>This section describes the status of this
document at the time of its publication. A list of current <abbr title="World Wide Web Consortium">W3C</abbr>
publications and the latest revision of this technical report can be found
in the <a href="https://www.w3.org/TR/"><abbr title="World Wide Web Consortium">W3C</abbr> technical reports index</a> at
https://www.w3.org/TR/.</em></p>
<p>
The <abbr title="World Wide Web Consortium">W3C</abbr> Decentralized Identifier Working Group has published this document as a
<abbr title="World Wide Web Consortium">W3C</abbr> Proposed Recommendation and is requesting that interested parties
review this specification by August 26th, 2021.
</p>
<p>
At the time of publication, there existed
<a href="https://w3c.github.io/did-spec-registries/#did-methods">103
experimental DID Method specifications</a>, 32 experimental DID Method driver
implementations, a <a href="https://w3c.github.io/did-test-suite/">test suite</a> that determines
whether or not a given implementation is conformant with this specification
and 46 implementations submitted to the conformance test suite.
Readers are advised to heed the <a href="https://github.com/w3c/did-core/issues">DID Core issues</a> and <a href="https://github.com/w3c/did-test-suite/issues"> DID Core Test Suite
issues</a> that each contain the latest list of concerns and proposed changes
that might result in alterations to this specification. At the time of
publication, no additional substantive issues, changes, or modifications
are expected.
</p>
<p>
Comments regarding this document are welcome. Please file issues
directly on <a href="https://github.com/w3c/did-core/issues/">GitHub</a>,
or send them
to <a href="mailto:public-did-wg@w3.org">public-did-wg@w3.org</a> (
<a href="mailto:public-did-wg-request@w3.org?subject=subscribe">subscribe</a>,
<a href="https://lists.w3.org/Archives/Public/public-did-wg/">archives</a>).
</p>
<p>
This document was published by the <a href="https://www.w3.org/groups/wg/did">Decentralized Identifier Working Group</a> as
a Recommendation using the
<a href="https://www.w3.org/2021/Process-20211102/#recs-and-notes">Recommendation track</a>.
</p><p>
<abbr title="World Wide Web Consortium">W3C</abbr> recommends the wide deployment of this specification as a standard for
the Web.
</p><p>
A <abbr title="World Wide Web Consortium">W3C</abbr> Recommendation is a specification that, after extensive
consensus-building, is endorsed by
<abbr title="World Wide Web Consortium">W3C</abbr> and its Members, and
has commitments from Working Group members to
<a href="https://www.w3.org/Consortium/Patent-Policy/#sec-Requirements">royalty-free licensing</a>
for implementations.
</p><p>
This document was produced by a group
operating under the
<a href="https://www.w3.org/Consortium/Patent-Policy/"><abbr title="World Wide Web Consortium">W3C</abbr> Patent
Policy</a>.
<abbr title="World Wide Web Consortium">W3C</abbr> maintains a
<a rel="disclosure" href="https://www.w3.org/groups/wg/did/ipr">public list of any patent disclosures</a>
made in connection with the deliverables of
the group; that page also includes
instructions for disclosing a patent. An individual who has actual
knowledge of a patent which the individual believes contains
<a href="https://www.w3.org/Consortium/Patent-Policy/#def-essential">Essential Claim(s)</a>
must disclose the information in accordance with
<a href="https://www.w3.org/Consortium/Patent-Policy/#sec-Disclosure">section 6 of the <abbr title="World Wide Web Consortium">W3C</abbr> Patent Policy</a>.
</p><p>
This document is governed by the
<a id="w3c_process_revision" href="https://www.w3.org/2021/Process-20211102/">2 November 2021 <abbr title="World Wide Web Consortium">W3C</abbr> Process Document</a>.
</p></section><nav id="toc"><h2 class="introductory" id="table-of-contents">Table of Contents</h2><ol class="toc"><li class="tocline"><a class="tocxref" href="#abstract">Abstract</a></li><li class="tocline"><a class="tocxref" href="#sotd">Status of This Document</a></li><li class="tocline"><a class="tocxref" href="#introduction"><bdi class="secno">1. </bdi>Introduction</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#a-simple-example"><bdi class="secno">1.1 </bdi>A Simple Example</a></li><li class="tocline"><a class="tocxref" href="#design-goals"><bdi class="secno">1.2 </bdi>Design Goals</a></li><li class="tocline"><a class="tocxref" href="#architecture-overview"><bdi class="secno">1.3 </bdi>
Architecture Overview
</a></li><li class="tocline"><a class="tocxref" href="#conformance"><bdi class="secno">1.4 </bdi>Conformance</a></li></ol></li><li class="tocline"><a class="tocxref" href="#terminology"><bdi class="secno">2. </bdi>Terminology</a></li><li class="tocline"><a class="tocxref" href="#identifier"><bdi class="secno">3. </bdi>Identifier</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-syntax"><bdi class="secno">3.1 </bdi>DID Syntax</a></li><li class="tocline"><a class="tocxref" href="#did-url-syntax"><bdi class="secno">3.2 </bdi>DID URL Syntax</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-parameters"><bdi class="secno">3.2.1 </bdi>DID Parameters</a></li><li class="tocline"><a class="tocxref" href="#relative-did-urls"><bdi class="secno">3.2.2 </bdi>Relative DID URLs</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#data-model"><bdi class="secno">4. </bdi>Data Model</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#extensibility"><bdi class="secno">4.1 </bdi>Extensibility</a></li></ol></li><li class="tocline"><a class="tocxref" href="#core-properties"><bdi class="secno">5. </bdi>Core Properties</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#identifiers"><bdi class="secno">5.1 </bdi>Identifiers</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-subject"><bdi class="secno">5.1.1 </bdi>DID Subject</a></li><li class="tocline"><a class="tocxref" href="#did-controller"><bdi class="secno">5.1.2 </bdi>DID Controller</a></li><li class="tocline"><a class="tocxref" href="#also-known-as"><bdi class="secno">5.1.3 </bdi>Also Known As</a></li></ol></li><li class="tocline"><a class="tocxref" href="#verification-methods"><bdi class="secno">5.2 </bdi>Verification Methods</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#verification-material"><bdi class="secno">5.2.1 </bdi>Verification Material</a></li><li class="tocline"><a class="tocxref" href="#referring-to-verification-methods"><bdi class="secno">5.2.2 </bdi>Referring to Verification Methods</a></li></ol></li><li class="tocline"><a class="tocxref" href="#verification-relationships"><bdi class="secno">5.3 </bdi>Verification Relationships</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#authentication"><bdi class="secno">5.3.1 </bdi>Authentication</a></li><li class="tocline"><a class="tocxref" href="#assertion"><bdi class="secno">5.3.2 </bdi>Assertion</a></li><li class="tocline"><a class="tocxref" href="#key-agreement"><bdi class="secno">5.3.3 </bdi>Key Agreement</a></li><li class="tocline"><a class="tocxref" href="#capability-invocation"><bdi class="secno">5.3.4 </bdi>Capability Invocation</a></li><li class="tocline"><a class="tocxref" href="#capability-delegation"><bdi class="secno">5.3.5 </bdi>Capability Delegation</a></li></ol></li><li class="tocline"><a class="tocxref" href="#services"><bdi class="secno">5.4 </bdi>Services</a></li></ol></li><li class="tocline"><a class="tocxref" href="#representations"><bdi class="secno">6. </bdi>Representations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#production-and-consumption"><bdi class="secno">6.1 </bdi>Production and Consumption</a></li><li class="tocline"><a class="tocxref" href="#json"><bdi class="secno">6.2 </bdi>JSON</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#production"><bdi class="secno">6.2.1 </bdi>Production</a></li><li class="tocline"><a class="tocxref" href="#consumption"><bdi class="secno">6.2.2 </bdi>Consumption</a></li></ol></li><li class="tocline"><a class="tocxref" href="#json-ld"><bdi class="secno">6.3 </bdi>JSON-LD</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#production-0"><bdi class="secno">6.3.1 </bdi>Production</a></li><li class="tocline"><a class="tocxref" href="#consumption-0"><bdi class="secno">6.3.2 </bdi>Consumption</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#resolution"><bdi class="secno">7. </bdi>Resolution</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-resolution"><bdi class="secno">7.1 </bdi>DID Resolution</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-resolution-options"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</a></li><li class="tocline"><a class="tocxref" href="#did-resolution-metadata"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a></li><li class="tocline"><a class="tocxref" href="#did-document-metadata"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</a></li></ol></li><li class="tocline"><a class="tocxref" href="#did-url-dereferencing"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-url-dereferencing-options"><bdi class="secno">7.2.1 </bdi>DID URL Dereferencing Options</a></li><li class="tocline"><a class="tocxref" href="#did-url-dereferencing-metadata"><bdi class="secno">7.2.2 </bdi>DID URL Dereferencing Metadata</a></li></ol></li><li class="tocline"><a class="tocxref" href="#metadata-structure"><bdi class="secno">7.3 </bdi>Metadata Structure</a></li></ol></li><li class="tocline"><a class="tocxref" href="#methods"><bdi class="secno">8. </bdi>Methods</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#method-syntax"><bdi class="secno">8.1 </bdi>Method Syntax</a></li><li class="tocline"><a class="tocxref" href="#method-operations"><bdi class="secno">8.2 </bdi>Method Operations</a></li><li class="tocline"><a class="tocxref" href="#security-requirements"><bdi class="secno">8.3 </bdi>Security Requirements</a></li><li class="tocline"><a class="tocxref" href="#privacy-requirements"><bdi class="secno">8.4 </bdi>Privacy Requirements</a></li></ol></li><li class="tocline"><a class="tocxref" href="#security-considerations"><bdi class="secno">9. </bdi>Security Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#choosing-did-resolvers"><bdi class="secno">9.1 </bdi>Choosing DID Resolvers</a></li><li class="tocline"><a class="tocxref" href="#proving-control-and-binding"><bdi class="secno">9.2 </bdi>Proving Control and Binding</a></li><li class="tocline"><a class="tocxref" href="#authentication-service-endpoints"><bdi class="secno">9.3 </bdi>Authentication Service Endpoints</a></li><li class="tocline"><a class="tocxref" href="#non-repudiation"><bdi class="secno">9.4 </bdi>Non-Repudiation</a></li><li class="tocline"><a class="tocxref" href="#notification-of-did-document-changes"><bdi class="secno">9.5 </bdi>Notification of DID Document Changes</a></li><li class="tocline"><a class="tocxref" href="#key-and-signature-expiration"><bdi class="secno">9.6 </bdi>Key and Signature Expiration</a></li><li class="tocline"><a class="tocxref" href="#verification-method-rotation"><bdi class="secno">9.7 </bdi>Verification Method Rotation</a></li><li class="tocline"><a class="tocxref" href="#verification-method-revocation"><bdi class="secno">9.8 </bdi>Verification Method Revocation</a></li><li class="tocline"><a class="tocxref" href="#did-recovery"><bdi class="secno">9.9 </bdi>DID Recovery</a></li><li class="tocline"><a class="tocxref" href="#the-role-of-human-friendly-identifiers"><bdi class="secno">9.10 </bdi>The Role of Human-Friendly Identifiers</a></li><li class="tocline"><a class="tocxref" href="#dids-as-enhanced-urns"><bdi class="secno">9.11 </bdi>DIDs as Enhanced URNs</a></li><li class="tocline"><a class="tocxref" href="#immutability"><bdi class="secno">9.12 </bdi>Immutability</a></li><li class="tocline"><a class="tocxref" href="#encrypted-data-in-did-documents"><bdi class="secno">9.13 </bdi>Encrypted Data in DID Documents</a></li><li class="tocline"><a class="tocxref" href="#equivalence-properties"><bdi class="secno">9.14 </bdi>Equivalence Properties</a></li><li class="tocline"><a class="tocxref" href="#content-integrity-protection"><bdi class="secno">9.15 </bdi>Content Integrity Protection</a></li><li class="tocline"><a class="tocxref" href="#persistence"><bdi class="secno">9.16 </bdi>Persistence</a></li><li class="tocline"><a class="tocxref" href="#level-of-assurance"><bdi class="secno">9.17 </bdi>Level of Assurance</a></li></ol></li><li class="tocline"><a class="tocxref" href="#privacy-considerations"><bdi class="secno">10. </bdi>Privacy Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#keep-personal-data-private"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a></li><li class="tocline"><a class="tocxref" href="#did-correlation-risks"><bdi class="secno">10.2 </bdi>DID Correlation Risks</a></li><li class="tocline"><a class="tocxref" href="#did-document-correlation-risks"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</a></li><li class="tocline"><a class="tocxref" href="#did-subject-classification"><bdi class="secno">10.4 </bdi>DID Subject Classification</a></li><li class="tocline"><a class="tocxref" href="#herd-privacy"><bdi class="secno">10.5 </bdi>Herd Privacy</a></li><li class="tocline"><a class="tocxref" href="#service-privacy"><bdi class="secno">10.6 </bdi>Service Privacy</a></li></ol></li><li class="tocline"><a class="tocxref" href="#examples"><bdi class="secno">A. </bdi>Examples</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-documents"><bdi class="secno">A.1 </bdi>DID Documents</a></li><li class="tocline"><a class="tocxref" href="#proving"><bdi class="secno">A.2 </bdi>Proving</a></li><li class="tocline"><a class="tocxref" href="#encrypting"><bdi class="secno">A.3 </bdi>Encrypting</a></li></ol></li><li class="tocline"><a class="tocxref" href="#architectural-considerations"><bdi class="secno">B. </bdi>Architectural Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#detailed-architecture-diagram"><bdi class="secno">B.1 </bdi>Detailed Architecture Diagram</a></li><li class="tocline"><a class="tocxref" href="#creation-of-a-did"><bdi class="secno">B.2 </bdi>Creation of a DID</a></li><li class="tocline"><a class="tocxref" href="#determining-the-did-subject"><bdi class="secno">B.3 </bdi>Determining the DID subject</a></li><li class="tocline"><a class="tocxref" href="#referring-to-the-did-document"><bdi class="secno">B.4 </bdi>Referring to the DID document</a></li><li class="tocline"><a class="tocxref" href="#statements-in-the-did-document"><bdi class="secno">B.5 </bdi>Statements in the DID document</a></li><li class="tocline"><a class="tocxref" href="#discovering-more-information-about-the-did-subject"><bdi class="secno">B.6 </bdi>Discovering more information about the DID subject</a></li><li class="tocline"><a class="tocxref" href="#serving-a-representation-of-the-did-subject"><bdi class="secno">B.7 </bdi>Serving a representation of the DID subject</a></li><li class="tocline"><a class="tocxref" href="#assigning-dids-to-existing-web-resources"><bdi class="secno">B.8 </bdi>Assigning DIDs to existing web resources</a></li><li class="tocline"><a class="tocxref" href="#the-relationship-between-did-controllers-and-did-subjects"><bdi class="secno">B.9 </bdi>The relationship between DID controllers and DID subjects</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#set-1-the-did-subject-is-the-did-controller"><bdi class="secno">B.9.1 </bdi>Set #1: The DID subject <em>is</em> the DID controller</a></li><li class="tocline"><a class="tocxref" href="#set-2-the-did-subject-is-not-the-did-controller"><bdi class="secno">B.9.2 </bdi>Set #2: The DID subject is <em>not</em> the DID controller</a></li></ol></li><li class="tocline"><a class="tocxref" href="#multiple-did-controllers"><bdi class="secno">B.10 </bdi>Multiple DID controllers</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#independent-control"><bdi class="secno">B.10.1 </bdi>Independent Control</a></li><li class="tocline"><a class="tocxref" href="#group-control"><bdi class="secno">B.10.2 </bdi>Group Control</a></li></ol></li><li class="tocline"><a class="tocxref" href="#changing-the-did-subject"><bdi class="secno">B.11 </bdi>Changing the DID subject</a></li><li class="tocline"><a class="tocxref" href="#changing-the-did-controller"><bdi class="secno">B.12 </bdi>Changing the DID controller</a></li></ol></li><li class="tocline"><a class="tocxref" href="#revision-history"><bdi class="secno">C. </bdi>Revision History</a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</a></li><li class="tocline"><a class="tocxref" href="#iana-considerations"><bdi class="secno">E. </bdi>IANA Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#application-did-json"><bdi class="secno">E.1 </bdi>application/did+json</a></li><li class="tocline"><a class="tocxref" href="#application-did-ld-json"><bdi class="secno">E.2 </bdi>application/did+ld+json</a></li></ol></li><li class="tocline"><a class="tocxref" href="#references"><bdi class="secno">F. </bdi>References</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#normative-references"><bdi class="secno">F.1 </bdi>Normative references</a></li><li class="tocline"><a class="tocxref" href="#informative-references"><bdi class="secno">F.2 </bdi>Informative references</a></li></ol></li></ol></nav>
<section class="informative" id="introduction"><div class="header-wrapper"><h2 id="x1-introduction"><bdi class="secno">1. </bdi>Introduction</h2><a class="self-link" href="#introduction" aria-label="Permalink for Section 1."></a></div><p><em>This section is non-normative.</em></p>
<p>
As individuals and organizations, many of us use globally unique identifiers in
a wide variety of contexts. They serve as communications addresses (telephone
numbers, email addresses, usernames on social media), ID numbers (for passports,
drivers licenses, tax IDs, health insurance), and product identifiers (serial
numbers, barcodes, RFIDs). URIs (Uniform Resource Identifiers) are used for
resources on the Web and each web page you view in a browser has a globally
unique URL (Uniform Resource Locator).
</p>
<p>
The vast majority of these globally unique identifiers are not under our
control. They are issued by external authorities that decide who or what they
refer to and when they can be revoked. They are useful only in certain contexts
and recognized only by certain bodies not of our choosing. They might
disappear or cease to be valid with the failure of an organization. They might
unnecessarily reveal personal information. In many cases, they can be
fraudulently replicated and asserted by a malicious third-party, which is
more commonly known as "identity theft".
</p>
<p>
The Decentralized Identifiers (DIDs) defined in this specification are a new
type of globally unique identifier. They are designed to enable individuals and
organizations to generate their own identifiers using systems they trust. These
new identifiers enable entities to prove control over them by authenticating
using cryptographic proofs such as digital signatures.
</p>
<p>
Since the generation and assertion of Decentralized Identifiers is
entity-controlled, each entity can have as many DIDs as necessary to maintain
their desired separation of identities, personas, and interactions. The use of
these identifiers can be scoped appropriately to different contexts. They
support interactions with other people, institutions, or systems that require
entities to identify themselves, or things they control, while providing control
over how much personal or private data should be revealed, all without depending
on a central authority to guarantee the continued existence of the identifier.
These ideas are explored in the DID Use Cases document [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-use-cases" title="Use Cases and Requirements for Decentralized Identifiers">DID-USE-CASES</a></cite>].
</p>
<p>
This specification does not presuppose any particular technology or cryptography
to underpin the generation, persistence, resolution, or interpretation of DIDs.
For example, implementers can create Decentralized Identifiers based on
identifiers registered in federated or centralized identity management systems.
Indeed, almost all types of identifier systems can add support for DIDs. This
creates an interoperability bridge between the worlds of centralized, federated,
and decentralized identifiers. This also enables implementers to design specific
types of DIDs to work with the computing infrastructure they trust, such as
distributed ledgers, decentralized file systems, distributed databases, and
peer-to-peer networks.
</p>
<p>
This specification is for:
</p>
<ul>
<li>
Anyone that wants to understand the core architectural principles that
are the foundation for Decentralized Identifiers;
</li>
<li>
Software developers that want to produce and consume Decentralized Identifiers
and their associated data formats;
</li>
<li>
Systems integrators that want to understand how to use Decentralized
Identifiers in their software and hardware systems;
</li>
<li>
Specification authors that want to create new DID infrastructures, known as DID
methods, that conform to the ecosystem described by this document.
</li>
</ul>
<p>
In addition to this specification, readers might find the
Use Cases and Requirements for Decentralized Identifiers [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-use-cases" title="Use Cases and Requirements for Decentralized Identifiers">DID-USE-CASES</a></cite>]
document useful.
</p>
<section class="informative" id="a-simple-example"><div class="header-wrapper"><h3 id="x1-1-a-simple-example"><bdi class="secno">1.1 </bdi>A Simple Example</h3><a class="self-link" href="#a-simple-example" aria-label="Permalink for Section 1.1"></a></div><p><em>This section is non-normative.</em></p>
<p>
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-10">DID</a> is a simple text string consisting of three parts: 1) the
<code>did</code> URI scheme identifier, 2) the identifier for the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-1">DID
method</a>, and 3) the DID method-specific identifier.
</p>
<figure id="parts-of-a-did">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/parts-of-a-did.svg" alt="
A diagram showing the parts of a DID. The left-most letters spell 'did' in blue,
are enclosed in a horizontal bracket from above and a label that reads 'scheme'
above the bracket. A gray colon follows the 'did' letters. The middle letters
spell 'example' in magenta, are enclosed in a horizontal bracket from below and
a label that reads 'DID Method' below the bracket. A gray colon follows the
DID Method. Finally, the letters at the end read '123456789abcdefghi' in
green, are enclosed in a horizontal bracket from below and a label that
reads 'DID Method Specific String' below the bracket.
" height="157" width="500">
<figcaption>Figure <bdi class="figno">1</bdi> <span class="fig-title">
A simple example of a decentralized identifier (DID)
</span></figcaption>
</figure>
<p>
The example <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-11">DID</a> above resolves to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-3">DID document</a>. A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-4">DID
document</a> contains information associated with the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-12">DID</a>, such as ways
to cryptographically <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-1">authenticate</a> a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-2">DID controller</a>.
</p>
<div class="example" id="example-a-simple-did-document">
<div class="marker">
<a class="self-link" href="#example-a-simple-did-document">Example<bdi> 1</bdi></a><span class="example-title">: A simple DID document</span>
</div> <pre class="nohighlight">{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
]
"id": "did:example:123456789abcdefghi",
"authentication": [{
<span class="comment">// used to authenticate as did:...fghi</span>
"id": "did:example:123456789abcdefghi#keys-1",
"type": "Ed25519VerificationKey2020",
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}]
}</pre>
</div>
</section>
<section class="informative" id="design-goals"><div class="header-wrapper"><h3 id="x1-2-design-goals"><bdi class="secno">1.2 </bdi>Design Goals</h3><a class="self-link" href="#design-goals" aria-label="Permalink for Section 1.2"></a></div><p><em>This section is non-normative.</em></p>
<p>
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-13">Decentralized Identifiers</a> are a component of larger systems, such as the
Verifiable Credentials ecosystem [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>], which influenced the design
goals for this specification. The design goals for Decentralized Identifiers
are summarized here.
</p>
<table class="simple">
<thead>
<tr>
<th>
Goal
</th>
<th>
Description
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
Decentralization
</td>
<td>
Eliminate the requirement for centralized authorities or single point failure in
identifier management, including the registration of globally unique
identifiers, public verification keys, <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-3">services</a>, and other information.
</td>
</tr>
<tr>
<td>
Control
</td>
<td>
Give entities, both human and non-human, the power to directly control their
digital identifiers without the need to rely on external authorities.
</td>
</tr>
<tr>
<td>
Privacy
</td>
<td>
Enable entities to control the privacy of their information, including minimal,
selective, and progressive disclosure of attributes or other data.
</td>
</tr>
<tr>
<td>
Security
</td>
<td>
Enable sufficient security for requesting parties to depend on <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-5">DID
documents</a> for their required level of assurance.
</td>
</tr>
<tr>
<td>
Proof-based
</td>
<td>
Enable <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-3">DID controllers</a> to provide cryptographic proof when interacting
with other entities.
</td>
</tr>
<tr>
<td>
Discoverability
</td>
<td>
Make it possible for entities to discover <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-14">DIDs</a> for other entities, to
learn more about or interact with those entities.
</td>
</tr>
<tr>
<td>
Interoperability
</td>
<td>
Use interoperable standards so <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-15">DID</a> infrastructure can make use of
existing tools and software libraries designed for interoperability.
</td>
</tr>
<tr>
<td>
Portability
</td>
<td>
Be system- and network-independent and enable entities to use their digital
identifiers with any system that supports <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-16">DIDs</a> and <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-2">DID methods</a>.
</td>
</tr>
<tr>
<td>
Simplicity
</td>
<td>
Favor a reduced set of simple features to make the technology easier to
understand, implement, and deploy.
</td>
</tr>
<tr>
<td>
Extensibility
</td>
<td>
Where possible, enable extensibility provided it does not greatly hinder
interoperability, portability, or simplicity.
</td>
</tr>
</tbody>
</table>
</section>
<section class="informative" id="architecture-overview"><div class="header-wrapper"><h3 id="x1-3-architecture-overview"><bdi class="secno">1.3 </bdi>
Architecture Overview
</h3><a class="self-link" href="#architecture-overview" aria-label="Permalink for Section 1.3"></a></div><p><em>This section is non-normative.</em></p>
<p>
This section provides a basic overview of the major components of
Decentralized Identifier architecture.
</p>
<figure id="brief-architecture-overview">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/did_brief_architecture_overview.svg" alt="
DIDs and DID documents are recorded on a Verifiable Data Registry; DIDs resolve
to DID documents; DIDs refer to DID subjects; a DID controller controls a DID
document; DID URLs contains a DID; DID URLs dereferenced to DID document
fragments or external resources.
" height="555" width="944">
<figcaption>Figure <bdi class="figno">2</bdi> <span class="fig-title">
Overview of DID architecture and the relationship of the basic components.
See also: <a class="longdesc-link" href="#brief-architecture-overview-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="brief-architecture-overview-longdesc">
<p>
Six internally-labeled shapes appear in the diagram, with labeled arrows
between them, as follows. In the center of the diagram is a rectangle labeled
DID URL, containing small typewritten text "did:example:123/path/to/rsrc". At
the center top of the diagram is a rectangle labeled, "DID", containing small
typewritten text "did:example:123". At the top left of the diagram is an oval,
labeled "DID Subject". At the bottom center of the diagram is a rectangle
labeled, "DID document". At the bottom left is an oval, labeled, "DID
Controller". On the center right of the diagram is a two-dimensional rendering
of a cylinder, labeled, "Verifiable Data Registry".
</p>
<p>
From the top of the "DID URL" rectangle, an arrow, labeled "contains", extends
upwards, pointing to the "DID" rectangle. From the bottom of the "DID URL"
rectangle, an arrow, labeled "refers, and
<strong><em>dereferences</em></strong>, to", extends downward, pointing to the
"DID document" rectangle. An arrow from the "DID" rectangle, labeled
"<strong><em>resolves</em></strong> to", points down to the "DID document"
rectangle. An arrow from the "DID" rectangle, labeled "refers to", points left
to the "DID subject" oval. An arrow from the "DID controller" oval, labeled
"controls", points right to the "DID document" rectangle. An arrow from the
"DID" rectangle, labeled "recorded on", points downards to the right, to the
"Verifiable Data Registry" cylinder. An arrow from the "DID document" rectangle,
labeled "recorded on", points upwards to the right to the "Verifiable Data
Registry" cylinder.
</p>
</div>
<dl>
<dt>
DIDs and DID URLs
</dt>
<dd>
A Decentralized Identifier, or <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-17">DID</a>, is a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-2">URI</a> composed of three
parts: the scheme <code>did:</code>, a method identifier, and a unique,
method-specific identifier specified by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-3">DID method</a>. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-18">DIDs</a> are
resolvable to <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-6">DID documents</a>. A <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-1">DID URL</a> extends the syntax of a
basic <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-19">DID</a> to incorporate other standard <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-3">URI</a> components such as
path, query, and fragment in order to locate a particular
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-1">resource</a>—for example, a cryptographic public key inside a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-7">DID
document</a>, or a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-2">resource</a> external to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-8">DID document</a>.
These concepts are elaborated upon in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a> and <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>.
</dd>
<dt>
DID subjects
</dt>
<dd>
The subject of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-20">DID</a> is, by definition, the entity identified by the
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-21">DID</a>. The <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-5">DID subject</a> might also be the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-4">DID controller</a>.
Anything can be the subject of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-22">DID</a>: person, group, organization,
thing, or concept. This is further defined in <a href="#did-subject" class="sec-ref"><bdi class="secno">5.1.1 </bdi>DID Subject</a>.
</dd>
<dt>
DID controllers
</dt>
<dd>
The <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-1">controller</a> of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-23">DID</a> is the entity (person, organization, or
autonomous software) that has the capability—as defined by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-4">DID
method</a>—to make changes to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-9">DID document</a>. This capability is
typically asserted by the control of a set of cryptographic keys used by
software acting on behalf of the controller, though it might also be asserted
via other mechanisms. Note that a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-24">DID</a> might have more than one
controller, and the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-6">DID subject</a> can be the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-5">DID controller</a>, or one
of them. This concept is documented in <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>.
</dd>
<dt>
Verifiable data registries
</dt>
<dd>
In order to be resolvable to <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-10">DID documents</a>, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-25">DIDs</a> are typically
recorded on an underlying system or network of some kind. Regardless of the
specific technology used, any such system that supports recording <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-26">DIDs</a>
and returning data necessary to produce <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-11">DID documents</a> is called a
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-1">verifiable data registry</a>. Examples include <a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-1">distributed ledgers</a>,
decentralized file systems, databases of any kind, peer-to-peer networks, and
other forms of trusted data storage. This concept is further elaborated upon in
<a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>.
</dd>
<dt>
DID documents
</dt>
<dd>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-12">DID documents</a> contain information associated with a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-27">DID</a>. They
typically express <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-2">verification methods</a>, such as cryptographic public
keys, and <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-4">services</a> relevant to interactions with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-7">DID subject</a>.
The generic properties supported in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-13">DID document</a> are specified in <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>. A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-14">DID document</a> can be serialized to a byte
stream (see <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>). The properties present in
a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-15">DID document</a> can be updated according to the applicable operations
outlined in <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>.
</dd>
<dt>
DID methods
</dt>
<dd>
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-5">DID methods</a> are the mechanism by which a particular type of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-28">DID</a>
and its associated <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-16">DID document</a> are created, resolved, updated, and
deactivated. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-6">DID methods</a> are defined using separate DID method
specifications as defined in <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>.
</dd>
<dt>
DID resolvers and DID resolution
</dt>
<dd>
A <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-1">DID resolver</a> is a system component that takes a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-29">DID</a> as input and
produces a conforming <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-17">DID document</a> as output. This process is called
<a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-1">DID resolution</a>. The steps for resolving a specific type of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-30">DID</a> are
defined by the relevant <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-7">DID method</a> specification. The process of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-2">DID
resolution</a> is elaborated upon in <a href="#resolution" class="sec-ref"><bdi class="secno">7. </bdi>Resolution</a>.
</dd>
<dt>
DID URL dereferencers and DID URL dereferencing
</dt>
<dd>
A <a href="#dfn-did-url-dereferencers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencers-1">DID URL dereferencer</a> is a system component that takes a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-2">DID URL</a>
as input and produces a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-3">resource</a> as output. This process is
called <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-1">DID URL dereferencing</a>. The process of <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-2">DID URL dereferencing</a>
is elaborated upon in <a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>.
</dd>
</dl>
</section>
<section id="conformance"><div class="header-wrapper"><h3 id="x1-4-conformance"><bdi class="secno">1.4 </bdi>Conformance</h3><a class="self-link" href="#conformance" aria-label="Permalink for Section 1.4"></a></div><p>As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.</p><p>
The key words <em class="rfc2119">MAY</em>, <em class="rfc2119">MUST</em>, <em class="rfc2119">MUST NOT</em>, <em class="rfc2119">OPTIONAL</em>, <em class="rfc2119">RECOMMENDED</em>, <em class="rfc2119">REQUIRED</em>, <em class="rfc2119">SHOULD</em>, and <em class="rfc2119">SHOULD NOT</em> in this document
are to be interpreted as described in
<a href="https://datatracker.ietf.org/doc/html/bcp14">BCP 14</a>
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc2119" title="Key words for use in RFCs to Indicate Requirement Levels">RFC2119</a></cite>] [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8174" title="Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words">RFC8174</a></cite>]
when, and only when, they appear in all capitals, as shown here.
</p>
<p>
This document contains examples that contain JSON and JSON-LD content.
Some of these examples contain characters that are invalid, such as inline
comments (<code>//</code>) and the use of ellipsis (<code>...</code>) to denote
information that adds little value to the example. Implementers are cautioned to
remove this content if they desire to use the information as valid JSON
or JSON-LD.
</p>
<p>
Some examples contain terms, both property names and values, that are not
defined in this specification. These are indicated with a comment (<code>//
external (property name|value)</code>). Such terms, when used in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-18">DID
document</a>, are expected to be registered in the DID Specification Registries
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] with links to both a formal definition and a JSON-LD
context.
</p>
<p>
Interoperability of implementations for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-31">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-19">DID documents</a> is
tested by evaluating an implementation's ability to create and parse <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-32">DIDs</a>
and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-20">DID documents</a> that conform to this specification. Interoperability
for producers and consumers of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-33">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-21">DID documents</a> is provided
by ensuring the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-34">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-22">DID documents</a> conform. Interoperability
for <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-8">DID method</a> specifications is provided by the details in each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-9">DID
method</a> specification. It is understood that, in the same way that a web
browser is not required to implement all known <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-4">URI</a> schemes, conformant
software that works with <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-35">DIDs</a> is not required to implement all known
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-10">DID methods</a>. However, all implementations of a given <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-11">DID method</a>
are expected to be interoperable for that method.
</p>
<p>
A <dfn data-plurals="conforming dids" id="dfn-conforming-did" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID</dfn> is any concrete expression of the rules specified in
<a href="#identifier" class="sec-ref"><bdi class="secno">3. </bdi>Identifier</a> which complies with relevant normative statements in
that section.
</p>
<p>
A <dfn data-plurals="conforming did documents" id="dfn-conforming-did-document" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID document</dfn> is any concrete expression of the data
model described in this specification which complies with the relevant normative
statements in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a> and <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>. A
serialization format for the conforming document is deterministic,
bi-directional, and lossless, as described in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>.
</p>
<p>
A <dfn data-plurals="conforming producers" id="dfn-conforming-producer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming producer</dfn> is any algorithm realized as software and/or
hardware that generates <a href="#dfn-conforming-did" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-1">conforming DIDs</a> or <a href="#dfn-conforming-did-document" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-document-1">conforming DID
Documents</a> and complies with the relevant normative statements in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>.
</p>
<p>
A <dfn data-plurals="conforming consumers" id="dfn-conforming-consumer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming consumer</dfn> is any algorithm realized as software and/or
hardware that consumes <a href="#dfn-conforming-did" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-2">conforming DIDs</a> or <a href="#dfn-conforming-did-document" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-document-2">conforming DID documents</a>
and complies with the relevant normative statements in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>.
</p>
<p>
A <dfn class="lint-ignore" id="dfn-conforming-did-resolver" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID resolver</dfn> is any algorithm
realized as software and/or hardware that complies with the relevant normative
statements in <a href="#did-resolution" class="sec-ref"><bdi class="secno">7.1 </bdi>DID Resolution</a>.
</p>
<p>
A <dfn class="lint-ignore" id="dfn-conforming-did-url-dereferencer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID URL dereferencer</dfn> is any
algorithm realized as software and/or hardware that complies with the relevant
normative statements in <a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>.
</p>
<p>
A <dfn class="lint-ignore" id="dfn-conforming-did-method" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID method</dfn> is any specification that
complies with the relevant normative statements in <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>.
</p>
</section>
</section>
<section class="informative" id="terminology"><div class="header-wrapper"><h2 id="x2-terminology"><bdi class="secno">2. </bdi>Terminology</h2><a class="self-link" href="#terminology" aria-label="Permalink for Section 2."></a></div><p><em>This section is non-normative.</em></p>
<div><p>
This section defines the terms used in this specification and throughout
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-36">decentralized identifier</a> infrastructure. A link to these terms is
included whenever they appear in this specification.
</p>
<dl class="termlist">
<dt><dfn data-lt="amplification|amplification attack" id="dfn-amplification" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">amplification attack</dfn></dt>
<dd>
A class of attack where the attacker attempts to exhaust a target system's
CPU, storage, network, or other resources by providing small, valid inputs into
the system that result in damaging effects that can be exponentially more costly
to process than the inputs themselves.
</dd>
<dt><dfn data-lt="authenticated|authenticate" id="dfn-authenticated" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">authenticate</dfn></dt>
<dd>
Authentication is a process by which an entity can prove it has a specific
attribute or controls a specific secret using one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-3">verification
methods</a>. With <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-37">DIDs</a>, a common example would be proving control of the
cryptographic private key associated with a public key published in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-23">DID
document</a>.
</dd>
<dt><dfn data-lt="cryptosuite|cryptographic suite" id="dfn-cryptosuite" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">cryptographic suite</dfn></dt>
<dd>
A specification defining the usage of specific cryptographic primitives in
order to achieve a particular security goal. These documents are often used
to specify <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-4">verification methods</a>, digital signature types,
their identifiers, and other related properties.
</dd>
<dt><dfn data-lt="decentralized identifiers|DID|DIDs|decentralized identifier" data-plurals="dids|did" id="dfn-decentralized-identifiers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">decentralized identifier</dfn> (DID)</dt>
<dd>
A globally unique persistent identifier that does not require a centralized
registration authority and is often generated and/or registered
cryptographically. The generic format of a DID is defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. A specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-1">DID scheme</a> is defined in a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-12">DID
method</a> specification. Many—but not all—DID methods make use of
<a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-2">distributed ledger technology</a> (DLT) or some other form of decentralized
network.
</dd>
<dt><dfn id="dfn-decentralized-identity-management" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">decentralized identity management</dfn></dt>
<dd>
<a href="https://en.wikipedia.org/wiki/Identity_management">Identity
management</a> that is based on the use of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-38">decentralized identifiers</a>.
Decentralized identity management extends authority for identifier generation,
registration, and assignment beyond traditional roots of trust such as
<a href="https://en.wikipedia.org/wiki/X.500">X.500 directory services</a>,
the <a href="https://en.wikipedia.org/wiki/Domain_Name_System">Domain Name System</a>,
and most national ID systems.
</dd>
<dt><dfn data-lt="did controllers|did controller(s)|DID controller" id="dfn-did-controllers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID controller</dfn></dt>
<dd>
An entity that has the capability to make changes to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-25">DID document</a>. A
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-40">DID</a> might have more than one DID controller. The DID controller(s)
can be denoted by the optional <code>controller</code> property at the top level of the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-26">DID document</a>. Note that a DID controller might be the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-8">DID
subject</a>.
</dd>
<dt><dfn id="dfn-did-delegate" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID delegate</dfn></dt>
<dd>
An entity to whom a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-6">DID controller</a> has granted permission to use a
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-5">verification method</a> associated with a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-41">DID</a> via a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-27">DID
document</a>. For example, a parent who controls a child's <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-28">DID document</a>
might permit the child to use their personal device in order to
<a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-2">authenticate</a>. In this case, the child is the <a href="#dfn-did-delegate" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-delegate-1">DID delegate</a>. The
child's personal device would contain the private cryptographic material
enabling the child to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-3">authenticate</a> using the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-42">DID</a>. However, the child
might not be permitted to add other personal devices without the parent's
permission.
</dd>
<dt><dfn data-lt="DID documents|DID document" data-plurals="did documents" id="dfn-did-documents" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID document</dfn></dt>
<dd>
A set of data describing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-9">DID subject</a>, including mechanisms, such as
cryptographic public keys, that the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-10">DID subject</a> or a <a href="#dfn-did-delegate" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-delegate-2">DID delegate</a>
can use to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-4">authenticate</a> itself and prove its association with the
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-43">DID</a>. A DID document might have one or more different
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-1">representations</a> as defined in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a> or in the
<abbr title="World Wide Web Consortium">W3C</abbr> DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</dd>
<dt><dfn data-lt="DID fragments|DID fragment" data-plurals="did fragments" id="dfn-did-fragments" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID fragment</dfn></dt>
<dd>
The portion of a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-3">DID URL</a> that follows the first hash sign character
(<code>#</code>). DID fragment syntax is identical to URI fragment syntax.
</dd>
<dt><dfn data-lt="DID methods|DID method" data-plurals="did methods" id="dfn-did-methods" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID method</dfn></dt>
<dd>
A definition of how a specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-2">DID method scheme</a> is implemented. A DID method is
defined by a DID method specification, which specifies the precise operations by
which <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-44">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-29">DID documents</a> are created, resolved, updated,
and deactivated. See <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>.
</dd>
<dt><dfn data-lt="DID paths|DID path" data-plurals="did paths" id="dfn-did-paths" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID path</dfn></dt>
<dd>
The portion of a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-4">DID URL</a> that begins with and includes the first forward
slash (<code>/</code>) character and ends with either a question mark
(<code>?</code>) character, a fragment hash sign (<code>#</code>) character,
or the end of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-5">DID URL</a>. DID path syntax is identical to URI path syntax.
See <a href="#path" class="sec-ref">Path</a>.
</dd>
<dt><dfn data-lt="DID queries|DID query" data-plurals="did queries" id="dfn-did-queries" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID query</dfn></dt>
<dd>
The portion of a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-6">DID URL</a> that follows and includes the first question
mark character (<code>?</code>). DID query syntax is identical to URI query
syntax. See <a href="#query" class="sec-ref">Query</a>.
</dd>
<dt><dfn id="dfn-did-resolution" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID resolution</dfn></dt>
<dd>
The process that takes as its input a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-45">DID</a> and a set of resolution
options and returns a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-30">DID document</a> in a conforming <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-2">representation</a>
plus additional metadata. This process relies on the "Read" operation of the
applicable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-13">DID method</a>. The inputs and outputs of this process are
defined in <a href="#did-resolution" class="sec-ref"><bdi class="secno">7.1 </bdi>DID Resolution</a>.
</dd>
<dt><dfn data-lt="DID resolvers|DID resolver" data-plurals="did resolvers" id="dfn-did-resolvers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID resolver</dfn></dt>
<dd>
A <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-3">DID resolver</a> is a software and/or hardware component that performs the
<a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-3">DID resolution</a> function by taking a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-46">DID</a> as input and producing a
conforming <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-31">DID document</a> as output.
</dd>
<dt><dfn data-lt="DID schemes|DID method scheme|DID scheme" id="dfn-did-schemes" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID scheme</dfn></dt>
<dd>
The formal syntax of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-47">decentralized identifier</a>. The generic DID scheme
begins with the prefix <code>did:</code> as defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. Each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-14">DID method</a> specification defines a specific
DID method scheme that works with that specific <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-15">DID method</a>. In a specific DID
method scheme, the DID method name follows the first colon and terminates with
the second colon, e.g., <code>did:example:</code>
</dd>
<dt><dfn data-lt="DID subjects|DID subject" data-plurals="did subjects" id="dfn-did-subjects" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID subject</dfn></dt>
<dd>
The entity identified by a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-48">DID</a> and described by a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-32">DID document</a>.
Anything can be a DID subject: person, group, organization, physical thing,
digital thing, logical thing, etc.
</dd>
<dt><dfn data-lt="DID URLs|DID URL" data-plurals="did urls" id="dfn-did-urls" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID URL</dfn></dt>
<dd>
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-49">DID</a> plus any additional syntactic component that conforms to the
definition in <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>. This includes an optional <a href="#dfn-did-paths" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-paths-1">DID
path</a> (with its leading <code>/</code> character), optional <a href="#dfn-did-queries" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-queries-1">DID query</a>
(with its leading <code>?</code> character), and optional <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-1">DID fragment</a>
(with its leading <code>#</code> character).
</dd>
<dt><dfn id="dfn-did-url-dereferencing" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID URL dereferencing</dfn></dt>
<dd>
The process that takes as its input a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-7">DID URL</a> and a set of input
metadata, and returns a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-4">resource</a>. This resource might be a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-33">DID
document</a> plus additional metadata, a secondary resource
contained within the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-34">DID document</a>, or a resource entirely
external to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-35">DID document</a>. The process uses <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-4">DID resolution</a> to
fetch a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-36">DID document</a> indicated by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-50">DID</a> contained within the
<a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-8">DID URL</a>. The dereferencing process can then perform additional processing
on the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-37">DID document</a> to return the dereferenced resource indicated by the
<a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-9">DID URL</a>. The inputs and outputs of this process are defined in
<a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>.
</dd>
<dt><dfn data-lt="DID URL dereferencers|DID URL dereferencer" id="dfn-did-url-dereferencers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID URL dereferencer</dfn></dt>
<dd>
A software and/or hardware system that performs the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-3">DID URL dereferencing</a>
function for a given <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-10">DID URL</a> or <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-38">DID document</a>.
</dd>
<dt><dfn data-lt="distributed ledger technology|DLT|distributed ledger" data-plurals="distributed ledgers|dlts" id="dfn-distributed-ledger-technology" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">distributed ledger</dfn> (DLT)</dt>
<dd>
A non-centralized system for recording events. These systems establish
sufficient confidence for participants to rely upon the data recorded by others
to make operational decisions. They typically use distributed databases where
different nodes use a consensus protocol to confirm the ordering of
cryptographically signed transactions. The linking of digitally signed
transactions over time often makes the history of the ledger effectively
immutable.
</dd>
<dt><dfn data-plurals="public key descriptions" id="dfn-public-key-description" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">public key description</dfn></dt>
<dd>
A data object contained inside a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-39">DID document</a> that contains all the
metadata necessary to use a public key or a verification key.
</dd>
<dt><dfn data-lt="resources|resource" id="dfn-resources" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">resource</dfn></dt>
<dd>
As defined by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]: "...the term 'resource' is used in a general sense
for whatever might be identified by a URI." Similarly, any resource might serve
as a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-11">DID subject</a> identified by a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-51">DID</a>.
</dd>
<dt><dfn data-lt="representations|representation" id="dfn-representations" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">representation</dfn></dt>
<dd>
As defined for HTTP by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7231" title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">RFC7231</a></cite>]: "information that is intended to reflect a
past, current, or desired state of a given resource, in a format that can be
readily communicated via the protocol, and that consists of a set of
representation metadata and a potentially unbounded stream of representation
data." A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-40">DID document</a> is a representation of information describing a
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-12">DID subject</a>. See <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>.
</dd>
<dt><dfn data-lt="representation-specific entry|non-representation-specific entry|representation-specific entries" data-plurals="non-representation-specific entries" id="dfn-representation-specific-entry" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">representation-specific entries</dfn></dt>
<dd>
Entries in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-41">DID document</a> whose meaning is particular to a specific
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-3">representation</a>. Defined in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a> and
<a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>. For example, <a href="#dfn-context" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-context-1"><code>@context</code></a> in
the <a href="#json-ld">JSON-LD representation</a> is a
<em>representation-specific entry</em>.
</dd>
<dt><dfn data-lt="service|services" id="dfn-service" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">services</dfn></dt>
<dd>
Means of communicating or interacting with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-13">DID subject</a> or
associated entities via one or more <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-1">service endpoints</a>.
Examples include discovery services, agent services, social networking
services, file storage services, and verifiable credential repository services.
</dd>
<dt><dfn data-lt="service endpoints|service endpoint" id="dfn-service-endpoints" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">service endpoint</dfn></dt>
<dd>
A network address, such as an HTTP URL, at which <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-5">services</a> operate on
behalf of a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-14">DID subject</a>.
</dd>
<dt><dfn data-lt="URI|URIs|Uniform Resource Identifier" data-plurals="uris" id="dfn-uri" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Uniform Resource Identifier</dfn> (URI)</dt>
<dd>
The standard identifier format for all resources on the World Wide Web as
defined by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-52">DID</a> is a type of URI scheme.
</dd>
<dt><dfn data-lt="verifiable credentials|verifiable credential" id="dfn-verifiable-credentials" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verifiable credential</dfn></dt>
<dd>
A standard data model and representation format for cryptographically-verifiable
digital credentials as defined by the <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials specification
[<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>].
</dd>
<dt>
<dfn data-lt="verifiable data registry|verifiable data registries" id="dfn-verifiable-data-registry" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">
verifiable data registry</dfn>
</dt>
<dd>
A system that facilitates the creation, verification, updating, and/or
deactivation of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-53">decentralized identifiers</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-42">DID documents</a>. A
verifiable data registry might also be used for other
cryptographically-verifiable data structures such as <a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-1">verifiable
credentials</a>. For more information, see the <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials
specification [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>].
</dd>
<dt><dfn data-plurals="verifiable timestamps" id="dfn-verifiable-timestamp" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verifiable timestamp</dfn></dt>
<dd>
A verifiable timestamp enables a third-party to verify that a data object
existed at a specific moment in time and that it has not been modified or
corrupted since that moment in time.&nbsp;If the data integrity could reasonably have
been modified or corrupted since that moment in time, the timestamp is not
verifiable.
</dd>
<dt><dfn data-lt="" data-plurals="verification methods" id="dfn-verification-method" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verification method</dfn></dt>
<dd>
<p>
A set of parameters that can be used together with a process to independently
verify a proof. For example, a cryptographic public key can be used as a
verification method with respect to a digital signature; in such usage, it
verifies that the signer possessed the associated cryptographic private key.
</p>
<p>
"Verification" and "proof" in this definition are intended to apply broadly. For
example, a cryptographic public key might be used during Diffie-Hellman key
exchange to negotiate a shared symmetric key for encryption. This guarantees the
integrity of the key agreement process. It is thus another type of verification
method, even though descriptions of the process might not use the words
"verification" or "proof."
</p>
</dd>
<dt><dfn data-lt="" data-plurals="verification relationships" id="dfn-verification-relationship" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verification relationship</dfn></dt>
<dd>
<p>
An expression of the relationship between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-15">DID subject</a> and a
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-6">verification method</a>. An example of a verification relationship is
<a href="#authentication" class="sec-ref"><bdi class="secno">5.3.1 </bdi>Authentication</a>.
</p>
</dd>
<dt><dfn data-lt="UUID|UUIDs|Universally Unique Identifier" data-plurals="uuid" id="dfn-uuid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Universally Unique Identifier</dfn> (UUID)</dt>
<dd>
A type of globally unique identifier defined by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc4122" title="A Universally Unique IDentifier (UUID) URN Namespace">RFC4122</a></cite>]. UUIDs are similar
to DIDs in that they do not require a centralized registration authority. UUIDs
differ from DIDs in that they are not resolvable or
cryptographically-verifiable.
</dd>
</dl>
</div>
<p>
In addition to the terminology above, this specification also uses terminology
from the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification to formally define the <a href="#data-model">data model</a>. When [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] terminology is used, such as
<a href="https://infra.spec.whatwg.org/#strings">string</a>, <a href="https://infra.spec.whatwg.org/#ordered-set">set</a>, and <a href="https://infra.spec.whatwg.org/#maps">map</a>, it is linked directly to that specification.
</p>
</section>
<section id="identifier"><div class="header-wrapper"><h2 id="x3-identifier"><bdi class="secno">3. </bdi>Identifier</h2><a class="self-link" href="#identifier" aria-label="Permalink for Section 3."></a></div>
<p>
This section describes the formal syntax for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-54">DIDs</a> and <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-11">DID URLs</a>.
The term "generic" is used to differentiate the syntax defined here from syntax
defined by <em>specific</em> <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-16">DID methods</a> in their respective
specifications. The creation processes, and their timing, for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-55">DIDs</a> and
<a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-12">DID URLs</a> are described in <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a> and
<a href="#creation-of-a-did" class="sec-ref"><bdi class="secno">B.2 </bdi>Creation of a DID</a>.
</p>
<section class="normative" id="did-syntax"><div class="header-wrapper"><h3 id="x3-1-did-syntax"><bdi class="secno">3.1 </bdi>DID Syntax</h3><a class="self-link" href="#did-syntax" aria-label="Permalink for Section 3.1"></a></div>
<p>
The generic <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-3">DID scheme</a> is a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-5">URI</a> scheme conformant with
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. The ABNF definition can be found below, which uses the syntax in
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc5234" title="Augmented BNF for Syntax Specifications: ABNF">RFC5234</a></cite>] and the corresponding definitions for <code>ALPHA</code> and
<code>DIGIT</code>. All other rule names not defined in the ABNF below are
defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. All <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-56">DIDs</a> <em class="rfc2119">MUST</em> conform to the
DID Syntax ABNF Rules.
</p>
<table class="simple">
<thead>
<tr>
<th>
The DID Syntax ABNF Rules
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<pre class="nohighlight">did = "did:" method-name ":" method-specific-id
method-name = 1*method-char
method-char = %x61-7A / DIGIT
method-specific-id = *( *idchar ":" ) 1*idchar
idchar = ALPHA / DIGIT / "." / "-" / "_" / pct-encoded
pct-encoded = "%" HEXDIG HEXDIG</pre>
</td>
</tr>
</tbody>
</table>
<p>
For requirements on <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-17">DID methods</a> relating to the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-57">DID</a> syntax, see
Section <a href="#method-syntax" class="sec-ref"><bdi class="secno">8.1 </bdi>Method Syntax</a>.
</p>
</section>
<section class="normative" id="did-url-syntax"><div class="header-wrapper"><h3 id="x3-2-did-url-syntax"><bdi class="secno">3.2 </bdi>DID URL Syntax</h3><a class="self-link" href="#did-url-syntax" aria-label="Permalink for Section 3.2"></a></div>
<p>
A <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-13">DID URL</a> is a network location identifier for a specific
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-5">resource</a>. It can be used to retrieve things like representations
of <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-16">DID subjects</a>, <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-7">verification methods</a>, <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-6">services</a>,
specific parts of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-43">DID document</a>, or other resources.
</p>
<p>
The following is the ABNF definition using the syntax in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc5234" title="Augmented BNF for Syntax Specifications: ABNF">RFC5234</a></cite>]. It builds
on the <code>did</code> scheme defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.3"><code>path-abempty</code></a>, <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.4"><code>query</code></a>, and <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.5"><code>fragment</code></a> components are
defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. All <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-14">DID URLs</a> <em class="rfc2119">MUST</em> conform to the
DID URL Syntax ABNF Rules. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-18">DID methods</a> can further restrict these
rules, as described in <a href="#method-syntax" class="sec-ref"><bdi class="secno">8.1 </bdi>Method Syntax</a>.
</p>
<table class="simple">
<thead>
<tr>
<th>
The DID URL Syntax ABNF Rules
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<pre class="nohighlight">did-url = did path-abempty [ "?" query ] [ "#" fragment ]</pre>
</td>
</tr>
</tbody>
</table>
<div class="note" role="note" id="issue-container-generatedID"><div role="heading" class="note-title marker" id="h-note" aria-level="4"><span>Note</span><span class="issue-label">: Semicolon character is reserved for future use</span></div><p class="">
Although the semicolon (<code>;</code>) character can be used according to the
rules of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-15">DID URL</a> syntax, future versions of this specification may
use it as a sub-delimiter for parameters as described in [<cite><a class="bibref" data-link-type="biblio" href="#bib-matrix-uris" title="Matrix URIs - Ideas about Web Architecture">MATRIX-URIS</a></cite>]. To
avoid future conflicts, developers ought to refrain from using it.
</p></div>
<section class="notoc"><div class="header-wrapper"><h4 id="path">Path</h4><a class="self-link" href="#path" aria-label="Permalink for this Section"></a></div>
<p>
A <a href="#dfn-did-paths" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-paths-2">DID path</a> is identical to a generic <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-6">URI</a> path and conforms to the
<code>path-abempty</code> ABNF rule in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.3">RFC&nbsp;3986, section 3.3</a>. As with
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-7">URIs</a>, path semantics can be specified by <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-19">DID Methods</a>, which in
turn might enable <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-7">DID controllers</a> to further specialize those semantics.
</p>
<div class="example" id="example-2">
<div class="marker">
<a class="self-link" href="#example-2">Example<bdi> 2</bdi></a>
</div> <pre class="nohighlight">did:example:123456/path</pre>
</div>
</section>
<section class="notoc"><div class="header-wrapper"><h4 id="query">Query</h4><a class="self-link" href="#query" aria-label="Permalink for this Section"></a></div>
<p>
A <a href="#dfn-did-queries" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-queries-2">DID query</a> is identical to a generic <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-8">URI</a> query and conforms to
the <code>query</code> ABNF rule in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.4">RFC&nbsp;3986, section 3.4</a>. This syntax
feature is elaborated upon in <a href="#did-parameters" class="sec-ref"><bdi class="secno">3.2.1 </bdi>DID Parameters</a>.
</p>
<div class="example" id="example-3">
<div class="marker">
<a class="self-link" href="#example-3">Example<bdi> 3</bdi></a>
</div> <pre class="nohighlight">did:example:123456?versionId=1</pre>
</div>
</section>
<section class="notoc"><div class="header-wrapper"><h4 id="fragment">Fragment</h4><a class="self-link" href="#fragment" aria-label="Permalink for this Section"></a></div>
<p>
<a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-2">DID fragment</a> syntax and semantics are identical to a generic <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-9">URI</a>
fragment and conforms to the <code>fragment</code> ABNF rule in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.5">RFC&nbsp;3986, section 3.5</a>.
</p>
<p>
A <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-3">DID fragment</a> is used as a method-independent reference into a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-44">DID
document</a> or external <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-6">resource</a>. Some examples of DID fragment
identifiers are shown below.
</p>
<div class="example" id="example-a-unique-verification-method-in-a-did-document">
<div class="marker">
<a class="self-link" href="#example-a-unique-verification-method-in-a-did-document">Example<bdi> 4</bdi></a><span class="example-title">: A unique verification method in a DID Document</span>
</div> <pre class="nohighlight">did:example:123#public-key-0</pre>
</div>
<div class="example" id="example-a-unique-service-in-a-did-document">
<div class="marker">
<a class="self-link" href="#example-a-unique-service-in-a-did-document">Example<bdi> 5</bdi></a><span class="example-title">: A unique service in a DID Document</span>
</div> <pre class="nohighlight">did:example:123#agent</pre>
</div>
<div class="example" id="example-a-resource-external-to-a-did-document">
<div class="marker">
<a class="self-link" href="#example-a-resource-external-to-a-did-document">Example<bdi> 6</bdi></a><span class="example-title">: A resource external to a DID Document</span>
</div> <pre class="nohighlight">did:example:123?service=agent&amp;relativeRef=/credentials#degree</pre>
</div>
<div class="note" role="note" id="issue-container-generatedID-0"><div role="heading" class="note-title marker" id="h-note-0" aria-level="5"><span>Note</span><span class="issue-label">: Fragment semantics across representations</span></div><p class="">
In order to maximize interoperability, implementers are urged to ensure that
<a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-4">DID fragments</a> are interpreted in the same way across
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-4">representations</a> (see <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>). For example, while
JSON Pointer [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6901" title="JavaScript Object Notation (JSON) Pointer">RFC6901</a></cite>] can be used in a <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-5">DID fragment</a>, it will not be
interpreted in the same way across non-JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-5">representations</a>.
</p></div>
<p>
Additional semantics for fragment identifiers, which are compatible with and
layered upon the semantics in this section, are described for JSON-LD
representations in <a href="#application-did-ld-json" class="sec-ref"><bdi class="secno">E.2 </bdi>application/did+ld+json</a>. For information
about how to dereference a <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-6">DID fragment</a>, see <a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>.
</p>
</section>
<section id="did-parameters"><div class="header-wrapper"><h4 id="x3-2-1-did-parameters"><bdi class="secno">3.2.1 </bdi>DID Parameters</h4><a class="self-link" href="#did-parameters" aria-label="Permalink for Section 3.2.1"></a></div>
<p>
The <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-16">DID URL</a> syntax supports a simple format for parameters based on the
<code>query</code> component described in <a href="#query" class="sec-ref">Query</a>. Adding a DID
parameter to a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-17">DID URL</a> means that the parameter becomes part of the
identifier for a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-7">resource</a>.
</p>
<div class="example" id="example-a-did-url-with-a-versiontime-did-parameter">
<div class="marker">
<a class="self-link" href="#example-a-did-url-with-a-versiontime-did-parameter">Example<bdi> 7</bdi></a><span class="example-title">: A DID URL with a 'versionTime' DID parameter</span>
</div> <pre class="nohighlight">did:example:123?versionTime=2021-05-10T17:00:00Z</pre>
</div>
<div class="example" id="example-a-did-url-with-a-service-and-a-relativeref-did-parameter">
<div class="marker">
<a class="self-link" href="#example-a-did-url-with-a-service-and-a-relativeref-did-parameter">Example<bdi> 8</bdi></a><span class="example-title">: A DID URL with a 'service' and a 'relativeRef' DID parameter</span>
</div> <pre class="nohighlight">did:example:123?service=files&amp;relativeRef=/resume.pdf</pre>
</div>
<p>
Some DID parameters are completely independent of of any specific <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-20">DID
method</a> and function the same way for all <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-58">DIDs</a>. Other DID parameters
are not supported by all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-21">DID methods</a>. Where optional parameters are
supported, they are expected to operate uniformly across the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-22">DID methods</a>
that do support them. The following table provides common DID parameters that
function the same way across all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-23">DID methods</a>. Support for all
<a href="#did-parameters">DID Parameters</a> is <em class="rfc2119">OPTIONAL</em>.
</p>
<div class="note" role="note" id="issue-container-generatedID-1"><div role="heading" class="note-title marker" id="h-note-1" aria-level="5"><span>Note</span></div><p class="">
It is generally expected that DID URL dereferencer implementations will
reference [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>] for additional implementation details. The scope
of this specification only defines the contract of the most common
query parameters.
</p></div>
<table class="simple">
<thead>
<tr>
<th>
Parameter&nbsp;Name
</th>
<th>
Description
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-7">service</a></code>
</td>
<td>
Identifies a service from the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-45">DID document</a> by service ID.
If present, the associated value <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>.
</td>
</tr>
<tr>
<td>
<code>relativeRef</code>
</td>
<td>
A relative <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-10">URI</a> reference according to <a href="https://www.rfc-editor.org/rfc/rfc3986#section-4.2">RFC3986 Section 4.2</a> that identifies a
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-8">resource</a> at a <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-2">service endpoint</a>, which is selected from a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-46">DID
document</a> by using the <code>service</code> parameter.
If present, the associated value <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a> and <em class="rfc2119">MUST</em> use percent-encoding for
certain characters as specified in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-2.1">RFC3986
Section 2.1</a>.
</td>
</tr>
<tr>
<td>
<code>versionId</code>
</td>
<td>
Identifies a specific version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-47">DID document</a> to be resolved (the
version ID could be sequential, or a <a href="#dfn-uuid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uuid-1">UUID</a>, or method-specific).
If present, the associated value <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>.
</td>
</tr>
<tr>
<td>
<code>versionTime</code>
</td>
<td>
Identifies a certain version timestamp of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-48">DID document</a> to be resolved.
That is, the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-49">DID document</a> that was valid for a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-59">DID</a> at a certain
time. If present, the associated value
<em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a> which is a valid XML
datetime value, as defined in section 3.3.7 of <a href="https://www.w3.org/TR/xmlschema11-2/"><abbr title="World Wide Web Consortium">W3C</abbr> XML Schema Definition Language
(XSD) 1.1 Part 2: Datatypes</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-xmlschema11-2" title="W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes">XMLSCHEMA11-2</a></cite>]. This datetime value <em class="rfc2119">MUST</em> be
normalized to UTC 00:00:00 and without sub-second decimal precision.
For example: <code>2020-12-20T19:17:47Z</code>.
</td>
</tr>
<tr>
<td>
<code>hl</code>
</td>
<td>
A resource hash of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-50">DID document</a> to add integrity protection, as
specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-hashlink" title="Cryptographic Hyperlinks">HASHLINK</a></cite>]. This parameter is non-normative.
If present, the associated value <em class="rfc2119">MUST</em> be an
<a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>.
</td>
</tr>
</tbody>
</table>
<p>
Implementers as well as <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-24">DID method</a> specification authors might use
additional DID parameters that are not listed here. For maximum
interoperability, it is <em class="rfc2119">RECOMMENDED</em> that DID parameters use the DID
Specification Registries mechanism [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>], to avoid collision
with other uses of the same DID parameter with different semantics.
</p>
<p>
DID parameters might be used if there is a clear use case where the parameter
needs to be part of a <a data-type="dfn" href="https://url.spec.whatwg.org/#concept-url">URL</a> that references a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-9">resource</a> with more
precision than using the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-60">DID</a> alone. It is expected that DID parameters
are <em>not</em> used if the same functionality can be expressed by passing
input metadata to a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-4">DID resolver</a>. Additional considerations for
processing these parameters are discussed in [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>].
</p>
<div class="note" role="note" id="issue-container-generatedID-2"><div role="heading" class="note-title marker" id="h-note-2" aria-level="5"><span>Note</span><span class="issue-label">: DID parameters and DID resolution</span></div><p class="">
The <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-5">DID resolution</a> and the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-4">DID URL dereferencing</a> functions can
be influenced by passing input metadata to a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-5">DID resolver</a> that are
not part of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-18">DID URL</a> (see <a href="#did-resolution-options" class="sec-ref"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</a>). This is comparable to
HTTP, where certain parameters could either be included in an HTTP URL, or
alternatively passed as HTTP headers during the dereferencing process. The
important distinction is that DID parameters that are part of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-19">DID
URL</a> should be used to specify <em>what <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-10">resource</a> is being
identified</em>, whereas input metadata that is not part of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-20">DID URL</a>
should be use to control <em>how that <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-11">resource</a> is resolved or
dereferenced</em>.
</p></div>
</section>
<section id="relative-did-urls"><div class="header-wrapper"><h4 id="x3-2-2-relative-did-urls"><bdi class="secno">3.2.2 </bdi>Relative DID URLs</h4><a class="self-link" href="#relative-did-urls" aria-label="Permalink for Section 3.2.2"></a></div>
<p>
A relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-21">DID URL</a> is any URL value in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-51">DID document</a> that does
not start with <code>did:&lt;method-name&gt;:&lt;method-specific-id&gt;</code>. More
specifically, it is any URL value that does not start with the ABNF defined in
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The URL is expected to reference
a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-12">resource</a> in the same <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-52">DID document</a>. Relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-22">DID URLs</a> <em class="rfc2119">MAY</em>
contain relative path components, query parameters, and fragment identifiers.
</p>
<p>
When resolving a relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-23">DID URL</a> reference, the algorithm specified in
<a href="https://www.rfc-editor.org/rfc/rfc3986#section-5">RFC3986 Section 5: Reference Resolution</a>
<em class="rfc2119">MUST</em> be used. The <strong>base URI</strong> value is the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-61">DID</a> that is
associated with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-17">DID subject</a>, see <a href="#did-subject" class="sec-ref"><bdi class="secno">5.1.1 </bdi>DID Subject</a>. The
<strong>scheme</strong> is <code>did</code>. The <strong>authority</strong> is a
combination of <code>&lt;method-name&gt;:&lt;method-specific-id&gt;</code>, and the
<strong>path</strong>, <strong>query</strong>, and <strong>fragment</strong>
values are those defined in <a href="#path" class="sec-ref">Path</a>, <a href="#query" class="sec-ref">Query</a>, and <a href="#fragment" class="sec-ref">Fragment</a>, respectively.
</p>
<p>
Relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-24">DID URLs</a> are often used to reference <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-8">verification methods</a>
and <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-8">services</a> in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-53">DID Document</a> without having to use absolute
URLs. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-25">DID methods</a> where storage size is a consideration might use
relative URLs to reduce the storage size of <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-54">DID documents</a>.
</p>
<div class="example" id="example-an-example-of-a-relative-did-url">
<div class="marker">
<a class="self-link" href="#example-an-example-of-a-relative-did-url">Example<bdi> 9</bdi></a><span class="example-title">: An example of a relative DID URL</span>
</div> <pre class="nohighlight">{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
]
"id": "did:example:123456789abcdefghi",
"verificationMethod": [{
"id": "did:example:123456789abcdefghi#key-1",
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span>
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}, ...],
"authentication": [
<span class="comment"> // a relative DID URL used to reference a verification method above</span>
"<span class="highlight">#key-1</span>"
]
}</pre>
</div>
<p>
In the example above, the relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-25">DID URL</a> value will be transformed to
an absolute <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-26">DID URL</a> value of
<code>did:example:123456789abcdefghi#key-1</code>.
</p>
</section>
</section>
</section>
<section id="data-model"><div class="header-wrapper"><h2 id="x4-data-model"><bdi class="secno">4. </bdi>Data Model</h2><a class="self-link" href="#data-model" aria-label="Permalink for Section 4."></a></div>
<p>
This specification defines a data model that can be used to express <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-55">DID
documents</a> and DID document data structures, which can then be serialized
into multiple concrete <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-6">representations</a>. This section provides a
high-level description of the data model, descriptions of the ways different
types of properties are expressed in the data model, and instructions for
extending the data model.
</p>
<p>
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-56">DID document</a> consists of a <a href="https://infra.spec.whatwg.org/#maps">map</a> of <a href="https://infra.spec.whatwg.org/#map-entry">entries</a>, where each entry consists of a
key/value pair. The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-57">DID document</a> data model contains at least two
different classes of entries. The first class of entries is called properties,
and is specified in section <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>. The second class
is made up of <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-1">representation-specific entries</a>, and is specified in
section <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>.
</p>
<figure id="did-document-entries">
<img style="margin: auto; display: block;" src="diagrams/diagram-did-document-entries.svg" alt="
Diagram illustrating the entries in the DID document, including properties
and representation-specific entries; some entries are defined by this
specification; others are defined by registered or unregistered extensions." height="502" width="1320">
<figcaption>Figure <bdi class="figno">3</bdi> <span class="fig-title">
The entries in a DID document.
See also: <a class="longdesc-link" href="#did-document-entries-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="did-document-entries-longdesc">
The diagram is titled, "Entries in the DID Document map". A dotted grey line
runs horizontally through the center of the diagram. The space above the line
is labeled "Properties", and the space below it, "Representation-specific
entries". Six labeled rectangles appear in the diagram, three lying above the
dotted grey line and three below it. A large green rectangle, labeled "DID
Specification Registries", encloses the four leftmost rectangles (upper left,
upper center, lower left, and lower center). The two leftmost rectangles
(upper left and lower left) are outlined in blue and labeled in blue, as
follows. The upper left rectangle is labeled "Core Properties", and contains
text "id, alsoKnownAs, controller, authentication, verificationMethod, service,
serviceEndpoint, ...". The lower left rectangle is labeled "Core
Representation-specific Entries", and contains text "@context". The four
rightmost rectangles (upper center, upper right, lower center, and lower right)
are outlined in grey and labeled in black, as follows. The upper center
rectangle is labeled, "Property Extensions", and contains text
"ethereumAddress". The lower center rectangle is labeled,
"Representation-specific Entry Extensions", and contains no other text. The
upper right rectangle is labeled, "Unregistered Property Extensions", and
contains text "foo". The lower right rectangle is labeled "Unregistered
Representation-specific Entry Extensions", and contains text "%YAML, xmlns".
</div>
<p>
All entry keys in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-58">DID document</a> data model are <a href="https://infra.spec.whatwg.org/#strings">strings</a>. All entry values are expressed using one
of the abstract data types in the table below, and each <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-7">representation</a>
specifies the concrete serialization format of each data type.
</p>
<table class="simple" id="data-types">
<thead>
<tr>
<th>
Data&nbsp;Type
</th>
<th>
Considerations
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#maps">map</a>
</td>
<td>
A finite ordered sequence of key/value pairs, with no key appearing twice as
specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. A map is sometimes referred to as an
<a href="https://infra.spec.whatwg.org/#maps">ordered map</a> in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>].
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#list">list</a>
</td>
<td>
A finite ordered sequence of items as specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>].
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a>
</td>
<td>
A finite ordered sequence of items that does not contain the same item twice
as specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. A set is sometimes referred to as an
<a href="https://infra.spec.whatwg.org/#ordered-set">ordered set</a> in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>].
</td>
</tr>
<tr>
<td>
<dfn data-plurals="datetimes" id="dfn-datetime" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">datetime</dfn>
</td>
<td>
A date and time value that is capable of losslessly expressing all values
expressible by a <code>dateTime</code> as specified in
[<a href="https://www.w3.org/TR/xmlschema11-2/#dateTime">XMLSCHEMA11-2</a>].
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#string">string</a>
</td>
<td>
A sequence of code units often used to represent human readable language
as specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>].
</td>
</tr>
<tr>
<td>
<dfn id="dfn-integer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">integer</dfn>
</td>
<td>
A real number without a fractional component as specified in
[<a href="https://www.w3.org/TR/xmlschema11-2/#decimal">XMLSCHEMA11-2</a>]. To maximize
interoperability, implementers are urged to heed the advice regarding
integers in <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">RFC8259, Section 6: Numbers</a>.
</td>
</tr>
<tr>
<td>
<dfn id="dfn-double" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">double</dfn>
</td>
<td>
A value that is often used to approximate arbitrary real numbers as specified
in [<a href="https://www.w3.org/TR/xmlschema11-2/#double">XMLSCHEMA11-2</a>]. To maximize
interoperability, implementers are urged to heed the advice regarding
doubles in <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">RFC8259, Section 6: Numbers</a>.
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#boolean">boolean</a>
</td>
<td>
A value that is either true or false as defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>].
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#nulls">null</a>
</td>
<td>
A value that is used to indicate the lack of a value as defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>].
</td>
</tr>
</tbody>
</table>
<p class="advisement" title="Ordering of values">
As a result of the <a href="#data-model">data model</a> being defined using
terminology from [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>], property values which can contain more than one
item, such as <a href="https://infra.spec.whatwg.org/#list">lists</a>, <a href="https://infra.spec.whatwg.org/#ordered-map">maps</a> and <a href="https://infra.spec.whatwg.org/#ordered-set">sets</a>, are explicitly ordered. All list-like
value structures in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] are ordered, whether or not that order is
significant. For the purposes of this specification, unless otherwise stated, <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> and <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> ordering is not important and
implementations are not expected to produce or consume deterministically ordered
values.
</p>
<section id="extensibility"><div class="header-wrapper"><h3 id="x4-1-extensibility"><bdi class="secno">4.1 </bdi>Extensibility</h3><a class="self-link" href="#extensibility" aria-label="Permalink for Section 4.1"></a></div>
<p>
The data model supports two types of extensibility.
</p>
<ol>
<li>
For maximum interoperability, it is <em class="rfc2119">RECOMMENDED</em> that extensions use the
<abbr title="World Wide Web Consortium">W3C</abbr> DID Specification Registries mechanism [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. The use of
this mechanism for new properties or other extensions is the only specified
mechanism that ensures that two different <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-8">representations</a> will be able to
work together.
</li>
<li>
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-9">Representations</a> <em class="rfc2119">MAY</em> define other extensibility mechanisms, including ones
that do not require the use of the DID Specification Registries. Such extension
mechanisms <em class="rfc2119">SHOULD</em> support lossless conversion into any other conformant
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-10">representation</a>. Extension mechanisms for a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-11">representation</a> <em class="rfc2119">SHOULD</em>
define a mapping of all properties and <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-12">representation</a> syntax into the <a href="#data-model">data model</a> and its type system.
</li>
</ol>
<div class="note" role="note" id="issue-container-generatedID-3"><div role="heading" class="note-title marker" id="h-note-3" aria-level="4"><span>Note</span><span class="issue-label">: Unregistered extensions are less reliable</span></div><p class="">
It is always possible for two specific implementations to agree out-of-band to
use a mutually understood extension or <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-13">representation</a> that is not
recorded in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>];
interoperability between such implementations and the larger ecosystem will be
less reliable.
</p></div>
</section>
</section>
<section id="core-properties"><div class="header-wrapper"><h2 id="x5-core-properties"><bdi class="secno">5. </bdi>Core Properties</h2><a class="self-link" href="#core-properties" aria-label="Permalink for Section 5."></a></div>
<p>
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-62">DID</a> is associated with a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-59">DID document</a>.
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-60">DID documents</a> are expressed using the
<a href="#data-model">data model</a> and can be serialized into a
<a href="#representations">representation</a>.
The following sections define the properties in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-61">DID document</a>,
including whether these properties are required or optional. These properties
describe relationships between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-18">DID subject</a> and the value of the
property.
</p>
<p>
The following tables contain informative references for the core properties
defined by this specification, with expected values, and whether or not they are
required. The property names in the tables are linked to the normative
definitions and more detailed descriptions of each property.
</p>
<div class="note" role="note" id="issue-container-generatedID-4"><div role="heading" class="note-title marker" id="h-note-4" aria-level="3"><span>Note</span><span class="issue-label">: Property names used in maps of different types</span></div><p class="">
The property names <code>id</code>, <code>type</code>, and
<code>controller</code> can be present in maps of different types
with possible differences in constraints.
</p></div>
<section class="notoc"><div class="header-wrapper"><h3 id="did-document-properties">DID Document properties</h3><a class="self-link" href="#did-document-properties" aria-label="Permalink for this Section"></a></div>
<table class="simple">
<thead>
<tr>
<th>Property</th>
<th>Required?</th>
<th>Value constraints</th>
</tr>
</thead>
<tbody>
<tr>
<td><code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-1">id</a></code></td>
<td>yes</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-1">alsoKnownAs</a></code></td>
<td>no</td>
<td>
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules of
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-11">URIs</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-2">controller</a></code></td>
<td>no</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> or a
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules in
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-verificationmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verificationmethod-1">verificationMethod</a></code></td>
<td>no</td>
<td>
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-9">Verification Method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">maps</a>
that conform to the rules in <a href="#verification-method-properties" class="sec-ref">Verification Method properties</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-1">authentication</a></code></td>
<td>no</td>
<td rowspan="5">
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of either <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-10">Verification
Method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">maps</a> that conform to
the rules in <a href="#verification-method-properties" class="sec-ref">Verification Method properties</a>) or
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules in
<a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-assertionmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-assertionmethod-1">assertionMethod</a></code></td>
<td>no</td>
</tr>
<tr>
<td><code><a href="#dfn-keyagreement" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-keyagreement-1">keyAgreement</a></code></td>
<td>no</td>
</tr>
<tr>
<td><code><a href="#dfn-capabilityinvocation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilityinvocation-1">capabilityInvocation</a></code></td>
<td>no</td>
</tr>
<tr>
<td><code><a href="#dfn-capabilitydelegation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilitydelegation-1">capabilityDelegation</a></code></td>
<td>no</td>
</tr>
<tr>
<td><code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-9">service</a></code></td>
<td>no</td>
<td>
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-3">Service Endpoint</a>
<a href="https://infra.spec.whatwg.org/#ordered-map">maps</a> that conform to the rules in
<a href="#service-properties" class="sec-ref">Service properties</a>.
</td>
</tr>
</tbody>
</table>
</section>
<section class="notoc"><div class="header-wrapper"><h3 id="verification-method-properties">Verification Method properties</h3><a class="self-link" href="#verification-method-properties" aria-label="Permalink for this Section"></a></div>
<table class="simple">
<thead>
<tr>
<th>Property</th>
<th>Required?</th>
<th>Value constraints</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>id</code></td>
<td>yes</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in
<a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-3">controller</a></code></td>
<td>yes</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.
</td>
</tr>
<tr>
<td><code>type</code></td>
<td>yes</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-publickeyjwk" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeyjwk-1">publicKeyJwk</a></code></td>
<td>no</td>
<td>
A <a href="https://infra.spec.whatwg.org/#maps">map</a> representing a JSON Web Key that conforms
to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7517" title="JSON Web Key (JWK)">RFC7517</a></cite>]. See <a href="#dfn-publickeyjwk" id="ref-for-dfn-publickeyjwk-2">definition of publicKeyJwk</a>
for additional constraints.
</td>
</tr>
<tr>
<td><code><a href="#dfn-publickeymultibase" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeymultibase-1">publicKeyMultibase</a></code></td>
<td>no</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to a
[<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] encoded public key.
</td>
</tr>
</tbody>
</table>
</section>
<section class="notoc"><div class="header-wrapper"><h3 id="service-properties">Service properties</h3><a class="self-link" href="#service-properties" aria-label="Permalink for this Section"></a></div>
<table class="simple">
<thead>
<tr>
<th>Property</th>
<th>Required?</th>
<th>Value constraints</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>id</code></td>
<td>yes</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules of
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-12">URIs</a>.
</td>
</tr>
<tr>
<td><code>type</code></td>
<td>yes</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> or a
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of
<a href="https://infra.spec.whatwg.org/#string">strings</a>.
</td>
</tr>
<tr>
<td><code><a href="#dfn-serviceendpoint" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-serviceendpoint-1">serviceEndpoint</a></code></td>
<td>yes</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules of
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-13">URIs</a>, a <a href="https://infra.spec.whatwg.org/#string">map</a>, or a
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> composed of a one or more
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules of
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-14">URIs</a> and/or <a href="https://infra.spec.whatwg.org/#string">maps</a>.
</td>
</tr>
</tbody>
</table>
</section>
<section id="identifiers"><div class="header-wrapper"><h3 id="x5-1-identifiers"><bdi class="secno">5.1 </bdi>Identifiers</h3><a class="self-link" href="#identifiers" aria-label="Permalink for Section 5.1"></a></div>
<p>
This section describes the mechanisms by which <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-62">DID documents</a>
include identifiers for <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-19">DID subjects</a> and <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-8">DID controllers</a>.
</p>
<section id="did-subject"><div class="header-wrapper"><h4 id="x5-1-1-did-subject"><bdi class="secno">5.1.1 </bdi>DID Subject</h4><a class="self-link" href="#did-subject" aria-label="Permalink for Section 5.1.1"></a></div>
<p>
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-63">DID</a> for a particular <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-20">DID subject</a> is expressed using the
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-2">id</a></code> property in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-63">DID document</a>.
</p>
<dl>
<dt><dfn id="dfn-id" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">id</dfn></dt>
<dd>
The value of <code>id</code> <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a> and <em class="rfc2119">MUST</em> exist in the root <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> of the <a href="#data-model">data
model</a> for the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-64">DID document</a>.
</dd>
</dl>
<div class="example" id="example-10">
<div class="marker">
<a class="self-link" href="#example-10">Example<bdi> 10</bdi></a>
</div> <pre class="nohighlight">{
"id": "did:example:123456789abcdefghijk"
}</pre>
</div>
<p>
The <code>id</code> property only denotes the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-64">DID</a> of the
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-21">DID subject</a> when it is present in the <em>topmost</em>
<a href="https://infra.spec.whatwg.org/#ordered-map">map</a> of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-65">DID document</a>.
</p>
<div class="note" role="note" id="issue-container-generatedID-5"><div role="heading" class="note-title marker" id="h-note-5" aria-level="5"><span>Note</span><span class="issue-label">: Intermediate representations</span></div><p class="">
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-26">DID method</a> specifications can create intermediate representations of a
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-66">DID document</a> that do not contain the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-3">id</a></code> property,
such as when a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-6">DID resolver</a> is performing <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-6">DID resolution</a>.
However, the fully resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-67">DID document</a> always contains a valid
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-4">id</a></code> property.
</p></div>
</section>
<section id="did-controller"><div class="header-wrapper"><h4 id="x5-1-2-did-controller"><bdi class="secno">5.1.2 </bdi>DID Controller</h4><a class="self-link" href="#did-controller" aria-label="Permalink for Section 5.1.2"></a></div>
<p>
A <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-9">DID controller</a> is an entity that is authorized to make changes to a
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-68">DID document</a>. The process of authorizing a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-10">DID controller</a> is
defined by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-27">DID method</a>.
</p>
<dl>
<dt><dfn data-plurals="controllers" id="dfn-controller" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">controller</dfn></dt>
<dd>
The <code>controller</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value <em class="rfc2119">MUST</em>
be a <a href="https://infra.spec.whatwg.org/#string">string</a> or a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-69">DID document</a>(s) <em class="rfc2119">SHOULD</em>
contain <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-1">verification relationships</a> that explicitly permit the use of
certain <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-11">verification methods</a> for specific purposes.
</dd>
</dl>
<p>
When a <code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-4">controller</a></code> property is present in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-70">DID
document</a>, its value expresses one or more <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-65">DIDs</a>. Any <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-12">verification
methods</a> contained in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-71">DID documents</a> for those <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-66">DIDs</a> <em class="rfc2119">SHOULD</em>
be accepted as authoritative, such that proofs that satisfy those
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-13">verification methods</a> are to be considered equivalent to proofs provided
by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-22">DID subject</a>.
</p>
<div class="example" id="example-did-document-with-a-controller-property">
<div class="marker">
<a class="self-link" href="#example-did-document-with-a-controller-property">Example<bdi> 11</bdi></a><span class="example-title">: DID document with a controller property</span>
</div> <pre class="nohighlight">{
"@context": "https://www.w3.org/ns/did/v1",
"id": "did:example:123456789abcdefghi",
"controller": "did:example:bcehfew7h32f32h7af3",
}</pre>
</div>
<div class="note" role="note" id="issue-container-generatedID-6"><div role="heading" class="note-title marker" id="h-note-6" aria-level="5"><span>Note</span><span class="issue-label">: Authorization vs authentication</span></div><p class="">
Note that authorization provided by the value of <code>controller</code> is
separate from authentication as described in <a href="#authentication" class="sec-ref"><bdi class="secno">5.3.1 </bdi>Authentication</a>.
This is particularly important for key recovery in the case of cryptographic key
loss, where the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-23">DID subject</a> no longer has access to their keys, or key
compromise, where the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-11">DID controller</a>'s trusted third parties need to
override malicious activity by an attacker. See <a href="#security-considerations" class="sec-ref"><bdi class="secno">9. </bdi>Security Considerations</a> for information related to threat models
and attack vectors.
</p></div>
</section>
<section id="also-known-as"><div class="header-wrapper"><h4 id="x5-1-3-also-known-as"><bdi class="secno">5.1.3 </bdi>Also Known As</h4><a class="self-link" href="#also-known-as" aria-label="Permalink for Section 5.1.3"></a></div>
<p>
A <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-24">DID subject</a> can have multiple identifiers for different purposes, or
at different times. The assertion that two or more <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-67">DIDs</a> (or other types
of <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-15">URI</a>) refer to the same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-25">DID subject</a> can be made using the
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-2">alsoKnownAs</a></code> property.
</p>
<dl>
<dt><dfn id="dfn-alsoknownas" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">alsoKnownAs</dfn></dt>
<dd>
The <code>alsoKnownAs</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value <em class="rfc2119">MUST</em>
be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> where each item in the
set is a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-16">URI</a> conforming to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>].
</dd>
<dd>
This relationship is a statement that the subject of this identifier is
also identified by one or more other identifiers.
</dd>
</dl>
<div class="note" role="note" id="issue-container-generatedID-7"><div role="heading" class="note-title marker" id="h-note-7" aria-level="5"><span>Note</span><span class="issue-label">: Equivalence and alsoKnownAs</span></div><div class="">
<p>
Applications might choose to consider two identifiers related by
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-3">alsoKnownAs</a></code> to be equivalent <em>if</em> the
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-4">alsoKnownAs</a></code> relationship is reciprocated in the reverse
direction. It is best practice <em>not</em> to consider them equivalent in the
absence of this inverse relationship. In other words, the presence of an
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-5">alsoKnownAs</a></code> assertion does not prove that this assertion
is true. Therefore, it is strongly advised that a requesting party obtain
independent verification of an <code>alsoKnownAs</code> assertion.
</p>
<p>
Given that the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-26">DID subject</a> might use different identifiers for different
purposes, an expectation of strong equivalence between the two identifiers, or
merging the information of the two corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-72">DID documents</a>, is not
necessarily appropriate, <em>even with</em> a reciprocal relationship.
</p>
</div></div>
</section>
</section>
<section id="verification-methods"><div class="header-wrapper"><h3 id="x5-2-verification-methods"><bdi class="secno">5.2 </bdi>Verification Methods</h3><a class="self-link" href="#verification-methods" aria-label="Permalink for Section 5.2"></a></div>
<p>
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-73">DID document</a> can express <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-14">verification methods</a>, such as
cryptographic public keys, which can be used to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-5">authenticate</a> or authorize
interactions with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-27">DID subject</a> or associated parties. For example, a
cryptographic public key can be used as a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-15">verification method</a> with
respect to a digital signature; in such usage, it verifies that the signer
could use the associated cryptographic private key. <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-16">Verification methods</a>
might take many parameters. An example of this is a set of five cryptographic
keys from which any three are required to contribute to a cryptographic
threshold signature.
</p>
<dl>
<dt><dfn id="dfn-verificationmethod" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verificationMethod</dfn></dt>
<dd>
<p>
The <code>verificationMethod</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value
<em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-17">verification
methods</a>, where each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-18">verification method</a> is expressed using a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a>. The <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-19">verification method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> <em class="rfc2119">MUST</em> include the <code>id</code>,
<code>type</code>, <code>controller</code>, and specific verification material
properties that are determined by the value of <code>type</code> and are defined
in <a href="#verification-material" class="sec-ref"><bdi class="secno">5.2.1 </bdi>Verification Material</a>. A <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-20">verification method</a> <em class="rfc2119">MAY</em>
include additional properties. <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-21">Verification methods</a> <em class="rfc2119">SHOULD</em> be registered
in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</p>
<dl>
<dt>id</dt>
<dd>
<p>
The value of the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-5">id</a></code> property for a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-22">verification
method</a> <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the
rules in Section <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>.
</p>
</dd>
<dt>type</dt>
<dd>
The value of the <code>type</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that references exactly one <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-23">verification
method</a> type. In order to maximize global interoperability, the
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-24">verification method</a> type <em class="rfc2119">SHOULD</em> be registered in the DID Specification
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</dd>
<dt>controller</dt>
<dd>
The value of the <code>controller</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.
</dd>
</dl>
</dd>
</dl>
<div class="example" id="example-example-verification-method-structure">
<div class="marker">
<a class="self-link" href="#example-example-verification-method-structure">Example<bdi> 12</bdi></a><span class="example-title">: Example verification method structure</span>
</div> <pre aria-busy="false"><code class="hljs javascript">{
<span class="hljs-string">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/suites/jws-2020/v1"</span>
<span class="hljs-string">"https://w3id.org/security/suites/ed25519-2020/v1"</span>
]
<span class="hljs-string">"id"</span>: <span class="hljs-string">"did:example:123456789abcdefghi"</span>,
...
<span class="hljs-string">"verificationMethod"</span>: [{
<span class="hljs-string">"id"</span>: ...,
<span class="hljs-string">"type"</span>: ...,
<span class="hljs-string">"controller"</span>: ...,
<span class="hljs-string">"publicKeyJwk"</span>: ...
}, {
<span class="hljs-string">"id"</span>: ...,
<span class="hljs-string">"type"</span>: ...,
<span class="hljs-string">"controller"</span>: ...,
<span class="hljs-string">"publicKeyMultibase"</span>: ...
}]
}</code></pre>
</div>
<div class="note" role="note" id="issue-container-generatedID-8"><div role="heading" class="note-title marker" id="h-note-8" aria-level="4"><span>Note</span><span class="issue-label">: Verification method controller(s) and DID controller(s)</span></div><p class="">
The semantics of the <code>controller</code> property are the same when the
subject of the relationship is the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-74">DID document</a> as when the subject of
the relationship is a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-25">verification method</a>, such as a cryptographic public
key. Since a key can't control itself, and the key controller cannot be inferred
from the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-75">DID document</a>, it is necessary to explicitly express the identity
of the controller of the key. The difference is that the value of
<code>controller</code> for a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-26">verification method</a> is <em>not</em>
necessarily a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-12">DID controller</a>. <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-13">DID controllers</a> are expressed
using the <code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-5">controller</a></code> property at the highest level of the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-76">DID document</a> (the topmost <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> in the
<a href="#data-model">data model</a>); see <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>.
</p></div>
<section id="verification-material"><div class="header-wrapper"><h4 id="x5-2-1-verification-material"><bdi class="secno">5.2.1 </bdi>Verification Material</h4><a class="self-link" href="#verification-material" aria-label="Permalink for Section 5.2.1"></a></div>
<p>
Verification material is any information that is used by a process that applies
a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-27">verification method</a>. The <code>type</code> of a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-28">verification
method</a> is expected to be used to determine its compatibility with such
processes. Examples of verification material properties are
<code><a href="#dfn-publickeyjwk" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeyjwk-3">publicKeyJwk</a></code> or <code><a href="#dfn-publickeymultibase" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeymultibase-2">publicKeyMultibase</a></code>. A
<a href="#dfn-cryptosuite" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-cryptosuite-1">cryptographic suite</a> specification is responsible for specifying the
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-29">verification method</a> <code>type</code> and its associated verification
material. For example, see
<a href="https://w3c-ccg.github.io/lds-jws2020/">JSON
Web Signature 2020</a> and <a href="https://w3c-ccg.github.io/lds-ed25519-2020/">Ed25519 Signature 2020</a>.
For all registered <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-30">verification method</a> types and associated verification
material available for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-68">DIDs</a>, please see the DID Specification Registries
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</p>
<p>
To increase the likelihood of interoperable implementations, this specification
limits the number of formats for expressing verification material in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-77">DID
document</a>. The fewer formats that implementers have to
implement, the more likely it will be that they will support all of them. This
approach attempts to strike a delicate balance between ease of implementation
and supporting formats that have historically had broad deployment.
Two supported verification material properties are listed below:
</p>
<dl>
<dt><dfn id="dfn-publickeyjwk" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">publicKeyJwk</dfn></dt>
<dd>
<p>
The <code>publicKeyJwk</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value <em class="rfc2119">MUST</em>
be a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> representing a JSON Web Key that
conforms to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7517" title="JSON Web Key (JWK)">RFC7517</a></cite>]. The <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> <em class="rfc2119">MUST NOT</em>
contain "d", or any other members of the private information class as described
in <a href="https://tools.ietf.org/html/rfc7517#section-8.1.1">Registration
Template</a>. It is <em class="rfc2119">RECOMMENDED</em> that verification methods that use JWKs
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7517" title="JSON Web Key (JWK)">RFC7517</a></cite>] to represent their public keys use the value of <code>kid</code> as
their <a href="#fragment">fragment identifier</a>. It is <em class="rfc2119">RECOMMENDED</em> that JWK
<code>kid</code> values are set to the public key fingerprint [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7638" title="JSON Web Key (JWK) Thumbprint">RFC7638</a></cite>]. See
the first key in <a href="#example-various-verification-method-types" class="box-ref">Example<bdi> 13</bdi></a> for
an example of a public key with a compound key identifier.
</p>
</dd>
<dt><dfn id="dfn-publickeymultibase" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">publicKeyMultibase</dfn></dt>
<dd>
<p>
The <code>publicKeyMultibase</code> property is <em class="rfc2119">OPTIONAL</em>. This feature is
non-normative. If present, the value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> representation of a [<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] encoded
public key.
</p>
<p class="advisement">
Note that the [<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] specification is not yet a standard and is
subject to change. There might be some use cases for this data format
where <code><b>public</b>KeyMultibase</code> is defined, to allow for
expression of public keys, but <code><b>private</b>KeyMultibase</code>
is not defined, to protect against accidental leakage of secret keys.
</p>
</dd>
</dl>
<p>
A <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-31">verification method</a> <em class="rfc2119">MUST NOT</em> contain multiple verification material
properties for the same material. For example, expressing key material in a
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-32">verification method</a> using both <code>publicKeyJwk</code> and
<code>publicKeyMultibase</code> at the same time is prohibited.
</p>
<p>
An example of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-78">DID document</a> containing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-33">verification methods</a> using
both properties above is shown below.
</p>
<div class="example" id="example-various-verification-method-types">
<div class="marker">
<a class="self-link" href="#example-various-verification-method-types">Example<bdi> 13</bdi></a><span class="example-title">: Verification methods using publicKeyJwk and publicKeyMultibase</span>
</div> <pre class="nohighlight">{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/jws-2020/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
]
"id": "did:example:123456789abcdefghi",
<span class="comment">...</span>
"verificationMethod": [{
"id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
"type": "JsonWebKey2020", <span class="comment">// external (property value)</span>
"controller": "did:example:123",
"publicKeyJwk": {
"crv": "Ed25519", <span class="comment">// external (property name)</span>
"x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ", <span class="comment">// external (property name)</span>
"kty": "OKP", <span class="comment">// external (property name)</span>
"kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A" <span class="comment">// external (property name)</span>
}
}, {
"id": "did:example:123456789abcdefghi#keys-1",
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span>
"controller": "did:example:pqrstuvwxyz0987654321",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}],
<span class="comment">...</span>
}</pre>
</div>
</section>
<section id="referring-to-verification-methods"><div class="header-wrapper"><h4 id="x5-2-2-referring-to-verification-methods"><bdi class="secno">5.2.2 </bdi>Referring to Verification Methods</h4><a class="self-link" href="#referring-to-verification-methods" aria-label="Permalink for Section 5.2.2"></a></div>
<p>
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-34">Verification methods</a> can be embedded in or referenced from properties
associated with various <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-2">verification relationships</a> as described in <a href="#verification-relationships" class="sec-ref"><bdi class="secno">5.3 </bdi>Verification Relationships</a>. Referencing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-35">verification methods</a>
allows them to be used by more than one <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-3">verification relationship</a>.
</p>
<p>
If the value of a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-36">verification method</a> property is a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a>, the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-37">verification method</a> has been
embedded and its properties can be accessed directly. However, if the value is a
URL <a href="https://infra.spec.whatwg.org/#string">string</a>, the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-38">verification method</a> has
been included by reference and its properties will need to be retrieved from
elsewhere in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-79">DID document</a> or from another <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-80">DID document</a>. This
is done by dereferencing the URL and searching the resulting <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-13">resource</a> for a
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-39">verification method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> with an
<code>id</code> property whose value matches the URL.
</p>
<div class="example" id="example-embedding-and-referencing-verification-methods">
<div class="marker">
<a class="self-link" href="#example-embedding-and-referencing-verification-methods">Example<bdi> 14</bdi></a><span class="example-title">: Embedding and referencing verification methods</span>
</div> <pre class="nohighlight">{
<span class="comment">...</span>
"authentication": [
<span class="comment">// this key is referenced and might be used by</span>
<span class="comment">// more than one verification relationship</span>
"did:example:123456789abcdefghi#keys-1",
<span class="comment">// this key is embedded and may *only* be used for authentication</span>
{
"id": "did:example:123456789abcdefghi#keys-2",
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span>
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}
],
<span class="comment">...</span>
}</pre>
</div>
</section>
</section>
<section id="verification-relationships"><div class="header-wrapper"><h3 id="x5-3-verification-relationships"><bdi class="secno">5.3 </bdi>Verification Relationships</h3><a class="self-link" href="#verification-relationships" aria-label="Permalink for Section 5.3"></a></div>
<p>
A <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-4">verification relationship</a> expresses the relationship between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-28">DID
subject</a> and a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-40">verification method</a>.
</p>
<p>
Different <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-5">verification relationships</a> enable the associated
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-41">verification methods</a> to be used for different purposes. It is up to a
<em>verifier</em> to ascertain the validity of a verification attempt by
checking that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-42">verification method</a> used is contained in the
appropriate <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-6">verification relationship</a> property of the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-81">DID Document</a>.
</p>
<p>
The <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-7">verification relationship</a> between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-29">DID subject</a> and the
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-43">verification method</a> is explicit in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-82">DID document</a>.
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-44">Verification methods</a> that are not associated with a particular
<a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-8">verification relationship</a> cannot be used for that <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-9">verification
relationship</a>. For example, a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-45">verification method</a> in the value of
the <code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-2">authentication</a></code> property cannot be used to engage in
key agreement protocols with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-30">DID subject</a>—the value of the
<code><a href="#dfn-keyagreement" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-keyagreement-2">keyAgreement</a></code> property needs to be used for that.
</p>
<p>
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-83">DID document</a> does not express revoked keys using a <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-10">verification
relationship</a>. If a referenced verification method is not in the latest
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-84">DID Document</a> used to dereference it, then that verification method is
considered invalid or revoked. Each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-28">DID method</a> specification is expected
to detail how revocation is performed and tracked.
</p>
<p>
The following sections define several useful <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-11">verification relationships</a>.
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-85">DID document</a> <em class="rfc2119">MAY</em> include any of these, or other properties, to
express a specific <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-12">verification relationship</a>. In order to maximize global
interoperability, any such properties used <em class="rfc2119">SHOULD</em> be registered in the DID
Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</p>
<section id="authentication"><div class="header-wrapper"><h4 id="x5-3-1-authentication"><bdi class="secno">5.3.1 </bdi>Authentication</h4><a class="self-link" href="#authentication" aria-label="Permalink for Section 5.3.1"></a></div>
<p>
The <code>authentication</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-13">verification relationship</a> is used to
specify how the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-31">DID subject</a> is expected to be <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-6">authenticated</a>, for
purposes such as logging into a website or engaging in any sort of
challenge-response protocol.
</p>
<dl>
<dt><dfn id="dfn-authentication" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">authentication</dfn></dt>
<dd>
The <code>authentication</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the associated
value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of one or more
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-46">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-47">verification method</a> <em class="rfc2119">MAY</em> be embedded or
referenced.
</dd>
</dl>
<div class="example" id="example-authentication-property-containing-three-verification-methods">
<div class="marker">
<a class="self-link" href="#example-authentication-property-containing-three-verification-methods">Example<bdi> 15</bdi></a><span class="example-title">: Authentication property
containing three verification methods</span>
</div> <pre class="nohighlight">{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "did:example:123456789abcdefghi",
<span class="comment">...</span>
"authentication": [
<span class="comment">// this method can be used to authenticate as did:...fghi</span>
"did:example:123456789abcdefghi#keys-1",
<span class="comment">// this method is *only* approved for authentication, it may not</span>
<span class="comment">// be used for any other proof purpose, so its full description is</span>
<span class="comment">// embedded here rather than using only a reference</span>
{
"id": "did:example:123456789abcdefghi#keys-2",
"type": "Ed25519VerificationKey2020",
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}
],
<span class="comment">...</span>
}</pre>
</div>
<p>
If authentication is established, it is up to the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-29">DID method</a> or other
application to decide what to do with that information. A particular <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-30">DID
method</a> could decide that authenticating as a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-14">DID controller</a> is
sufficient to, for example, update or delete the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-86">DID document</a>. Another
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-31">DID method</a> could require different keys, or a different <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-48">verification
method</a> entirely, to be presented in order to update or delete the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-87">DID
document</a> than that used to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-7">authenticate</a>. In other words, what is done
<em>after</em> the authentication check is out of scope for the <a href="#data-model">data model</a>; <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-32">DID methods</a> and applications are
expected to define this themselves.
</p>
<p>
This is useful to any <em>authentication verifier</em> that needs to check to
see if an entity that is attempting to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-8">authenticate</a> is, in fact,
presenting a valid proof of authentication. When a <em>verifier</em> receives
some data (in some protocol-specific format) that contains a proof that was made
for the purpose of "authentication", and that says that an entity is identified
by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-69">DID</a>, then that <em>verifier</em> checks to ensure that the proof
can be verified using a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-49">verification method</a> (e.g., public key) listed
under <code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-3">authentication</a></code> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-88">DID Document</a>.
</p>
<p>
Note that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-50">verification method</a> indicated by the
<code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-4">authentication</a></code> property of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-89">DID document</a> can only be
used to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-9">authenticate</a> the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-32">DID subject</a>. To <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-10">authenticate</a> a
different <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-15">DID controller</a>, the entity associated with the value of
<code>controller</code>, as defined in <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>, needs to
<a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-11">authenticate</a> with its <em>own</em> <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-90">DID document</a> and associated
<code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-5">authentication</a></code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-14">verification relationship</a>.
</p>
</section>
<section id="assertion"><div class="header-wrapper"><h4 id="x5-3-2-assertion"><bdi class="secno">5.3.2 </bdi>Assertion</h4><a class="self-link" href="#assertion" aria-label="Permalink for Section 5.3.2"></a></div>
<p>
The <code>assertionMethod</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-15">verification relationship</a> is used to
specify how the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-33">DID subject</a> is expected to express claims, such as for
the purposes of issuing a Verifiable Credential [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>].
</p>
<dl>
<dt><dfn id="dfn-assertionmethod" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">assertionMethod</dfn></dt>
<dd>
The <code>assertionMethod</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the
associated value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of
one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-51">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-52">verification method</a> <em class="rfc2119">MAY</em> be
embedded or referenced.
</dd>
</dl>
<p>
This property is useful, for example, during the processing of a <a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-2">verifiable
credential</a> by a verifier. During verification, a verifier checks to see if a
<a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-3">verifiable credential</a> contains a proof created by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-34">DID subject</a>
by checking that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-53">verification method</a> used to assert the proof is
associated with the <code><a href="#dfn-assertionmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-assertionmethod-2">assertionMethod</a></code> property in the
corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-91">DID document</a>.
</p>
<div class="example" id="example-assertion-method-property-containing-two-verification-methods">
<div class="marker">
<a class="self-link" href="#example-assertion-method-property-containing-two-verification-methods">Example<bdi> 16</bdi></a><span class="example-title">: Assertion method property
containing two verification methods</span>
</div> <pre class="nohighlight">{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "did:example:123456789abcdefghi",
<span class="comment">...</span>
"assertionMethod": [
<span class="comment">// this method can be used to assert statements as did:...fghi</span>
"did:example:123456789abcdefghi#keys-1",
<span class="comment">// this method is *only* approved for assertion of statements, it is not</span>
<span class="comment">// used for any other verification relationship, so its full description is</span>
<span class="comment">// embedded here rather than using a reference</span>
{
"id": "did:example:123456789abcdefghi#keys-2",
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span>
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}
],
<span class="comment">...</span>
}</pre>
</div>
</section>
<section id="key-agreement"><div class="header-wrapper"><h4 id="x5-3-3-key-agreement"><bdi class="secno">5.3.3 </bdi>Key Agreement</h4><a class="self-link" href="#key-agreement" aria-label="Permalink for Section 5.3.3"></a></div>
<p>
The <code>keyAgreement</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-16">verification relationship</a> is used to
specify how an entity can generate encryption material in order to transmit
confidential information intended for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-35">DID subject</a>, such as for
the purposes of establishing a secure communication channel with the recipient.
</p>
<dl>
<dt><dfn id="dfn-keyagreement" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">keyAgreement</dfn></dt>
<dd>
The <code>keyAgreement</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the associated
value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of one or more
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-54">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-55">verification method</a> <em class="rfc2119">MAY</em> be embedded or
referenced.
</dd>
</dl>
<p>
An example of when this property is useful is when encrypting a message intended
for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-36">DID subject</a>. In this case, the counterparty uses the
cryptographic public key information in the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-56">verification method</a> to wrap a
decryption key for the recipient.
</p>
<div class="example" id="example-key-agreement-property-containing-two-verification-methods">
<div class="marker">
<a class="self-link" href="#example-key-agreement-property-containing-two-verification-methods">Example<bdi> 17</bdi></a><span class="example-title">: Key agreement property
containing two verification methods</span>
</div> <pre class="nohighlight">{
"@context": "https://www.w3.org/ns/did/v1",
"id": "did:example:123456789abcdefghi",
<span class="comment">...</span>
"keyAgreement": [
<span class="comment">// this method can be used to perform key agreement as did:...fghi</span>
"did:example:123456789abcdefghi#keys-1",
<span class="comment">// this method is *only* approved for key agreement usage, it will not</span>
<span class="comment">// be used for any other verification relationship, so its full description is</span>
<span class="comment">// embedded here rather than using only a reference</span>
{
"id": "did:example:123#zC9ByQ8aJs8vrNXyDhPHHNNMSHPcaSgNpjjsBYpMMjsTdS",
"type": "X25519KeyAgreementKey2019", <span class="comment">// external (property value)</span>
"controller": "did:example:123",
"publicKeyMultibase": "z9hFgmPVfmBZwRvFEyniQDBkz9LmV7gDEqytWyGZLmDXE"
}
],
<span class="comment">...</span>
}</pre>
</div>
</section>
<section id="capability-invocation"><div class="header-wrapper"><h4 id="x5-3-4-capability-invocation"><bdi class="secno">5.3.4 </bdi>Capability Invocation</h4><a class="self-link" href="#capability-invocation" aria-label="Permalink for Section 5.3.4"></a></div>
<p>
The <code>capabilityInvocation</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-17">verification relationship</a> is used
to specify a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-57">verification method</a> that might be used by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-37">DID
subject</a> to invoke a cryptographic capability, such as the authorization to
update the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-92">DID Document</a>.
</p>
<dl>
<dt><dfn id="dfn-capabilityinvocation" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">capabilityInvocation</dfn></dt>
<dd>
The <code>capabilityInvocation</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the
associated value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of
one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-58">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-59">verification method</a> <em class="rfc2119">MAY</em> be
embedded or referenced.
</dd>
</dl>
<p>
An example of when this property is useful is when a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-38">DID subject</a> needs to
access a protected HTTP API that requires authorization in order to use it. In
order to authorize when using the HTTP API, the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-39">DID subject</a>
uses a capability that is associated with a particular URL that is
exposed via the HTTP API. The invocation of the capability could be
expressed in a number of ways, e.g., as a digitally signed
message that is placed into the HTTP Headers.
</p>
<p>
The server providing the HTTP API is the <em>verifier</em> of the capability and
it would need to verify that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-60">verification method</a> referred to by the
invoked capability exists in the <code><a href="#dfn-capabilityinvocation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilityinvocation-2">capabilityInvocation</a></code>
property of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-93">DID document</a>. The verifier would also check to make sure
that the action being performed is valid and the capability is appropriate for
the resource being accessed. If the verification is successful, the server has
cryptographically determined that the invoker is authorized to access the
protected resource.
</p>
<div class="example" id="example-capability-invocation-property-containing-two-verification-methods">
<div class="marker">
<a class="self-link" href="#example-capability-invocation-property-containing-two-verification-methods">Example<bdi> 18</bdi></a><span class="example-title">: Capability invocation property
containing two verification methods</span>
</div> <pre class="nohighlight">{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "did:example:123456789abcdefghi",
<span class="comment">...</span>
"capabilityInvocation": [
<span class="comment">// this method can be used to invoke capabilities as did:...fghi</span>
"did:example:123456789abcdefghi#keys-1",
<span class="comment">// this method is *only* approved for capability invocation usage, it will not</span>
<span class="comment">// be used for any other verification relationship, so its full description is</span>
<span class="comment">// embedded here rather than using only a reference</span>
{
"id": "did:example:123456789abcdefghi#keys-2",
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span>
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}
],
<span class="comment">...</span>
}</pre>
</div>
</section>
<section id="capability-delegation"><div class="header-wrapper"><h4 id="x5-3-5-capability-delegation"><bdi class="secno">5.3.5 </bdi>Capability Delegation</h4><a class="self-link" href="#capability-delegation" aria-label="Permalink for Section 5.3.5"></a></div>
<p>
The <code>capabilityDelegation</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-18">verification relationship</a> is used
to specify a mechanism that might be used by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-40">DID subject</a> to delegate
a cryptographic capability to another party, such as delegating the authority
to access a specific HTTP API to a subordinate.
</p>
<dl>
<dt><dfn id="dfn-capabilitydelegation" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">capabilityDelegation</dfn></dt>
<dd>
The <code>capabilityDelegation</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the
associated value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of
one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-61">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-62">verification method</a> <em class="rfc2119">MAY</em> be
embedded or referenced.
</dd>
</dl>
<p>
An example of when this property is useful is when a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-16">DID controller</a>
chooses to delegate their capability to access a protected HTTP API to a party
other than themselves. In order to delegate the capability, the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-41">DID
subject</a> would use a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-63">verification method</a> associated with the
<code>capabilityDelegation</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-19">verification relationship</a> to
cryptographically sign the capability over to another <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-42">DID subject</a>. The
delegate would then use the capability in a manner that is similar to the
example described in <a href="#capability-invocation" class="sec-ref"><bdi class="secno">5.3.4 </bdi>Capability Invocation</a>.
</p>
<div class="example" id="example-capability-delegation-property-containing-two-verification-methods">
<div class="marker">
<a class="self-link" href="#example-capability-delegation-property-containing-two-verification-methods">Example<bdi> 19</bdi></a><span class="example-title">: Capability Delegation property
containing two verification methods</span>
</div> <pre class="nohighlight">{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "did:example:123456789abcdefghi",
<span class="comment">...</span>
"capabilityDelegation": [
<span class="comment">// this method can be used to perform capability delegation as did:...fghi</span>
"did:example:123456789abcdefghi#keys-1",
<span class="comment">// this method is *only* approved for granting capabilities; it will not</span>
<span class="comment">// be used for any other verification relationship, so its full description is</span>
<span class="comment">// embedded here rather than using only a reference</span>
{
"id": "did:example:123456789abcdefghi#keys-2",
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span>
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}
],
<span class="comment">...</span>
}</pre>
</div>
</section>
</section>
<section id="services"><div class="header-wrapper"><h3 id="x5-4-services"><bdi class="secno">5.4 </bdi>Services</h3><a class="self-link" href="#services" aria-label="Permalink for Section 5.4"></a></div>
<p>
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-10">Services</a> are used in <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-94">DID documents</a> to express ways of
communicating with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-43">DID subject</a> or associated entities. A
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-11">service</a> can be any type of service the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-44">DID subject</a> wants to
advertise, including <a href="#dfn-decentralized-identity-management" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identity-management-1">decentralized identity management</a> services for
further discovery, authentication, authorization, or interaction.
</p>
<p>
Due to privacy concerns, revealing public information through <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-12">services</a>,
such as social media accounts, personal websites, and email addresses, is
discouraged. Further exploration of privacy concerns can be found in <a href="#keep-personal-data-private" class="sec-ref"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a> and <a href="#service-privacy" class="sec-ref"><bdi class="secno">10.6 </bdi>Service Privacy</a>. The
information associated with <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-13">services</a> is often service specific. For
example, the information associated with an encrypted messaging service can
express how to initiate the encrypted link before messaging begins.
</p>
<p>
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-14">Services</a> are expressed using the <code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-15">service</a></code> property,
which is described below:
</p>
<dl>
<dt>service</dt>
<dd>
<p>
The <code>service</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the associated value
<em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-16">services</a>,
where each service is described by a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a>.
Each <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-17">service</a> <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> <em class="rfc2119">MUST</em> contain
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-6">id</a></code>, <code>type</code>, and
<code><a href="#dfn-serviceendpoint" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-serviceendpoint-2">serviceEndpoint</a></code> properties. Each service extension <em class="rfc2119">MAY</em>
include additional properties and <em class="rfc2119">MAY</em> further restrict the properties associated
with the extension.
</p>
<dl>
<dt>id</dt>
<dd>
The value of the <code>id</code> property <em class="rfc2119">MUST</em> be a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-17">URI</a> conforming to
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-1">conforming producer</a> <em class="rfc2119">MUST NOT</em> produce
multiple <code>service</code> entries with the same <code>id</code>.
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-1">conforming consumer</a> <em class="rfc2119">MUST</em> produce an error if it detects
multiple <code>service</code> entries with the same <code>id</code>.
</dd>
<dt>type</dt>
<dd>
The value of the <code>type</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> or a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="https://infra.spec.whatwg.org/#string">strings</a>. In order to maximize interoperability,
the <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-18">service</a> type and its associated properties <em class="rfc2119">SHOULD</em> be
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</dd>
<dt><dfn id="dfn-serviceendpoint" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">serviceEndpoint</dfn></dt>
<dd>
The value of the <code>serviceEndpoint</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a>, a <a href="https://infra.spec.whatwg.org/#string">map</a>, or
a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> composed of one or more <a href="https://infra.spec.whatwg.org/#string">strings</a> and/or <a href="https://infra.spec.whatwg.org/#string">maps</a>. All <a href="https://infra.spec.whatwg.org/#string">string</a>
values <em class="rfc2119">MUST</em> be valid <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-18">URIs</a> conforming to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] and normalized
according to the <a href="https://www.rfc-editor.org/rfc/rfc3986#section-6">Normalization and Comparison
rules in RFC3986</a> and to any normalization rules in its applicable <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-19">URI</a>
scheme specification.
</dd>
</dl>
</dd></dl>
<p>
For more information regarding privacy and security considerations related
to <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-19">services</a> see <a href="#service-privacy" class="sec-ref"><bdi class="secno">10.6 </bdi>Service Privacy</a>, <a href="#keep-personal-data-private" class="sec-ref"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a>, <a href="#did-document-correlation-risks" class="sec-ref"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</a>, and <a href="#authentication-service-endpoints" class="sec-ref"><bdi class="secno">9.3 </bdi>Authentication Service Endpoints</a>.
</p>
<div class="example" id="example-usage-of-the-service-property">
<div class="marker">
<a class="self-link" href="#example-usage-of-the-service-property">Example<bdi> 20</bdi></a><span class="example-title">: Usage of the service property</span>
</div> <pre class="nohighlight">{
"service": [{
"id":"did:example:123#linked-domain",
"type": "LinkedDomains", <span class="comment">// external (property value)</span>
"serviceEndpoint": "https://bar.example.com"
}]
}</pre>
</div>
</section>
</section>
<section class="normative" id="representations"><div class="header-wrapper"><h2 id="x6-representations"><bdi class="secno">6. </bdi>Representations</h2><a class="self-link" href="#representations" aria-label="Permalink for Section 6."></a></div>
<p>
A concrete serialization of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-95">DID document</a> in this specification is
called a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-14">representation</a>. A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-15">representation</a> is created by
serializing the <a href="#data-model">data model</a> through a process called
<dfn id="dfn-production" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">production</dfn>. A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-16">representation</a> is transformed into the <a href="#data-model">data model</a> through a process called
<dfn id="dfn-consumption" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">consumption</dfn>. The <em>production</em> and <em>consumption</em>
processes enable the conversion of information from one <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-17">representation</a> to
another. This specification defines <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-18">representations</a> for JSON and JSON-LD,
and developers can use any other <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-19">representation</a>, such as XML or
YAML, that is capable of expressing the <a href="#data-model">data model</a>.
The following sections define the general rules for <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-1">production</a> and
<a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-1">consumption</a>, as well as the JSON and JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-20">representations</a>.
</p>
<section id="production-and-consumption"><div class="header-wrapper"><h3 id="x6-1-production-and-consumption"><bdi class="secno">6.1 </bdi>Production and Consumption</h3><a class="self-link" href="#production-and-consumption" aria-label="Permalink for Section 6.1"></a></div>
<p>
In addition to the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-21">representations</a> defined in this specification,
implementers can use other <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-22">representations</a>, providing each such
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-23">representation</a> is properly specified (including rules for
interoperable handling of properties not listed in the DID Specification
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]). See <a href="#extensibility" class="sec-ref"><bdi class="secno">4.1 </bdi>Extensibility</a>
for more information.
</p>
<p>
The requirements for all <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-24">representations</a> are as follows:
</p>
<ol>
<li>
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-25">representation</a> <em class="rfc2119">MUST</em> define deterministic production and consumption
rules for all data types specified in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a>.
</li>
<li>
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-26">representation</a> <em class="rfc2119">MUST</em> be uniquely associated with an IANA-registered
Media Type.
</li>
<li>
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-27">representation</a> <em class="rfc2119">MUST</em> define fragment processing rules for its Media
Type that are conformant with the fragment processing rules defined in
<a href="#fragment" class="sec-ref">Fragment</a>.
</li>
<li>
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-28">representation</a> <em class="rfc2119">SHOULD</em> use the lexical representation of <a href="#data-model">data model</a> data types. For example, JSON and JSON-LD use
the XML Schema <code>dateTime</code> lexical serialization to represent
<a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-1">datetimes</a>. A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-29">representation</a> <em class="rfc2119">MAY</em> choose to serialize the <a href="#data-model">data model</a> data types using a different lexical
serializations as long as the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-2">consumption</a> process back into the <a href="#data-model">data model</a> is lossless. For example, some CBOR-based
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-30">representations</a> express <a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-2">datetime</a> values using integers to
represent the number of seconds since the Unix epoch.
</li>
<li>
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-31">representation</a> <em class="rfc2119">MAY</em> define <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-2">representation-specific entries</a> that
are stored in a <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-3">representation-specific entries</a>
<a href="https://infra.spec.whatwg.org/#maps">map</a>
for use during the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-2">production</a> and <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-3">consumption</a> process. These
entries are used when consuming or producing to aid in ensuring lossless
conversion.
</li>
<li>
In order to maximize interoperability, <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-32">representation</a> specification
authors <em class="rfc2119">SHOULD</em> register their <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-33">representation</a> in the DID Specification
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</li>
</ol>
<p>
The requirements for all <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-2">conforming producers</a> are as follows:
</p>
<ol>
<li>
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-3">conforming producer</a> <em class="rfc2119">MUST</em> take a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-96">DID document</a> <a href="#data-model">data model</a> and a <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-4">representation-specific entries</a>
<a href="https://infra.spec.whatwg.org/#maps">map</a> as input into the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-3">production</a> process.
The <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-4">conforming producer</a> <em class="rfc2119">MAY</em> accept additional options as input
into the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-4">production</a> process.
</li>
<li>
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-5">conforming producer</a> <em class="rfc2119">MUST</em> serialize all entries in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-97">DID
document</a> <a href="#data-model">data model</a>, and the
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-5">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a>,
that do not
have explicit processing rules for the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-34">representation</a> being produced
using only the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-35">representation</a>'s data type processing rules and
return the serialization after the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-5">production</a> process completes.
</li>
<li>
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-6">conforming producer</a> <em class="rfc2119">MUST</em> return the Media Type <a href="https://infra.spec.whatwg.org/#string">string</a> associated with the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-36">representation</a>
after the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-6">production</a> process completes.
</li>
<li>
A conforming producer <em class="rfc2119">MUST NOT</em> produce non-conforming <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-70">DIDs</a> or <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-98">DID
documents</a>.
</li>
</ol>
<p>
The requirements for all <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-2">conforming consumers</a> are as follows:
</p>
<ol>
<li>
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-3">conforming consumer</a> <em class="rfc2119">MUST</em> take a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-37">representation</a> and
Media Type <a href="https://infra.spec.whatwg.org/#string">string</a> as input into
the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-4">consumption</a> process. A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-4">conforming consumer</a> <em class="rfc2119">MAY</em> accept
additional options as input into the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-5">consumption</a> process.
</li>
<li>
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-5">conforming consumer</a> <em class="rfc2119">MUST</em> determine the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-38">representation</a> of a
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-99">DID document</a> using the Media Type input <a href="https://infra.spec.whatwg.org/#string">string</a>.
</li>
<li>
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-6">conforming consumer</a> <em class="rfc2119">MUST</em> detect any <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-6">representation-specific
entry</a> across all known <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-39">representations</a> and place the entry into a
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-7">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a>
which is returned after the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-6">consumption</a> process completes. A list of
all known <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-8">representation-specific entries</a> is available in the
DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</li>
<li>
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-7">conforming consumer</a> <em class="rfc2119">MUST</em> add all <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-9">non-representation-specific
entries</a>
that do not have explicit processing rules for the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-40">representation</a> being
consumed to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-100">DID document</a> <a href="#data-model">data model</a> using
only the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-41">representation</a>'s data type processing rules and return the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-101">DID document</a> data model after the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-7">consumption</a> process completes.
</li>
<li>
A conforming consumer <em class="rfc2119">MUST</em> produce errors when consuming non-conforming
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-71">DIDs</a> or <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-102">DID documents</a>.
</li>
</ol>
<figure id="production-consumption">
<img style="margin: auto; display: block;" src="diagrams/diagram-production-consumption.svg" alt="
Diagram illustrating how representations of the data model are produced
and consumed, including in JSON and JSON-LD." height="605" width="989">
<figcaption>Figure <bdi class="figno">4</bdi> <span class="fig-title">
Production and consumption of representations.
See also: <a class="longdesc-link" href="#production-consumption-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="production-consumption-longdesc">
<p>
The upper left quadrant of the diagram contains a rectangle with dashed grey
outline, containing two blue-outlined rectangles, one above the other.
The upper, larger rectangle is labeled, in blue, "Core Properties",
and contains the following <a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation:
</p>
<pre aria-busy="false"><code class="hljs javascript">«[
<span class="hljs-string">"id"</span> → <span class="hljs-string">"example:123"</span>,
<span class="hljs-string">"verificationMethod"</span> → « «[
<span class="hljs-string">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>,
<span class="hljs-string">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-string">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>,
<span class="hljs-string">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span>
]» »,
<span class="hljs-string">"authentication"</span> → «
<span class="hljs-string">"did:example:123#keys-1"</span>
»
]»</code></pre>
The lower, smaller rectangle is labeled, in blue, "Core Representation-specific
Entries (JSON-LD)", and contains the following monospaced <a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation:
<pre aria-busy="false"><code class="hljs css">«<span class="hljs-selector-attr">[ <span class="hljs-string">"@context"</span> → <span class="hljs-string">"https://www.w3.org/ns/did/v1"</span> ]</span>»</code></pre>
<p>
From the grey-outlined rectangle, three pairs of arrows extend to three
different black-outlined rectangles, one on the upper right of the diagram, one
in the lower right, and one in the lower left. Each pair of arrows consists of
one blue arrow pointing from the grey-outlined rectangle to the respective
black-outlined rectangle, labeled "produce", and one red arrow pointing in the
reverse direction, labeled "consume". The black-outlined rectangle in the upper
right is labeled "application/did+cbor", and contains hexadecimal data. The
rectangle in the lower right is labeled "application/did+json", and contains
the following JSON data:
</p>
<pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"verificationMethod"</span>: [{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>,
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span>
}],
<span class="hljs-attr">"authentication"</span>: [
<span class="hljs-string">"did:example:123#keys-1"</span>
]
}</code></pre>
<p>
The rectangle in the lower left is labeled "application/did+ld+json", and
contains the following JSON-LD data:
</p>
<pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"@context"</span>: [<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>],
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"verificationMethod"</span>: [{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>,
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span>
}],
<span class="hljs-attr">"authentication"</span>: [
<span class="hljs-string">"did:example:123#keys-1"</span>
]
}</code></pre>
</div>
<div class="note" role="note" id="issue-container-generatedID-9"><div role="heading" class="note-title marker" id="h-note-9" aria-level="4"><span>Note</span><span class="issue-label">: Conversion between representations</span></div><p class="">
An implementation is expected to convert between <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-42">representations</a> by using
the <em>consumption</em> rules on the source representation resulting in the <a href="#data-model">data model</a> and then using the <em>production</em> rules
to serialize <a href="#data-model">data model</a> to the target representation,
or any other mechanism that results in the same target representation.
</p></div>
</section>
<section id="json"><div class="header-wrapper"><h3 id="x6-2-json"><bdi class="secno">6.2 </bdi>JSON</h3><a class="self-link" href="#json" aria-label="Permalink for Section 6.2"></a></div>
<p>
This section defines the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-7">production</a> and <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-8">consumption</a> rules
for the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-43">representation</a>.
</p>
<section id="production"><div class="header-wrapper"><h4 id="x6-2-1-production"><bdi class="secno">6.2.1 </bdi>Production</h4><a class="self-link" href="#production" aria-label="Permalink for Section 6.2.1"></a></div>
<p>
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-103">DID document</a>, DID document data structures, and
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-10">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a> <em class="rfc2119">MUST</em>
be serialized to the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-44">representation</a> according to the following
<a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-8">production</a> rules:
</p>
<table class="simple" id="json-representation-production">
<thead>
<tr>
<th>
Data&nbsp;Type
</th>
<th>
JSON Representation Type
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#maps">map</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a>, where each entry is
serialized as a member of the JSON Object with the entry key as a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a> member name and the entry value
according to its type, as defined in this table.
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#list">list</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a>, where each element of the
list is serialized, in order, as a value of the array according to its type, as
defined in this table.
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a>, where each element of the set
is added, in order, as a value of the array according to its type, as defined in
this table.
</td>
</tr>
<tr>
<td>
<a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-3">datetime</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a> serialized as an
<a href="https://www.w3.org/TR/xmlschema11-2/#dateTime">XML Datetime</a> normalized to
UTC 00:00:00 and without sub-second decimal precision. For example:
<code>2020-12-20T19:17:47Z</code>.
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#string">string</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a>.
</td>
</tr>
<tr>
<td>
<a href="#dfn-integer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-integer-1">integer</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> without a decimal or
fractional component.
</td>
</tr>
<tr>
<td>
<a href="#dfn-double" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-double-1">double</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> with a decimal and
fractional component.
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#boolean">boolean</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON Boolean</a>.
</td>
</tr>
<tr>
<td>
<a href="https://infra.spec.whatwg.org/#nulls">null</a>
</td>
<td>
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON null literal</a>.
</td>
</tr>
</tbody>
</table>
<p class="advisement" title="INFRA JSON serialization rules">
All implementers creating <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-7">conforming producers</a> that produce JSON
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-45">representations</a> are advised to ensure that their algorithms are aligned
with the <a href="https://infra.spec.whatwg.org/#serialize-an-infra-value-to-json-bytes">JSON
serialization rules</a> in the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification and the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">precision advisements regarding Numbers</a> in the
JSON [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8259" title="The JavaScript Object Notation (JSON) Data Interchange Format">RFC8259</a></cite>] specification.
</p>
<p>
All entries of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-104">DID document</a> <em class="rfc2119">MUST</em> be included in the root <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a>. Entries <em class="rfc2119">MAY</em> contain additional
data substructures subject to the value representation rules in the list above.
When serializing a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-105">DID document</a>, a <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-8">conforming producer</a> <em class="rfc2119">MUST</em>
specify a media type of <code>application/did+json</code> to downstream
applications such as described in <a href="#did-resolution-metadata" class="sec-ref"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a>.
</p>
<div class="example" id="example-example-did-document-in-json-representation">
<div class="marker">
<a class="self-link" href="#example-example-did-document-in-json-representation">Example<bdi> 21</bdi></a><span class="example-title">: Example DID document in JSON representation</span>
</div> <pre class="nohighlight">{
"id": "did:example:123456789abcdefghi",
"authentication": [{
"id": "did:example:123456789abcdefghi#keys-1",
"type": "Ed25519VerificationKey2018",
"controller": "did:example:123456789abcdefghi",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}]
}</pre>
</div>
</section>
<section id="consumption"><div class="header-wrapper"><h4 id="x6-2-2-consumption"><bdi class="secno">6.2.2 </bdi>Consumption</h4><a class="self-link" href="#consumption" aria-label="Permalink for Section 6.2.2"></a></div>
<p>
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-106">DID document</a> and DID document data structures JSON
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-46">representation</a> <em class="rfc2119">MUST</em> be deserialized into the <a href="#data-model">data
model</a> according to the following <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-9">consumption</a> rules:
</p>
<table class="simple column-width-50" id="json-representation-consumption">
<thead>
<tr>
<th>
JSON Representation Type
</th>
<th>
Data&nbsp;Type
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a>
</td>
<td>
A <a href="https://infra.spec.whatwg.org/#maps">map</a>, where each member of the JSON
Object is added as an entry to the map. Each entry key is set as the
JSON Object member name. Each entry value is set by converting the JSON Object
member value according to the JSON representation type as defined in this table.
Since order is not specified by JSON Objects, no insertion order is guaranteed.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a> where the <a href="#data-model">data model</a> entry value is a <a href="https://infra.spec.whatwg.org/#list">list</a> or unknown
</td>
<td>
A <a href="https://infra.spec.whatwg.org/#list">list</a>, where each value of the JSON Array is
added to the list in order, converted based on the JSON representation type of
the array value, as defined in this table.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a> where the <a href="#data-model">data model</a> entry value is a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a>
</td>
<td>
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a>, where each value of
the JSON Array is added to the set in order, converted based on the JSON
representation type of the array value, as defined in this table.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a> where <a href="#data-model">data model</a> entry value is a <a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-4">datetime</a>
</td>
<td>
A <a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-5">datetime</a>.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a>, where the <a href="#data-model">data model</a> entry value type is <a data-type="dfn" href="https://infra.spec.whatwg.org/#string">string</a> or
unknown
</td>
<td>
A <a href="https://infra.spec.whatwg.org/#string">string</a>.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> without a decimal or
fractional component
</td>
<td>
An <a href="#dfn-integer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-integer-2">integer</a>.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> with a decimal and fractional
component, or when entry value is a <a href="#dfn-double" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-double-2">double</a> regardless of inclusion of
fractional component
</td>
<td>
A <a href="#dfn-double" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-double-3">double</a>.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON Boolean</a>
</td>
<td>
A <a href="https://infra.spec.whatwg.org/#boolean">boolean</a>.
</td>
</tr>
<tr>
<td>
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON null literal</a>
</td>
<td>
A <a href="https://infra.spec.whatwg.org/#nulls">null</a> value.
</td>
</tr>
</tbody>
</table>
<p class="advisement">
All implementers creating <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-8">conforming consumers</a> that produce JSON
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-47">representations</a> are advised to ensure that their algorithms are aligned
with the <a href="https://infra.spec.whatwg.org/#parse-json-bytes-to-an-infra-value">JSON
conversion rules</a> in the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification and the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">precision advisements regarding Numbers</a> in the
JSON [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8259" title="The JavaScript Object Notation (JSON) Data Interchange Format">RFC8259</a></cite>] specification.
</p>
<p>
If media type information is available to a <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-9">conforming consumer</a> and the
media type value is <code>application/did+json</code>, then the data structure
being consumed is a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-107">DID document</a>, and the root element <em class="rfc2119">MUST</em> be a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a> where all members of the object
are entries of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-108">DID document</a>. A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-10">conforming consumer</a> for a JSON
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-48">representation</a> that is consuming a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-109">DID document</a> with a root
element that is not a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a> <em class="rfc2119">MUST</em>
report an error.
</p>
</section>
</section>
<section id="json-ld"><div class="header-wrapper"><h3 id="x6-3-json-ld"><bdi class="secno">6.3 </bdi>JSON-LD</h3><a class="self-link" href="#json-ld" aria-label="Permalink for Section 6.3"></a></div>
<p>
JSON-LD [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>] is a JSON-based format used to serialize <a href="http://www.w3.org/TR/ld-glossary/#linked-data">Linked Data</a>. This
section defines the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-9">production</a> and <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-10">consumption</a> rules for the
JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-49">representation</a>.
</p>
<p>
The JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-50">representation</a> defines the following
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-11">representation-specific entries</a>:
</p>
<dl>
<dt><dfn id="dfn-context" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">@context</dfn></dt>
<dd>
The <a href="https://www.w3.org/TR/json-ld11/#the-context">JSON-LD Context</a>
is either a <a href="https://infra.spec.whatwg.org/#string">string</a> or a <a href="https://infra.spec.whatwg.org/#list">list</a> containing any combination of <a href="https://infra.spec.whatwg.org/#string">strings</a> and/or <a href="https://infra.spec.whatwg.org/#maps">ordered
maps</a>.
</dd>
</dl>
<section id="production-0"><div class="header-wrapper"><h4 id="x6-3-1-production"><bdi class="secno">6.3.1 </bdi>Production</h4><a class="self-link" href="#production-0" aria-label="Permalink for Section 6.3.1"></a></div>
<p>
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-110">DID document</a>, DID document data structures, and
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-12">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a> <em class="rfc2119">MUST</em>
be serialized to the JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-51">representation</a> according to the JSON
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-52">representation</a> <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-10">production</a> rules as defined in <a href="#json" class="sec-ref"><bdi class="secno">6.2 </bdi>JSON</a>.
</p>
<p>
In addition to using the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-53">representation</a> <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-11">production</a> rules,
JSON-LD production <em class="rfc2119">MUST</em> include the
<a data-lt="representation-specific entry" href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-13">representation-specific</a>
<a href="#dfn-context" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-context-2"><code>@context</code></a> entry. The serialized value of
<code>@context</code> <em class="rfc2119">MUST</em> be the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON
String</a> <code>https://www.w3.org/ns/did/v1</code>, or a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a> where the first item is the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a>
<code>https://www.w3.org/ns/did/v1</code> and the subsequent items are
serialized according to the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-54">representation</a> <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-12">production</a>
rules.
</p>
<div class="example" id="example-a-valid-serialization-of-a-simple-context-entry">
<div class="marker">
<a class="self-link" href="#example-a-valid-serialization-of-a-simple-context-entry">Example<bdi> 22</bdi></a><span class="example-title">: A valid serialization of a simple @context entry</span>
</div> <pre aria-busy="false"><code class="hljs javascript">{
<span class="hljs-string">"@context"</span>: <span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>,
...
}</code></pre>
</div>
<div class="example" id="example-a-valid-serialization-of-a-layered-context-entry">
<div class="marker">
<a class="self-link" href="#example-a-valid-serialization-of-a-layered-context-entry">Example<bdi> 23</bdi></a><span class="example-title">: A valid serialization of a layered @context entry</span>
</div> <pre aria-busy="false"><code class="hljs javascript">{
<span class="hljs-string">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>,
<span class="hljs-string">"https://did-method-extension.example/v1"</span>
],
...
}</code></pre>
</div>
<p class="advisement" title="JSON-LD serialization rules">
All implementers creating <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-9">conforming producers</a> that produce JSON-LD
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-55">representations</a> are advised to ensure that their algorithms
produce valid JSON-LD [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>] documents. Invalid JSON-LD documents will
cause JSON-LD processors to halt and report errors.
</p>
<p>
In order to achieve interoperability across different <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-56">representations</a>,
all JSON-LD Contexts and their terms <em class="rfc2119">SHOULD</em> be registered in the DID
Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</p>
<p>
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-10">conforming producer</a> that generates a JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-57">representation</a>
<em class="rfc2119">SHOULD NOT</em> produce a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-111">DID document</a> that contains terms not defined via the
<code>@context</code> as <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-11">conforming consumers</a> are expected to remove
unknown terms. When serializing a JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-58">representation</a> of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-112">DID
document</a>, a <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-11">conforming producer</a> <em class="rfc2119">MUST</em> specify a media type of
<code>application/did+ld+json</code> to downstream applications such as
described in <a href="#did-resolution-metadata" class="sec-ref"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a>.
</p>
</section>
<section id="consumption-0"><div class="header-wrapper"><h4 id="x6-3-2-consumption"><bdi class="secno">6.3.2 </bdi>Consumption</h4><a class="self-link" href="#consumption-0" aria-label="Permalink for Section 6.3.2"></a></div>
<p>
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-113">DID document</a> and any DID document data structures expressed by a
JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-59">representation</a> <em class="rfc2119">MUST</em> be deserialized into the <a href="#data-model">data model</a> according to the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-60">representation</a>
<a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-11">consumption</a> rules as defined in <a href="#json" class="sec-ref"><bdi class="secno">6.2 </bdi>JSON</a>.
</p>
<p class="advisement" title="JSON-LD serialization rules">
All implementers creating <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-12">conforming consumers</a> that consume JSON-LD
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-61">representations</a> are advised to ensure that their algorithms only accept
valid JSON-LD [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>] documents. Invalid JSON-LD documents will cause
JSON-LD processors to halt and report errors.
</p>
<p>
<a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-13">Conforming consumers</a> that process a JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-62">representation</a> <em class="rfc2119">SHOULD</em>
drop all terms from a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-114">DID document</a> that are not defined via the
<code>@context</code>.
</p>
</section>
</section>
</section>
<section class="normative" id="resolution"><div class="header-wrapper"><h2 id="x7-resolution"><bdi class="secno">7. </bdi>Resolution</h2><a class="self-link" href="#resolution" aria-label="Permalink for Section 7."></a></div>
<p>
This section defines the inputs and outputs of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-7">DID resolution</a> and <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-5">DID
URL dereferencing</a>. Their exact implementation is out of scope for this
specification, but some considerations for implementers are discussed in
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>].
</p>
<p>
All conformant <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-7">DID resolvers</a> <em class="rfc2119">MUST</em> implement the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-8">DID resolution</a>
functions for at least one <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-33">DID method</a> and <em class="rfc2119">MUST</em> be able to return a
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-115">DID document</a> in at least one conformant <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-63">representation</a>.
</p>
<section data-dfn-for="Resolver" id="did-resolution"><div class="header-wrapper"><h3 id="x7-1-did-resolution"><bdi class="secno">7.1 </bdi>DID Resolution</h3><a class="self-link" href="#did-resolution" aria-label="Permalink for Section 7.1"></a></div>
<p>
The <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-9">DID resolution</a> functions resolve a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-72">DID</a> into a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-116">DID
document</a> by using the "Read" operation of the applicable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-34">DID method</a>
as described in <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a>. The details of how this
process is accomplished are outside the scope of this specification, but all
conforming <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-8">DID resolvers</a> implement the functions below, which have the
following abstract forms:
</p>
<pre title="Abstract functions for DID Resolution" aria-busy="false"><code class="hljs">resolve(did, resolutionOptions) →
« didResolutionMetadata, didDocument, didDocumentMetadata »
resolveRepresentation(did, resolutionOptions) →
« didResolutionMetadata, didDocumentStream, didDocumentMetadata »</code></pre>
<p>
The <code>resolve</code> function returns the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-117">DID document</a> in its
abstract form (a <a href="https://infra.spec.whatwg.org/#maps">map</a>). The
<code>resolveRepresentation</code> function returns a byte stream of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-118">DID
Document</a> formatted in the corresponding representation.
</p>
<figure id="resolve-resolverepresentation">
<img style="margin: auto; display: block;" src="diagrams/diagram-resolve-resolverepresentation.svg" alt="
Diagram illustrating how resolve() returns the DID document data model in
its abstract form and resolveRepresenation() returns it in one of the
conformant representations; conversion is possible using production and
consumption rules." height="595" width="1056">
<figcaption>Figure <bdi class="figno">5</bdi> <span class="fig-title">
Functions resolve() and resolveRepresentation().
See also: <a class="longdesc-link" href="#resolve-resolverepresentation-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="resolve-resolverepresentation-longdesc">
<p>
The upper middle part of the diagram contains a rectangle with dashed grey outline, containing two
blue-outlined rectangles, one above the other.
The upper, larger rectangle is labeled, in blue, "Core Properties", and contains the following
<a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation:
</p>
<pre aria-busy="false"><code class="hljs javascript">«[
<span class="hljs-string">"id"</span> → <span class="hljs-string">"example:123"</span>,
<span class="hljs-string">"verificationMethod"</span> → « «[
<span class="hljs-string">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>,
<span class="hljs-string">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-string">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>,
<span class="hljs-string">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span>
]» »,
<span class="hljs-string">"authentication"</span> → «
<span class="hljs-string">"did:example:123#keys-1"</span>
»
]»</code></pre>
<p>
The lower, smaller rectangle is labeled, in blue, "Core Representation-specific Entries (JSON-LD)", and
contains the following monospaced <a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation:
</p>
<pre aria-busy="false"><code class="hljs css">«<span class="hljs-selector-attr">[ <span class="hljs-string">"@context"</span> → <span class="hljs-string">"https://www.w3.org/ns/did/v1"</span> ]</span>»</code></pre>
<p>
From the grey-outlined rectangle, three pairs of arrows extend to three
different black-outlined rectangles, aligned in a horizontal row side-by-side, in the bottom half
of the diagram. Each pair of arrows consists of
one blue arrow pointing from the grey-outlined rectangle to the respective
black-outlined rectangle, labeled "produce", and one red arrow pointing in the
reverse direction, labeled "consume". The first black-outlined rectangle in the row
is labeled "application/did+ld+json", and contains
the following JSON-LD data:
</p>
<pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"@context"</span>: [<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>],
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"verificationMethod"</span>: [{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>,
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span>
}],
<span class="hljs-attr">"authentication"</span>: [
<span class="hljs-string">"did:example:123#keys-1"</span>
]
}</code></pre>
<p>
The second rectangle in the row is labeled "application/did+json" and contains the following
JSON data:
</p>
<pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"verificationMethod"</span>: [{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>,
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span>
}],
<span class="hljs-attr">"authentication"</span>: [
<span class="hljs-string">"did:example:123#keys-1"</span>
]
}</code></pre>
<p>
The third rectangle in the row is labeled "application/did+cbor", and contains hexadecimal data.
</p>
<p>
In the left part of the diagram, in the middle, there is a box, with black outline and light gray
background. This box is labeled "VERIFIABLE DATA REGISTRY" and contains a symbol representing a graph
with nodes and arcs. From this box, one arrow, labeled "resolve()", extends upwards and points to the
top half of the diagram where the grey-outlined rectangle is located. Another arrow, labeled
"resolveRepresentation()", extends downwards and points to the bottom half of the diagram, where the
row of three black-outlined rectangles is located.
</p>
</div>
<p>
The input variables
of the <code>resolve</code> and <code>resolveRepresentation</code> functions are
as follows:
</p>
<dl>
<dt>
did
</dt>
<dd>
This is the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-73">DID</a> to resolve. This input is <em class="rfc2119">REQUIRED</em> and the value <em class="rfc2119">MUST</em>
be a conformant <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-74">DID</a> as defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.
</dd>
<dt>
resolutionOptions
</dt>
<dd>
A <a href="#metadata-structure">metadata structure</a> containing properties
defined in <a href="#did-resolution-options" class="sec-ref"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</a>. This input is
<em class="rfc2119">REQUIRED</em>, but the structure <em class="rfc2119">MAY</em> be empty.
</dd>
</dl>
<p>
These functions each return multiple values, and no limitations
are placed on how these values are returned together.
The return values of <code>resolve</code> are
<a href="#dfn-didresolutionmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-didresolutionmetadata-1">didResolutionMetadata</a>, <a href="#dfn-diddocument" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocument-1">didDocument</a>, and
<a href="#dfn-diddocumentmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentmetadata-1">didDocumentMetadata</a>. The return values of
<code>resolveRepresentation</code> are
<a href="#dfn-didresolutionmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-didresolutionmetadata-2">didResolutionMetadata</a>, <a href="#dfn-diddocumentstream" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentstream-1">didDocumentStream</a>, and
<a href="#dfn-diddocumentmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentmetadata-2">didDocumentMetadata</a>. These values are described below:
</p>
<dl>
<dt>
<dfn id="dfn-didresolutionmetadata" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didResolutionMetadata</dfn>
</dt>
<dd>
A <a href="#metadata-structure">metadata structure</a> consisting of values
relating to the results of the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-10">DID resolution</a> process which typically
changes between invocations of the <code>resolve</code> and
<code>resolveRepresentation</code> functions, as it represents data about the
resolution process itself. This structure is <em class="rfc2119">REQUIRED</em>, and in the case of an
error in the resolution process, this <em class="rfc2119">MUST NOT</em> be empty. This metadata is
defined by <a href="#did-resolution-metadata" class="sec-ref"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a>. If
<code>resolveRepresentation</code> was called, this structure <em class="rfc2119">MUST</em> contain a
<code>contentType</code> property containing the Media Type of the
representation found in the <code>didDocumentStream</code>. If the resolution is
not successful, this structure <em class="rfc2119">MUST</em> contain an <code>error</code> property
describing the error.
</dd>
<dt>
<dfn id="dfn-diddocument" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didDocument</dfn>
</dt>
<dd>
If the resolution is successful, and if the <code>resolve</code> function was
called, this <em class="rfc2119">MUST</em> be a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-119">DID document</a> abstract data model (a <a href="https://infra.spec.whatwg.org/#maps">map</a>) as described in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a> that
is capable of being transformed into a <a href="#dfn-conforming-did-document" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-document-3">conforming DID Document</a>
(representation), using the production rules specified by the representation.
The value of <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-7">id</a></code> in the resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-120">DID document</a> <em class="rfc2119">MUST</em>
match the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-75">DID</a> that was resolved. If the resolution is unsuccessful, this
value <em class="rfc2119">MUST</em> be empty.
</dd>
<dt>
<dfn id="dfn-diddocumentstream" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didDocumentStream</dfn>
</dt>
<dd>
If the resolution is successful, and if the <code>resolveRepresentation</code>
function was called, this <em class="rfc2119">MUST</em> be a byte stream of the resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-121">DID
document</a> in one of the conformant
<a href="#representations">representations</a>. The byte stream might then be
parsed by the caller of the <code>resolveRepresentation</code> function into a
<a href="#data-model">data model</a>, which can in turn be validated and
processed. If the resolution is unsuccessful, this value <em class="rfc2119">MUST</em> be an empty
stream.
</dd>
<dt>
<dfn id="dfn-diddocumentmetadata" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didDocumentMetadata</dfn>
</dt>
<dd>
If the resolution is successful, this <em class="rfc2119">MUST</em> be a <a href="#metadata-structure">metadata structure</a>. This structure contains
metadata about the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-122">DID document</a> contained in the <code>didDocument</code>
property. This metadata typically does not change between invocations of the
<code>resolve</code> and <code>resolveRepresentation</code> functions unless the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-123">DID document</a> changes, as it represents metadata about the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-124">DID
document</a>. If the resolution is unsuccessful, this output <em class="rfc2119">MUST</em> be an empty <a href="#metadata-structure">metadata structure</a>. Properties defined by this
specification are in <a href="#did-document-metadata" class="sec-ref"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</a>.
</dd>
</dl>
<p>
Conforming <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-9">DID resolver</a> implementations do not alter the signature of
these functions in any way. <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-10">DID resolver</a> implementations might map the
<code>resolve</code> and <code>resolveRepresentation</code> functions to a
method-specific internal function to perform the actual <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-11">DID resolution</a>
process. <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-11">DID resolver</a> implementations might implement and expose
additional functions with different signatures in addition to the
<code>resolve</code> and <code>resolveRepresentation</code> functions specified
here.
</p>
<section id="did-resolution-options"><div class="header-wrapper"><h4 id="x7-1-1-did-resolution-options"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</h4><a class="self-link" href="#did-resolution-options" aria-label="Permalink for Section 7.1.1"></a></div>
<p>
The possible properties within this structure and their possible values are
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This
specification defines the following common properties.
</p>
<dl>
<dt>
accept
</dt>
<dd>
The Media Type of the caller's preferred <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-64">representation</a> of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-125">DID
document</a>. The Media Type <em class="rfc2119">MUST</em> be expressed as an <a data-lt="ascii
string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. The <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-12">DID resolver</a> implementation <em class="rfc2119">SHOULD</em> use this
value to determine the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-65">representation</a> contained in the returned
<code>didDocumentStream</code> if such a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-66">representation</a> is supported and
available. This property is <em class="rfc2119">OPTIONAL</em> for the <code>resolveRepresentation</code>
function and <em class="rfc2119">MUST NOT</em> be used with the <code>resolve</code> function.
</dd>
</dl>
</section>
<section id="did-resolution-metadata"><div class="header-wrapper"><h4 id="x7-1-2-did-resolution-metadata"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</h4><a class="self-link" href="#did-resolution-metadata" aria-label="Permalink for Section 7.1.2"></a></div>
<p>
The possible properties within this structure and their possible values are
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This
specification defines the following DID resolution metadata properties:
</p>
<dl>
<dt>
contentType
</dt>
<dd>
The Media Type of the returned <code>didDocumentStream</code>. This property is
<em class="rfc2119">REQUIRED</em> if resolution is successful and if the
<code>resolveRepresentation</code> function was called.
This property <em class="rfc2119">MUST NOT</em>
be present if the <code>resolve</code> function was called. The value of this
property <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a> that is the Media
Type of the conformant <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-67">representations</a>. The
caller of the <code>resolveRepresentation</code> function <em class="rfc2119">MUST</em> use this value
when determining how to parse and process the <code>didDocumentStream</code>
returned by this function into the <a href="#data-model">data model</a>.
</dd>
<dt>
error
</dt>
<dd>
The error code from the resolution process. This property is <em class="rfc2119">REQUIRED</em> when there
is an error in the resolution process. The value of this property <em class="rfc2119">MUST</em> be a
single keyword <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. The possible property
values of this field <em class="rfc2119">SHOULD</em> be registered in the DID Specification Registries
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This specification defines the following
common error values:
<dl>
<dt>
invalidDid
</dt>
<dd>
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-76">DID</a> supplied to the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-12">DID resolution</a> function does not conform
to valid syntax. (See <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.)
</dd>
<dt>
notFound
</dt>
<dd>
The <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-13">DID resolver</a> was unable to find the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-126">DID document</a>
resulting from this resolution request.
</dd>
<dt>
representationNotSupported
</dt>
<dd>
This error code is returned if the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-68">representation</a> requested via the
<code>accept</code> input metadata property is not supported by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-35">DID
method</a> and/or <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-14">DID resolver</a> implementation.
</dd>
</dl>
</dd>
</dl>
</section>
<section id="did-document-metadata"><div class="header-wrapper"><h4 id="x7-1-3-did-document-metadata"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</h4><a class="self-link" href="#did-document-metadata" aria-label="Permalink for Section 7.1.3"></a></div>
<p>
The possible properties within this structure and their possible values <em class="rfc2119">SHOULD</em>
be registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
This specification defines the following common properties.
</p>
<dl>
<dt><dfn class="lint-ignore" id="dfn-created" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">created</dfn></dt>
<dd>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-127">DID document</a> metadata <em class="rfc2119">SHOULD</em> include a <code>created</code> property to
indicate the timestamp of the <a href="#method-operations">Create operation</a>.
The value of the property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a>
formatted as an <a href="https://www.w3.org/TR/xmlschema11-2/#dateTime">XML Datetime</a>
normalized to UTC 00:00:00 and without sub-second decimal precision. For
example: <code>2020-12-20T19:17:47Z</code>.
</dd>
<dt><dfn class="lint-ignore" id="dfn-updated" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">updated</dfn></dt>
<dd>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-128">DID document</a> metadata <em class="rfc2119">SHOULD</em> include an <code>updated</code> property to
indicate the timestamp of the last <a href="#method-operations">Update
operation</a> for the document version which was resolved. The value of the
property <em class="rfc2119">MUST</em> follow the same formatting rules as the <code>created</code>
property. The <code>updated</code> property is omitted if an Update operation
has never been performed on the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-129">DID document</a>. If an <code>updated</code>
property exists, it can be the same value as the <code>created</code> property
when the difference between the two timestamps is less than one second.
</dd>
<dt><dfn class="lint-ignore" id="dfn-deactivated" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">deactivated</dfn></dt>
<dd>
If a DID has been <a href="#method-operations">deactivated</a>,
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-130">DID document</a> metadata <em class="rfc2119">MUST</em> include this property with the boolean value
<code>true</code>. If a DID has not been deactivated, this property is <em class="rfc2119">OPTIONAL</em>,
but if included, <em class="rfc2119">MUST</em> have the boolean value <code>false</code>.
</dd>
<dt><dfn class="lint-ignore" id="dfn-nextupdate" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">nextUpdate</dfn></dt>
<dd>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-131">DID document</a> metadata <em class="rfc2119">MAY</em> include a <code>nextUpdate</code> property if
the resolved document version is not the latest version of the document. It
indicates the timestamp of the next <a href="#method-operations">Update
operation</a>. The value of the property <em class="rfc2119">MUST</em> follow the same formatting rules
as the <code>created</code> property.
</dd>
<dt><dfn class="lint-ignore" id="dfn-versionid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">versionId</dfn></dt>
<dd>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-132">DID document</a> metadata <em class="rfc2119">SHOULD</em> include a <code>versionId</code> property to
indicate the version of the last <a href="#method-operations">Update
operation</a> for the document version which was resolved. The value of the
property <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>.
</dd>
<dt><dfn class="lint-ignore" id="dfn-nextversionid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">nextVersionId</dfn></dt>
<dd>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-133">DID document</a> metadata <em class="rfc2119">MAY</em> include a <code>nextVersionId</code> property
if the resolved document version is not the latest version of the document. It
indicates the version of the next <a href="#method-operations">Update
operation</a>. The value of the property <em class="rfc2119">MUST</em> be an <a data-lt="ascii
string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>.
</dd>
<dt><dfn id="dfn-equivalentid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">equivalentId</dfn></dt>
<dd>
<p>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-36">DID method</a> can define different forms of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-77">DID</a> that are
logically equivalent. An example is when a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-78">DID</a> takes one form prior to
registration in a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-2">verifiable data registry</a> and another form after such
registration. In this case, the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-37">DID method</a> specification might need to
express one or more <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-79">DIDs</a> that are logically equivalent to the resolved
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-80">DID</a> as a property of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-134">DID document</a>. This is the purpose of the
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-1">equivalentId</a></code> property.
</p>
<p>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-135">DID document</a> metadata <em class="rfc2119">MAY</em> include an <code>equivalentId</code> property.
If present, the value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> where each item is a
<a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in Section <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The relationship is a statement that each
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-2">equivalentId</a></code> value is logically equivalent to the
<code>id</code> property value and thus refers to the same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-45">DID subject</a>.
Each <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-3">equivalentId</a></code> DID value <em class="rfc2119">MUST</em> be produced by, and a form
of, the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-38">DID method</a> as the <code>id</code> property value. (e.g.,
<code>did:example:abc</code> == <code>did:example:ABC</code>)
</p>
<p>
A conforming <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-39">DID method</a> specification <em class="rfc2119">MUST</em> guarantee that each
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-4">equivalentId</a></code> value is logically equivalent to the
<code>id</code> property value.
</p>
<p>
A requesting party is expected to retain the values from the <code>id</code> and
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-5">equivalentId</a></code> properties to ensure any subsequent
interactions with any of the values they contain are correctly handled as
logically equivalent (e.g., retain all variants in a database so an interaction
with any one maps to the same underlying account).
</p>
<div class="note" role="note" id="issue-container-generatedID-10"><div role="heading" class="note-title marker" id="h-note-10" aria-level="5"><span>Note</span><span class="issue-label">: Stronger equivalence</span></div><p class="">
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-6">equivalentId</a></code> is a much stronger form of equivalence than
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-6">alsoKnownAs</a></code> because the equivalence <em class="rfc2119">MUST</em> be guaranteed by
the governing <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-40">DID method</a>. <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-7">equivalentId</a></code> represents a
full graph merge because the same <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-136">DID document</a> describes both the
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-8">equivalentId</a></code> <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-81">DID</a> and the <code>id</code> property
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-82">DID</a>.
</p></div>
<p>
If a requesting party does not retain the values from the <code>id</code> and
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-9">equivalentId</a></code> properties and ensure any subsequent
interactions with any of the values they contain are correctly handled as
logically equivalent, there might be negative or unexpected issues that
arise. Implementers are strongly advised to observe the
directives related to this metadata property.
</p>
</dd>
<dt><dfn id="dfn-canonicalid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">canonicalId</dfn></dt>
<dd>
<p>
The <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-1">canonicalId</a></code> property is identical to the
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-10">equivalentId</a></code> property except: a) it is associated with a
single value rather than a set, and b) the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-83">DID</a> is defined to be
the canonical ID for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-46">DID subject</a> within the scope of the containing
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-137">DID document</a>.
</p>
<p>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-138">DID document</a> metadata <em class="rfc2119">MAY</em> include a <code>canonicalId</code> property.
If present, the value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in Section <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The relationship is a statement that the
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-2">canonicalId</a></code> value is logically equivalent to the
<code>id</code> property value and that the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-3">canonicalId</a></code>
value is defined by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-41">DID method</a> to be the canonical ID for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-47">DID
subject</a> in the scope of the containing <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-139">DID document</a>. A
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-4">canonicalId</a></code> value <em class="rfc2119">MUST</em> be produced by, and a form of, the
same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-42">DID method</a> as the <code>id</code> property value. (e.g.,
<code>did:example:abc</code> == <code>did:example:ABC</code>).
</p>
<p>
A conforming <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-43">DID method</a> specification <em class="rfc2119">MUST</em> guarantee that the
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-5">canonicalId</a></code> value is logically equivalent to the
<code>id</code> property value.
</p>
<p>
A requesting party is expected to use the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-6">canonicalId</a></code> value
as its primary ID value for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-48">DID subject</a> and treat all other
equivalent values as secondary aliases (e.g., update corresponding primary
references in their systems to reflect the new canonical ID directive).
</p>
<div class="note" role="note" id="issue-container-generatedID-11"><div role="heading" class="note-title marker" id="h-note-11" aria-level="5"><span>Note</span><span class="issue-label">: Canonical equivalence</span></div><p class="">
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-7">canonicalId</a></code> is the same statement of equivalence as
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-11">equivalentId</a></code> except it is constrained to a single value that
is defined to be canonical for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-49">DID subject</a> in the scope of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-140">DID
document</a>. Like <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-12">equivalentId</a></code>,
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-8">canonicalId</a></code> represents a full graph merge because the same
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-141">DID document</a> describes both the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-9">canonicalId</a></code> DID and
the <code>id</code> property <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-84">DID</a>.
</p></div>
<p>
If a resolving party does not use the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-10">canonicalId</a></code> value as
its primary ID value for the DID subject and treat all other equivalent values
as secondary aliases, there might be negative or unexpected issues that arise
related to user experience. Implementers are strongly advised to observe the
directives related to this metadata property.
</p>
</dd>
</dl>
</section>
</section>
<section id="did-url-dereferencing"><div class="header-wrapper"><h3 id="x7-2-did-url-dereferencing"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</h3><a class="self-link" href="#did-url-dereferencing" aria-label="Permalink for Section 7.2"></a></div>
<p>
The <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-6">DID URL dereferencing</a> function dereferences a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-27">DID URL</a> into a
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-14">resource</a> with contents depending on the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-28">DID URL</a>'s components,
including the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-44">DID method</a>, method-specific identifier, path, query, and
fragment. This process depends on <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-13">DID resolution</a> of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-85">DID</a>
contained in the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-29">DID URL</a>. <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-7">DID URL dereferencing</a> might involve
multiple steps (e.g., when the DID URL being dereferenced includes a fragment),
and the function is defined to return the final resource after all steps are
completed. The details of how this process is accomplished are outside the scope
of this specification. The following figure depicts the relationship described
above.
</p>
<figure id="did-url-dereference-overview">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/did_url_dereference_overview.svg" alt="
DIDs resolve to DID documents; DID URLs contains a DID; DID URLs dereferenced to DID document fragments or
external resources.
" height="504" width="1070">
<figcaption>Figure <bdi class="figno">6</bdi> <span class="fig-title">
Overview of DID URL dereference
See also: <a class="longdesc-link" href="#did-url-dereference-overview-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="did-url-dereference-overview-longdesc">
<p>
The top left part of the diagram contains a rectangle with black outline, labeled "DID".
</p>
<p>
The bottom left part of the diagram contains a rectangle with black outline, labeled "DID URL".
This rectangle contains four smaller black-outlined rectangles, aligned in a horizontal row adjacent to
each other. These smaller rectangles are labeled, in order, "DID", "path", "query", and "fragment.
</p>
<p>
The top right part of the diagram contains a rectangle with black outline, labeled "DID document".
This rectangle contains three smaller black-outlined rectangles. These smaller rectangles are
labeled "id", "(property X)", and "(property Y)", and are surrounded by multiple series of three
dots (ellipses). A curved black arrow, labeled "DID document - relative fragment dereference", extends
from the rectangle labeled "(property X)", and points to the rectangle labeled "(property Y)".
</p>
<p>
The bottom right part of the diagram contains an oval shape with black outline, labeled "Resource".
</p>
<p>
A black arrow, labeled "resolves to a DID document", extends from the rectangle in the top left part of
the diagram, labeled "DID", and points to the rectangle in the top right part of diagram, labeled
"DID document".
</p>
<p>
A black arrow, labeled "refers to", extends from the rectangle in the top right part of the diagram,
labeled "DID document", and points to the oval shape in the bottom right part of diagram, labeled
"Resource".
</p>
<p>
A black arrow, labeled "contains", extends from the small rectangle labeled "DID" inside the
rectangle in the bottom left part of the diagram, labeled "DID URL", and points to the rectangle
in the top left part of diagram, labeled "DID".
</p>
<p>
A black arrow, labeled "dereferences to a DID document", extends from the rectangle in the bottom left
part of the diagram, labeled "DID URL", and points to the rectangle in the top right part of diagram,
labeled "DID document".
</p>
<p>
A black arrow, labeled "dereferences to a resource", extends from the rectangle in the bottom left
part of the diagram, labeled "DID URL", and points to the oval shape in the bottom right part of diagram,
labeled "Resource".
</p>
</div>
<p>
All conforming <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-15">DID resolvers</a> implement
the following function which has the following abstract form:
</p>
<pre title="Abstract functions for DID URL Dereferencing" aria-busy="false"><code class="hljs">dereference(didUrl, dereferenceOptions) →
« dereferencingMetadata, contentStream, contentMetadata »</code></pre>
<p>
The input variables of the <code>dereference</code> function are as follows:
</p>
<dl>
<dt>
didUrl
</dt>
<dd>
A conformant <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-30">DID URL</a> as a single <a href="https://infra.spec.whatwg.org/#string">string</a>.
This is the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-31">DID URL</a> to dereference. To dereference a <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-7">DID fragment</a>,
the complete <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-32">DID URL</a> including the <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-8">DID fragment</a> <em class="rfc2119">MUST</em> be used. This
input is <em class="rfc2119">REQUIRED</em>.
<div class="note" role="note" id="issue-container-generatedID-12"><div role="heading" class="note-title marker" id="h-note-12" aria-level="4"><span>Note</span><span class="issue-label">: DID URL dereferencer patterns</span></div><p class="">
While it is valid for any <code>didUrl</code> to be passed to a DID URL
dereferencer, implementers are expected to refer to [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>] to
further understand common patterns for how a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-33">DID URL</a> is expected
to be dereferenced.
</p></div>
</dd>
<dt>
dereferencingOptions
</dt>
<dd>
A <a href="#metadata-structure">metadata structure</a> consisting of input
options to the <code>dereference</code> function in addition to the
<code>didUrl</code> itself. Properties defined by this specification are in <a href="#did-url-dereferencing-options" class="sec-ref"><bdi class="secno">7.2.1 </bdi>DID URL Dereferencing Options</a>. This input is <em class="rfc2119">REQUIRED</em>, but the
structure <em class="rfc2119">MAY</em> be empty.
</dd>
</dl>
<p>
This function returns multiple values, and no limitations
are placed on how these values are returned together.
The return values of the <code>dereference</code> include
<code>dereferencingMetadata</code>, <code>contentStream</code>,
and <code>contentMetadata</code>:
</p>
<dl>
<dt>
dereferencingMetadata
</dt>
<dd>
A <a href="#metadata-structure">metadata structure</a> consisting of values
relating to the results of the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-8">DID URL dereferencing</a> process. This
structure is <em class="rfc2119">REQUIRED</em>, and in the case of an error in the dereferencing process,
this <em class="rfc2119">MUST NOT</em> be empty. Properties defined by this specification are in <a href="#did-url-dereferencing-metadata" class="sec-ref"><bdi class="secno">7.2.2 </bdi>DID URL Dereferencing Metadata</a>. If the dereferencing is not
successful, this structure <em class="rfc2119">MUST</em> contain an <code>error</code> property
describing the error.
</dd>
<dt>
contentStream
</dt>
<dd>
If the <code>dereferencing</code> function was called and successful, this <em class="rfc2119">MUST</em>
contain a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-15">resource</a> corresponding to the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-34">DID URL</a>. The
<code>contentStream</code> <em class="rfc2119">MAY</em> be a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-16">resource</a> such as a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-142">DID
document</a> that is serializable in one of the conformant
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-69">representations</a>, a <a href="#verification-methods">Verification
Method</a>, a <a href="#services">service</a>, or any other resource format that
can be identified via a Media Type and obtained through the resolution process.
If the dereferencing is unsuccessful, this value <em class="rfc2119">MUST</em> be empty.
</dd>
<dt>
contentMetadata
</dt>
<dd>
If the dereferencing is successful, this <em class="rfc2119">MUST</em> be a <a href="#metadata-structure">
metadata structure</a>, but the structure <em class="rfc2119">MAY</em> be empty. This structure contains
metadata about the <code>contentStream</code>. If the <code>contentStream</code>
is a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-143">DID document</a>, this <em class="rfc2119">MUST</em> be a <a href="#dfn-diddocumentmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentmetadata-3">didDocumentMetadata</a> structure as
described in <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-14">DID Resolution</a>. If the dereferencing is unsuccessful, this
output <em class="rfc2119">MUST</em> be an empty <a href="#metadata-structure">metadata structure</a>.
</dd>
</dl>
<p>
Conforming <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-9">DID URL dereferencing</a> implementations do not alter the
signature of these functions in any way. <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-10">DID URL dereferencing</a>
implementations might map the <code>dereference</code> function to a
method-specific internal function to perform the actual <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-11">DID URL
dereferencing</a> process. <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-12">DID URL dereferencing</a> implementations might
implement and expose additional functions with different signatures in addition
to the <code>dereference</code> function specified here.
</p>
<section id="did-url-dereferencing-options"><div class="header-wrapper"><h4 id="x7-2-1-did-url-dereferencing-options"><bdi class="secno">7.2.1 </bdi>DID URL Dereferencing Options</h4><a class="self-link" href="#did-url-dereferencing-options" aria-label="Permalink for Section 7.2.1"></a></div>
<p>
The possible properties within this structure and their possible values <em class="rfc2119">SHOULD</em>
be registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
This specification defines the following common properties for
dereferencing options:
</p>
<dl>
<dt>
accept
</dt>
<dd>
The Media Type that the caller prefers for <code>contentStream</code>. The Media
Type <em class="rfc2119">MUST</em> be expressed as an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. The
<a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-13">DID URL dereferencing</a> implementation <em class="rfc2119">SHOULD</em> use this value to determine
the <code>contentType</code> of the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-70">representation</a> contained in the
returned value if such a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-71">representation</a> is supported and available.
</dd>
</dl>
</section>
<section id="did-url-dereferencing-metadata"><div class="header-wrapper"><h4 id="x7-2-2-did-url-dereferencing-metadata"><bdi class="secno">7.2.2 </bdi>DID URL Dereferencing Metadata</h4><a class="self-link" href="#did-url-dereferencing-metadata" aria-label="Permalink for Section 7.2.2"></a></div>
<p>
The possible properties within this structure and their possible values are
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This
specification defines the following common properties.
</p>
<dl>
<dt>
contentType
</dt>
<dd>
The Media Type of the returned <code>contentStream</code> <em class="rfc2119">SHOULD</em> be expressed
using this property if dereferencing is successful. The Media
Type value <em class="rfc2119">MUST</em> be expressed as an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>.
</dd>
<dt>
error
</dt>
<dd>
The error code from the dereferencing process. This property is <em class="rfc2119">REQUIRED</em> when
there is an error in the dereferencing process. The value of this property
<em class="rfc2119">MUST</em> be a single keyword expressed as an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII
string</a>. The possible property values of this field <em class="rfc2119">SHOULD</em> be registered in
the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This specification
defines the following common error values:
<dl>
<dt>
invalidDidUrl
</dt>
<dd>
The <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-35">DID URL</a> supplied to the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-14">DID URL dereferencing</a> function does
not conform to valid syntax. (See <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>.)
</dd>
<dt>
notFound
</dt>
<dd>
The <a href="#dfn-did-url-dereferencers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencers-3">DID URL dereferencer</a> was unable to find the
<code>contentStream</code> resulting from this dereferencing request.
</dd>
</dl>
</dd>
</dl>
</section>
</section>
<section id="metadata-structure"><div class="header-wrapper"><h3 id="x7-3-metadata-structure"><bdi class="secno">7.3 </bdi>Metadata Structure</h3><a class="self-link" href="#metadata-structure" aria-label="Permalink for Section 7.3"></a></div>
<p>
Input and output metadata is often involved during the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-15">DID Resolution</a>,
<a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-15">DID URL dereferencing</a>, and other DID-related processes. The structure
used to communicate this metadata <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#maps">map</a>
of properties. Each property name <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a>. Each property value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a>, <a href="https://infra.spec.whatwg.org/#maps">map</a>, <a href="https://infra.spec.whatwg.org/#list">list</a>, <a href="https://infra.spec.whatwg.org/#ordered-set">set</a>,
<a href="https://infra.spec.whatwg.org/#boolean">boolean</a>, or
<a href="https://infra.spec.whatwg.org/#nulls">null</a>. The values within any complex data
structures such as maps and lists <em class="rfc2119">MUST</em> be one of these data types as well.
All metadata property definitions registered in the DID Specification
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] <em class="rfc2119">MUST</em> define the value type, including any
additional formats or restrictions to that value (for example, a string
formatted as a date or as a decimal integer). It is <em class="rfc2119">RECOMMENDED</em> that property
definitions use strings for values. The entire metadata structure <em class="rfc2119">MUST</em> be
serializable according to the <a href="https://infra.spec.whatwg.org/#serialize-an-infra-value-to-json-bytes">JSON
serialization rules</a> in the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification. Implementations <em class="rfc2119">MAY</em>
serialize the metadata structure to other data formats.
</p>
<p>
All implementations of functions that use metadata structures as either input or
output are able to fully represent all data types described here in a
deterministic fashion. As inputs and outputs using metadata structures are
defined in terms of data types and not their serialization, the method for
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-72">representation</a> is internal to the implementation of the function and is
out of scope of this specification.
</p>
<p>
The following example demonstrates a JSON-encoded metadata structure that
might be used as <a href="#did-resolution-options">DID
resolution input metadata</a>.
</p>
<div class="example" id="example-json-encoded-did-resolution-input-metadata-example">
<div class="marker">
<a class="self-link" href="#example-json-encoded-did-resolution-input-metadata-example">Example<bdi> 24</bdi></a><span class="example-title">: JSON-encoded DID resolution input metadata example</span>
</div> <pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"accept"</span>: <span class="hljs-string">"application/did+ld+json"</span>
}</code></pre>
</div>
<p>
This example corresponds to a metadata structure of the following format:
</p>
<div class="example" id="example-did-resolution-input-metadata-example">
<div class="marker">
<a class="self-link" href="#example-did-resolution-input-metadata-example">Example<bdi> 25</bdi></a><span class="example-title">: DID resolution input metadata example</span>
</div> <pre aria-busy="false"><code class="hljs abnf">«[
<span class="hljs-string">"accept"</span> → <span class="hljs-string">"application/did+ld+json"</span>
]»</code></pre>
</div>
<p>
The next example demonstrates a JSON-encoded metadata structure that might be
used as <a href="#did-resolution-options">DID resolution
metadata</a> if a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-86">DID</a> was not found.
</p>
<div class="example" id="example-json-encoded-did-resolution-metadata-example">
<div class="marker">
<a class="self-link" href="#example-json-encoded-did-resolution-metadata-example">Example<bdi> 26</bdi></a><span class="example-title">: JSON-encoded DID resolution metadata example</span>
</div> <pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"error"</span>: <span class="hljs-string">"notFound"</span>
}</code></pre>
</div>
<p>
This example corresponds to a metadata structure of the following format:
</p>
<div class="example" id="example-did-resolution-metadata-example">
<div class="marker">
<a class="self-link" href="#example-did-resolution-metadata-example">Example<bdi> 27</bdi></a><span class="example-title">: DID resolution metadata example</span>
</div> <pre aria-busy="false"><code class="hljs abnf">«[
<span class="hljs-string">"error"</span> → <span class="hljs-string">"notFound"</span>
]»</code></pre>
</div>
<p>
The next example demonstrates a JSON-encoded metadata structure that might be
used as <a href="#did-document-metadata">DID document metadata</a>
to describe timestamps associated with the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-144">DID document</a>.
</p>
<div class="example" id="example-json-encoded-did-document-metadata-example">
<div class="marker">
<a class="self-link" href="#example-json-encoded-did-document-metadata-example">Example<bdi> 28</bdi></a><span class="example-title">: JSON-encoded DID document metadata example</span>
</div> <pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2019-03-23T06:35:22Z"</span>,
<span class="hljs-attr">"updated"</span>: <span class="hljs-string">"2023-08-10T13:40:06Z"</span>
}</code></pre>
</div>
<p>
This example corresponds to a metadata structure of the following format:
</p>
<div class="example" id="example-did-document-metadata-example">
<div class="marker">
<a class="self-link" href="#example-did-document-metadata-example">Example<bdi> 29</bdi></a><span class="example-title">: DID document metadata example</span>
</div> <pre aria-busy="false"><code class="hljs javascript">«[
<span class="hljs-string">"created"</span> → <span class="hljs-string">"2019-03-23T06:35:22Z"</span>,
<span class="hljs-string">"updated"</span> → <span class="hljs-string">"2023-08-10T13:40:06Z"</span>
]»</code></pre>
</div>
</section>
</section>
<section id="methods"><div class="header-wrapper"><h2 id="x8-methods"><bdi class="secno">8. </bdi>Methods</h2><a class="self-link" href="#methods" aria-label="Permalink for Section 8."></a></div>
<p>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-45">DID method</a> defines how implementers can realize the features
described by this specification. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-46">DID methods</a> are often associated with a
particular <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-3">verifiable data registry</a>. New <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-47">DID methods</a> are defined
in their own specifications to enable interoperability between different
implementations of the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-48">DID method</a>.
</p>
<p>
Conceptually, the relationship between this specification and a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-49">DID
method</a> specification is similar to the relationship between the IETF generic
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-20">URI</a> specification [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] and a specific <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-21">URI</a> scheme
[<cite><a class="bibref" data-link-type="biblio" href="#bib-iana-uri-schemes" title="Uniform Resource Identifier (URI) Schemes">IANA-URI-SCHEMES</a></cite>], such as the <code>http</code> scheme [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7230" title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">RFC7230</a></cite>]. In
addition to defining a specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-4">DID scheme</a>, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-50">DID method</a>
specification also defines the mechanisms for creating, resolving, updating, and
deactivating <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-87">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-145">DID documents</a> using a specific type of
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-4">verifiable data registry</a>. It also documents all implementation
considerations related to <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-88">DIDs</a> as well as Security and Privacy
Considerations.
</p>
<p>
This section specifies the requirements for authoring <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-51">DID method</a>
specifications.
</p>
<section class="normative" id="method-syntax"><div class="header-wrapper"><h3 id="x8-1-method-syntax"><bdi class="secno">8.1 </bdi>Method Syntax</h3><a class="self-link" href="#method-syntax" aria-label="Permalink for Section 8.1"></a></div>
<p>
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-52">DID method</a> specifications when defining the
method-specific DID Syntax are as follows:
</p>
<ol>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-53">DID method</a> specification <em class="rfc2119">MUST</em> define exactly one method-specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-5">DID
scheme</a> that is identified by exactly one method name as specified by the
<code>method-name</code> rule in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.
</li>
<li>
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-54">DID method</a> specification <em class="rfc2119">MUST</em> specify how to generate the
<code>method-specific-id</code> component of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-89">DID</a>.
</li>
<li>
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-55">DID method</a> specification <em class="rfc2119">MUST</em> define sensitivity and normalization of
the value of the <code>method-specific-id</code>.
</li>
<li>
The <code>method-specific-id</code> value <em class="rfc2119">MUST</em> be unique within a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-56">DID
method</a>. The <code>method-specific-id</code> value itself might be globally
unique.
</li>
<li>
Any <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-90">DID</a> generated by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-57">DID method</a> <em class="rfc2119">MUST</em> be globally unique.
</li>
<li>
To reduce the chances of <code>method-name</code> conflicts, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-58">DID method</a>
specification <em class="rfc2119">SHOULD</em> be registered in the DID Specification Registries
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>].
</li>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-59">DID method</a> <em class="rfc2119">MAY</em> define multiple <code>method-specific-id</code> formats.
</li>
<li>
The <code>method-specific-id</code> format <em class="rfc2119">MAY</em> include colons. The use of
colons <em class="rfc2119">MUST</em> comply syntactically with the <code>method-specific-id</code> ABNF
rule.
</li>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-60">DID method</a> specification <em class="rfc2119">MAY</em> specify ABNF rules for <a href="#dfn-did-paths" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-paths-3">DID paths</a>
that are more restrictive than the generic rules in <a href="#path" class="sec-ref">Path</a>.
</li>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-61">DID method</a> specification <em class="rfc2119">MAY</em> specify ABNF rules for <a href="#dfn-did-queries" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-queries-3">DID queries</a>
that are more restrictive than the generic rules in this section.
</li>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-62">DID method</a> specification <em class="rfc2119">MAY</em> specify ABNF rules for <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-9">DID
fragments</a> that are more restrictive than the generic rules in this section.
</li>
</ol>
<div class="note" role="note" id="issue-container-generatedID-13"><div role="heading" class="note-title marker" id="h-note-13" aria-level="4"><span>Note</span><span class="issue-label">: Colons in method-specific-id</span></div><p class="">
The meaning of colons in the <code>method-specific-id</code> is entirely
method-specific. Colons might be used by <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-63">DID methods</a> for establishing
hierarchically partitioned namespaces, for identifying specific instances or
parts of the <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-5">verifiable data registry</a>, or for other purposes.
Implementers are advised to avoid assuming any meanings or
behaviors associated with a colon that are generically applicable to all
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-64">DID methods</a>.
</p></div>
</section>
<section id="method-operations"><div class="header-wrapper"><h3 id="x8-2-method-operations"><bdi class="secno">8.2 </bdi>Method Operations</h3><a class="self-link" href="#method-operations" aria-label="Permalink for Section 8.2"></a></div>
<p>
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-65">DID method</a> specifications when defining the
method operations are as follows:
</p>
<ol>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-66">DID method</a> specification <em class="rfc2119">MUST</em> define how authorization is performed to
execute all operations, including any necessary cryptographic processes.
</li>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-67">DID method</a> specification <em class="rfc2119">MUST</em> specify how a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-17">DID controller</a>
creates a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-91">DID</a> and its associated <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-146">DID document</a>.
</li>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-68">DID method</a> specification <em class="rfc2119">MUST</em> specify how a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-16">DID resolver</a> uses a
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-92">DID</a> to resolve a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-147">DID document</a>, including how the <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-17">DID
resolver</a> can verify the authenticity of the response.
</li>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-69">DID method</a> specification <em class="rfc2119">MUST</em> specify what constitutes an update to a
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-148">DID document</a> and how a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-18">DID controller</a> can update a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-149">DID
document</a> <em>or</em> state that updates are not possible.
</li>
<li>
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-70">DID method</a> specification <em class="rfc2119">MUST</em> specify how a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-19">DID controller</a> can
deactivate a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-93">DID</a> <em>or</em> state that deactivation is not possible.
</li>
</ol>
<p>
The authority of a party that is performing authorization to carry out the
operations is specific to a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-71">DID method</a>. For example, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-72">DID method</a>
might —
</p>
<ul>
<li>
make use of the <code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-6">controller</a></code> property.
</li>
<li>
use the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-64">verification methods</a> listed under
<code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-6">authentication</a></code>.
</li>
<li>
use other constructs in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-150">DID Document</a> such as the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-65">verification
method</a> specified via the <code><a href="#dfn-capabilityinvocation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilityinvocation-3">capabilityInvocation</a></code>
<a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-20">verification relationship</a>.
</li>
<li>
not use the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-151">DID document</a> for this decision at all, and depend on an
out-of-band mechanism, instead.
</li>
</ul>
</section>
<section id="security-requirements"><div class="header-wrapper"><h3 id="x8-3-security-requirements"><bdi class="secno">8.3 </bdi>Security Requirements</h3><a class="self-link" href="#security-requirements" aria-label="Permalink for Section 8.3"></a></div>
<p>
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-73">DID method</a> specifications when authoring the
<em>Security Considerations</em> section are as follows:
</p>
<ol>
<li>
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-74">DID method</a> specifications <em class="rfc2119">MUST</em> follow all guidelines and normative
language provided in <a href="https://www.rfc-editor.org/rfc/rfc3552#section-5">RFC3552: Writing Security
Considerations Sections</a> for the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-94">DID</a> operations defined in the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-75">DID
method</a> specification.
</li>
<li>
The Security Considerations section <em class="rfc2119">MUST</em> document the following forms of attack
for the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-95">DID</a> operations defined in the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-76">DID method</a> specification:
eavesdropping, replay, message insertion, deletion, modification, denial of
service, <a href="#dfn-amplification" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-amplification-1">amplification</a>, and man-in-the-middle. Other known
forms of attack <em class="rfc2119">SHOULD</em> also be documented.
</li>
<li>
The Security Considerations section <em class="rfc2119">MUST</em> discuss residual risks, such as the
risks from compromise in a related protocol, incorrect implementation, or cipher
after threat mitigation was deployed.
</li>
<li>
The Security Considerations section <em class="rfc2119">MUST</em> provide integrity protection and update
authentication for all operations required by Section <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a>.
</li>
<li>
If authentication is involved, particularly user-host authentication, the
security characteristics of the authentication method <em class="rfc2119">MUST</em> be clearly
documented.
</li>
<li>
The Security Considerations section <em class="rfc2119">MUST</em> discuss the policy mechanism by which
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-96">DIDs</a> are proven to be uniquely assigned.
</li>
<li>
Method-specific endpoint authentication <em class="rfc2119">MUST</em> be discussed. Where <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-77">DID
methods</a> make use of <a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-3">DLTs</a> with varying network topology, sometimes
offered as <em>light node</em> or <em>
<a href="https://en.bitcoin.it/wiki/Thin_Client_Security">thin client</a></em>
implementations to reduce required computing resources, the security assumptions
of the topology available to implementations of the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-78">DID method</a> <em class="rfc2119">MUST</em> be
discussed.
</li>
<li>
If a protocol incorporates cryptographic protection mechanisms, the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-79">DID
method</a> specification <em class="rfc2119">MUST</em> clearly indicate which portions of the data are
protected and by what protections, and it <em class="rfc2119">SHOULD</em> give an indication of the
sorts of attacks to which the cryptographic protection is susceptible. Some
examples are integrity only, confidentiality, and endpoint authentication.
</li>
<li>
Data which is to be held secret (keying material, random seeds, and so on)
<em class="rfc2119">SHOULD</em> be clearly labeled.
</li>
<li>
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-80">DID method</a> specifications <em class="rfc2119">SHOULD</em> explain and specify the implementation
of signatures on <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-152">DID documents</a>, if applicable.
</li>
<li>
Where <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-81">DID methods</a> use peer-to-peer computing resources, such as with all
known <a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-4">DLTs</a>, the expected burdens of those resources <em class="rfc2119">SHOULD</em> be discussed
in relation to denial of service.
</li>
<li>
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-82">DID methods</a> that introduce new authentication <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-20">service</a>
types, as described in <a href="#services" class="sec-ref"><bdi class="secno">5.4 </bdi>Services</a>, <em class="rfc2119">SHOULD</em> consider the
security requirements of the supported authentication protocol.
</li>
</ol>
</section>
<section class="normative" id="privacy-requirements"><div class="header-wrapper"><h3 id="x8-4-privacy-requirements"><bdi class="secno">8.4 </bdi>Privacy Requirements</h3><a class="self-link" href="#privacy-requirements" aria-label="Permalink for Section 8.4"></a></div>
<p>
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-83">DID method</a> specifications when authoring the
<em>Privacy Considerations</em> section are:
</p>
<ol>
<li>
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-84">DID method</a> specification's Privacy Considerations section <em class="rfc2119">MUST</em>
discuss any subsection of Section 5 of [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>] that could apply in a
method-specific manner. The subsections to consider are: surveillance, stored
data compromise, unsolicited traffic, misattribution, correlation,
identification, secondary use, disclosure, and exclusion.
</li>
</ol>
</section>
</section>
<section class="informative" id="security-considerations"><div class="header-wrapper"><h2 id="x9-security-considerations"><bdi class="secno">9. </bdi>Security Considerations</h2><a class="self-link" href="#security-considerations" aria-label="Permalink for Section 9."></a></div><p><em>This section is non-normative.</em></p>
<p>
This section contains a variety of security considerations that people using
Decentralized Identifiers are advised to consider before deploying this
technology in a production setting. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-97">DIDs</a> are designed to operate under
the threat model used by many IETF standards and documented
in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3552" title="Guidelines for Writing RFC Text on Security Considerations">RFC3552</a></cite>]. This section elaborates upon a number of the considerations
in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3552" title="Guidelines for Writing RFC Text on Security Considerations">RFC3552</a></cite>], as well as other considerations that are unique to <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-98">DID</a>
architecture.
</p>
<section id="choosing-did-resolvers"><div class="header-wrapper"><h3 id="x9-1-choosing-did-resolvers"><bdi class="secno">9.1 </bdi>Choosing DID Resolvers</h3><a class="self-link" href="#choosing-did-resolvers" aria-label="Permalink for Section 9.1"></a></div>
<p>
The DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] contains an
informative list of <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-85">DID method</a> names and their corresponding <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-86">DID
method</a> specifications. Implementers need to bear in mind that there is no
central authority to mandate which <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-87">DID method</a> specification is to be used
with any specific <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-88">DID method</a> name. If there is doubt on whether or not a
specific <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-18">DID resolver</a> implements a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-89">DID method</a> correctly, the DID
Specification Registries can be used to look up the registered specification
and make an informed decision regarding which <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-19">DID resolver</a>
implementation to use.
</p>
</section>
<section id="proving-control-and-binding"><div class="header-wrapper"><h3 id="x9-2-proving-control-and-binding"><bdi class="secno">9.2 </bdi>Proving Control and Binding</h3><a class="self-link" href="#proving-control-and-binding" aria-label="Permalink for Section 9.2"></a></div>
<p>
Binding an entity in the digital world or the physical world to a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-99">DID</a>, to
a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-153">DID document</a>, or to cryptographic material requires, the use of
security protocols contemplated by this specification. The following sections
describe some possible scenarios and how an entity therein might prove control
over a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-100">DID</a> or a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-154">DID document</a> for the purposes of authentication or
authorization.
</p>
<section class="notoc"><div class="header-wrapper"><h4 id="proving-control-of-a-did-and-or-did-document">Proving Control of a DID and/or DID Document</h4><a class="self-link" href="#proving-control-of-a-did-and-or-did-document" aria-label="Permalink for this Section"></a></div>
<p>
Proving control over a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-101">DID</a> and/or a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-155">DID Document</a> is useful when
updating either in a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-6">verifiable data registry</a> or authenticating with
remote systems. Cryptographic digital signatures and <a href="#dfn-verifiable-timestamp" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-timestamp-1">verifiable
timestamps</a> enable certain security protocols related to <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-156">DID documents</a>
to be cryptographically verifiable. For these purposes, this specification
defines useful <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-21">verification relationships</a> in <a href="#authentication" class="sec-ref"><bdi class="secno">5.3.1 </bdi>Authentication</a> and <a href="#capability-invocation" class="sec-ref"><bdi class="secno">5.3.4 </bdi>Capability Invocation</a>. The
secret cryptographic material associated with the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-66">verification methods</a>
can be used to generate a cryptographic digital signature as a part of an
authentication or authorization security protocol.
</p>
<div class="note" role="note" id="issue-container-generatedID-14"><div role="heading" class="note-title marker" id="h-note-14" aria-level="5"><span>Note</span><span class="issue-label">: Signed DID documents</span></div><p class="">
Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-90">DID methods</a> allow digital signatures and other proofs to be
included in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-157">DID document</a> or a <a href="#metadata-structure" class="sec-ref"><bdi class="secno">7.3 </bdi>Metadata Structure</a>.
However, such proofs by themselves do not necessarily prove control over a
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-102">DID</a>, or guarantee that the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-158">DID document</a> is the correct one for
the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-103">DID</a>. In order to obtain
the correct <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-159">DID document</a> and verify control over a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-104">DID</a>, it is
necessary to perform the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-16">DID resolution</a> process as defined by the
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-91">DID method</a>.
</p></div>
</section>
<section class="notoc"><div class="header-wrapper"><h4 id="binding-to-physical-identity">Binding to Physical Identity</h4><a class="self-link" href="#binding-to-physical-identity" aria-label="Permalink for this Section"></a></div>
<p>
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-105">DID</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-160">DID document</a> do not inherently carry any
<a href="https://en.wikipedia.org/wiki/Personal_data">personal data</a> and
it is strongly advised that non-public entities do not publish personal data in
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-161">DID documents</a>.
</p>
<p>
It can be useful to express a binding of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-106">DID</a> to a person's or
organization's physical identity in a way that is provably asserted by a
trusted authority, such as a government. This specification provides
the <a href="#assertion" class="sec-ref"><bdi class="secno">5.3.2 </bdi>Assertion</a> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-22">verification relationship</a> for these
purposes. This feature can enable interactions that are private and can be
considered legally enforceable under one or more jurisdictions; establishing
such bindings has to be carefully balanced against privacy considerations (see
<a href="#privacy-considerations" class="sec-ref"><bdi class="secno">10. </bdi>Privacy Considerations</a>).
</p>
<p>
The process of binding a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-107">DID</a> to something in the physical world, such as
a person or an organization — for example, by using <a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-4">verifiable
credentials</a> with the same subject as that <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-108">DID</a> — is contemplated
by this specification and further defined in the Verifiable Credentials Data
Model [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>].
</p>
</section>
</section>
<section id="authentication-service-endpoints"><div class="header-wrapper"><h3 id="x9-3-authentication-service-endpoints"><bdi class="secno">9.3 </bdi>Authentication Service Endpoints</h3><a class="self-link" href="#authentication-service-endpoints" aria-label="Permalink for Section 9.3"></a></div>
<p>
If a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-162">DID document</a> publishes a <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-21">service</a> intended for
authentication or authorization of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-50">DID subject</a> (see Section <a href="#services" class="sec-ref"><bdi class="secno">5.4 </bdi>Services</a>), it is the responsibility of the <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-4">service
endpoint</a> provider, subject, or requesting party to comply with the
requirements of the authentication protocols supported at that <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-5">service
endpoint</a>.
</p>
</section>
<section id="non-repudiation"><div class="header-wrapper"><h3 id="x9-4-non-repudiation"><bdi class="secno">9.4 </bdi>Non-Repudiation</h3><a class="self-link" href="#non-repudiation" aria-label="Permalink for Section 9.4"></a></div>
<p>
Non-repudiation of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-109">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-163">DID document</a> updates is supported if:
</p>
<ul>
<li>
The <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-7">verifiable data registry</a> supports
<a href="#dfn-verifiable-timestamp" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-timestamp-2">verifiable timestamps</a>. See <a href="#did-document-metadata" class="sec-ref"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</a>
for further information on useful timestamps that can be used during the
<a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-17">DID resolution</a> process.
</li>
<li>
The subject is monitoring for unauthorized updates as elaborated upon in
<a href="#notification-of-did-document-changes" class="sec-ref"><bdi class="secno">9.5 </bdi>Notification of DID Document Changes</a>.
</li>
<li>
The subject has had adequate opportunity to revert malicious updates according
to the authorization mechanism for the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-92">DID method</a>.
</li>
</ul>
</section>
<section id="notification-of-did-document-changes"><div class="header-wrapper"><h3 id="x9-5-notification-of-did-document-changes"><bdi class="secno">9.5 </bdi>Notification of DID Document Changes</h3><a class="self-link" href="#notification-of-did-document-changes" aria-label="Permalink for Section 9.5"></a></div>
<p>
One mitigation against unauthorized changes to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-164">DID document</a> is
monitoring and actively notifying the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-51">DID subject</a> when there are changes.
This is analogous to helping prevent account takeover on conventional
username/password accounts by sending password reset notifications to the email
addresses on file.
</p>
<p>
In the case of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-110">DID</a>, there is no intermediary registrar or account
provider to generate such notifications. However, if the <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-8">verifiable data
registry</a> on which the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-111">DID</a> is registered directly supports change
notifications, a subscription service can be offered to <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-20">DID controllers</a>.
Notifications could be sent directly to the relevant <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-6">service endpoints</a>
listed in an existing <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-112">DID</a>.
</p>
<p>
If a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-21">DID controller</a> chooses to rely on a third-party monitoring service
(other than the <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-9">verifiable data registry</a> itself), this introduces another
vector of attack.
</p>
</section>
<section id="key-and-signature-expiration"><div class="header-wrapper"><h3 id="x9-6-key-and-signature-expiration"><bdi class="secno">9.6 </bdi>Key and Signature Expiration</h3><a class="self-link" href="#key-and-signature-expiration" aria-label="Permalink for Section 9.6"></a></div>
<p>
In a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-113">decentralized identifier</a> architecture, there might not be
centralized authorities to enforce cryptographic material or cryptographic
digital signature expiration policies. Therefore, it is with supporting software
such as <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-20">DID resolvers</a> and verification libraries that requesting parties
validate that cryptographic material were not expired at the time they were
used. Requesting parties might employ their own expiration policies in addition
to inputs into their verification processes. For example, some requesting
parties might accept authentications from five minutes in the past, while others
with access to high precision time sources might require authentications to be
time stamped within the last 500 milliseconds.
</p>
<p>
There are some requesting parties that have legitimate needs to extend the use
of already-expired cryptographic material, such as verifying legacy
cryptographic digital signatures. In these scenarios, a requesting party might
instruct their verification software to ignore cryptographic key material
expiration or determine if the cryptographic key material was expired at the
time it was used.
</p>
</section>
<section id="verification-method-rotation"><div class="header-wrapper"><h3 id="x9-7-verification-method-rotation"><bdi class="secno">9.7 </bdi>Verification Method Rotation</h3><a class="self-link" href="#verification-method-rotation" aria-label="Permalink for Section 9.7"></a></div>
<p>
Rotation is a management process that enables the secret cryptographic material
associated with an existing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-67">verification method</a> to be deactivated or
destroyed once a new <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-68">verification method</a> has been added to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-165">DID
document</a>. Going forward, any new proofs that a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-7">controller</a> would have
generated using the old secret cryptographic material can now instead be
generated using the new cryptographic material and can be verified using the
new <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-69">verification method</a>.
</p>
<p>
Rotation is a useful mechanism for protecting against verification method
compromise, since frequent rotation of a verification method by the controller
reduces the value of a single compromised verification method to an attacker.
Performing revocation immediately after rotation is useful for verification
methods that a controller designates for short-lived verifications, such as
those involved in encrypting messages and authentication.
</p>
<p>
The following considerations might be of use when contemplating the use of
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-70">verification method</a> rotation:
</p>
<ul>
<li>
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-71">Verification method</a> rotation is a proactive security measure.
</li>
<li>
It is generally considered a best practice to perform <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-72">verification method</a>
rotation on a regular basis.
</li>
<li>
Higher security environments tend to employ more frequent verification method
rotation.
</li>
<li>
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-73">Verification method</a> rotation manifests only as changes to the current or
latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-166">DID document</a>.
</li>
<li>
When a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-74">verification method</a> has been active for a long time, or used for
many operations, a controller might wish to perform a rotation.
</li>
<li>
Frequent rotation of a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-75">verification method</a> might be frustrating for
parties that are forced to continuously renew or refresh associated credentials.
</li>
<li>
Proofs or signatures that rely on <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-76">verification methods</a> that are not
present in the latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-167">DID document</a> are not impacted by
rotation. In these cases, verification software might require additional
information, such as when a particular <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-77">verification method</a> was
expected to be valid as well as access to a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-10">verifiable data registry</a>
containing a historical record, to determine the validity of the proof or
signature. This option might not be available in all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-93">DID methods</a>.
</li>
<li>
The section on <a href="#method-operations">DID method operations</a> specifies
the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-114">DID</a> operations to be supported by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-94">DID method</a> specification,
including <a href="#method-operations">update</a> which is expected to be used
to perform a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-78">verification method</a> rotation.
</li>
<li>
A <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-8">controller</a> performs a rotation when they add a new <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-79">verification
method</a> that is meant to replace an existing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-80">verification method</a> after
some time.
</li>
<li>
Not all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-95">DID methods</a> support <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-81">verification method</a> rotation.
</li>
</ul>
</section>
<section id="verification-method-revocation"><div class="header-wrapper"><h3 id="x9-8-verification-method-revocation"><bdi class="secno">9.8 </bdi>Verification Method Revocation</h3><a class="self-link" href="#verification-method-revocation" aria-label="Permalink for Section 9.8"></a></div>
<p>
Revocation is a management process that enables the secret cryptographic
material associated with an existing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-82">verification method</a> to be
deactivated such that it ceases to be a valid form of creating new
proofs of digital signatures.
</p>
<p>
Revocation is a useful mechanism for reacting to a verification method
compromise. Performing revocation immediately after rotation is useful for
verification methods that a controller designates for short-lived verifications,
such as those involved in encrypting messages and authentication.
</p>
<p>
Compromise of the secrets associated with a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-83">verification method</a> allows
the attacker to use them according to the <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-23">verification relationship</a>
expressed by <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-9">controller</a> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-168">DID document</a>, for example, for
authentication. The attacker's use of the secrets might be indistinguishable
from the legitimate <a href="#did-controller">controller's</a> use starting from
the time the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-84">verification method</a> was registered, to the time it was
revoked.
</p>
<p>
The following considerations might be of use when contemplating the use of
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-85">verification method</a> revocation:
</p>
<ul>
<li>
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-86">Verification method</a> revocation is a reactive security measure.
</li>
<li>
It is considered a best practice to support key revocation.
</li>
<li>
A <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-10">controller</a> is expected to immediately revoke any <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-87">verification
method</a> that is known to be compromised.
</li>
<li>
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-88">Verification method</a> revocation can only be embodied in changes to
the latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-169">DID Document</a>; it cannot retroactively adjust
previous versions.
</li>
<li>
As described in <a href="#verification-material" class="sec-ref"><bdi class="secno">5.2.1 </bdi>Verification Material</a>, absence of a verification
method is the only form of revocation that applies to all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-96">DID Methods</a>
that support revocation.
</li>
<li>
If a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-89">verification method</a> is no longer exclusively accessible to the
<a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-11">controller</a> or parties trusted to act on behalf of the <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-12">controller</a>,
it is expected to be revoked immediately to reduce the risk of
compromises such as masquerading, theft, and fraud.
</li>
<li>
Revocation is expected to be understood as a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-13">controller</a> expressing that
proofs or signatures associated with a revoked <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-90">verification method</a>
created after its revocation should be treated as invalid. It could also imply a
concern that existing proofs or signatures might have been created by an
attacker, but this is not necessarily the case. Verifiers, however, might still
choose to accept or reject any such proofs or signatures at their own
discretion.
</li>
<li>
The section on <a href="#method-operations">DID method operations</a> specifies
the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-115">DID</a> operations to be supported by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-97">DID method</a> specification,
including <a href="#method-operations">update</a> and <a href="#method-operations">deactivate</a>, which might be used to remove
a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-91">verification method</a> from a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-170">DID document</a>.
</li>
<li>
Not all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-98">DID methods</a> support <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-92">verification method</a> revocation.
</li>
<li>
Even if a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-93">verification method</a> is present in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-171">DID document</a>,
additional information, such as a public key revocation certificate, or an
external allow or deny list, could be used to determine whether a
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-94">verification method</a> has been revoked.
</li>
<li>
The day-to-day operation of any software relying on a compromised
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-95">verification method</a>, such as an individual's operating system, antivirus,
or endpoint protection software, could be impacted when the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-96">verification
method</a> is publicly revoked.
</li>
</ul>
<section class="notoc"><div class="header-wrapper"><h4 id="revocation-semantics">Revocation Semantics</h4><a class="self-link" href="#revocation-semantics" aria-label="Permalink for this Section"></a></div>
<p>
Although verifiers might choose not to accept proofs or signatures from a
revoked verification method, knowing whether a verification was made with a
revoked <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-97">verification method</a> is trickier than it might seem. Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-99">DID
methods</a> provide the ability to look back at the state of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-116">DID</a> at a
point in time, or at a particular version of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-172">DID document</a>. When such
a feature is combined with a reliable way to determine the time or <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-117">DID</a>
version that existed when a cryptographically verifiable statement was made,
then revocation does not undo that statement. This can be the basis for using
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-118">DIDs</a> to make binding commitments; for example, to sign a mortgage.
</p>
<p>
If these conditions are met, revocation is not retroactive; it only nullifies
future use of the method.
</p>
<p>
However, in order for such semantics to be safe, the second condition — an
ability to know what the state of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-173">DID document</a> was at the time the
assertion was made — is expected to apply. Without that guarantee, someone
could discover a revoked key and use it to make cryptographically verifiable
statements with a simulated date in the past.
</p>
<p>
Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-100">DID methods</a> only allow the retrieval of the current state of a
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-119">DID</a>. When this is true, or when the state of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-120">DID</a> at the time of
a cryptographically verifiable statement cannot be reliably determined, then the
only safe course is to disallow any consideration of DID state with respect to
time, except the present moment. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-121">DID</a> ecosystems that take this approach
essentially provide cryptographically verifiable statements as ephemeral tokens
that can be invalidated at any time by the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-22">DID controller</a>.
</p>
</section>
<section class="notoc"><div class="header-wrapper"><h4 id="revocation-in-trustless-systems">Revocation in Trustless Systems</h4><a class="self-link" href="#revocation-in-trustless-systems" aria-label="Permalink for this Section"></a></div>
<p>
Trustless systems are those where all trust is derived from cryptographically
provable assertions, and more specifically, where no metadata outside of the
cryptographic system is factored into the determination of trust in the system.
To verify a signature of proof for a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-98">verification method</a> which has been
revoked in a trustless system, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-101">DID method</a> needs to support either or
both of the <code>versionId</code> or <code>versionTime</code>, as well as both the <code>updated</code> and
<code>nextUpdate</code>, <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-174">DID document</a> metadata properties. A verifier can validate a
signature or proof of a revoked key if and only if all of the following are
true:
</p>
<ul>
<li>
The proof or signature includes the <code>versionId</code> or <code>versionTime</code> of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-175">DID
document</a> that was used at the point the signature or proof was created.
</li>
<li>
The verifier can determine the point in time at which the signature or proof was
made; for example, it was anchored on a blockchain.
</li>
<li>
For the resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-176">DID document</a> metadata, the <code>updated</code> timestamp is
before, and the <code>nextUpdate</code> timestamp is after, the point in time at which the
signature or proof was made.
</li>
</ul>
<p>
In systems that are willing to admit metadata other than those constituting
cryptographic input, similar trust may be achieved -- but always on the
same basis where a careful judgment is made about whether a
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-177">DID document</a>'s content at the moment of a signing event
contained the expected content.
</p>
</section>
</section>
<section id="did-recovery"><div class="header-wrapper"><h3 id="x9-9-did-recovery"><bdi class="secno">9.9 </bdi>DID Recovery</h3><a class="self-link" href="#did-recovery" aria-label="Permalink for Section 9.9"></a></div>
<p>
Recovery is a reactive security measure whereby a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-14">controller</a> that has
lost the ability to perform DID operations, such as through the loss of a
device, is able to regain the ability to perform DID operations.
</p>
<p>
The following considerations might be of use when contemplating the use of
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-122">DID</a> recovery:
</p>
<ul>
<li>
Performing recovery proactively on an infrequent but regular basis, can help to
ensure that control has not been lost.
</li>
<li>
It is considered a best practice to never reuse cryptographic material
associated with recovery for any other purposes.
</li>
<li>
Recovery is commonly performed in conjunction with <a href="#verification-method-rotation">verification method rotation</a> and <a href="#verification-method-revocation">verification method revocation</a>.
</li>
<li>
Recovery is advised when a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-15">controller</a> or services trusted to act on their
behalf no longer have the exclusive ability to perform DID operations as
described in <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a>.
</li>
<li>
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-102">DID method</a> specifications might choose to enable support for a quorum of
trusted parties to facilitate recovery. Some of the facilities to do so are
suggested in <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>.
</li>
<li>
Not all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-103">DID method</a> specifications will recognize control from <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-123">DIDs</a>
registered using other <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-104">DID methods</a> and they might restrict third-party
control to <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-124">DIDs</a> that use the same method.
</li>
<li>
Access control and recovery in a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-105">DID method</a> specification can also
include a time lock feature to protect against key compromise by maintaining a
second track of control for recovery.
</li>
<li>
There are currently no common recovery mechanisms that apply to all
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-106">DID methods</a>.
</li>
</ul>
</section>
<section id="the-role-of-human-friendly-identifiers"><div class="header-wrapper"><h3 id="x9-10-the-role-of-human-friendly-identifiers"><bdi class="secno">9.10 </bdi>The Role of Human-Friendly Identifiers</h3><a class="self-link" href="#the-role-of-human-friendly-identifiers" aria-label="Permalink for Section 9.10"></a></div>
<p>
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-125">DIDs</a> achieve global uniqueness without the need for a central
registration authority. This comes at the cost of human memorability.
Algorithms capable of generating globally unambiguous identifiers
produce random strings of characters that have no human meaning. This
trade-off is often referred to as
<a href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's
Triangle</a>.
</p>
<p>
There are use cases where it is desirable to discover a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-126">DID</a> when
starting from a human-friendly identifier. For example, a natural language
name, a domain name, or a conventional address for a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-23">DID controller</a>,
such as a mobile telephone number, email address, social media username, or
blog URL. However, the problem of mapping human-friendly identifiers to
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-127">DIDs</a>, and doing so in a way that can be verified and trusted, is
outside the scope of this specification.
</p>
<p>
Solutions to this problem are defined in separate specifications, such as
[<cite><a class="bibref" data-link-type="biblio" href="#bib-dns-did" title="The Decentralized Identifier (DID) in the DNS">DNS-DID</a></cite>], that reference this specification. It is strongly recommended that
such specifications carefully consider the:
</p>
<ul>
<li>
Numerous security attacks based on deceiving users about the true human-friendly
identifier for a target entity.
</li>
<li>
Privacy consequences of using human-friendly identifiers that are inherently
correlatable, especially if they are globally unique.
</li>
</ul>
</section>
<section id="dids-as-enhanced-urns"><div class="header-wrapper"><h3 id="x9-11-dids-as-enhanced-urns"><bdi class="secno">9.11 </bdi>DIDs as Enhanced URNs</h3><a class="self-link" href="#dids-as-enhanced-urns" aria-label="Permalink for Section 9.11"></a></div>
<p>
If desired by a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-24">DID controller</a>, a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-128">DID</a> or a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-36">DID URL</a> is
capable of acting as persistent, location-independent resource identifier.
These sorts of identifiers
are classified as Uniform Resource Names (URNs) and are defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8141" title="Uniform Resource Names (URNs)">RFC8141</a></cite>].
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-129">DIDs</a> are an enhanced form of URN that provide a
cryptographically secure, location-independent identifier for a digital
resource, while also providing metadata that enables retrieval. Due to the
indirection between the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-178">DID document</a> and the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-130">DID</a> itself, the
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-25">DID controller</a> can adjust the actual location of the resource — or
even provide the resource directly — without adjusting the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-131">DID</a>.
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-132">DIDs</a> of this type can definitively verify that the resource retrieved is,
in fact, the resource identified.
</p>
<p>
A <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-26">DID controller</a> who intends to use a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-133">DID</a> for this purpose is
advised to follow the security considerations in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8141" title="Uniform Resource Names (URNs)">RFC8141</a></cite>]. In particular:
</p>
<ul>
<li>
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-27">DID controller</a> is expected to choose a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-107">DID method</a> that
supports the controller's requirements for persistence. The Decentralized
Characteristics Rubric [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-rubric" title="Decentralized Characteristics Rubric v1.0">DID-RUBRIC</a></cite>] is one tool available to help
implementers decide upon the most suitable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-108">DID method</a>.
</li>
<li>
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-28">DID controller</a> is expected to publish its operational policies so
requesting parties can determine the degree to which they can rely on the
persistence of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-134">DID</a> controlled by that <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-29">DID controller</a>. In the
absence of such policies, requesting parties are not expected to make any
assumption about whether a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-135">DID</a> is a persistent identifier for the same
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-52">DID subject</a>.
</li>
</ul>
</section>
<section id="immutability"><div class="header-wrapper"><h3 id="x9-12-immutability"><bdi class="secno">9.12 </bdi>Immutability</h3><a class="self-link" href="#immutability" aria-label="Permalink for Section 9.12"></a></div>
<p>
Many cybersecurity abuses hinge on exploiting gaps between reality and the
assumptions of rational, good-faith actors. Immutability of <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-179">DID documents</a>
can provide some security benefits. Individual <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-109">DID methods</a> ought to
consider constraints that would eliminate behaviors or semantics they do not
need. The more <em>locked down</em> a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-110">DID method</a> is, while providing the
same set of features, the less it can be manipulated by malicious actors.
</p>
<p>
As an example, consider that a single edit to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-180">DID document</a> can change
anything except the root <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-8">id</a></code> property of the document. But
is it actually desirable for a <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-22">service</a> to change its
<code>type</code> after it is defined? Or for a key to change its value? Or
would it be better to require a new <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-9">id</a></code> when certain
fundamental properties of an object change? Malicious takeovers of a website
often aim for an outcome where the site keeps its host name identifier,
but is subtly changed underneath. If certain properties of the site, such
as the <a target="_blank" href="https://en.wikipedia.org/wiki/Autonomous_system_(Internet)">ASN</a>
associated with its IP address, were required by the specification to be
immutable, anomaly detection would be easier, and attacks would be much
harder and more expensive to carry out.
</p>
<p>
For <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-111">DID methods</a> tied to a global source of truth, a direct,
just-in-time lookup of the latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-181">DID document</a> is always
possible. However, it seems likely that layers of cache might eventually sit
between a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-21">DID resolver</a> and that source of truth. If they do, believing
the attributes of an object in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-182">DID document</a> to have a given state
when they are actually subtly different might invite exploits. This is
particularly true if some lookups are of a full <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-183">DID document</a>, and
others are of partial data where the larger context is assumed.
</p>
</section>
<section id="encrypted-data-in-did-documents"><div class="header-wrapper"><h3 id="x9-13-encrypted-data-in-did-documents"><bdi class="secno">9.13 </bdi>Encrypted Data in DID Documents</h3><a class="self-link" href="#encrypted-data-in-did-documents" aria-label="Permalink for Section 9.13"></a></div>
<p>
Encryption algorithms have been known to fail due to advances in cryptography
and computing power. Implementers are advised to assume that any encrypted data
placed in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-184">DID document</a> might eventually be made available in clear text
to the same audience to which the encrypted data is available. This is
particularly pertinent if the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-185">DID document</a> is public.
</p>
<p>
Encrypting all or parts of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-186">DID document</a> is <em>not</em> an appropriate
means to protect data in the long term. Similarly, placing encrypted data in
a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-187">DID document</a> is not an appropriate means to protect personal data.
</p>
<p>
Given the caveats above, if encrypted data is included in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-188">DID document</a>,
implementers are advised to not associate any correlatable information
that could be used to infer a relationship between the encrypted data
and an associated party. Examples of correlatable information include
public keys of a receiving party, identifiers to digital assets known to be
under the control of a receiving party, or human readable descriptions of a
receiving party.
</p>
</section>
<section id="equivalence-properties"><div class="header-wrapper"><h3 id="x9-14-equivalence-properties"><bdi class="secno">9.14 </bdi>Equivalence Properties</h3><a class="self-link" href="#equivalence-properties" aria-label="Permalink for Section 9.14"></a></div>
<p>
Given the <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-13">equivalentId</a></code> and <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-11">canonicalId</a></code>
properties are generated by <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-112">DID methods</a> themselves, the same security and
accuracy guarantees that apply to the resolved <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-136">DID</a> present in the
<code>id</code> field of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-189">DID document</a> also apply to these properties.
The <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-7">alsoKnownAs</a></code> property is not guaranteed to be an accurate
statement of equivalence, and should not be relied upon without performing
validation steps beyond the resolution of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-190">DID document</a>.
</p>
<p>
The <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-14">equivalentId</a></code> and <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-12">canonicalId</a></code>
properties express equivalence assertions to variants of a single <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-137">DID</a>
produced by the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-113">DID method</a> and can be trusted to the extent the
requesting party trusts the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-114">DID method</a> and a conforming producer and
resolver.
</p>
<p>
The <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-8">alsoKnownAs</a></code> property permits an equivalence assertion to
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-22">URIs</a> that are not governed by the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-115">DID method</a> and cannot be
trusted without performing verification steps outside of the governing <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-116">DID
method</a>. See additional guidance in <a href="#also-known-as" class="sec-ref"><bdi class="secno">5.1.3 </bdi>Also Known As</a>.
</p>
<p>
As with any other security-related properties in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-191">DID document</a>,
parties relying on any equivalence statement in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-192">DID document</a> should
guard against the values of these properties being substituted by an attacker
after the proper verification has been performed. Any write access to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-193">DID
document</a> stored in memory or disk after verification has been performed is
an attack vector that might circumvent verification unless the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-194">DID
document</a> is re-verified.
</p>
</section>
<section id="content-integrity-protection"><div class="header-wrapper"><h3 id="x9-15-content-integrity-protection"><bdi class="secno">9.15 </bdi>Content Integrity Protection</h3><a class="self-link" href="#content-integrity-protection" aria-label="Permalink for Section 9.15"></a></div>
<p>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-195">DID documents</a> which include links to external machine-readable content
such as images, web pages, or schemas are vulnerable to tampering. It is
strongly advised that external links are integrity protected using solutions
such as a hashlink [<cite><a class="bibref" data-link-type="biblio" href="#bib-hashlink" title="Cryptographic Hyperlinks">HASHLINK</a></cite>]. External links are to be avoided if they
cannot be integrity protected and the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-196">DID document</a>'s integrity is
dependent on the external link.
</p>
<p>
One example of an external link where the integrity of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-197">DID document</a>
itself could be affected is the JSON-LD Context [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>]. To protect
against compromise, <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-198">DID document</a> consumers are advised to cache local
static copies of JSON-LD contexts and/or verify the integrity of external
contexts against a cryptographic hash that is known to be associated with a safe
version of the external JSON-LD Context.
</p>
</section>
<section id="persistence"><div class="header-wrapper"><h3 id="x9-16-persistence"><bdi class="secno">9.16 </bdi>Persistence</h3><a class="self-link" href="#persistence" aria-label="Permalink for Section 9.16"></a></div>
<p>
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-138">DIDs</a> are designed to be persistent such that a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-16">controller</a> need not
rely upon a single trusted third party or administrator to maintain their
identifiers. In an ideal case, no administrator can take control away from the
<a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-17">controller</a>, nor can an administrator prevent their identifiers' use for
any particular purpose such as authentication, authorization, and attestation.
No third party can act on behalf of a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-18">controller</a> to remove or render
inoperable an entity's identifier without the <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-19">controller</a>'s consent.
</p>
<p>
However, it is important to note that in all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-117">DID methods</a> that enable
cryptographic proof-of-control, the means of proving control can always be
transferred to another party by transferring the secret cryptographic material.
Therefore, it is vital that systems relying on the persistence of an identifier
over time regularly check to ensure that the identifier is, in fact, still under
the control of the intended party.
</p>
<p>
Unfortunately, it is impossible to determine from the cryptography alone whether
or not the secret cryptographic material associated with a given
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-99">verification method</a> has been compromised. It might well be that the
expected <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-20">controller</a> still has access to the secret cryptographic material
— and as such can execute a proof-of-control as part of a verification
process — while at the same time, a bad actor also has access to those
same keys, or to a copy thereof.
</p>
<p>
As such, cryptographic proof-of-control is expected to only be used as one
factor in evaluating the level of identity assurance required for high-stakes
scenarios. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-139">DID</a>-based authentication provides much greater assurance than
a username and password, thanks to the ability to determine control over a
cryptographic secret without transmitting that secret between systems. However,
it is not infallible. Scenarios that involve sensitive, high value, or
life-critical operations are expected to use additional factors as appropriate.
</p>
<p>
In addition to potential ambiguity from use by different <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-21">controllers</a>, it
is impossible to guarantee, in general, that a given <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-140">DID</a> is being used in
reference to the same subject at any given point in time. It is technically
possible for the controller to reuse a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-141">DID</a> for different subjects and,
more subtly, for the precise definition of the subject to either change over
time or be misunderstood.
</p>
<p>
For example, consider a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-142">DID</a> used for a sole proprietorship, receiving
various credentials used for financial transactions. To the <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-22">controller</a>,
that identifier referred to the business. As the business grows, it eventually
gets incorporated as a Limited Liability Company. The <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-23">controller</a>
continues using that same <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-143">DID</a>, because to <strong>them</strong> the
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-144">DID</a> refers to the business. However, to the state, the tax authority, and
the local municipality, the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-145">DID</a> no longer refers to the same entity.
Whether or not the subtle shift in meaning matters to a credit provider or
supplier is necessarily up to them to decide. In many cases, as long as the
bills get paid and collections can be enforced, the shift is immaterial.
</p>
<p>
Due to these potential ambiguities, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-146">DIDs</a> are to be considered valid
<em>contextually</em> rather than absolutely. Their persistence does not imply
that they refer to the exact same subject, nor that they are under the control
of the same <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-24">controller</a>. Instead, one needs to understand the context in
which the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-147">DID</a> was created, how it is used, and consider the likely shifts
in their meaning, and adopt procedures and policies to address both potential
and inevitable semantic drift.
</p>
</section>
<section id="level-of-assurance"><div class="header-wrapper"><h3 id="x9-17-level-of-assurance"><bdi class="secno">9.17 </bdi>Level of Assurance</h3><a class="self-link" href="#level-of-assurance" aria-label="Permalink for Section 9.17"></a></div>
<p>
Additional information about the security context of authentication events is
often required for compliance reasons, especially in regulated areas such as the
financial and public sectors. This information is often referred to as a Level
of Assurance (LOA). Examples include the protection of secret cryptographic
material, the identity proofing process, and the form-factor of the
authenticator.
</p>
<p>
<a target="_blank" href="https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en">
Payment services (PSD 2)</a> and <a target="_blank" href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG">
eIDAS</a> introduce such requirements to the security context. Level of
assurance frameworks are classified and defined by regulations and
standards such as <a target="_blank" href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG">
eIDAS</a>, <a target="_blank" href="https://pages.nist.gov/800-63-3/sp800-63-3.html"> NIST 800-63-3</a> and <a target="_blank" href="https://www.iso.org/standard/45138.html"> ISO/IEC
29115:2013</a>, including their requirements for the security context, and
making recommendations on how to achieve them. This might include strong user
authentication where <a target="_blank" href="https://fidoalliance.org/fido2/">FIDO2</a>/<a target="_blank" href="https://www.w3.org/TR/webauthn-2/">WebAuthn</a> can fulfill the
requirement.
</p>
<p>
Some regulated scenarios require the implementation of a specific level of
assurance. Since <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-24">verification relationships</a> such as <code>
<a href="#dfn-assertionmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-assertionmethod-3">assertionMethod</a></code> and <code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-7">authentication</a></code> might be
used in some of these situations, information about the applied security context
might need to be expressed and provided to a <em>verifier</em>. Whether and how
to encode this information in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-199">DID document</a> data model is out of scope
for this specification. Interested readers might note that 1) the information
could be transmitted using Verifiable Credentials [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>], and 2) the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-200">DID document</a> data model can be extended to incorporate this information
as described in <a href="#extensibility" class="sec-ref"><bdi class="secno">4.1 </bdi>Extensibility</a>, and where <a href="#privacy-considerations" class="sec-ref"><bdi class="secno">10. </bdi>Privacy Considerations</a> is applicable for such extensions.
</p>
</section>
</section>
<section class="informative" id="privacy-considerations"><div class="header-wrapper"><h2 id="x10-privacy-considerations"><bdi class="secno">10. </bdi>Privacy Considerations</h2><a class="self-link" href="#privacy-considerations" aria-label="Permalink for Section 10."></a></div><p><em>This section is non-normative.</em></p>
<p>
Since <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-148">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-201">DID documents</a> are designed to be administered
directly by the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-30">DID controller(s)</a>, it is critically important to apply
the principles of Privacy by Design [<cite><a class="bibref" data-link-type="biblio" href="#bib-privacy-by-design" title="Privacy by Design">PRIVACY-BY-DESIGN</a></cite>] to all aspects of the
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-149">decentralized identifier</a> architecture. All seven of these principles
have been applied throughout the development of this specification. The design
used in this specification does not assume that there is a registrar, hosting
company, nor other intermediate service provider to recommend or apply
additional privacy safeguards. Privacy in this specification is preventive,
not remedial, and is an embedded default. The following sections cover privacy
considerations that implementers might find useful when building systems that
utilize <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-150">decentralized identifiers</a>.
</p>
<section id="keep-personal-data-private"><div class="header-wrapper"><h3 id="x10-1-keep-personal-data-private"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</h3><a class="self-link" href="#keep-personal-data-private" aria-label="Permalink for Section 10.1"></a></div>
<p>
If a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-118">DID method</a> specification is written for a public-facing
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-11">verifiable data registry</a> where corresponding <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-151">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-202">DID
documents</a> might be made publicly available, it is <em>critical</em> that
those <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-203">DID documents</a> contain no personal data. Personal data can instead
be transmitted through other means such as 1) Verifiable Credentials
[<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>], or 2) <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-7">service endpoints</a> under control of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-53">DID
subject</a> or <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-31">DID controller</a>.
</p>
<p>
Due diligence is expected to be taken around the use of URLs in <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-8">service
endpoints</a> to prevent leakage of personal data or correlation within a URL of
a <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-9">service endpoint</a>. For example, a URL that contains a username is
dangerous to include in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-204">DID Document</a> because the username is likely to
be human-meaningful in a way that can reveal information that the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-54">DID
subject</a> did not consent to sharing. With the privacy architecture suggested
by this specification, personal data can be exchanged on a private, peer-to-peer
basis using communication channels identified and secured by <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-100">verification
methods</a> in <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-205">DID documents</a>. This also enables <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-55">DID subjects</a> and
requesting parties to implement the <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a>
<a href="https://en.wikipedia.org/wiki/Right_to_be_forgotten">right to be
forgotten</a>, because no personal data is written to an immutable
<a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-5">distributed ledger</a>.
</p>
</section>
<section id="did-correlation-risks"><div class="header-wrapper"><h3 id="x10-2-did-correlation-risks"><bdi class="secno">10.2 </bdi>DID Correlation Risks</h3><a class="self-link" href="#did-correlation-risks" aria-label="Permalink for Section 10.2"></a></div>
<p>
Like any type of globally unambiguous identifier, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-152">DIDs</a> might be used for
correlation. <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-32">DID controllers</a> can mitigate this privacy risk by using
pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-153">DIDs</a> that are unique to each relationship; in effect, each
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-154">DID</a> acts as a pseudonym. A pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-155">DID</a> need only be shared with
more than one party when correlation is explicitly desired. If pairwise
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-156">DIDs</a> are the default, then the only need to publish a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-157">DID</a> openly,
or to share it with multiple parties, is when the <a href="#dfn-did-controllers" id="ref-for-dfn-did-controllers-33">DID controller(s)</a> and/or <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-56">DID subject</a>
explicitly desires public identification and correlation.
</p>
</section>
<section id="did-document-correlation-risks"><div class="header-wrapper"><h3 id="x10-3-did-document-correlation-risks"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</h3><a class="self-link" href="#did-document-correlation-risks" aria-label="Permalink for Section 10.3"></a></div>
<p>
The anti-correlation protections of pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-158">DIDs</a> are easily defeated if
the data in the corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-206">DID documents</a> can be correlated. For
example, using identical <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-101">verification methods</a> or bespoke <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-10">service
endpoints</a> in multiple <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-207">DID documents</a> can provide as much correlation
information as using the same <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-159">DID</a>. Therefore, the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-208">DID document</a> for
a pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-160">DID</a> also needs to use pairwise unique information, such as
ensuring that <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-102">verification methods</a> are unique to the pairwise
relationship.
</p>
<p>
It might seem natural to also use pairwise unique <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-11">service endpoints</a> in
the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-209">DID document</a> for a pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-161">DID</a>. However, unique endpoints
allow all traffic between two <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-162">DIDs</a> to be isolated perfectly into unique
buckets, where timing correlation and similar analysis is easy. Therefore, a
better strategy for endpoint privacy might be to share an endpoint among a large
number of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-163">DIDs</a> controlled by many different subjects (see <a href="#herd-privacy" class="sec-ref"><bdi class="secno">10.5 </bdi>Herd Privacy</a>).
</p>
</section>
<section id="did-subject-classification"><div class="header-wrapper"><h3 id="x10-4-did-subject-classification"><bdi class="secno">10.4 </bdi>DID Subject Classification</h3><a class="self-link" href="#did-subject-classification" aria-label="Permalink for Section 10.4"></a></div>
<p>
It is dangerous to add properties to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-210">DID document</a> that can be used
to indicate, explicitly or through inference, what <em>type</em> or nature of
thing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-57">DID subject</a> is, particularly if the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-58">DID subject</a> is a
person.
</p>
<p>
Not only do such properties potentially result in personal data (see
<a href="#keep-personal-data-private" class="sec-ref"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a>) or
correlatable data (see <a href="#did-correlation-risks" class="sec-ref">
<bdi class="secno">10.2 </bdi>DID Correlation Risks</a> and <a href="#did-document-correlation-risks" class="sec-ref"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</a>) being present in the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-211">DID document</a>, but they can be used for grouping particular <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-164">DIDs</a>
in such a way that they are included in or excluded from certain operations or
functionalities.
</p>
<p>
Including <em>type</em> information in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-212">DID Document</a> can
result in personal privacy harms even for <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-59">DID Subjects</a> that are
non-person entities, such as IoT devices. The aggregation of such
information around a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-34">DID Controller</a> could serve as a form of
digital fingerprint and this is best avoided.
</p>
<p>
To minimize these risks, all properties in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-213">DID document</a> ought to be
for expressing cryptographic material, endpoints, or <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-103">verification methods</a>
related to using the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-165">DID</a>.
</p>
</section>
<section id="herd-privacy"><div class="header-wrapper"><h3 id="x10-5-herd-privacy"><bdi class="secno">10.5 </bdi>Herd Privacy</h3><a class="self-link" href="#herd-privacy" aria-label="Permalink for Section 10.5"></a></div>
<p>
When a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-60">DID subject</a> is indistinguishable from others in the herd,
privacy is available. When the act of engaging privately with another party is
by itself a recognizable flag, privacy is greatly diminished.
</p>
<p>
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-166">DIDs</a> and <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-119">DID
methods</a> need to work to improve herd privacy, particularly for those who
legitimately need it most. Choose technologies and human interfaces that
default to preserving anonymity and pseudonymity. To reduce <a href="https://en.wikipedia.org/wiki/Device_fingerprint">digital
fingerprints</a>, share common settings across requesting party
implementations, keep negotiated options to a minimum on wire protocols, use
encrypted transport layers, and pad messages to standard lengths.
</p>
</section>
<section id="service-privacy"><div class="header-wrapper"><h3 id="x10-6-service-privacy"><bdi class="secno">10.6 </bdi>Service Privacy</h3><a class="self-link" href="#service-privacy" aria-label="Permalink for Section 10.6"></a></div>
<p>
The ability for a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-25">controller</a> to optionally express at least one
<a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-12">service endpoint</a> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-214">DID document</a> increases their control and
agency. Each additional endpoint in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-215">DID document</a> adds privacy risk
either due to correlation, such as across endpoint descriptions, or because the
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-23">services</a> are not protected by an authorization mechanism, or both.
</p>
<p>
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-216">DID documents</a> are often public and, since they are standardized, will be
stored and indexed efficiently by their very standards-based nature. This risk
is worse if <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-217">DID documents</a> are published to immutable <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-12">verifiable data
registries</a>. Access to a history of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-218">DID documents</a> referenced by a
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-167">DID</a> represents a form of traffic analysis made more efficient through the
use of standards.
</p>
<p>
The degree of additional privacy risk caused by using multiple <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-13">service
endpoints</a> in one <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-219">DID document</a> can be difficult to estimate. Privacy
harms are typically unintended consequences. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-168">DIDs</a> can refer to documents,
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-24">services</a>, schemas, and other things that might be associated with
individual people, households, clubs, and employers — and correlation of
their <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-14">service endpoints</a> could become a powerful surveillance and
inference tool. An example of this potential harm can be seen when multiple
common country-level top level domains such as
<code>https://example.co.uk</code> might be used to infer the approximate
location of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-61">DID subject</a> with a greater degree of probability.
</p>
<section class="notoc"><div class="header-wrapper"><h4 id="maintaining-herd-privacy">Maintaining Herd Privacy</h4><a class="self-link" href="#maintaining-herd-privacy" aria-label="Permalink for this Section"></a></div>
<p>
The variety of possible endpoints makes it particularly challenging to maintain
herd privacy, in which no information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-62">DID subject</a> is leaked
(see <a href="#herd-privacy" class="sec-ref"><bdi class="secno">10.5 </bdi>Herd Privacy</a>).
</p>
<p>
First, because service endpoints might be specified as <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-23">URIs</a>, they could
unintentionally leak personal information because of the architecture of the
service. For example, a service endpoint of
<code>http://example.com/MyFirstName</code> is leaking the term
<code>MyFirstName</code> to everyone who can access the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-220">DID document</a>.
When linking to legacy systems, this is an unavoidable risk, and care is
expected to be taken in such cases. This specification encourages new,
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-169">DID</a>-aware endpoints to use nothing more than the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-170">DID</a> itself for
any identification necessary. For example, if a service description were to
include <code>http://example.com/did%3Aexample%3Aabc123</code>, no harm would be
done because <code>did:example:abc123</code> is already exposed in the DID
Document; it leaks no additional information.
</p>
<p>
Second, because a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-221">DID document</a> can list multiple service endpoints, it is
possible to irreversibly associate services that are not associated in any other
context. This correlation on its own may lead to privacy harms by revealing
information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-63">DID subject</a>, even if the <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-24">URIs</a> used did not
contain any sensitive information.
</p>
<p>
Third, because some types of <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-64">DID subjects</a> might be more or less likely to
list specific endpoints, the listing of a given service could, by itself, leak
information that can be used to infer something about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-65">DID subject</a>.
For example, a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-171">DID</a> for an automobile might include a pointer to a public
title record at the Department of Motor Vehicles, while a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-172">DID</a> for an
individual would not include that information.
</p>
<p>
It is the goal of herd privacy to ensure that the nature of specific <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-66">DID
subjects</a> is obscured by the population of the whole. To maximize herd
privacy, implementers need to rely on one — and only one — service
endpoint, with that endpoint providing a proxy or mediator service that the
controller is willing to depend on, to protect such associations and to blind
requests to the ultimate service.
</p>
</section>
<section class="notoc"><div class="header-wrapper"><h4 id="service-endpoint-alternatives">Service Endpoint Alternatives</h4><a class="self-link" href="#service-endpoint-alternatives" aria-label="Permalink for this Section"></a></div>
<p>
Given the concerns in the previous section, implementers are urged to
consider any of the following service endpoint approaches:
</p>
<ul>
<li>
<strong>Negotiator Endpoint</strong> — Service for negotiating mutually
agreeable communications channels, preferably using private set intersection.
The output of negotiation is a communication channel and whatever credentials
might be needed to access it.
</li>
<li>
<strong>Tor Endpoint</strong> (<a href="https://www.torproject.org/about/history/">Tor Onion Router</a>) —
Provide a privacy-respecting address for reaching service endpoints. Any service
that can be provided online can be provided through TOR for additional
privacy.
</li>
<li>
<strong>Mediator Endpoint</strong> — <a href="https://github.com/hyperledger/aries-rfcs/blob/720bdab50e2d0437fda03028c1b17c69781bdd69/concepts/0046-mediators-and-relays/README.md">Mediators</a>
provide a generic endpoint, for multiple parties, receive encrypted messages on
behalf of those parties, and forward them to the intended recipient. This avoids
the need to have a specific endpoint per subject, which could create a
correlation risk. This approach is also called a proxy.
</li>
<li>
<strong>Confidential Storage</strong> — Proprietary or confidential
personal information might need to be kept off of a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-13">verifiable data
registry</a> to provide additional privacy and/or security guarantees,
especially for those <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-120">DID methods</a> where <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-222">DID documents</a> are published
on a public ledger. Pointing to external resource services provides a means for
authorization checks and deletion.
</li>
<li>
<strong>Polymorphic Proxy</strong> — A proxy endpoint that can act as any
number of services, depending on how it is called. For example, the same URL
could be used for both negotiator and mediator functions, depending on a
mechanism for re-routing.
</li>
</ul>
<p>
These service endpoint types continue to be an area of innovation and
exploration.
</p>
</section>
</section>
</section>
<section class="appendix" id="examples"><div class="header-wrapper"><h2 id="a-examples"><bdi class="secno">A. </bdi>Examples</h2><a class="self-link" href="#examples" aria-label="Permalink for Appendix A."></a></div>
<section class="informative" id="did-documents"><div class="header-wrapper"><h3 id="a-1-did-documents"><bdi class="secno">A.1 </bdi>DID Documents</h3><a class="self-link" href="#did-documents" aria-label="Permalink for Appendix A.1"></a></div><p><em>This section is non-normative.</em></p>
<p>
See <a href="https://www.w3.org/TR/did-spec-registries/#verification-method-types">
Verification Method Types</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] for optional extensions
and other verification method types.
</p>
<div class="note" role="note" id="issue-container-generatedID-15"><div role="heading" class="note-title marker" id="h-note-15" aria-level="4"><span>Note</span></div><p class="">
These examples are for information purposes only, it is considered a best
practice to avoid using the same <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-104">verification method</a> for multiple
purposes.
</p></div>
<div class="example" id="example-did-document-with-1-verification-method-type">
<div class="marker">
<a class="self-link" href="#example-did-document-with-1-verification-method-type">Example<bdi> 30</bdi></a><span class="example-title">: DID Document with 1 verification method type</span>
</div> <pre aria-busy="false"><code class="hljs json"> {
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/suites/ed25519-2020/v1"</span>
],
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"authentication"</span>: [
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6MkecaLyHuYWkayBDLw5ihndj3T1m6zKTGqau3A51G7RBf3"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span>
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"zAKJP3f7BD6W4iWEQ9jwndVTCBq8ua2Utt8EEjJ6Vxsf"</span>
}
],
<span class="hljs-attr">"capabilityInvocation"</span>: [
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6MkhdmzFu659ZJ4XKj31vtEDmjvsi5yDZG5L7Caz63oP39k"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span>
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"z4BWwfeqdp1obQptLLMvPNgBw48p7og1ie6Hf9p5nTpNN"</span>
}
],
<span class="hljs-attr">"capabilityDelegation"</span>: [
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6Mkw94ByR26zMSkNdCUi6FNRsWnc2DFEeDXyBGJ5KTzSWyi"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span>
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"zHgo9PAmfeoxHG8Mn2XHXamxnnSwPpkyBHAMNF3VyXJCL"</span>
}
],
<span class="hljs-attr">"assertionMethod"</span>: [
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6MkiukuAuQAE8ozxvmahnQGzApvtW7KT5XXKfojjwbdEomY"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span>
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"z5TVraf9itbKXrRvt2DSS95Gw4vqU3CHAdetoufdcKazA"</span>
}
]
}</code></pre>
</div>
<div class="example" id="example-did-document-with-many-different-key-types">
<div class="marker">
<a class="self-link" href="#example-did-document-with-many-different-key-types">Example<bdi> 31</bdi></a><span class="example-title">: DID Document with many different key types</span>
</div> <pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/suites/jws-2020/v1"</span>
],
<span class="hljs-attr">"verificationMethod"</span>: [
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-0"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"OKP"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"Ed25519"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ"</span> <span class="hljs-comment">// external (property name)</span>
}
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-1"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"OKP"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"X25519"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"pE_mG098rdQjY3MKK2D5SUQ6ZOEW3a6Z6T7Z4SgnzCE"</span> <span class="hljs-comment">// external (property name)</span>
}
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-2"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"secp256k1"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Z4Y3NNOxv0J6tCgqOBFnHnaZhJF6LdulT7z8A-2D5_8"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"i5a2NtJoUKXkLm6q8nOEu9WOkso1Ag6FTUT6k_LMnGk"</span> <span class="hljs-comment">// external (property name)</span>
}
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-3"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"secp256k1"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"U1V4TVZVMUpUa0ZVU1NBcU9CRm5IbmFaaEpGNkxkdWx"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"i5a2NtJoUKXkLm6q8nOEu9WOkso1Ag6FTUT6k_LMnGk"</span> <span class="hljs-comment">// external (property name)</span>
}
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-4"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-256"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Ums5WVgwRkRTVVFnU3k5c2xvZllMbEcwM3NPRW91ZzN"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"</span> <span class="hljs-comment">// external (property name)</span>
}
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-5"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-384"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"VUZKSlUwMGdpSXplekRwODhzX2N4U1BYdHVYWUZsaXVDR25kZ1U0UXA4bDkxeHpE"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"jq4QoAHKiIzezDp88s_cxSPXtuXYFliuCGndgU4Qp8l91xzD1spCmFIzQgVjqvcP"</span> <span class="hljs-comment">// external (property name)</span>
}
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-6"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-521"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"VTI5c1lYSmZWMmx1WkhNZ0dQTXhaYkhtSnBEU3UtSXZwdUtpZ0VOMnB6Z1d0U28tLVJ3ZC1uNzhuclduWnplRGMx"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"UW5WNVgwSnBkR052YVc0Z1VqY1B6LVpoZWNaRnliT3FMSUpqVk9sTEVUSDd1UGx5RzBnRW9NV25JWlhoUVZ5cFB5"</span> <span class="hljs-comment">// external (property name)</span>
}
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-7"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"RSA"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"e"</span>: <span class="hljs-string">"AQAB"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"n"</span>: <span class="hljs-string">"UkhWaGJGOUZRMTlFVWtKSElBdENGV2hlU1F2djFNRXh1NVJMQ01UNGpWazlraEpLdjhKZU1YV2UzYldIYXRqUHNrZGYyZGxhR2tXNVFqdE9uVUtMNzQybXZyNHRDbGRLUzNVTElhVDFoSkluTUhIeGoyZ2N1Yk82ZUVlZ0FDUTRRU3U5TE8wSC1MTV9MM0RzUkFCQjdRamE4SGVjcHl1c3BXMVR1X0RicXhjU253ZW5kYW13TDUyVjE3ZUtobE80dVh3djJIRmx4dWZGSE0wS21DSnVqSUt5QXhqRF9tM3FfX0lpSFVWSEQxdERJRXZMUGhHOUF6c24zajk1ZC1zYU"</span> <span class="hljs-comment">// external (property name)</span>
}
}
]
}</code></pre>
</div>
<div class="example" id="example-did-document-with-different-verification-method-types">
<div class="marker">
<a class="self-link" href="#example-did-document-with-different-verification-method-types">Example<bdi> 32</bdi></a><span class="example-title">: DID Document with different verification method types</span>
</div> <pre aria-busy="false"><code class="hljs json">{
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/suites/ed25519-2018/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/suites/x25519-2019/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/suites/secp256k1-2019/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/suites/jws-2020/v1"</span>
],
<span class="hljs-attr">"verificationMethod"</span>: [
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-0"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"3M5RCDjPTWPkKSN3sxUmmMqHbmRPegYP1tjcKyrDbt9J"</span> <span class="hljs-comment">// external (property name)</span>
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-1"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"X25519KeyAgreementKey2019"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"FbQWLPRhTH95MCkQUeFYdiSoQt8zMwetqfWoxqPgaq7x"</span> <span class="hljs-comment">// external (property name)</span>
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-2"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"EcdsaSecp256k1VerificationKey2019"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"ns2aFDq25fEV1NUd3wZ65sgj5QjFW8JCAHdUJfLwfodt"</span> <span class="hljs-comment">// external (property name)</span>
},
{
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-3"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>,
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"publicKeyJwk"</span>: {
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-256"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Er6KSSnAjI70ObRWhlaMgqyIOQYrDJTE94ej5hybQ2M"</span>, <span class="hljs-comment">// external (property name)</span>
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"pPVzCOTJwgikPjuUE6UebfZySqEJ0ZtsWFpj7YSPGEk"</span> <span class="hljs-comment">// external (property name)</span>
}
}
]
}</code></pre>
</div>
</section>
<section class="informative" id="proving"><div class="header-wrapper"><h3 id="a-2-proving"><bdi class="secno">A.2 </bdi>Proving</h3><a class="self-link" href="#proving" aria-label="Permalink for Appendix A.2"></a></div><p><em>This section is non-normative.</em></p>
<div class="note" role="note" id="issue-container-generatedID-16"><div role="heading" class="note-title marker" id="h-note-16" aria-level="4"><span>Note</span></div><p class="">
These examples are for information purposes only. See
<a href="https://www.w3.org/TR/vc-data-model/"><abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials Data
Model</a> for additional examples.
</p></div>
<div class="example" id="example-verifiable-credential-linked-to-a-verification-method-of-type-ed25519verificationkey2020">
<div class="marker">
<a class="self-link" href="#example-verifiable-credential-linked-to-a-verification-method-of-type-ed25519verificationkey2020">Example<bdi> 33</bdi></a><span class="example-title">: Verifiable Credential linked to a verification method of type Ed25519VerificationKey2020</span>
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span>
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>,
<span class="hljs-string">"https://w3id.org/citizenship/v1"</span>
],
<span class="hljs-attr">"type"</span>: [
<span class="hljs-string">"VerifiableCredential"</span>,
<span class="hljs-string">"PermanentResidentCard"</span>
],
<span class="hljs-attr">"credentialSubject"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"type"</span>: [
<span class="hljs-string">"PermanentResident"</span>,
<span class="hljs-string">"Person"</span>
],
<span class="hljs-attr">"givenName"</span>: <span class="hljs-string">"JOHN"</span>,
<span class="hljs-attr">"familyName"</span>: <span class="hljs-string">"SMITH"</span>,
<span class="hljs-attr">"gender"</span>: <span class="hljs-string">"Male"</span>,
<span class="hljs-attr">"image"</span>: <span class="hljs-string">"data:image/png;base64,iVBORw0KGgo...kJggg=="</span>,
<span class="hljs-attr">"residentSince"</span>: <span class="hljs-string">"2015-01-01"</span>,
<span class="hljs-attr">"lprCategory"</span>: <span class="hljs-string">"C09"</span>,
<span class="hljs-attr">"lprNumber"</span>: <span class="hljs-string">"000-000-204"</span>,
<span class="hljs-attr">"commuterClassification"</span>: <span class="hljs-string">"C1"</span>,
<span class="hljs-attr">"birthCountry"</span>: <span class="hljs-string">"Bahamas"</span>,
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"1958-08-17"</span>
},
<span class="hljs-attr">"issuer"</span>: <span class="hljs-string">"did:example:456"</span>,
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2020-04-22T10:37:22Z"</span>,
<span class="hljs-attr">"identifier"</span>: <span class="hljs-string">"83627465"</span>,
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"Permanent Resident Card"</span>,
<span class="hljs-attr">"description"</span>: <span class="hljs-string">"Government of Example Permanent Resident Card."</span>,
<span class="hljs-attr">"proof"</span>: {
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519Signature2018"</span>,
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2020-04-22T10:37:22Z"</span>,
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>,
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:456#key-1"</span>,
<span class="hljs-attr">"jws"</span>: <span class="hljs-string">"eyJjcml0IjpbImI2NCJdLCJiNjQiOmZhbHNlLCJhbGciOiJFZERTQSJ9..BhWew0x-txcroGjgdtK-yBCqoetg9DD9SgV4245TmXJi-PmqFzux6Cwaph0r-mbqzlE17yLebjfqbRT275U1AA"</span>
}
}</code></pre>
</div>
<div class="example" id="example-verifiable-credential-linked-to-a-verification-method-of-type-jsonwebkey2020">
<div class="marker">
<a class="self-link" href="#example-verifiable-credential-linked-to-a-verification-method-of-type-jsonwebkey2020">Example<bdi> 34</bdi></a><span class="example-title">: Verifiable Credential linked to a verification method of type JsonWebKey2020</span>
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span>
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>,
<span class="hljs-string">"https://www.w3.org/2018/credentials/examples/v1"</span>
],
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"http://example.gov/credentials/3732"</span>,
<span class="hljs-attr">"type"</span>: [<span class="hljs-string">"VerifiableCredential"</span>, <span class="hljs-string">"UniversityDegreeCredential"</span>],
<span class="hljs-attr">"issuer"</span>: { <span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span> },
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2020-03-10T04:24:12.164Z"</span>,
<span class="hljs-attr">"credentialSubject"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>,
<span class="hljs-attr">"degree"</span>: {
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BachelorDegree"</span>,
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"Bachelor of Science and Arts"</span>
}
},
<span class="hljs-attr">"proof"</span>: {
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebSignature2020"</span>,
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2020-02-15T17:13:18Z"</span>,
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"</span>,
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>,
<span class="hljs-attr">"jws"</span>: <span class="hljs-string">"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..Y0KqovWCPAeeFhkJxfQ22pbVl43Z7UI-X-1JX32CA9MkFHkmNprcNj9Da4Q4QOl0cY3obF8cdDRdnKr0IwNrAw"</span>
}
}</code></pre>
</div>
<div class="example" id="example-verifiable-credential-linked-to-a-bls12381-verification-method">
<div class="marker">
<a class="self-link" href="#example-verifiable-credential-linked-to-a-bls12381-verification-method">Example<bdi> 35</bdi></a><span class="example-title">: Verifiable Credential linked to a bls12381 verification method</span>
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span>
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/bbs/v1"</span>,
{
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"https://schema.org/name"</span>,
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"https://schema.org/birthDate"</span>
}
],
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"urn:uuid:c499e122-3ba9-4e95-8d4d-c0ebfcf8c51a"</span>,
<span class="hljs-attr">"type"</span>: [<span class="hljs-string">"VerifiableCredential"</span>],
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2021-02-07T16:02:08.571Z"</span>,
<span class="hljs-attr">"issuer"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>
},
<span class="hljs-attr">"credentialSubject"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>,
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"John Smith"</span>,
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"2021-02-07"</span>
},
<span class="hljs-attr">"proof"</span>: {
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BbsBlsSignature2020"</span>,
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2021-02-07T16:02:10Z"</span>,
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>,
<span class="hljs-attr">"proofValue"</span>: <span class="hljs-string">"o7zD2eNTp657YzkJLub+IO4Zqy/R3Lv/AWmtSA/kUlEAOa73BNyP1vOeoow35jkABolx4kYMKkp/ZsFDweuKwe/p9vxv9wrMJ9GpiOZjHcpjelDRRJLBiccg9Yv7608mHgH0N1Qrj14PZ2saUlfhpQ=="</span>,
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:123#bls12381-g2-key"</span>
}
}</code></pre>
</div>
<div class="example" id="example-verifiable-credential-selective-disclosure-zero-knowledge-proof-linked-to-a-bls12381-verification-method">
<div class="marker">
<a class="self-link" href="#example-verifiable-credential-selective-disclosure-zero-knowledge-proof-linked-to-a-bls12381-verification-method">Example<bdi> 36</bdi></a><span class="example-title">: Verifiable Credential selective disclosure zero knowledge proof linked to a bls12381 verification method</span>
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span>
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>,
<span class="hljs-string">"https://w3id.org/security/bbs/v1"</span>,
{
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"https://schema.org/name"</span>,
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"https://schema.org/birthDate"</span>
}
],
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"urn:uuid:c499e122-3ba9-4e95-8d4d-c0ebfcf8c51a"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"VerifiableCredential"</span>,
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2021-02-07T16:02:08.571Z"</span>,
<span class="hljs-attr">"issuer"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>
},
<span class="hljs-attr">"credentialSubject"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>,
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"2021-02-07"</span>
},
<span class="hljs-attr">"proof"</span>: {
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BbsBlsSignatureProof2020"</span>,
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2021-02-07T16:02:10Z"</span>,
<span class="hljs-attr">"nonce"</span>: <span class="hljs-string">"OqZHsV/aunS34BhLaSoxiHWK+SUaG4iozM3V+1jO06zRRNcDWID+I0uwtPJJ767Yo8Q="</span>,
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>,
<span class="hljs-attr">"proofValue"</span>: <span class="hljs-string">"AAsH34lcKsqaqPaLQWcnLMe3mDM+K7fZM0t4Iesfj7BhD//HBtuWCmZE946BqW7OHYU106MP8mLntutqB8FyGwS7AOyK+5/7iW6JwLNVCvh4Nt3IaF3AN47fqVs2VikD9DiCsaFAUU6ISj5pbad8O+6jiT9Yw6ug8t8vJn3XHvMUhCPnDZJeBEdKD1qo4Z0LOq3L8QAAAHSEgtC9BoZL2MLjz4QuPxpwbhTTRC08MIUjdJnP4JUtz6163Lsl3rpadGu2d3Te7loAAAACZBD4YWOgV0xpPoYZ5vywNA5/NTeDHDbX36gvoV5RDJtY1SLU2LN/IDPZGrfhEiASbD1/QXqj8dod6FbjBs9m/LchBcy7z4yDBv/8DnBzDJ9dEaM4bDjpwmqtgJqha2kwtlyNog67xG9tNjnp5rrbIgAAAANMVanwWmlkg5I/f1M2QJ5GRvQiBL4lyL5sttxwIOalbTZP8VqWtFJI54xMNjTiK71aFWWN8SlNEwfVIX34HO5zBIb6fvc+Or21ubYllT9eXv1epl2o2CojuieCZyxE8/Q="</span>,
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:123#bls12381-g2-key"</span>
}
}</code></pre>
</div>
<div class="example" id="example-verifiable-credential-as-decoded-jwt">
<div class="marker">
<a class="self-link" href="#example-verifiable-credential-as-decoded-jwt">Example<bdi> 37</bdi></a><span class="example-title">: Verifiable Credential as Decoded JWT</span>
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span>
<span class="hljs-attr">"protected"</span>: {
<span class="hljs-attr">"kid"</span>: <span class="hljs-string">"did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"</span>,
<span class="hljs-attr">"alg"</span>: <span class="hljs-string">"EdDSA"</span>
},
<span class="hljs-attr">"payload"</span>: {
<span class="hljs-attr">"iss"</span>: <span class="hljs-string">"did:example:123"</span>,
<span class="hljs-attr">"sub"</span>: <span class="hljs-string">"did:example:456"</span>,
<span class="hljs-attr">"vc"</span>: {
<span class="hljs-attr">"@context"</span>: [
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>,
<span class="hljs-string">"https://www.w3.org/2018/credentials/examples/v1"</span>
],
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"http://example.gov/credentials/3732"</span>,
<span class="hljs-attr">"type"</span>: [
<span class="hljs-string">"VerifiableCredential"</span>,
<span class="hljs-string">"UniversityDegreeCredential"</span>
],
<span class="hljs-attr">"issuer"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>
},
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2020-03-10T04:24:12.164Z"</span>,
<span class="hljs-attr">"credentialSubject"</span>: {
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>,
<span class="hljs-attr">"degree"</span>: {
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BachelorDegree"</span>,
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"Bachelor of Science and Arts"</span>
}
}
},
<span class="hljs-attr">"jti"</span>: <span class="hljs-string">"http://example.gov/credentials/3732"</span>,
<span class="hljs-attr">"nbf"</span>: <span class="hljs-number">1583814252</span>
},
<span class="hljs-attr">"signature"</span>: <span class="hljs-string">"qSv6dpZJGFybtcifLwGf4ujzlEu-fam_M7HPxinCbVhz9iIJCg70UMeQbPa1ex6BmQ2tnSS7F11FHnMB2bJRAw"</span>
}</code></pre>
</div>
</section>
<section class="informative" id="encrypting"><div class="header-wrapper"><h3 id="a-3-encrypting"><bdi class="secno">A.3 </bdi>Encrypting</h3><a class="self-link" href="#encrypting" aria-label="Permalink for Appendix A.3"></a></div><p><em>This section is non-normative.</em></p>
<div class="note" role="note" id="issue-container-generatedID-17"><div role="heading" class="note-title marker" id="h-note-17" aria-level="4"><span>Note</span></div><p class="">
These examples are for information purposes only, it is considered a best
practice to avoid dislosing unnecessary information in JWE headers.
</p></div>
<div class="example" id="example-jwe-linked-to-a-verification-method-via-kid">
<div class="marker">
<a class="self-link" href="#example-jwe-linked-to-a-verification-method-via-kid">Example<bdi> 38</bdi></a><span class="example-title">: JWE linked to a verification method via kid</span>
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span>
<span class="hljs-attr">"ciphertext"</span>: <span class="hljs-string">"3SHQQJajNH6q0fyAHmw..."</span>,
<span class="hljs-attr">"iv"</span>: <span class="hljs-string">"QldSPLVnFf2-VXcNLza6mbylYwphW57Q"</span>,
<span class="hljs-attr">"protected"</span>: <span class="hljs-string">"eyJlbmMiOiJYQzIwUCJ9"</span>,
<span class="hljs-attr">"recipients"</span>: [
{
<span class="hljs-attr">"encrypted_key"</span>: <span class="hljs-string">"BMJ19zK12YHftJ4sr6Pz1rX1HtYni_L9DZvO1cEZfRWDN2vXeOYlwA"</span>,
<span class="hljs-attr">"header"</span>: {
<span class="hljs-attr">"alg"</span>: <span class="hljs-string">"ECDH-ES+A256KW"</span>,
<span class="hljs-attr">"apu"</span>: <span class="hljs-string">"Tx9qG69ZfodhRos-8qfhTPc6ZFnNUcgNDVdHqX1UR3s"</span>,
<span class="hljs-attr">"apv"</span>: <span class="hljs-string">"ZGlkOmVsZW06cm9wc3RlbjpFa..."</span>,
<span class="hljs-attr">"epk"</span>: {
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"X25519"</span>,
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"OKP"</span>,
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Tx9qG69ZfodhRos-8qfhTPc6ZFnNUcgNDVdHqX1UR3s"</span>
},
<span class="hljs-attr">"kid"</span>: <span class="hljs-string">"did:example:123#zC1Rnuvw9rVa6E5TKF4uQVRuQuaCpVgB81Um2u17Fu7UK"</span>
}
}
],
<span class="hljs-attr">"tag"</span>: <span class="hljs-string">"xbfwwDkzOAJfSVem0jr1bA"</span>
}</code></pre>
</div>
</section>
</section>
<section class="appendix" id="architectural-considerations"><div class="header-wrapper"><h2 id="b-architectural-considerations"><bdi class="secno">B. </bdi>Architectural Considerations</h2><a class="self-link" href="#architectural-considerations" aria-label="Permalink for Appendix B."></a></div>
<section id="detailed-architecture-diagram"><div class="header-wrapper"><h3 id="b-1-detailed-architecture-diagram"><bdi class="secno">B.1 </bdi>Detailed Architecture Diagram</h3><a class="self-link" href="#detailed-architecture-diagram" aria-label="Permalink for Appendix B.1"></a></div>
<p>
Following is a diagram showing the relationships among
<a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a>, <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>, and
<a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>, and <a href="#resolution" class="sec-ref"><bdi class="secno">7. </bdi>Resolution</a>.
</p>
<figure id="detailed-architecture-overview">
<img style="margin: auto; display: block; width: 90%;" src="diagrams/did_detailed_architecture_overview.svg" alt="
DIDs and DID documents are recorded on a Verifiable Data Registry; DIDs resolve
to DID documents; DIDs refer to DID subjects; a DID controller controls a DID
document; DID URLs contains a DID; DID URLs dereferenced to DID document
fragments or external resources; DID resolver implements resolve function; DID
URL dereferencer implements dereferencing function; DID method operates a
Verfiable Data Registry; DID resolver and DID URL dereferencer instruct a DID
method.
" height="778" width="1121">
<figcaption>Figure <bdi class="figno">7</bdi> <span class="fig-title">
Detailed overview of DID architecture and the relationship of the basic components.
</span></figcaption>
</figure>
</section>
<section id="creation-of-a-did"><div class="header-wrapper"><h3 id="b-2-creation-of-a-did"><bdi class="secno">B.2 </bdi>Creation of a DID</h3><a class="self-link" href="#creation-of-a-did" aria-label="Permalink for Appendix B.2"></a></div>
<p>
The creation of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-173">DID</a> is a process that is defined by each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-121">DID
Method</a>. Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-122">DID Methods</a>, such as <code>did:key</code>, are purely
generative, such that a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-174">DID</a> and a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-223">DID document</a> are generated by
transforming a single piece of cryptographic material into a conformant
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-73">representation</a>. Other <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-123">DID methods</a> might require the use of a
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-14">verifiable data registry</a>, where the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-175">DID</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-224">DID document</a>
are recognized to exist by third parties only when the registration has been
completed, as defined by the respective <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-124">DID method</a>. Other processes
might be defined by the respective <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-125">DID method</a>.
</p>
</section>
<section id="determining-the-did-subject"><div class="header-wrapper"><h3 id="b-3-determining-the-did-subject"><bdi class="secno">B.3 </bdi>Determining the DID subject</h3><a class="self-link" href="#determining-the-did-subject" aria-label="Permalink for Appendix B.3"></a></div>
<p>
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-176">DID</a> is a specific type of URI (Uniform Resource Identifier), so a
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-177">DID</a> can refer to any resource. Per [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]:
</p>
<blockquote>
the term "resource" is used in a general sense for whatever might be
identified by a URI. [...] A resource is not necessarily
accessible via the Internet.
</blockquote>
<p>
Resources can be digital or physical, abstract or concrete. Any resource that
can be assigned a URI can be assigned a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-178">DID</a>. The resource referred to
by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-179">DID</a> is the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-67">DID subject</a>.
</p>
<p>
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-35">DID controller</a> determines the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-68">DID subject</a>.
It is not expected to be possible to determine the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-69">DID subject</a>
from looking at the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-180">DID</a> itself, as <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-181">DIDs</a> are generally
only meaningful to machines, not human. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-182">DID</a> is unlikely to contain
any information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-70">DID subject</a>, so further information
about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-71">DID subject</a> is only discoverable by resolving the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-183">DID</a>
to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-225">DID document</a>, obtaining a verifiable credential about the
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-184">DID</a>, or via some other description of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-185">DID</a>.
</p>
<p>
While the value of the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-10">id</a></code> property in the retrieved
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-226">DID document</a> must always match the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-186">DID</a> being resolved, whether
or not the actual resource to which the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-187">DID</a> refers can change over time
is dependent upon the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-126">DID method</a>. For example, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-127">DID method</a>
that permits the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-72">DID subject</a> to change could be used to generate a
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-188">DID</a> for the current occupant of a particular role—such as the CEO
of a company—where the actual person occupying the role can be different
depending on when the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-189">DID</a> is resolved.
</p>
</section>
<section id="referring-to-the-did-document"><div class="header-wrapper"><h3 id="b-4-referring-to-the-did-document"><bdi class="secno">B.4 </bdi>Referring to the DID document</h3><a class="self-link" href="#referring-to-the-did-document" aria-label="Permalink for Appendix B.4"></a></div>
<p>
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-190">DID</a> refers to the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-73">DID subject</a> and <em>resolves to</em> the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-227">DID document</a> (by following the protocol specified by the
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-128">DID method</a>). The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-228">DID document</a> is not a separate resource from
the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-74">DID subject</a> and does not have a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-25">URI</a> separate from the
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-191">DID</a>. Rather the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-229">DID document</a> is an artifact of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-18">DID
resolution</a> controlled by the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-36">DID controller</a> for the purpose of
describing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-75">DID subject</a>.
</p>
<p>
This distinction is illustrated by the graph model shown below.
</p>
<figure id="did-and-did-document-graph">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-a.1-did-and-did-document-graph.svg" alt="
Diagram showing a graph model for how DID controllers assign DIDs to refer to
DID subjects and resolve to DID documents that describe the DID subjects.
" height="495" width="667">
<figcaption>Figure <bdi class="figno">8</bdi> <span class="fig-title">
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-192">DID</a> is an identifier assigned by a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-37">DID controller</a> to refer to
a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-76">DID subject</a> and resolve to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-230">DID document</a> that describes the
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-77">DID subject</a>. The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-231">DID document</a> is an artifact of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-19">DID
resolution</a> and not a separate resource distinct from the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-78">DID subject</a>.
See also: <a class="longdesc-link" href="#did-and-did-document-graph-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="did-and-did-document-graph-longdesc">
Two filled black circles appear at the top of the diagram, one on the left,
labeled "DID Controller", and one on the right, labeled "DID Subject". A
rectangle, with lower right corner bent inwards to form a small triangle,
appears below, containing the label "DID Document". Arrows extend between these
three items, as follows. A solid red arrow points directly from the DID
Controller circle, rightwards to the DID Subject circle, labeled "DID" above it
in large font, and "Identifies" below it in small italic font. The other arrow
labels are also in small italic font. A dotted red arrow, labeled "Resolves
to", extends from DID Controller, starting in the same line as the first arrow,
then curving downward to point to the DID Document rectangle. A green arrow,
labeled "Controls", points directly from DID Controller to DID Document. A
green arrow labeled "Controller" points in the opposite direction, from DID
Document to DID Controller, making an arc outward to the left of the diagram. A
blue arrow, labeled, "Describes" points directly from DID Document to DID
Subject.
</div>
</section>
<section id="statements-in-the-did-document"><div class="header-wrapper"><h3 id="b-5-statements-in-the-did-document"><bdi class="secno">B.5 </bdi>Statements in the DID document</h3><a class="self-link" href="#statements-in-the-did-document" aria-label="Permalink for Appendix B.5"></a></div>
<p>
Each property in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-232">DID document</a> is a statement by the
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-38">DID controller</a> that describes:
</p>
<ul>
<li>
The string of characters defining identifiers for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-79">DID subject</a>
(e.g., the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-11">id</a></code> and <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-9">alsoKnownAs</a></code>
properties)
</li>
<li>
How to interact with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-80">DID subject</a> (e.g., the
<code><a href="#dfn-verificationmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verificationmethod-2">verificationMethod</a></code> and <code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-25">service</a></code>
properties).
</li>
<li>
How to interpret the specific representation of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-233">DID document</a>
(e.g., the <code>@context</code> property for a JSON-LD representation).
</li>
</ul>
<p>
The only required property in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-234">DID document</a> is <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-12">id</a></code>,
so that is the only statement guaranteed to be in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-235">DID document</a>.
That statement is illustrated in <a href="#did-and-did-document-graph" class="fig-ref" title="A DID is an identifier assigned by a DID controller to refer to a DID subject and resolve to a DID document that describes the DID subject. The DID document is an artifact of DID resolution and not a separate resource distinct from the DID subject. See also: narrative description.">Figure <bdi class="figno">8</bdi></a>
with a direct link between the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-193">DID</a> and the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-81">DID subject</a>.
</p>
</section>
<section id="discovering-more-information-about-the-did-subject"><div class="header-wrapper"><h3 id="b-6-discovering-more-information-about-the-did-subject"><bdi class="secno">B.6 </bdi>Discovering more information about the DID subject</h3><a class="self-link" href="#discovering-more-information-about-the-did-subject" aria-label="Permalink for Appendix B.6"></a></div>
<p>
Options for discovering more information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-82">DID subject</a> depend
on the properties present in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-236">DID document</a>. If the
<code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-26">service</a></code> property is present, more information can be
requested from a <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-15">service endpoint</a>. For example, by querying a
<a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-16">service endpoint</a> that supports verifiable credentials for one or more
claims (attributes) describing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-83">DID subject</a>.
</p>
<p>
Another option is to use the <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-10">alsoKnownAs</a></code> property if it
is present in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-237">DID document</a>. The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-39">DID controller</a> can use it
to provide a list of other URIs (including other <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-194">DIDs</a>) that refer to
the same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-84">DID subject</a>. Resolving or dereferencing these URIs might yield
other descriptions or representations of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-85">DID subject</a> as
illustrated in the figure below.
</p>
<figure id="alsoKnownAs-graph">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-a.2-also-known-as-graph.svg" alt="
Diagram showing a graph model, with an
alsoKnownAs property with an arc to another node representing a
different resource that dereferences to another description of the
DID subject.
" height="586" width="722">
<figcaption>Figure <bdi class="figno">9</bdi> <span class="fig-title">
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-238">DID document</a> can use the alsoKnownAs property to assert that another
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-26">URI</a> (including, but not necessarily, another <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-195">DID</a>) refers to the
same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-86">DID subject</a>. See also: <a class="longdesc-link" href="#alsoKnownAs-graph-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="alsoKnownAs-graph-longdesc">
The diagram contains three small black filled circles, two rectangles with bent
corners, arrows between them, and labels, as follows. On the upper left is a
circle labeled "DID Controller". On the upper right is a circle labeled "DID
Subject". On the lower-middle right is a circle without a label. On the lower
right is a rectangle labeled "Description". In the center of the diagram is a
rectangle labeled "DID Document". Inside the DID Document rectangle, beneath
its label, is two lines of code: "alsoKnownAs: [", and "URI]". A black arrow
extends from the second line, to the right, crossing the rectangle border,
pointing to the unlabeled circle at the right of the diagram. This arrow is
labeled above it in large font, "URI", and below it in italic, "Identifies". A
black arrow points from the unlabeled circle downwards to the Description
rectangle, labeled "Dereferences to". A blue arrow, labeled "Describes",
extends from Description, arcing on the right, pointing up to DID Subject. A
blue arrow, also labeled "Describes", points directly from the rectangle,
labeled "DID Document", in the center of the diagram, up and to the right to the
DID Subject circle. A red arrow, labeled "alsoKnownAs", points from DID Subject
down to the unlabeled circle. A red arrow, labeled "DID" above it in large font,
and "Identifies" below it in italic font, lies at the top of the image, pointing
from DID Controller to DID Subject. A dotted red line starts in the same place
but branches off and curves downward to point to the DID Document rectangle at
the center of the image. A green arrow, labeled "Controls", points directly
from DID Controller to DID Document. Another green arrow points in the opposite
direction, labeled "Controller", curving outwards on the left of the image,
from DID Document to DID Controller.
</div>
</section>
<section id="serving-a-representation-of-the-did-subject"><div class="header-wrapper"><h3 id="b-7-serving-a-representation-of-the-did-subject"><bdi class="secno">B.7 </bdi>Serving a representation of the DID subject</h3><a class="self-link" href="#serving-a-representation-of-the-did-subject" aria-label="Permalink for Appendix B.7"></a></div>
<p>
If the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-87">DID subject</a> is a digital resource that can be retrieved
from the internet, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-129">DID method</a> can choose to construct a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-37">DID URL</a>
which returns a representation of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-88">DID subject</a> itself. For example,
a data schema that needs a persistent, cryptographically verifiable identifier
could be assigned a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-196">DID</a>, and passing a specified DID parameter (see
<a href="#did-parameters" class="sec-ref"><bdi class="secno">3.2.1 </bdi>DID Parameters</a>) could be used as a standard way to retrieve a
representation of that schema.
</p>
<p>
Similarly, a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-197">DID</a> can be used to refer to a digital resource (such as
an image) that can be returned directly from a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-15">verifiable data registry</a>
if that functionality is supported by the applicable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-130">DID method</a>.
</p>
</section>
<section id="assigning-dids-to-existing-web-resources"><div class="header-wrapper"><h3 id="b-8-assigning-dids-to-existing-web-resources"><bdi class="secno">B.8 </bdi>Assigning DIDs to existing web resources</h3><a class="self-link" href="#assigning-dids-to-existing-web-resources" aria-label="Permalink for Appendix B.8"></a></div>
<p>
If the controller of a web page or any other web resource wants to
assign it a persistent, cryptographically verifiable identifier, the
controller can give it a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-198">DID</a>. For example, the author of a blog
hosted by a blog hosting company (under that hosting company's domain)
could create a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-199">DID</a> for the blog. In the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-239">DID document</a>, the
author can include the <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-11">alsoKnownAs</a></code> property pointing to
the current URL of the blog, e.g.:
</p>
<code>
"alsoKnownAs": ["https://myblog.blogging-host.example/home"]
</code>
<p>
If the author subsequently moves the blog to a different hosting company
(or to the author's own domain), the author can update the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-240">DID document</a>
to point to the new URL for the blog, e.g.:
</p>
<code>
"alsoKnownAs": ["https://myblog.example/"]
</code>
<p>
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-200">DID</a> effectively adds a layer of indirection for the blog URL. This
layer of indirection is under the control of the author instead of under the
control of an external administrative authority such as the blog hosting
company. This is how a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-201">DID</a> can effectively function as an enhanced <a href="https://tools.ietf.org/html/rfc8141">URN (Uniform Resource
Name)</a>—a persistent identifier for an information resource whose
network location might change over time.
</p>
</section>
<section id="the-relationship-between-did-controllers-and-did-subjects"><div class="header-wrapper"><h3 id="b-9-the-relationship-between-did-controllers-and-did-subjects"><bdi class="secno">B.9 </bdi>The relationship between DID controllers and DID subjects</h3><a class="self-link" href="#the-relationship-between-did-controllers-and-did-subjects" aria-label="Permalink for Appendix B.9"></a></div>
<p>
To avoid confusion, it is helpful to classify
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-89">DID subject</a>s into two disjoint sets based on their relationship to
the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-40">DID controller</a>.
</p>
<section id="set-1-the-did-subject-is-the-did-controller"><div class="header-wrapper"><h4 id="b-9-1-set-1-the-did-subject-is-the-did-controller"><bdi class="secno">B.9.1 </bdi>Set #1: The DID subject <em>is</em> the DID controller</h4><a class="self-link" href="#set-1-the-did-subject-is-the-did-controller" aria-label="Permalink for Appendix B.9.1"></a></div>
<p>
The first case, shown in <a href="#controller-subject-equivalence" class="fig-ref" title="The DID subject is the same entity as the DID controller. See also: narrative description.">Figure <bdi class="figno">10</bdi></a>, is
the common scenario where the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-90">DID subject</a> is also the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-41">DID
controller</a>. This is the case when an individual or organization creates a
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-202">DID</a> to self-identify.
</p>
<figure id="controller-subject-equivalence">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-b.1-controller-and-subject-equivalence.svg" alt="
Diagram showing a graph model with an equivalence arc from the DID
subject to the DID controller.
" height="516" width="667">
<figcaption>Figure <bdi class="figno">10</bdi> <span class="fig-title">
The <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-91">DID subject</a> is the same entity as the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-42">DID controller</a>. See
also: <a class="longdesc-link" href="#controller-subject-equivalence-longdesc">narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="controller-subject-equivalence-longdesc">
Two small black circles appear in the diagram, one on the upper left, labeled,
"DID Controller", and one on the upper right, labeled "DID Subject". A solid red
arrow extends from the DID Controller circle to the DID Subject circle, labeled
"DID" in large bold text above the arrow, and "Identifies" in small italic text
beneath the arrow. A dotted red double-ended arrow, labeled "Equivalence",
extends between the two circles, forming an arc in the space between and above
them. In the lower part of the diagram is a rectangle with bent corner, outlined
in black, containing the label "DID Document". Arrows point between this DID
Document rectangle and the small black circles for DID Controller and DID
Subject, with italic labels, as follows. A blue arrow points from the DID
Document to the DID Subject, labeled, "Describes". A green arrow points from the
DID Controller to the DID Document, labeled "Controls". A green arrow points
from the DID Document to the DID Controller, in an outward arc, labeled,
"Controller". A dotted red arrow, labeled "Resolves to", extends from the DID
controller starting to the right, branching off from the arrow to the DID
Subject, then curving downward to point to the DID Document.
</div>
<p>
From a graph model perspective, even though the nodes identified as the
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-43">DID controller</a> and <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-92">DID subject</a> in
<a href="#controller-subject-equivalence" class="fig-ref" title="The DID subject is the same entity as the DID controller. See also: narrative description.">Figure <bdi class="figno">10</bdi></a> are distinct, there is a
logical arc connecting them to express a semantic equivalence relationship.
</p>
</section>
<section id="set-2-the-did-subject-is-not-the-did-controller"><div class="header-wrapper"><h4 id="b-9-2-set-2-the-did-subject-is-not-the-did-controller"><bdi class="secno">B.9.2 </bdi>Set #2: The DID subject is <em>not</em> the DID controller</h4><a class="self-link" href="#set-2-the-did-subject-is-not-the-did-controller" aria-label="Permalink for Appendix B.9.2"></a></div>
<p>
The second case is when the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-93">DID subject</a> is a separate entity from the
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-44">DID controller</a>. This is the case when, for example, a parent creates
and maintains control of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-203">DID</a> for a child; a corporation creates and
maintains control of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-204">DID</a> for a subsidiary; or a manufacturer
creates and maintains control of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-205">DID</a> for a product, an IoT device,
or a digital file.
</p>
<p>
From a graph model perspective, the only difference from Set 1 that there is
no equivalence arc relationship between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-94">DID subject</a> and
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-45">DID controller</a> nodes.
</p>
</section>
</section>
<section id="multiple-did-controllers"><div class="header-wrapper"><h3 id="b-10-multiple-did-controllers"><bdi class="secno">B.10 </bdi>Multiple DID controllers</h3><a class="self-link" href="#multiple-did-controllers" aria-label="Permalink for Appendix B.10"></a></div>
<p>
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-241">DID document</a> might have more than one <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-46">DID controller</a>. This can
happen in one of two ways.
</p>
<section id="independent-control"><div class="header-wrapper"><h4 id="b-10-1-independent-control"><bdi class="secno">B.10.1 </bdi>Independent Control</h4><a class="self-link" href="#independent-control" aria-label="Permalink for Appendix B.10.1"></a></div>
<p>
In this case, each of the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-47">DID controllers</a> might act on its own, i.e.,
each one has full power to update the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-242">DID document</a> independently. From
a graph model perspective, in this configuration:
</p>
<ul>
<li>
Each additional <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-48">DID controller</a> is another distinct graph node
(which might be identified by its own <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-206">DID</a>).
</li>
<li>
The same arcs ("controls" and "controller") exist between each
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-49">DID controller</a> and the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-243">DID document</a>.
</li>
</ul>
<figure id="independent-did-controllers">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-c.1-independent-did-controllers.svg" alt="
Diagram showing three DID controllers each with an independent
control relationship with the DID document
" height="504" width="824">
<figcaption>Figure <bdi class="figno">11</bdi> <span class="fig-title">
Multiple independent <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-50">DID controllers</a> that can each act independently. See
also: <a href="#independent-did-controllers-longdesc" class="longdesc-link">Text
Description</a>
</span></figcaption>
</figure>
<div class="longdesc" id="independent-did-controllers-longdesc">
Three black circles appear on the left, vertically, each labeled "DID
Controller". From each of these circles, a pair of green arrows extends towards
the center of the diagram, to a single rectangle, labeled "DID Document". The
rectangle has the lower right corner cut and bent inward to form a small
triangle, as if to represent a physical piece of paper with curled corner. Each
pair of green arrows consists of one arrow pointing from the black circle to the
rectangle, labeled "Controls", and one pointing in the opposite direction, from
the rectangle to the black circle, labeled "Controller". From the right of the
rectangle extends a blue arrow, labeled, "Describes", pointing to a black circle
labeled, "DID Subject".
</div>
</section>
<section id="group-control"><div class="header-wrapper"><h4 id="b-10-2-group-control"><bdi class="secno">B.10.2 </bdi>Group Control</h4><a class="self-link" href="#group-control" aria-label="Permalink for Appendix B.10.2"></a></div>
<p>
In the case of group control, the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-51">DID controllers</a> are expected to act
together in some fashion, such as when using a cryptographic algorithm that
requires multiple digital signatures ("multi-sig") or a threshold number of
digital signatures ("m-of-n"). From a functional standpoint, this option is
similar to a single <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-52">DID controller</a> because, although each of the
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-53">DID controllers</a> in the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-54">DID controller</a> group has its own graph
node, the actual control collapses into a single logical graph node
representing the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-55">DID controller</a> group as shown in
<a href="#group-did-controllers" class="fig-ref" title="Multiple DID controllers who are expected to act together as a DID controller group. See also: narrative description.">Figure <bdi class="figno">12</bdi></a>.
</p>
<figure id="group-did-controllers">
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-c.2-group-did-controllers.svg" alt="
Diagram showing three DID controllers together as a single
DID controller group to control a DID document
" height="297" width="888">
<figcaption>Figure <bdi class="figno">12</bdi> <span class="fig-title">
Multiple <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-56">DID controllers</a> who are expected to act together as a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-57">DID
controller</a> group. See also: <a class="longdesc-link" href="#group-did-controllers-longdesc"> narrative description</a>.
</span></figcaption>
</figure>
<div class="longdesc" id="group-did-controllers-longdesc">
On the left are three black filled circles, labeled "DID Controller Group" by a
brace on the left. From each of these three circles, a green arrow extends to
the center right. These three arrows converge towards a single filled white
circle. A pair of horizontal green arrows connects this white circle on its
right to a rectangle shaped like a page with a curled corner, labeled "DID
Document". The upper arrow points right, from the white circle to the
rectangle, and is labeled "Controls". The lower arrow points left, from the
rectangle to the white circle, and is labeled "Controller". From the right of
the rectangle extends a blue arrow, labeled "Describes", pointing to a black
circle, labeled "DID Subject".
</div>
<p>
This configuration will often apply when the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-95">DID subject</a> is an
organization, corporation, government agency, community, or other group
that is not controlled by a single individual.
</p>
</section>
</section>
<section id="changing-the-did-subject"><div class="header-wrapper"><h3 id="b-11-changing-the-did-subject"><bdi class="secno">B.11 </bdi>Changing the DID subject</h3><a class="self-link" href="#changing-the-did-subject" aria-label="Permalink for Appendix B.11"></a></div>
<p>
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-244">DID document</a> has exactly one <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-207">DID</a> which refers to
the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-96">DID subject</a>. The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-208">DID</a> is expressed as the value of the
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-13">id</a></code> property. This property value is immutable for
the lifetime of the
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-245">DID document</a>.
</p>
<p>
However, it is possible that the resource <em>identified</em> by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-209">DID</a>,
the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-97">DID subject</a>, may change over time. This is under the exclusive
authority of the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-58">DID controller</a>. For more details, see section <a href="#persistence" class="sec-ref"><bdi class="secno">9.16 </bdi>Persistence</a>.
</p>
</section>
<section id="changing-the-did-controller"><div class="header-wrapper"><h3 id="b-12-changing-the-did-controller"><bdi class="secno">B.12 </bdi>Changing the DID controller</h3><a class="self-link" href="#changing-the-did-controller" aria-label="Permalink for Appendix B.12"></a></div>
<p>
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-59">DID controller</a> for a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-246">DID document</a> might change over time.
However, depending on how it is implemented, a change in the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-60">DID
controller</a> might not be made apparent by changes to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-247">DID document</a>
itself. For example, if the change is implemented through a shift in ownership
of the underlying cryptographic keys or other controls used for one or more of
the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-105">verification methods</a> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-248">DID document</a>, it might be
indistinguishable from a standard key rotation.
</p>
<p>
On the other hand, if the change is implemented by changing the value of the
<a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-26"><code>controller</code></a> property, it will be transparent.
</p>
<p>
If it is important to verify a change of <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-61">DID controller</a>, implementers are
advised to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-12">authenticate</a> the new <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-62">DID controller</a> against the
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-106">verification methods</a> in the revised <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-249">DID document</a>.
</p>
</section>
</section>
<section class="appendix" id="revision-history"><div class="header-wrapper"><h2 id="c-revision-history"><bdi class="secno">C. </bdi>Revision History</h2><a class="self-link" href="#revision-history" aria-label="Permalink for Appendix C."></a></div>
<p>
This section contains the changes that have been made since the publication of
this specification as a <abbr title="World Wide Web Consortium">W3C</abbr> First Public Working Draft.
</p>
<p>
Changes since the <a href="https://www.w3.org/TR/2021/CR-did-core-20210615/">Second Candidate
Recommendation</a> include:
</p>
<ul>
<li>
Non-normatively refer to the DID Resolution specification to guide implementers
toward common DID URL implementation patterns.
</li>
<li>
Elaborate upon when DID Documents are understood to start existing.
</li>
<li>
Convert PNG diagrams to SVG diagrams.
</li>
<li>
Rearrange order of Appendices to improve readability.
</li>
<li>
Update the IANA guidance as a result of the IETF Media Type Maintenance
Working Group efforts.
</li>
<li>
Add links to use cases document.
</li>
<li>
Add warning related to [<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] and <code>publicKeyMultibase</code>.
</li>
<li>
Remove at risk issue markers for features that gained enough implementation
experience.
</li>
<li>
Finalize the Editors, Authors, and Acknowledgements information.
</li>
</ul>
<p>
Changes since the <a href="https://www.w3.org/TR/2021/CR-did-core-20210318/">First Candidate
Recommendation</a> include:
</p>
<ul>
<li>
Addition of at risk markers to most of the DID Parameters, the data model
datatypes that are expected to not be implemented, and the
application/did+ld+json media type. This change resulted in the DID WG's
decision to perform a second Candidate Recommendation phase. All other
changes were either editorial or predicted in "at risk" issue markers.
</li>
<li>
Removal of the at risk issue marker for the <code>method-specific-id</code> ABNF rule
and for <code>nextUpdate</code> and <code>nextVersionId</code>.
</li>
<li>
Clarification that <code>equivalentId</code> and <code>canonicalId</code> are optional.
</li>
<li>
Addition of a definitions for "amplification attack" and "cryptographic suite".
</li>
<li>
Replacement of <code>publicKeyBase58</code> with <code>publicKeyMultibase</code>.
</li>
<li>
Updates to the DID Document examples section.
</li>
<li>
A large number of editorial clean ups to the Security Considerations section.
</li>
</ul>
<p>
Changes since the <a href="https://www.w3.org/TR/2019/WD-did-core-20191107/">First Public Working
Draft</a> include:
</p>
<ul>
<li>
The introduction of an abstract data model that can be serialized to multiple
representations including JSON and JSON-LD.
</li>
<li>
The introduction of a DID Specifications Registry for the purposes of
registering extension properties, representations, DID Resolution input
metadata and output metadata, DID Document metadata, DID parameters, and DID
Methods.
</li>
<li>
Separation of DID Document metadata, such as created and updated values,
from DID Document properties.
</li>
<li>
The removal of embedded proofs in the DID Document.
</li>
<li>
The addition of verification relationships for the purposes of authentication,
assertion, key agreement, capability invocation and capability delegation.
</li>
<li>
The ability to support relating multiple identifiers with the DID Document,
such as the DID controller, also known as, equivalent IDs, and canonical IDs.
</li>
<li>
Enhancing privacy by reducing information that could contain personally
identifiable information in the DID Document.
</li>
<li>
The addition of a large section on security considerations and privacy
considerations.
</li>
<li>
A Representations section that details how the abstract data model can be
produced and consumed in a variety of different formats along with general
rules for all representations, producers, and consumers.
</li>
<li>
A section detailing the DID Resolution and DID URL Dereferencing interface
definition that all DID resolvers are expected to expose as well as inputs
and outputs to those processes.
</li>
<li>
DID Document examples in an appendix that provide more complex examples of
DID Document serializations.
</li>
<li>
IANA Considerations for multiple representations specified in DID Core.
</li>
<li>
Removal of the Future Work section as much of the work has now been
accomplished.
</li>
<li>
An acknowledgements section.
</li>
</ul>
</section>
<section class="appendix" id="acknowledgements"><div class="header-wrapper"><h2 id="d-acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</h2><a class="self-link" href="#acknowledgements" aria-label="Permalink for Appendix D."></a></div>
<p>
The Working Group extends deep appreciation and heartfelt thanks to our Chairs
Brent Zundel and Dan Burnett, as well as our <abbr title="World Wide Web Consortium">W3C</abbr> Staff Contact, Ivan Herman, for
their tireless work in keeping the Working Group headed in a productive
direction and navigating the deep and dangerous waters of the standards process.
</p>
<p>
The Working Group gratefully acknowledges the work that led to the creation of
this specification, and extends sincere appreciation to those individuals that
worked on technologies and specifications that deeply influenced our work. In
particular, this includes the work of Phil Zimmerman, Jon Callas, Lutz
Donnerhacke, Hal Finney, David Shaw, and Rodney Thayer on <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy"> Pretty Good Privacy
(PGP)</a> in the 1990s and 2000s.
</p>
<p>
In the mid-2010s, preliminary implementations of what would become Decentralized
Identifiers were <a href="https://web-payments.org/minutes/2014-05-07/#topic-1">
built</a> in collaboration with Jeremie Miller's Telehash project and the <abbr title="World Wide Web Consortium">W3C</abbr>
Web Payments Community Group's work led by Dave Longley and Manu Sporny. Around
a year later, the XDI.org Registry Working Group
<a href="https://docs.google.com/document/d/1EP-KhH60y-nl4xkEzoeSf3DjmjLomfboF4p2umF51FA/">
began exploring</a> decentralized technologies for replacing its existing
identifier registry. Some of the first
<a href="https://github.com/WebOfTrustInfo/rwot1-sf/blob/master/final-documents/dpki.pdf">written</a>
<a href="https://github.com/WebOfTrustInfo/rwot2-id2020/blob/master/final-documents/requirements-for-dids.pdf">papers</a>
exploring the concept of Decentralized Identifiers can be traced back to the
first several Rebooting the Web of Trust workshops convened by Christopher
Allen. That work led to a key collaboration between Christopher Allen, Drummond
Reed, Les Chasen, Manu Sporny, and Anil John. Anil saw promise in the technology
and allocated the initial set of government funding to explore the space.
Without the support of Anil John and his guidance through the years, it is
unlikely that Decentralized Identifiers would be where they are today. Further
refinement at the Rebooting the Web of Trust workshops led to the <a href="https://github.com/WebOfTrustInfo/rwot3-sf/blob/master/final-documents/did-implementer-draft-10.pdf">first
implementers documentation</a>, edited by Drummond Reed, Les Chasen, Christopher
Allen, and Ryan Grant. Contributors included Manu Sporny, Dave Longley, Jason
Law, Daniel Hardman, Markus Sabadello, Christian Lundkvist, and Jonathan
Endersby. This initial work was then merged into the <abbr title="World Wide Web Consortium">W3C</abbr> Credentials Community
Group, incubated further, and then transitioned to the <abbr title="World Wide Web Consortium">W3C</abbr> Decentralized
Identifiers Working Group for global standardization.
</p>
<p>
Portions of the work on this specification have been funded by the United States
Department of Homeland Security's (US DHS) Science and Technology Directorate
under contracts HSHQDC-16-R00012-H-SB2016-1-002, and HSHQDC-17-C-00019, as well
as the US DHS Silicon Valley Innovation Program under contracts
70RSAT20T00000010, 70RSAT20T00000029, 70RSAT20T00000030, 70RSAT20T00000045,
70RSAT20T00000003, and 70RSAT20T00000033. The content of this specification does
not necessarily reflect the position or the policy of the U.S. Government and no
official endorsement should be inferred.
</p>
<p>
Portions of the work on this specification have also been funded by the European
Union's StandICT.eu program under sub-grantee contract number CALL05/19. The
content of this specification does not necessarily reflect the position or the
policy of the European Union and no official endorsement should be inferred.
</p>
<p>
Work on this specification has also been supported by the <a href="https://www.weboftrust.info/">Rebooting the Web of Trust</a> community
facilitated by Christopher Allen, Shannon Appelcline, Kiara Robles, Brian
Weller, Betty Dhamers, Kaliya Young, Kim Hamilton Duffy, Manu Sporny, Drummond
Reed, Joe Andrieu, and Heather Vescent. Development of this specification has
also been supported by the <a href="https://w3c-ccg.github.io/"><abbr title="World Wide Web Consortium">W3C</abbr> Credentials
Community Group</a>, which has been Chaired by Kim Hamilton Duffy, Joe Andrieu,
Christopher Allen, Heather Vescent, and Wayne Chang. The participants in the
Internet Identity Workshop, facilitated by Phil Windley, Kaliya Young, Doc
Searls, and Heidi Nobantu Saul, also supported this work through numerous
working sessions designed to debate, improve, and educate participants about
this specification.
</p>
<p>
The Working Group thanks the following individuals for their contributions to
this specification (in alphabetical order, Github handles start with <code>@</code> and
are sorted as last names): Denis Ah-Kang, Nacho Alamillo, Christopher Allen, Joe
Andrieu, Antonio, Phil Archer, George Aristy, Baha, Juan Benet, BigBlueHat, Dan
Bolser, Chris Boscolo, Pelle Braendgaard, Daniel Buchner, Daniel Burnett, Juan
Caballero, @cabo, Tim Cappalli, Melvin Carvalho, David Chadwick, Wayne Chang,
Sam Curren, Hai Dang, Tim Daubenschütz, Oskar van Deventer, Kim Hamilton Duffy,
Arnaud Durand, Ken Ebert, Veikko Eeva, @ewagner70, Carson Farmer, Nikos Fotiou,
Gabe, Gayan, @gimly-jack, @gjgd, Ryan Grant, Peter Grassberger, Adrian Gropper,
Amy Guy, Daniel Hardman, Kyle Den Hartog, Philippe Le Hegaret, Ivan Herman,
Michael Herman, Alen Horvat, Dave Huseby, Marcel Jackisch, Mike Jones, Andrew
Jones, Tom Jones, jonnycrunch, Gregg Kellogg, Michael Klein, @kdenhartog-sybil1,
Paul Knowles, @ktobich, David I. Lehn, Charles E. Lehner, Michael Lodder,
@mooreT1881, Dave Longley, Tobias Looker, Wolf McNally, Robert Mitwicki, Mircea
Nistor, Grant Noble, Mark Nottingham, @oare, Darrell O'Donnell, Vinod Panicker,
Dirk Porsche, Praveen, Mike Prorock, @pukkamustard, Drummond Reed, Julian
Reschke, Yancy Ribbens, Justin Richer, Rieks, @rknobloch, Mikeal Rogers,
Evstifeev Roman, Troy Ronda, Leonard Rosenthol, Michael Ruminer, Markus
Sabadello, Cihan Saglam, Samu, Rob Sanderson, Wendy Seltzer, Mehran Shakeri,
Jaehoon (Ace) Shim, Samuel Smith, James M Snell, SondreB, Manu Sporny, @ssstolk,
Orie Steele, Shigeya Suzuki, Sammotic Switchyarn, @tahpot, Oliver Terbu, Ted
Thibodeau Jr., Joel Thorstensson, Tralcan, Henry Tsai, Rod Vagg, Mike Varley,
Kaliya "Identity Woman" Young, Eric Welton, Fuqiao Xue, @Yue, Dmitri Zagidulin,
@zhanb, and Brent Zundel.
</p>
</section>
<section class="appendix" id="iana-considerations"><div class="header-wrapper"><h2 id="e-iana-considerations"><bdi class="secno">E. </bdi>IANA Considerations</h2><a class="self-link" href="#iana-considerations" aria-label="Permalink for Appendix E."></a></div>
<p>
This section will be submitted to the Internet Engineering Steering Group
(IESG) for review, approval, and registration with IANA when this specification
becomes a <abbr title="World Wide Web Consortium">W3C</abbr> Proposed Recommendation.
</p>
<section id="application-did-json"><div class="header-wrapper"><h3 id="e-1-application-did-json"><bdi class="secno">E.1 </bdi>application/did+json</h3><a class="self-link" href="#application-did-json" aria-label="Permalink for Appendix E.1"></a></div>
<dl>
<dt>Type name:</dt>
<dd>application</dd>
<dt>Subtype name:</dt>
<dd>did+json</dd>
<dt>Required parameters:</dt>
<dd>None</dd>
<dt>Optional parameters:</dt>
<dd>None</dd>
<dt>Encoding considerations:</dt>
<dd>
See <a href="https://www.rfc-editor.org/rfc/rfc8259#section-11">RFC&nbsp;8259, section 11</a>.
</dd>
<dt>Security considerations:</dt>
<dd>
See <a href="https://www.rfc-editor.org/rfc/rfc8259#section-12">RFC&nbsp;8259, section 12</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8259" title="The JavaScript Object Notation (JSON) Data Interchange Format">RFC8259</a></cite>].
</dd>
<dt>Interoperability considerations:</dt>
<dd>Not Applicable</dd>
<dt>Published specification:</dt>
<dd>https://www.w3.org/TR/did-core/</dd>
<dt>Applications that use this media type:</dt>
<dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials.
</dd>
<dt>Additional information:</dt>
<dd>
<dl>
<dt>Magic number(s):</dt>
<dd>Not Applicable</dd>
<dt>File extension(s):</dt>
<dd>.didjson</dd>
<dt>Macintosh file type code(s):</dt>
<dd>TEXT</dd>
</dl>
</dd>
<dt>Person &amp; email address to contact for further information:</dt>
<dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
<dt>Intended usage:</dt>
<dd>Common</dd>
<dt>Restrictions on usage:</dt>
<dd>None</dd>
<dt>Author(s):</dt>
<dd>
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen
</dd>
<dt>Change controller:</dt>
<dd><abbr title="World Wide Web Consortium">W3C</abbr></dd>
</dl>
<p>
Fragment identifiers used with <a href="#application-did-json">application/did+json</a> are treated according to
the rules defined in <a href="#fragment" class="sec-ref">Fragment</a>.
</p>
</section>
<section id="application-did-ld-json"><div class="header-wrapper"><h3 id="e-2-application-did-ld-json"><bdi class="secno">E.2 </bdi>application/did+ld+json</h3><a class="self-link" href="#application-did-ld-json" aria-label="Permalink for Appendix E.2"></a></div>
<div class="note" role="note" id="issue-container-generatedID-18"><div role="heading" class="note-title marker" id="h-note-18" aria-level="4"><span>Note</span><span class="issue-label">: IETF Structured Media Types</span></div><p class="">
The Candidate Recommendation phase for this specification received a significant
number of implementations for the <code>application/did+ld+json</code> media
type. Registration of the media type <code>application/did+ld+json</code> at
IANA is pending resolution of the <a href="https://datatracker.ietf.org/doc/html/draft-w3cdidwg-media-types-with-multiple-suffixes">
Media Types with Multiple Suffixes</a> issue. Work is expected to continue in
the <a href="https://datatracker.ietf.org/wg/mediaman/about/">IETF Media Type
Maintenance Working Group</a> with a registration of the
<code>application/did+ld+json</code> media type by <abbr title="World Wide Web Consortium">W3C</abbr> following shortly after
the publication of the <a href="https://datatracker.ietf.org/doc/html/draft-w3cdidwg-media-types-with-multiple-suffixes">
Media Types with Multiple Suffixes</a> RFC.
</p></div>
<dl>
<dt>Type name:</dt>
<dd>application</dd>
<dt>Subtype name:</dt>
<dd>did+ld+json</dd>
<dt>Required parameters:</dt>
<dd>None</dd>
<dt>Optional parameters:</dt>
<dd>None</dd>
<dt>Encoding considerations:</dt>
<dd>
See <a href="https://www.rfc-editor.org/rfc/rfc8259#section-11">RFC&nbsp;8259, section 11</a>.
</dd>
<dt>Security considerations:</dt>
<dd>
See <a href="https://www.w3.org/TR/json-ld11/#security">JSON-LD 1.1, Security Considerations</a>
[<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>].
</dd>
<dt>Interoperability considerations:</dt>
<dd>Not Applicable</dd>
<dt>Published specification:</dt>
<dd>https://www.w3.org/TR/did-core/</dd>
<dt>Applications that use this media type:</dt>
<dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials.
</dd>
<dt>Additional information:</dt>
<dd>
<dl>
<dt>Magic number(s):</dt>
<dd>Not Applicable</dd>
<dt>File extension(s):</dt>
<dd>.didjsonld</dd>
<dt>Macintosh file type code(s):</dt>
<dd>TEXT</dd>
</dl>
</dd>
<dt>Person &amp; email address to contact for further information:</dt>
<dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
<dt>Intended usage:</dt>
<dd>Common</dd>
<dt>Restrictions on usage:</dt>
<dd>None</dd>
<dt>Author(s):</dt>
<dd>
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen
</dd>
<dt>Change controller:</dt>
<dd><abbr title="World Wide Web Consortium">W3C</abbr></dd>
</dl>
<p>
Fragment identifiers used with
<a href="#application-did-ld-json">application/did+ld+json</a> are treated
according to the rules associated with the
<a href="https://www.w3.org/TR/json-ld11/#iana-considerations">JSON-LD 1.1: application/ld+json
media type</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>].
</p>
</section>
</section>
<section id="references" class="appendix"><div class="header-wrapper"><h2 id="f-references"><bdi class="secno">F. </bdi>References</h2><a class="self-link" href="#references" aria-label="Permalink for Appendix F."></a></div><section id="normative-references"><div class="header-wrapper"><h3 id="f-1-normative-references"><bdi class="secno">F.1 </bdi>Normative references</h3><a class="self-link" href="#normative-references" aria-label="Permalink for Appendix F.1"></a></div>
<dl class="bibliography"><dt id="bib-infra">[INFRA]</dt><dd>
<a href="https://infra.spec.whatwg.org/"><cite>Infra Standard</cite></a>. Anne van Kesteren; Domenic Denicola. WHATWG. Living Standard. URL: <a href="https://infra.spec.whatwg.org/">https://infra.spec.whatwg.org/</a>
</dd><dt id="bib-json-ld11">[JSON-LD11]</dt><dd>
<a href="https://www.w3.org/TR/json-ld11/"><cite>JSON-LD 1.1</cite></a>. Gregg Kellogg; Pierre-Antoine Champin; Dave Longley. W3C. 16 July 2020. W3C Recommendation. URL: <a href="https://www.w3.org/TR/json-ld11/">https://www.w3.org/TR/json-ld11/</a>
</dd><dt id="bib-rfc2119">[RFC2119]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc2119"><cite>Key words for use in RFCs to Indicate Requirement Levels</cite></a>. S. Bradner. IETF. March 1997. Best Current Practice. URL: <a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>
</dd><dt id="bib-rfc3552">[RFC3552]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc3552"><cite>Guidelines for Writing RFC Text on Security Considerations</cite></a>. E. Rescorla; B. Korver. IETF. July 2003. Best Current Practice. URL: <a href="https://www.rfc-editor.org/rfc/rfc3552">https://www.rfc-editor.org/rfc/rfc3552</a>
</dd><dt id="bib-rfc3986">[RFC3986]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc3986"><cite>Uniform Resource Identifier (URI): Generic Syntax</cite></a>. T. Berners-Lee; R. Fielding; L. Masinter. IETF. January 2005. Internet Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc3986">https://www.rfc-editor.org/rfc/rfc3986</a>
</dd><dt id="bib-rfc5234">[RFC5234]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc5234"><cite>Augmented BNF for Syntax Specifications: ABNF</cite></a>. D. Crocker, Ed.; P. Overell. IETF. January 2008. Internet Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc5234">https://www.rfc-editor.org/rfc/rfc5234</a>
</dd><dt id="bib-rfc7517">[RFC7517]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc7517"><cite>JSON Web Key (JWK)</cite></a>. M. Jones. IETF. May 2015. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc7517">https://www.rfc-editor.org/rfc/rfc7517</a>
</dd><dt id="bib-rfc7638">[RFC7638]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc7638"><cite>JSON Web Key (JWK) Thumbprint</cite></a>. M. Jones; N. Sakimura. IETF. September 2015. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc7638">https://www.rfc-editor.org/rfc/rfc7638</a>
</dd><dt id="bib-rfc8174">[RFC8174]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc8174"><cite>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</cite></a>. B. Leiba. IETF. May 2017. Best Current Practice. URL: <a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>
</dd><dt id="bib-rfc8259">[RFC8259]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc8259"><cite>The JavaScript Object Notation (JSON) Data Interchange Format</cite></a>. T. Bray, Ed.. IETF. December 2017. Internet Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc8259">https://www.rfc-editor.org/rfc/rfc8259</a>
</dd><dt id="bib-url">[url]</dt><dd>
<a href="https://url.spec.whatwg.org/"><cite>URL Standard</cite></a>. Anne van Kesteren. WHATWG. Living Standard. URL: <a href="https://url.spec.whatwg.org/">https://url.spec.whatwg.org/</a>
</dd><dt id="bib-xmlschema11-2">[XMLSCHEMA11-2]</dt><dd>
<a href="https://www.w3.org/TR/xmlschema11-2/"><cite>W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes</cite></a>. David Peterson; Sandy Gao; Ashok Malhotra; Michael Sperberg-McQueen; Henry Thompson; Paul V. Biron et al. W3C. 5 April 2012. W3C Recommendation. URL: <a href="https://www.w3.org/TR/xmlschema11-2/">https://www.w3.org/TR/xmlschema11-2/</a>
</dd></dl>
</section><section id="informative-references"><div class="header-wrapper"><h3 id="f-2-informative-references"><bdi class="secno">F.2 </bdi>Informative references</h3><a class="self-link" href="#informative-references" aria-label="Permalink for Appendix F.2"></a></div>
<dl class="bibliography"><dt id="bib-did-resolution">[DID-RESOLUTION]</dt><dd>
<a href="https://w3c-ccg.github.io/did-resolution/"><cite>Decentralized Identifier Resolution</cite></a>. Markus Sabadello; Dmitri Zagidulin. Credentials Community Group. Draft Community Group Report. URL: <a href="https://w3c-ccg.github.io/did-resolution/">https://w3c-ccg.github.io/did-resolution/</a>
</dd><dt id="bib-did-rubric">[DID-RUBRIC]</dt><dd>
<a href="https://w3c.github.io/did-rubric/"><cite>Decentralized Characteristics Rubric v1.0</cite></a>. Joe Andrieu. Credentials Community Group. Draft Community Group Report. URL: <a href="https://w3c.github.io/did-rubric/">https://w3c.github.io/did-rubric/</a>
</dd><dt id="bib-did-spec-registries">[DID-SPEC-REGISTRIES]</dt><dd>
<a href="https://www.w3.org/TR/did-spec-registries/"><cite>DID Specification Registries</cite></a>. Orie Steele; Manu Sporny; Michael Prorock. W3C. 28 June 2022. W3C Working Group Note. URL: <a href="https://www.w3.org/TR/did-spec-registries/">https://www.w3.org/TR/did-spec-registries/</a>
</dd><dt id="bib-did-use-cases">[DID-USE-CASES]</dt><dd>
<a href="https://www.w3.org/TR/did-use-cases/"><cite>Use Cases and Requirements for Decentralized Identifiers</cite></a>. Joe Andrieu; Phil Archer; Kim Duffy; Ryan Grant; Adrian Gropper. W3C. 17 March 2021. W3C Working Group Note. URL: <a href="https://www.w3.org/TR/did-use-cases/">https://www.w3.org/TR/did-use-cases/</a>
</dd><dt id="bib-dns-did">[DNS-DID]</dt><dd>
<a href="https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/"><cite>The Decentralized Identifier (DID) in the DNS</cite></a>. Alexander Mayrhofer; Dimitrij Klesev; Markus Sabadello. February 2019. Internet-Draft. URL: <a href="https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/">https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/</a>
</dd><dt id="bib-hashlink">[HASHLINK]</dt><dd>
<a href="https://tools.ietf.org/html/draft-sporny-hashlink-05"><cite>Cryptographic Hyperlinks</cite></a>. Manu Sporny. IETF. December 2018. Internet-Draft. URL: <a href="https://tools.ietf.org/html/draft-sporny-hashlink-05">https://tools.ietf.org/html/draft-sporny-hashlink-05</a>
</dd><dt id="bib-iana-uri-schemes">[IANA-URI-SCHEMES]</dt><dd>
<a href="https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml"><cite>Uniform Resource Identifier (URI) Schemes</cite></a>. IANA. URL: <a href="https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml">https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml</a>
</dd><dt id="bib-matrix-uris">[MATRIX-URIS]</dt><dd>
<a href="https://www.w3.org/DesignIssues/MatrixURIs.html"><cite>Matrix URIs - Ideas about Web Architecture</cite></a>. Tim Berners-Lee. December 1996. Personal View. URL: <a href="https://www.w3.org/DesignIssues/MatrixURIs.html">https://www.w3.org/DesignIssues/MatrixURIs.html</a>
</dd><dt id="bib-multibase">[MULTIBASE]</dt><dd>
<a href="https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03"><cite>The Multibase Encoding Scheme</cite></a>. Juan Benet; Manu Sporny. IETF. February 2021. Internet-Draft. URL: <a href="https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03">https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03</a>
</dd><dt id="bib-privacy-by-design">[PRIVACY-BY-DESIGN]</dt><dd>
<a href="https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf"><cite>Privacy by Design</cite></a>. Ann Cavoukian. Information and Privacy Commissioner. 2011. URL: <a href="https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf">https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf</a>
</dd><dt id="bib-rfc4122">[RFC4122]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc4122"><cite>A Universally Unique IDentifier (UUID) URN Namespace</cite></a>. P. Leach; M. Mealling; R. Salz. IETF. July 2005. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc4122">https://www.rfc-editor.org/rfc/rfc4122</a>
</dd><dt id="bib-rfc6901">[RFC6901]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc6901"><cite>JavaScript Object Notation (JSON) Pointer</cite></a>. P. Bryan, Ed.; K. Zyp; M. Nottingham, Ed.. IETF. April 2013. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc6901">https://www.rfc-editor.org/rfc/rfc6901</a>
</dd><dt id="bib-rfc6973">[RFC6973]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc6973"><cite>Privacy Considerations for Internet Protocols</cite></a>. A. Cooper; H. Tschofenig; B. Aboba; J. Peterson; J. Morris; M. Hansen; R. Smith. IETF. July 2013. Informational. URL: <a href="https://www.rfc-editor.org/rfc/rfc6973">https://www.rfc-editor.org/rfc/rfc6973</a>
</dd><dt id="bib-rfc7230">[RFC7230]</dt><dd>
<a href="https://httpwg.org/specs/rfc7230.html"><cite>Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing</cite></a>. R. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed Standard. URL: <a href="https://httpwg.org/specs/rfc7230.html">https://httpwg.org/specs/rfc7230.html</a>
</dd><dt id="bib-rfc7231">[RFC7231]</dt><dd>
<a href="https://httpwg.org/specs/rfc7231.html"><cite>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</cite></a>. R. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed Standard. URL: <a href="https://httpwg.org/specs/rfc7231.html">https://httpwg.org/specs/rfc7231.html</a>
</dd><dt id="bib-rfc8141">[RFC8141]</dt><dd>
<a href="https://www.rfc-editor.org/rfc/rfc8141"><cite>Uniform Resource Names (URNs)</cite></a>. P. Saint-Andre; J. Klensin. IETF. April 2017. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc8141">https://www.rfc-editor.org/rfc/rfc8141</a>
</dd><dt id="bib-vc-data-model">[VC-DATA-MODEL]</dt><dd>
<a href="https://www.w3.org/TR/vc-data-model/"><cite>Verifiable Credentials Data Model v1.1</cite></a>. Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel; Kyle Den Hartog. W3C. 3 March 2022. W3C Recommendation. URL: <a href="https://www.w3.org/TR/vc-data-model/">https://www.w3.org/TR/vc-data-model/</a>
</dd></dl>
</section></section><p role="navigation" id="back-to-top">
<a href="#title"><abbr title="Back to Top">↑</abbr></a>
</p><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-did" aria-label="Links in this document to definition: conforming DID">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-conforming-did" aria-label="Permalink for definition: conforming DID. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-conforming-did-1" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-conforming-did-2" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-did-document" aria-label="Links in this document to definition: conforming DID document">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-conforming-did-document" aria-label="Permalink for definition: conforming DID document. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-conforming-did-document-1" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-conforming-did-document-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-conforming-did-document-3" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-producer" aria-label="Links in this document to definition: conforming producer">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-conforming-producer" aria-label="Permalink for definition: conforming producer. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-conforming-producer-1" title="§ 5.4 Services">§ 5.4 Services</a>
</li><li>
<a href="#ref-for-dfn-conforming-producer-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-conforming-producer-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-producer-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-conforming-producer-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-conforming-producer-6" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-conforming-producer-7" title="§ 6.2.1 Production">§ 6.2.1 Production</a> <a href="#ref-for-dfn-conforming-producer-8" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-conforming-producer-9" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-conforming-producer-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-producer-11" title="Reference 3">(3)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-consumer" aria-label="Links in this document to definition: conforming consumer">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-conforming-consumer" aria-label="Permalink for definition: conforming consumer. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-conforming-consumer-1" title="§ 5.4 Services">§ 5.4 Services</a>
</li><li>
<a href="#ref-for-dfn-conforming-consumer-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-conforming-consumer-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-consumer-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-conforming-consumer-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-conforming-consumer-6" title="Reference 5">(5)</a> <a href="#ref-for-dfn-conforming-consumer-7" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-conforming-consumer-8" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-conforming-consumer-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-consumer-10" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-conforming-consumer-11" title="§ 6.3.1 Production">§ 6.3.1 Production</a>
</li><li>
<a href="#ref-for-dfn-conforming-consumer-12" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a> <a href="#ref-for-dfn-conforming-consumer-13" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-amplification" aria-label="Links in this document to definition: amplification attack">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-amplification" aria-label="Permalink for definition: amplification attack. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-amplification-1" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-authenticated" aria-label="Links in this document to definition: authenticate">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-authenticated" aria-label="Permalink for definition: authenticate. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-authenticated-1" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a>
</li><li>
<a href="#ref-for-dfn-authenticated-2" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-authenticated-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-authenticated-4" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-authenticated-5" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a>
</li><li>
<a href="#ref-for-dfn-authenticated-6" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-authenticated-7" title="Reference 2">(2)</a> <a href="#ref-for-dfn-authenticated-8" title="Reference 3">(3)</a> <a href="#ref-for-dfn-authenticated-9" title="Reference 4">(4)</a> <a href="#ref-for-dfn-authenticated-10" title="Reference 5">(5)</a> <a href="#ref-for-dfn-authenticated-11" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-authenticated-12" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-cryptosuite" aria-label="Links in this document to definition: cryptographic suite">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-cryptosuite" aria-label="Permalink for definition: cryptographic suite. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-cryptosuite-1" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-decentralized-identifiers" aria-label="Links in this document to definition: decentralized identifier">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-decentralized-identifiers" aria-label="Permalink for definition: decentralized identifier. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-decentralized-identifiers-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-decentralized-identifiers-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-5" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-6" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-7" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-8" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-9" title="Reference 9">(9)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-10" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a> <a href="#ref-for-dfn-decentralized-identifiers-11" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-12" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-13" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a> <a href="#ref-for-dfn-decentralized-identifiers-14" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-15" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-16" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-17" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-decentralized-identifiers-18" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-19" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-20" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-21" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-22" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-23" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-24" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-25" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-26" title="Reference 10">(10)</a> <a href="#ref-for-dfn-decentralized-identifiers-27" title="Reference 11">(11)</a> <a href="#ref-for-dfn-decentralized-identifiers-28" title="Reference 12">(12)</a> <a href="#ref-for-dfn-decentralized-identifiers-29" title="Reference 13">(13)</a> <a href="#ref-for-dfn-decentralized-identifiers-30" title="Reference 14">(14)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-31" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-decentralized-identifiers-32" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-33" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-34" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-35" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-36" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-decentralized-identifiers-37" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-38" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-40" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-41" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-42" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-43" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-44" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-45" title="Reference 10">(10)</a> <a href="#ref-for-dfn-decentralized-identifiers-46" title="Reference 11">(11)</a> <a href="#ref-for-dfn-decentralized-identifiers-47" title="Reference 12">(12)</a> <a href="#ref-for-dfn-decentralized-identifiers-48" title="Reference 13">(13)</a> <a href="#ref-for-dfn-decentralized-identifiers-49" title="Reference 14">(14)</a> <a href="#ref-for-dfn-decentralized-identifiers-50" title="Reference 15">(15)</a> <a href="#ref-for-dfn-decentralized-identifiers-51" title="Reference 16">(16)</a> <a href="#ref-for-dfn-decentralized-identifiers-52" title="Reference 17">(17)</a> <a href="#ref-for-dfn-decentralized-identifiers-53" title="Reference 18">(18)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-54" title="§ 3. Identifier">§ 3. Identifier</a> <a href="#ref-for-dfn-decentralized-identifiers-55" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-56" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a> <a href="#ref-for-dfn-decentralized-identifiers-57" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-58" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-decentralized-identifiers-59" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-60" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-61" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-62" title="§ 5. Core Properties">§ 5. Core Properties</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-63" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-decentralized-identifiers-64" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-65" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-decentralized-identifiers-66" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-67" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-68" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-69" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-70" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-decentralized-identifiers-71" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-72" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-decentralized-identifiers-73" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-74" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-75" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-76" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-77" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-decentralized-identifiers-78" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-79" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-80" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-81" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-82" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-83" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-84" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-85" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-86" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-87" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-decentralized-identifiers-88" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-89" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> <a href="#ref-for-dfn-decentralized-identifiers-90" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-91" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-decentralized-identifiers-92" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-93" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-94" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> <a href="#ref-for-dfn-decentralized-identifiers-95" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-96" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-97" title="§ 9. Security Considerations">§ 9. Security Considerations</a> <a href="#ref-for-dfn-decentralized-identifiers-98" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-99" title="§ 9.2 Proving Control and Binding">§ 9.2 Proving Control and Binding</a> <a href="#ref-for-dfn-decentralized-identifiers-100" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-101" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> <a href="#ref-for-dfn-decentralized-identifiers-102" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-103" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-104" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-105" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a> <a href="#ref-for-dfn-decentralized-identifiers-106" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-107" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-108" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-109" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-110" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> <a href="#ref-for-dfn-decentralized-identifiers-111" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-112" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-113" title="§ 9.6 Key and Signature Expiration">§ 9.6 Key and Signature Expiration</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-114" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-115" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-116" title="§ Revocation Semantics">§ Revocation Semantics</a> <a href="#ref-for-dfn-decentralized-identifiers-117" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-118" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-119" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-120" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-121" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-122" title="§ 9.9 DID Recovery">§ 9.9 DID Recovery</a> <a href="#ref-for-dfn-decentralized-identifiers-123" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-124" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-125" title="§ 9.10 The Role of Human-Friendly Identifiers">§ 9.10 The Role of Human-Friendly Identifiers</a> <a href="#ref-for-dfn-decentralized-identifiers-126" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-127" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-128" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> <a href="#ref-for-dfn-decentralized-identifiers-129" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-130" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-131" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-132" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-133" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-134" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-135" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-136" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-decentralized-identifiers-137" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-138" title="§ 9.16 Persistence">§ 9.16 Persistence</a> <a href="#ref-for-dfn-decentralized-identifiers-139" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-140" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-141" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-142" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-143" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-144" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-145" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-146" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-147" title="Reference 10">(10)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-148" title="§ 10. Privacy Considerations">§ 10. Privacy Considerations</a> <a href="#ref-for-dfn-decentralized-identifiers-149" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-150" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-151" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-152" title="§ 10.2 DID Correlation Risks">§ 10.2 DID Correlation Risks</a> <a href="#ref-for-dfn-decentralized-identifiers-153" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-154" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-155" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-156" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-157" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-158" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-decentralized-identifiers-159" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-160" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-161" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-162" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-163" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-164" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> <a href="#ref-for-dfn-decentralized-identifiers-165" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-166" title="§ 10.5 Herd Privacy">§ 10.5 Herd Privacy</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-167" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-decentralized-identifiers-168" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-169" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-decentralized-identifiers-170" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-171" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-172" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-173" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> <a href="#ref-for-dfn-decentralized-identifiers-174" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-175" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-176" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-177" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-178" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-179" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-180" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-181" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-182" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-183" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-184" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-185" title="Reference 10">(10)</a> <a href="#ref-for-dfn-decentralized-identifiers-186" title="Reference 11">(11)</a> <a href="#ref-for-dfn-decentralized-identifiers-187" title="Reference 12">(12)</a> <a href="#ref-for-dfn-decentralized-identifiers-188" title="Reference 13">(13)</a> <a href="#ref-for-dfn-decentralized-identifiers-189" title="Reference 14">(14)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-190" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-decentralized-identifiers-191" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-192" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-193" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-194" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-195" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-196" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-197" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-198" title="§ B.8 Assigning DIDs to existing web resources">§ B.8 Assigning DIDs to existing web resources</a> <a href="#ref-for-dfn-decentralized-identifiers-199" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-200" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-201" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-202" title="§ B.9.1 Set #1: The DID subject is the DID controller">§ B.9.1 Set #1: The DID subject is the DID controller</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-203" title="§ B.9.2 Set #2: The DID subject is not the DID controller">§ B.9.2 Set #2: The DID subject is not the DID controller</a> <a href="#ref-for-dfn-decentralized-identifiers-204" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-205" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-206" title="§ B.10.1 Independent Control">§ B.10.1 Independent Control</a>
</li><li>
<a href="#ref-for-dfn-decentralized-identifiers-207" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-208" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-209" title="Reference 3">(3)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-decentralized-identity-management" aria-label="Links in this document to definition: decentralized identity management">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-decentralized-identity-management" aria-label="Permalink for definition: decentralized identity management. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-decentralized-identity-management-1" title="§ 5.4 Services">§ 5.4 Services</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-controllers" aria-label="Links in this document to definition: DID controller">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-controllers" aria-label="Permalink for definition: DID controller. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-controllers-1" title="§ Abstract">§ Abstract</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-2" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-3" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-4" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-controllers-5" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-6" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-7" title="§ Path">§ Path</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-8" title="§ 5.1 Identifiers">§ 5.1 Identifiers</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-9" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-did-controllers-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-11" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-12" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> <a href="#ref-for-dfn-did-controllers-13" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-14" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-controllers-15" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-16" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-17" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-controllers-18" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-19" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-20" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> <a href="#ref-for-dfn-did-controllers-21" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-22" title="§ Revocation Semantics">§ Revocation Semantics</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-23" title="§ 9.10 The Role of Human-Friendly Identifiers">§ 9.10 The Role of Human-Friendly Identifiers</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-24" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> <a href="#ref-for-dfn-did-controllers-25" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-26" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-27" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-controllers-28" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-controllers-29" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-30" title="§ 10. Privacy Considerations">§ 10. Privacy Considerations</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-31" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-32" title="§ 10.2 DID Correlation Risks">§ 10.2 DID Correlation Risks</a> <a href="#ref-for-dfn-did-controllers-33" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-34" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-35" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-36" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-controllers-37" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-38" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-39" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-40" title="§ B.9 The relationship between DID controllers and DID subjects">§ B.9 The relationship between DID controllers and DID subjects</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-41" title="§ B.9.1 Set #1: The DID subject is the DID controller">§ B.9.1 Set #1: The DID subject is the DID controller</a> <a href="#ref-for-dfn-did-controllers-42" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-43" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-44" title="§ B.9.2 Set #2: The DID subject is not the DID controller">§ B.9.2 Set #2: The DID subject is not the DID controller</a> <a href="#ref-for-dfn-did-controllers-45" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-46" title="§ B.10 Multiple DID controllers">§ B.10 Multiple DID controllers</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-47" title="§ B.10.1 Independent Control">§ B.10.1 Independent Control</a> <a href="#ref-for-dfn-did-controllers-48" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-49" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-50" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-51" title="§ B.10.2 Group Control">§ B.10.2 Group Control</a> <a href="#ref-for-dfn-did-controllers-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-53" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-54" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-controllers-55" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-controllers-56" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-controllers-57" title="Reference 7">(7)</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-58" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a>
</li><li>
<a href="#ref-for-dfn-did-controllers-59" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> <a href="#ref-for-dfn-did-controllers-60" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-61" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-62" title="Reference 4">(4)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-delegate" aria-label="Links in this document to definition: DID delegate">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-delegate" aria-label="Permalink for definition: DID delegate. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-delegate-1" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-delegate-2" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-documents" aria-label="Links in this document to definition: DID document">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-documents" aria-label="Permalink for definition: DID document. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-documents-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-did-documents-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-3" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a> <a href="#ref-for-dfn-did-documents-4" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-5" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a>
</li><li>
<a href="#ref-for-dfn-did-documents-6" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-documents-7" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-8" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-9" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-10" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-11" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-12" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-13" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-14" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-documents-15" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-documents-16" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-documents-17" title="Reference 12">(12)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-18" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-did-documents-19" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-20" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-21" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-22" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-23" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-documents-25" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-26" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-27" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-28" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-29" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-30" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-31" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-documents-32" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-documents-33" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-documents-34" title="Reference 12">(12)</a> <a href="#ref-for-dfn-did-documents-35" title="Reference 13">(13)</a> <a href="#ref-for-dfn-did-documents-36" title="Reference 14">(14)</a> <a href="#ref-for-dfn-did-documents-37" title="Reference 15">(15)</a> <a href="#ref-for-dfn-did-documents-38" title="Reference 16">(16)</a> <a href="#ref-for-dfn-did-documents-39" title="Reference 17">(17)</a> <a href="#ref-for-dfn-did-documents-40" title="Reference 18">(18)</a> <a href="#ref-for-dfn-did-documents-41" title="Reference 19">(19)</a> <a href="#ref-for-dfn-did-documents-42" title="Reference 20">(20)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-43" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a>
</li><li>
<a href="#ref-for-dfn-did-documents-44" title="§ Fragment">§ Fragment</a>
</li><li>
<a href="#ref-for-dfn-did-documents-45" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-documents-46" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-47" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-48" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-49" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-50" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-51" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> <a href="#ref-for-dfn-did-documents-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-53" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-54" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-55" title="§ 4. Data Model">§ 4. Data Model</a> <a href="#ref-for-dfn-did-documents-56" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-57" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-58" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-59" title="§ 5. Core Properties">§ 5. Core Properties</a> <a href="#ref-for-dfn-did-documents-60" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-61" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-62" title="§ 5.1 Identifiers">§ 5.1 Identifiers</a>
</li><li>
<a href="#ref-for-dfn-did-documents-63" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-did-documents-64" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-65" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-66" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-67" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-68" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-did-documents-69" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-70" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-71" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-72" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a>
</li><li>
<a href="#ref-for-dfn-did-documents-73" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> <a href="#ref-for-dfn-did-documents-74" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-75" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-76" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-77" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> <a href="#ref-for-dfn-did-documents-78" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-79" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a> <a href="#ref-for-dfn-did-documents-80" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-81" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-did-documents-82" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-83" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-84" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-85" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-86" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-documents-87" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-88" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-89" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-90" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-91" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a>
</li><li>
<a href="#ref-for-dfn-did-documents-92" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> <a href="#ref-for-dfn-did-documents-93" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-94" title="§ 5.4 Services">§ 5.4 Services</a>
</li><li>
<a href="#ref-for-dfn-did-documents-95" title="§ 6. Representations">§ 6. Representations</a>
</li><li>
<a href="#ref-for-dfn-did-documents-96" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-did-documents-97" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-98" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-99" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-100" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-101" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-102" title="Reference 7">(7)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-103" title="§ 6.2.1 Production">§ 6.2.1 Production</a> <a href="#ref-for-dfn-did-documents-104" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-105" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-106" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-did-documents-107" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-108" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-109" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-110" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-did-documents-111" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-112" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-113" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a> <a href="#ref-for-dfn-did-documents-114" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-115" title="§ 7. Resolution">§ 7. Resolution</a>
</li><li>
<a href="#ref-for-dfn-did-documents-116" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-did-documents-117" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-118" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-119" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-120" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-121" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-122" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-123" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-124" title="Reference 9">(9)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-125" title="§ 7.1.1 DID Resolution Options">§ 7.1.1 DID Resolution Options</a>
</li><li>
<a href="#ref-for-dfn-did-documents-126" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a>
</li><li>
<a href="#ref-for-dfn-did-documents-127" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-did-documents-128" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-129" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-130" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-131" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-132" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-133" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-134" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-135" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-documents-136" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-documents-137" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-documents-138" title="Reference 12">(12)</a> <a href="#ref-for-dfn-did-documents-139" title="Reference 13">(13)</a> <a href="#ref-for-dfn-did-documents-140" title="Reference 14">(14)</a> <a href="#ref-for-dfn-did-documents-141" title="Reference 15">(15)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-142" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-documents-143" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-144" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a>
</li><li>
<a href="#ref-for-dfn-did-documents-145" title="§ 8. Methods">§ 8. Methods</a>
</li><li>
<a href="#ref-for-dfn-did-documents-146" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-documents-147" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-148" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-149" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-150" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-151" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-152" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a>
</li><li>
<a href="#ref-for-dfn-did-documents-153" title="§ 9.2 Proving Control and Binding">§ 9.2 Proving Control and Binding</a> <a href="#ref-for-dfn-did-documents-154" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-155" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> <a href="#ref-for-dfn-did-documents-156" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-157" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-158" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-159" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-160" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a> <a href="#ref-for-dfn-did-documents-161" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-162" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a>
</li><li>
<a href="#ref-for-dfn-did-documents-163" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a>
</li><li>
<a href="#ref-for-dfn-did-documents-164" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a>
</li><li>
<a href="#ref-for-dfn-did-documents-165" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-did-documents-166" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-167" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-168" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-did-documents-169" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-170" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-171" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-172" title="§ Revocation Semantics">§ Revocation Semantics</a> <a href="#ref-for-dfn-did-documents-173" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-174" title="§ Revocation in Trustless Systems">§ Revocation in Trustless Systems</a> <a href="#ref-for-dfn-did-documents-175" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-176" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-177" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-178" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a>
</li><li>
<a href="#ref-for-dfn-did-documents-179" title="§ 9.12 Immutability">§ 9.12 Immutability</a> <a href="#ref-for-dfn-did-documents-180" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-181" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-182" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-183" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-184" title="§ 9.13 Encrypted Data in DID Documents">§ 9.13 Encrypted Data in DID Documents</a> <a href="#ref-for-dfn-did-documents-185" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-186" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-187" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-188" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-189" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-did-documents-190" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-191" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-192" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-193" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-194" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-195" title="§ 9.15 Content Integrity Protection">§ 9.15 Content Integrity Protection</a> <a href="#ref-for-dfn-did-documents-196" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-197" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-198" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-199" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a> <a href="#ref-for-dfn-did-documents-200" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-201" title="§ 10. Privacy Considerations">§ 10. Privacy Considerations</a>
</li><li>
<a href="#ref-for-dfn-did-documents-202" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> <a href="#ref-for-dfn-did-documents-203" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-204" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-205" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-206" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-did-documents-207" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-208" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-209" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-210" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> <a href="#ref-for-dfn-did-documents-211" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-212" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-213" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-214" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-did-documents-215" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-216" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-217" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-218" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-219" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-220" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-did-documents-221" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-222" title="§ Service Endpoint Alternatives">§ Service Endpoint Alternatives</a>
</li><li>
<a href="#ref-for-dfn-did-documents-223" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> <a href="#ref-for-dfn-did-documents-224" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-225" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-did-documents-226" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-227" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-documents-228" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-229" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-230" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-231" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-232" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> <a href="#ref-for-dfn-did-documents-233" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-234" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-235" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-236" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-did-documents-237" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-238" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-239" title="§ B.8 Assigning DIDs to existing web resources">§ B.8 Assigning DIDs to existing web resources</a> <a href="#ref-for-dfn-did-documents-240" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-241" title="§ B.10 Multiple DID controllers">§ B.10 Multiple DID controllers</a>
</li><li>
<a href="#ref-for-dfn-did-documents-242" title="§ B.10.1 Independent Control">§ B.10.1 Independent Control</a> <a href="#ref-for-dfn-did-documents-243" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-244" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> <a href="#ref-for-dfn-did-documents-245" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-documents-246" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> <a href="#ref-for-dfn-did-documents-247" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-248" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-249" title="Reference 4">(4)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-fragments" aria-label="Links in this document to definition: DID fragment">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-fragments" aria-label="Permalink for definition: DID fragment. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-fragments-1" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-did-fragments-2" title="§ Fragment">§ Fragment</a> <a href="#ref-for-dfn-did-fragments-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-fragments-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-fragments-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-fragments-6" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-fragments-7" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-fragments-8" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-fragments-9" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-methods" aria-label="Links in this document to definition: DID method">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-methods" aria-label="Permalink for definition: DID method. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-methods-1" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a>
</li><li>
<a href="#ref-for-dfn-did-methods-2" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a>
</li><li>
<a href="#ref-for-dfn-did-methods-3" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-methods-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-5" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-6" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-7" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-8" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-did-methods-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-11" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-12" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-methods-13" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-14" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-15" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-16" title="§ 3. Identifier">§ 3. Identifier</a>
</li><li>
<a href="#ref-for-dfn-did-methods-17" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a>
</li><li>
<a href="#ref-for-dfn-did-methods-18" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a>
</li><li>
<a href="#ref-for-dfn-did-methods-19" title="§ Path">§ Path</a>
</li><li>
<a href="#ref-for-dfn-did-methods-20" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-methods-21" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-22" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-23" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-24" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-25" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a>
</li><li>
<a href="#ref-for-dfn-did-methods-26" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a>
</li><li>
<a href="#ref-for-dfn-did-methods-27" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a>
</li><li>
<a href="#ref-for-dfn-did-methods-28" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a>
</li><li>
<a href="#ref-for-dfn-did-methods-29" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-methods-30" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-31" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-32" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-33" title="§ 7. Resolution">§ 7. Resolution</a>
</li><li>
<a href="#ref-for-dfn-did-methods-34" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a>
</li><li>
<a href="#ref-for-dfn-did-methods-35" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a>
</li><li>
<a href="#ref-for-dfn-did-methods-36" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-did-methods-37" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-38" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-39" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-40" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-41" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-42" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-43" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-44" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a>
</li><li>
<a href="#ref-for-dfn-did-methods-45" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-did-methods-46" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-47" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-48" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-49" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-50" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-51" title="Reference 7">(7)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-52" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> <a href="#ref-for-dfn-did-methods-53" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-54" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-55" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-56" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-57" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-58" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-59" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-methods-60" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-methods-61" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-methods-62" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-methods-63" title="Reference 12">(12)</a> <a href="#ref-for-dfn-did-methods-64" title="Reference 13">(13)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-65" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-methods-66" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-67" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-68" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-69" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-70" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-71" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-72" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-73" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> <a href="#ref-for-dfn-did-methods-74" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-75" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-76" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-77" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-78" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-79" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-80" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-methods-81" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-methods-82" title="Reference 10">(10)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-83" title="§ 8.4 Privacy Requirements">§ 8.4 Privacy Requirements</a> <a href="#ref-for-dfn-did-methods-84" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-85" title="§ 9.1 Choosing DID Resolvers">§ 9.1 Choosing DID Resolvers</a> <a href="#ref-for-dfn-did-methods-86" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-87" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-88" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-89" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-90" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> <a href="#ref-for-dfn-did-methods-91" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-92" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a>
</li><li>
<a href="#ref-for-dfn-did-methods-93" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-did-methods-94" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-95" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-96" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-did-methods-97" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-98" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-99" title="§ Revocation Semantics">§ Revocation Semantics</a> <a href="#ref-for-dfn-did-methods-100" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-101" title="§ Revocation in Trustless Systems">§ Revocation in Trustless Systems</a>
</li><li>
<a href="#ref-for-dfn-did-methods-102" title="§ 9.9 DID Recovery">§ 9.9 DID Recovery</a> <a href="#ref-for-dfn-did-methods-103" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-104" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-105" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-106" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-107" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> <a href="#ref-for-dfn-did-methods-108" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-109" title="§ 9.12 Immutability">§ 9.12 Immutability</a> <a href="#ref-for-dfn-did-methods-110" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-111" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-112" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-did-methods-113" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-114" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-115" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-116" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-117" title="§ 9.16 Persistence">§ 9.16 Persistence</a>
</li><li>
<a href="#ref-for-dfn-did-methods-118" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a>
</li><li>
<a href="#ref-for-dfn-did-methods-119" title="§ 10.5 Herd Privacy">§ 10.5 Herd Privacy</a>
</li><li>
<a href="#ref-for-dfn-did-methods-120" title="§ Service Endpoint Alternatives">§ Service Endpoint Alternatives</a>
</li><li>
<a href="#ref-for-dfn-did-methods-121" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> <a href="#ref-for-dfn-did-methods-122" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-123" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-124" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-125" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-126" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-did-methods-127" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-methods-128" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a>
</li><li>
<a href="#ref-for-dfn-did-methods-129" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> <a href="#ref-for-dfn-did-methods-130" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-paths" aria-label="Links in this document to definition: DID path">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-paths" aria-label="Permalink for definition: DID path. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-paths-1" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-did-paths-2" title="§ Path">§ Path</a>
</li><li>
<a href="#ref-for-dfn-did-paths-3" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-queries" aria-label="Links in this document to definition: DID query">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-queries" aria-label="Permalink for definition: DID query. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-queries-1" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-did-queries-2" title="§ Query">§ Query</a>
</li><li>
<a href="#ref-for-dfn-did-queries-3" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-resolution" aria-label="Links in this document to definition: DID resolution">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-resolution" aria-label="Permalink for definition: DID resolution. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-resolution-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-resolution-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-3" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-resolution-4" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-5" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-6" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-7" title="§ 7. Resolution">§ 7. Resolution</a> <a href="#ref-for-dfn-did-resolution-8" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-9" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-did-resolution-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-resolution-11" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-12" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-13" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-resolution-14" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-15" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-16" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-17" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a>
</li><li>
<a href="#ref-for-dfn-did-resolution-18" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-resolution-19" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-resolvers" aria-label="Links in this document to definition: DID resolver">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-resolvers" aria-label="Permalink for definition: DID resolver. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-resolvers-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-3" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-4" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-resolvers-5" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-6" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-7" title="§ 7. Resolution">§ 7. Resolution</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-8" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-did-resolvers-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-resolvers-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-resolvers-11" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-12" title="§ 7.1.1 DID Resolution Options">§ 7.1.1 DID Resolution Options</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-13" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> <a href="#ref-for-dfn-did-resolvers-14" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-15" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-16" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-resolvers-17" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-18" title="§ 9.1 Choosing DID Resolvers">§ 9.1 Choosing DID Resolvers</a> <a href="#ref-for-dfn-did-resolvers-19" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-20" title="§ 9.6 Key and Signature Expiration">§ 9.6 Key and Signature Expiration</a>
</li><li>
<a href="#ref-for-dfn-did-resolvers-21" title="§ 9.12 Immutability">§ 9.12 Immutability</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-schemes" aria-label="Links in this document to definition: DID scheme">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-schemes" aria-label="Permalink for definition: DID scheme. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-schemes-1" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-schemes-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-schemes-3" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a>
</li><li>
<a href="#ref-for-dfn-did-schemes-4" title="§ 8. Methods">§ 8. Methods</a>
</li><li>
<a href="#ref-for-dfn-did-schemes-5" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-subjects" aria-label="Links in this document to definition: DID subject">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-subjects" aria-label="Permalink for definition: DID subject. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-subjects-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-did-subjects-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-4" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-5" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-subjects-6" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-7" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-8" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-subjects-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-11" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-12" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-subjects-13" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-subjects-14" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-subjects-15" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-16" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-17" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-18" title="§ 5. Core Properties">§ 5. Core Properties</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-19" title="§ 5.1 Identifiers">§ 5.1 Identifiers</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-20" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-did-subjects-21" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-22" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-did-subjects-23" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-24" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> <a href="#ref-for-dfn-did-subjects-25" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-26" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-27" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-28" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-did-subjects-29" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-30" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-31" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-subjects-32" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-33" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> <a href="#ref-for-dfn-did-subjects-34" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-35" title="§ 5.3.3 Key Agreement">§ 5.3.3 Key Agreement</a> <a href="#ref-for-dfn-did-subjects-36" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-37" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> <a href="#ref-for-dfn-did-subjects-38" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-39" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-40" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a> <a href="#ref-for-dfn-did-subjects-41" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-42" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-43" title="§ 5.4 Services">§ 5.4 Services</a> <a href="#ref-for-dfn-did-subjects-44" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-45" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-did-subjects-46" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-47" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-48" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-49" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-50" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-51" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-52" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-53" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> <a href="#ref-for-dfn-did-subjects-54" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-55" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-56" title="§ 10.2 DID Correlation Risks">§ 10.2 DID Correlation Risks</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-57" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> <a href="#ref-for-dfn-did-subjects-58" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-59" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-60" title="§ 10.5 Herd Privacy">§ 10.5 Herd Privacy</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-61" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-62" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-did-subjects-63" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-64" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-65" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-66" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-67" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-did-subjects-68" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-69" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-70" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-71" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-subjects-72" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-73" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-subjects-74" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-75" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-76" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-77" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-subjects-78" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-79" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> <a href="#ref-for-dfn-did-subjects-80" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-81" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-82" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-did-subjects-83" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-84" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-85" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-86" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-87" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> <a href="#ref-for-dfn-did-subjects-88" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-89" title="§ B.9 The relationship between DID controllers and DID subjects">§ B.9 The relationship between DID controllers and DID subjects</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-90" title="§ B.9.1 Set #1: The DID subject is the DID controller">§ B.9.1 Set #1: The DID subject is the DID controller</a> <a href="#ref-for-dfn-did-subjects-91" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-92" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-93" title="§ B.9.2 Set #2: The DID subject is not the DID controller">§ B.9.2 Set #2: The DID subject is not the DID controller</a> <a href="#ref-for-dfn-did-subjects-94" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-95" title="§ B.10.2 Group Control">§ B.10.2 Group Control</a>
</li><li>
<a href="#ref-for-dfn-did-subjects-96" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> <a href="#ref-for-dfn-did-subjects-97" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-urls" aria-label="Links in this document to definition: DID URL">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-urls" aria-label="Permalink for definition: DID URL. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-urls-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-urls-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-urls-3" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-urls-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-5" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-6" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-7" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-urls-8" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-urls-9" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-urls-10" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-did-urls-11" title="§ 3. Identifier">§ 3. Identifier</a> <a href="#ref-for-dfn-did-urls-12" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-urls-13" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> <a href="#ref-for-dfn-did-urls-14" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-15" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-did-urls-16" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-urls-17" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-18" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-19" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-20" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-did-urls-21" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> <a href="#ref-for-dfn-did-urls-22" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-23" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-24" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-25" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-urls-26" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-did-urls-27" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-urls-28" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-29" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-30" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-31" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-urls-32" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-urls-33" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-urls-34" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-did-urls-35" title="§ 7.2.2 DID URL Dereferencing Metadata">§ 7.2.2 DID URL Dereferencing Metadata</a>
</li><li>
<a href="#ref-for-dfn-did-urls-36" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a>
</li><li>
<a href="#ref-for-dfn-did-urls-37" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-url-dereferencing" aria-label="Links in this document to definition: DID URL dereferencing">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-url-dereferencing" aria-label="Permalink for definition: DID URL dereferencing. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-url-dereferencing-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-url-dereferencing-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencing-3" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencing-4" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencing-5" title="§ 7. Resolution">§ 7. Resolution</a>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencing-6" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-url-dereferencing-7" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-url-dereferencing-8" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-url-dereferencing-9" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-url-dereferencing-10" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-url-dereferencing-11" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-url-dereferencing-12" title="Reference 7">(7)</a>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencing-13" title="§ 7.2.1 DID URL Dereferencing Options">§ 7.2.1 DID URL Dereferencing Options</a>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencing-14" title="§ 7.2.2 DID URL Dereferencing Metadata">§ 7.2.2 DID URL Dereferencing Metadata</a>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencing-15" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-url-dereferencers" aria-label="Links in this document to definition: DID URL dereferencer">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-did-url-dereferencers" aria-label="Permalink for definition: DID URL dereferencer. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-did-url-dereferencers-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a>
</li><li>
</li><li>
<a href="#ref-for-dfn-did-url-dereferencers-3" title="§ 7.2.2 DID URL Dereferencing Metadata">§ 7.2.2 DID URL Dereferencing Metadata</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-distributed-ledger-technology" aria-label="Links in this document to definition: distributed ledger">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-distributed-ledger-technology" aria-label="Permalink for definition: distributed ledger. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-distributed-ledger-technology-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a>
</li><li>
<a href="#ref-for-dfn-distributed-ledger-technology-2" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-distributed-ledger-technology-3" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> <a href="#ref-for-dfn-distributed-ledger-technology-4" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-distributed-ledger-technology-5" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-public-key-description" aria-label="Links in this document to definition: public key description">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-public-key-description" aria-label="Permalink for definition: public key description. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-resources" aria-label="Links in this document to definition: resource">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-resources" aria-label="Permalink for definition: resource. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-resources-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-resources-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-resources-3" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-resources-4" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-resources-5" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a>
</li><li>
<a href="#ref-for-dfn-resources-6" title="§ Fragment">§ Fragment</a>
</li><li>
<a href="#ref-for-dfn-resources-7" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-resources-8" title="Reference 2">(2)</a> <a href="#ref-for-dfn-resources-9" title="Reference 3">(3)</a> <a href="#ref-for-dfn-resources-10" title="Reference 4">(4)</a> <a href="#ref-for-dfn-resources-11" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-resources-12" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a>
</li><li>
<a href="#ref-for-dfn-resources-13" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a>
</li><li>
<a href="#ref-for-dfn-resources-14" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-resources-15" title="Reference 2">(2)</a> <a href="#ref-for-dfn-resources-16" title="Reference 3">(3)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-representations" aria-label="Links in this document to definition: representation">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-representations" aria-label="Permalink for definition: representation. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-representations-1" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-representations-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-3" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-representations-4" title="§ Fragment">§ Fragment</a> <a href="#ref-for-dfn-representations-5" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-representations-6" title="§ 4. Data Model">§ 4. Data Model</a> <a href="#ref-for-dfn-representations-7" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-representations-8" title="§ 4.1 Extensibility">§ 4.1 Extensibility</a> <a href="#ref-for-dfn-representations-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-11" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-12" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-13" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-representations-14" title="§ 6. Representations">§ 6. Representations</a> <a href="#ref-for-dfn-representations-15" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-16" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-17" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-18" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-19" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representations-20" title="Reference 7">(7)</a>
</li><li>
<a href="#ref-for-dfn-representations-21" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-representations-22" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-23" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-24" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-25" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-26" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representations-27" title="Reference 7">(7)</a> <a href="#ref-for-dfn-representations-28" title="Reference 8">(8)</a> <a href="#ref-for-dfn-representations-29" title="Reference 9">(9)</a> <a href="#ref-for-dfn-representations-30" title="Reference 10">(10)</a> <a href="#ref-for-dfn-representations-31" title="Reference 11">(11)</a> <a href="#ref-for-dfn-representations-32" title="Reference 12">(12)</a> <a href="#ref-for-dfn-representations-33" title="Reference 13">(13)</a> <a href="#ref-for-dfn-representations-34" title="Reference 14">(14)</a> <a href="#ref-for-dfn-representations-35" title="Reference 15">(15)</a> <a href="#ref-for-dfn-representations-36" title="Reference 16">(16)</a> <a href="#ref-for-dfn-representations-37" title="Reference 17">(17)</a> <a href="#ref-for-dfn-representations-38" title="Reference 18">(18)</a> <a href="#ref-for-dfn-representations-39" title="Reference 19">(19)</a> <a href="#ref-for-dfn-representations-40" title="Reference 20">(20)</a> <a href="#ref-for-dfn-representations-41" title="Reference 21">(21)</a> <a href="#ref-for-dfn-representations-42" title="Reference 22">(22)</a>
</li><li>
<a href="#ref-for-dfn-representations-43" title="§ 6.2 JSON">§ 6.2 JSON</a>
</li><li>
<a href="#ref-for-dfn-representations-44" title="§ 6.2.1 Production">§ 6.2.1 Production</a> <a href="#ref-for-dfn-representations-45" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-representations-46" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-representations-47" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-48" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-representations-49" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a> <a href="#ref-for-dfn-representations-50" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-representations-51" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-representations-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-53" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-54" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-55" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-56" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representations-57" title="Reference 7">(7)</a> <a href="#ref-for-dfn-representations-58" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-representations-59" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a> <a href="#ref-for-dfn-representations-60" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-61" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-62" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-representations-63" title="§ 7. Resolution">§ 7. Resolution</a>
</li><li>
<a href="#ref-for-dfn-representations-64" title="§ 7.1.1 DID Resolution Options">§ 7.1.1 DID Resolution Options</a> <a href="#ref-for-dfn-representations-65" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-66" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-representations-67" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> <a href="#ref-for-dfn-representations-68" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-representations-69" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a>
</li><li>
<a href="#ref-for-dfn-representations-70" title="§ 7.2.1 DID URL Dereferencing Options">§ 7.2.1 DID URL Dereferencing Options</a> <a href="#ref-for-dfn-representations-71" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-representations-72" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a>
</li><li>
<a href="#ref-for-dfn-representations-73" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-representation-specific-entry" aria-label="Links in this document to definition: representation-specific entries">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-representation-specific-entry" aria-label="Permalink for definition: representation-specific entries. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-representation-specific-entry-1" title="§ 4. Data Model">§ 4. Data Model</a>
</li><li>
<a href="#ref-for-dfn-representation-specific-entry-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-representation-specific-entry-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representation-specific-entry-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representation-specific-entry-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representation-specific-entry-6" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representation-specific-entry-7" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representation-specific-entry-8" title="Reference 7">(7)</a> <a href="#ref-for-dfn-representation-specific-entry-9" title="Reference 8">(8)</a>
</li><li>
<a href="#ref-for-dfn-representation-specific-entry-10" title="§ 6.2.1 Production">§ 6.2.1 Production</a>
</li><li>
<a href="#ref-for-dfn-representation-specific-entry-11" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a>
</li><li>
<a href="#ref-for-dfn-representation-specific-entry-12" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-representation-specific-entry-13" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-service" aria-label="Links in this document to definition: services">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-service" aria-label="Permalink for definition: services. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-service-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-service-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-service-3" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a>
</li><li>
<a href="#ref-for-dfn-service-4" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a>
</li><li>
<a href="#ref-for-dfn-service-5" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-service-6" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a>
</li><li>
<a href="#ref-for-dfn-service-7" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a>
</li><li>
<a href="#ref-for-dfn-service-8" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a>
</li><li>
<a href="#ref-for-dfn-service-9" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-service-10" title="§ 5.4 Services">§ 5.4 Services</a> <a href="#ref-for-dfn-service-11" title="Reference 2">(2)</a> <a href="#ref-for-dfn-service-12" title="Reference 3">(3)</a> <a href="#ref-for-dfn-service-13" title="Reference 4">(4)</a> <a href="#ref-for-dfn-service-14" title="Reference 5">(5)</a> <a href="#ref-for-dfn-service-15" title="Reference 6">(6)</a> <a href="#ref-for-dfn-service-16" title="Reference 7">(7)</a> <a href="#ref-for-dfn-service-17" title="Reference 8">(8)</a> <a href="#ref-for-dfn-service-18" title="Reference 9">(9)</a> <a href="#ref-for-dfn-service-19" title="Reference 10">(10)</a>
</li><li>
<a href="#ref-for-dfn-service-20" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a>
</li><li>
<a href="#ref-for-dfn-service-21" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a>
</li><li>
<a href="#ref-for-dfn-service-22" title="§ 9.12 Immutability">§ 9.12 Immutability</a>
</li><li>
<a href="#ref-for-dfn-service-23" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-service-24" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-service-25" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a>
</li><li>
<a href="#ref-for-dfn-service-26" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-service-endpoints" aria-label="Links in this document to definition: service endpoint">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-service-endpoints" aria-label="Permalink for definition: service endpoint. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-service-endpoints-1" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-2" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-3" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-4" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a> <a href="#ref-for-dfn-service-endpoints-5" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-6" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-7" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> <a href="#ref-for-dfn-service-endpoints-8" title="Reference 2">(2)</a> <a href="#ref-for-dfn-service-endpoints-9" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-10" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-service-endpoints-11" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-12" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-service-endpoints-13" title="Reference 2">(2)</a> <a href="#ref-for-dfn-service-endpoints-14" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-service-endpoints-15" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-service-endpoints-16" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-uri" aria-label="Links in this document to definition: Uniform Resource Identifier">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-uri" aria-label="Permalink for definition: Uniform Resource Identifier. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-uri-1" title="§ Abstract">§ Abstract</a>
</li><li>
<a href="#ref-for-dfn-uri-2" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-uri-3" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-uri-4" title="§ 1.4 Conformance">§ 1.4 Conformance</a>
</li><li>
<a href="#ref-for-dfn-uri-5" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a>
</li><li>
<a href="#ref-for-dfn-uri-6" title="§ Path">§ Path</a> <a href="#ref-for-dfn-uri-7" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-uri-8" title="§ Query">§ Query</a>
</li><li>
<a href="#ref-for-dfn-uri-9" title="§ Fragment">§ Fragment</a>
</li><li>
<a href="#ref-for-dfn-uri-10" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a>
</li><li>
<a href="#ref-for-dfn-uri-11" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-uri-12" title="§ Service properties">§ Service properties</a> <a href="#ref-for-dfn-uri-13" title="Reference 2">(2)</a> <a href="#ref-for-dfn-uri-14" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-uri-15" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> <a href="#ref-for-dfn-uri-16" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-uri-17" title="§ 5.4 Services">§ 5.4 Services</a> <a href="#ref-for-dfn-uri-18" title="Reference 2">(2)</a> <a href="#ref-for-dfn-uri-19" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-uri-20" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-uri-21" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-uri-22" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a>
</li><li>
<a href="#ref-for-dfn-uri-23" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-uri-24" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-uri-25" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a>
</li><li>
<a href="#ref-for-dfn-uri-26" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verifiable-credentials" aria-label="Links in this document to definition: verifiable credential">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-verifiable-credentials" aria-label="Permalink for definition: verifiable credential. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-verifiable-credentials-1" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-verifiable-credentials-2" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> <a href="#ref-for-dfn-verifiable-credentials-3" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verifiable-credentials-4" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verifiable-data-registry" aria-label="Links in this document to definition: verifiable data registry">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-verifiable-data-registry" aria-label="Permalink for definition: verifiable data registry. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-verifiable-data-registry-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-2" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-3" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-verifiable-data-registry-4" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-5" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-6" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-7" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-8" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> <a href="#ref-for-dfn-verifiable-data-registry-9" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-10" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-11" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-12" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-13" title="§ Service Endpoint Alternatives">§ Service Endpoint Alternatives</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-14" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a>
</li><li>
<a href="#ref-for-dfn-verifiable-data-registry-15" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verifiable-timestamp" aria-label="Links in this document to definition: verifiable timestamp">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-verifiable-timestamp" aria-label="Permalink for definition: verifiable timestamp. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-verifiable-timestamp-1" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a>
</li><li>
<a href="#ref-for-dfn-verifiable-timestamp-2" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verification-method" aria-label="Links in this document to definition: verification method">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-verification-method" aria-label="Permalink for definition: verification method. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-verification-method-1" title="§ Abstract">§ Abstract</a>
</li><li>
<a href="#ref-for-dfn-verification-method-2" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a>
</li><li>
<a href="#ref-for-dfn-verification-method-3" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-verification-method-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-5" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-6" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-7" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a>
</li><li>
<a href="#ref-for-dfn-verification-method-8" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a>
</li><li>
<a href="#ref-for-dfn-verification-method-9" title="§ DID Document properties">§ DID Document properties</a> <a href="#ref-for-dfn-verification-method-10" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-11" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-verification-method-12" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-13" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-14" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> <a href="#ref-for-dfn-verification-method-15" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-16" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-17" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-18" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-19" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-20" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-method-21" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-method-22" title="Reference 9">(9)</a> <a href="#ref-for-dfn-verification-method-23" title="Reference 10">(10)</a> <a href="#ref-for-dfn-verification-method-24" title="Reference 11">(11)</a> <a href="#ref-for-dfn-verification-method-25" title="Reference 12">(12)</a> <a href="#ref-for-dfn-verification-method-26" title="Reference 13">(13)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-27" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> <a href="#ref-for-dfn-verification-method-28" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-29" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-30" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-31" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-32" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-33" title="Reference 7">(7)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-34" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a> <a href="#ref-for-dfn-verification-method-35" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-36" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-37" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-38" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-39" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-40" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-verification-method-41" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-42" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-43" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-44" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-45" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-46" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-verification-method-47" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-48" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-49" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-50" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-51" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> <a href="#ref-for-dfn-verification-method-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-53" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-54" title="§ 5.3.3 Key Agreement">§ 5.3.3 Key Agreement</a> <a href="#ref-for-dfn-verification-method-55" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-56" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-57" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> <a href="#ref-for-dfn-verification-method-58" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-59" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-60" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-61" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a> <a href="#ref-for-dfn-verification-method-62" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-63" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-64" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-verification-method-65" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-66" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a>
</li><li>
<a href="#ref-for-dfn-verification-method-67" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-verification-method-68" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-69" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-70" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-71" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-72" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-73" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-method-74" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-method-75" title="Reference 9">(9)</a> <a href="#ref-for-dfn-verification-method-76" title="Reference 10">(10)</a> <a href="#ref-for-dfn-verification-method-77" title="Reference 11">(11)</a> <a href="#ref-for-dfn-verification-method-78" title="Reference 12">(12)</a> <a href="#ref-for-dfn-verification-method-79" title="Reference 13">(13)</a> <a href="#ref-for-dfn-verification-method-80" title="Reference 14">(14)</a> <a href="#ref-for-dfn-verification-method-81" title="Reference 15">(15)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-82" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-verification-method-83" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-84" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-85" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-86" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-87" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-88" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-method-89" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-method-90" title="Reference 9">(9)</a> <a href="#ref-for-dfn-verification-method-91" title="Reference 10">(10)</a> <a href="#ref-for-dfn-verification-method-92" title="Reference 11">(11)</a> <a href="#ref-for-dfn-verification-method-93" title="Reference 12">(12)</a> <a href="#ref-for-dfn-verification-method-94" title="Reference 13">(13)</a> <a href="#ref-for-dfn-verification-method-95" title="Reference 14">(14)</a> <a href="#ref-for-dfn-verification-method-96" title="Reference 15">(15)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-97" title="§ Revocation Semantics">§ Revocation Semantics</a>
</li><li>
<a href="#ref-for-dfn-verification-method-98" title="§ Revocation in Trustless Systems">§ Revocation in Trustless Systems</a>
</li><li>
<a href="#ref-for-dfn-verification-method-99" title="§ 9.16 Persistence">§ 9.16 Persistence</a>
</li><li>
<a href="#ref-for-dfn-verification-method-100" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a>
</li><li>
<a href="#ref-for-dfn-verification-method-101" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-verification-method-102" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verification-method-103" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a>
</li><li>
<a href="#ref-for-dfn-verification-method-104" title="§ A.1 DID Documents">§ A.1 DID Documents</a>
</li><li>
<a href="#ref-for-dfn-verification-method-105" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> <a href="#ref-for-dfn-verification-method-106" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verification-relationship" aria-label="Links in this document to definition: verification relationship">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-verification-relationship" aria-label="Permalink for definition: verification relationship. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-verification-relationship-1" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-2" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a> <a href="#ref-for-dfn-verification-relationship-3" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-4" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-verification-relationship-5" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-relationship-6" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-relationship-7" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-relationship-8" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-relationship-9" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-relationship-10" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-relationship-11" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-relationship-12" title="Reference 9">(9)</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-13" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-verification-relationship-14" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-15" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-16" title="§ 5.3.3 Key Agreement">§ 5.3.3 Key Agreement</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-17" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-18" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a> <a href="#ref-for-dfn-verification-relationship-19" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-20" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-21" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-22" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-23" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a>
</li><li>
<a href="#ref-for-dfn-verification-relationship-24" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-uuid" aria-label="Links in this document to definition: Universally Unique Identifier">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-uuid" aria-label="Permalink for definition: Universally Unique Identifier. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-uuid-1" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-datetime" aria-label="Links in this document to definition: datetime">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-datetime" aria-label="Permalink for definition: datetime. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-datetime-1" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-datetime-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-datetime-3" title="§ 6.2.1 Production">§ 6.2.1 Production</a>
</li><li>
<a href="#ref-for-dfn-datetime-4" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-datetime-5" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-integer" aria-label="Links in this document to definition: integer">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-integer" aria-label="Permalink for definition: integer. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-integer-1" title="§ 6.2.1 Production">§ 6.2.1 Production</a>
</li><li>
<a href="#ref-for-dfn-integer-2" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-double" aria-label="Links in this document to definition: double">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-double" aria-label="Permalink for definition: double. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-double-1" title="§ 6.2.1 Production">§ 6.2.1 Production</a>
</li><li>
<a href="#ref-for-dfn-double-2" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-double-3" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-id" aria-label="Links in this document to definition: id">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-id" aria-label="Permalink for definition: id. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-id-1" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-id-2" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-id-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-id-4" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-id-5" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a>
</li><li>
<a href="#ref-for-dfn-id-6" title="§ 5.4 Services">§ 5.4 Services</a>
</li><li>
<a href="#ref-for-dfn-id-7" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a>
</li><li>
<a href="#ref-for-dfn-id-8" title="§ 9.12 Immutability">§ 9.12 Immutability</a> <a href="#ref-for-dfn-id-9" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-id-10" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a>
</li><li>
<a href="#ref-for-dfn-id-11" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> <a href="#ref-for-dfn-id-12" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-id-13" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-controller" aria-label="Links in this document to definition: controller">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-controller" aria-label="Permalink for definition: controller. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-controller-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a>
</li><li>
<a href="#ref-for-dfn-controller-2" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-controller-3" title="§ Verification Method properties">§ Verification Method properties</a>
</li><li>
<a href="#ref-for-dfn-controller-4" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a>
</li><li>
<a href="#ref-for-dfn-controller-5" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a>
</li><li>
<a href="#ref-for-dfn-controller-6" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a>
</li><li>
<a href="#ref-for-dfn-controller-7" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-controller-8" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-controller-9" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-controller-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-controller-11" title="Reference 3">(3)</a> <a href="#ref-for-dfn-controller-12" title="Reference 4">(4)</a> <a href="#ref-for-dfn-controller-13" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-controller-14" title="§ 9.9 DID Recovery">§ 9.9 DID Recovery</a> <a href="#ref-for-dfn-controller-15" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-controller-16" title="§ 9.16 Persistence">§ 9.16 Persistence</a> <a href="#ref-for-dfn-controller-17" title="Reference 2">(2)</a> <a href="#ref-for-dfn-controller-18" title="Reference 3">(3)</a> <a href="#ref-for-dfn-controller-19" title="Reference 4">(4)</a> <a href="#ref-for-dfn-controller-20" title="Reference 5">(5)</a> <a href="#ref-for-dfn-controller-21" title="Reference 6">(6)</a> <a href="#ref-for-dfn-controller-22" title="Reference 7">(7)</a> <a href="#ref-for-dfn-controller-23" title="Reference 8">(8)</a> <a href="#ref-for-dfn-controller-24" title="Reference 9">(9)</a>
</li><li>
<a href="#ref-for-dfn-controller-25" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a>
</li><li>
<a href="#ref-for-dfn-controller-26" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-alsoknownas" aria-label="Links in this document to definition: alsoKnownAs">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-alsoknownas" aria-label="Permalink for definition: alsoKnownAs. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-alsoknownas-1" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-alsoknownas-2" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> <a href="#ref-for-dfn-alsoknownas-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-alsoknownas-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-alsoknownas-5" title="Reference 4">(4)</a>
</li><li>
<a href="#ref-for-dfn-alsoknownas-6" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a>
</li><li>
<a href="#ref-for-dfn-alsoknownas-7" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-alsoknownas-8" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-alsoknownas-9" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a>
</li><li>
<a href="#ref-for-dfn-alsoknownas-10" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a>
</li><li>
<a href="#ref-for-dfn-alsoknownas-11" title="§ B.8 Assigning DIDs to existing web resources">§ B.8 Assigning DIDs to existing web resources</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verificationmethod" aria-label="Links in this document to definition: verificationMethod">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-verificationmethod" aria-label="Permalink for definition: verificationMethod. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-verificationmethod-1" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-verificationmethod-2" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-publickeyjwk" aria-label="Links in this document to definition: publicKeyJwk">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-publickeyjwk" aria-label="Permalink for definition: publicKeyJwk. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-publickeyjwk-1" title="§ Verification Method properties">§ Verification Method properties</a> <a href="#ref-for-dfn-publickeyjwk-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-publickeyjwk-3" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-publickeymultibase" aria-label="Links in this document to definition: publicKeyMultibase">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-publickeymultibase" aria-label="Permalink for definition: publicKeyMultibase. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-publickeymultibase-1" title="§ Verification Method properties">§ Verification Method properties</a>
</li><li>
<a href="#ref-for-dfn-publickeymultibase-2" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-authentication" aria-label="Links in this document to definition: authentication">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-authentication" aria-label="Permalink for definition: authentication. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-authentication-1" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-authentication-2" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a>
</li><li>
<a href="#ref-for-dfn-authentication-3" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-authentication-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-authentication-5" title="Reference 3">(3)</a>
</li><li>
<a href="#ref-for-dfn-authentication-6" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a>
</li><li>
<a href="#ref-for-dfn-authentication-7" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-assertionmethod" aria-label="Links in this document to definition: assertionMethod">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-assertionmethod" aria-label="Permalink for definition: assertionMethod. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-assertionmethod-1" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-assertionmethod-2" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a>
</li><li>
<a href="#ref-for-dfn-assertionmethod-3" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-keyagreement" aria-label="Links in this document to definition: keyAgreement">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-keyagreement" aria-label="Permalink for definition: keyAgreement. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-keyagreement-1" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-keyagreement-2" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-capabilityinvocation" aria-label="Links in this document to definition: capabilityInvocation">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-capabilityinvocation" aria-label="Permalink for definition: capabilityInvocation. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-capabilityinvocation-1" title="§ DID Document properties">§ DID Document properties</a>
</li><li>
<a href="#ref-for-dfn-capabilityinvocation-2" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a>
</li><li>
<a href="#ref-for-dfn-capabilityinvocation-3" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-capabilitydelegation" aria-label="Links in this document to definition: capabilityDelegation">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-capabilitydelegation" aria-label="Permalink for definition: capabilityDelegation. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-capabilitydelegation-1" title="§ DID Document properties">§ DID Document properties</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-serviceendpoint" aria-label="Links in this document to definition: serviceEndpoint">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-serviceendpoint" aria-label="Permalink for definition: serviceEndpoint. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-serviceendpoint-1" title="§ Service properties">§ Service properties</a>
</li><li>
<a href="#ref-for-dfn-serviceendpoint-2" title="§ 5.4 Services">§ 5.4 Services</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-production" aria-label="Links in this document to definition: production">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-production" aria-label="Permalink for definition: production. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-production-1" title="§ 6. Representations">§ 6. Representations</a>
</li><li>
<a href="#ref-for-dfn-production-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-production-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-production-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-production-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-production-6" title="Reference 5">(5)</a>
</li><li>
<a href="#ref-for-dfn-production-7" title="§ 6.2 JSON">§ 6.2 JSON</a>
</li><li>
<a href="#ref-for-dfn-production-8" title="§ 6.2.1 Production">§ 6.2.1 Production</a>
</li><li>
<a href="#ref-for-dfn-production-9" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a>
</li><li>
<a href="#ref-for-dfn-production-10" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-production-11" title="Reference 2">(2)</a> <a href="#ref-for-dfn-production-12" title="Reference 3">(3)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-consumption" aria-label="Links in this document to definition: consumption">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-consumption" aria-label="Permalink for definition: consumption. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-consumption-1" title="§ 6. Representations">§ 6. Representations</a>
</li><li>
<a href="#ref-for-dfn-consumption-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-consumption-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-consumption-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-consumption-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-consumption-6" title="Reference 5">(5)</a> <a href="#ref-for-dfn-consumption-7" title="Reference 6">(6)</a>
</li><li>
<a href="#ref-for-dfn-consumption-8" title="§ 6.2 JSON">§ 6.2 JSON</a>
</li><li>
<a href="#ref-for-dfn-consumption-9" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a>
</li><li>
<a href="#ref-for-dfn-consumption-10" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a>
</li><li>
<a href="#ref-for-dfn-consumption-11" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-context" aria-label="Links in this document to definition: @context">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-context" aria-label="Permalink for definition: @context. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-context-1" title="§ 2. Terminology">§ 2. Terminology</a>
</li><li>
<a href="#ref-for-dfn-context-2" title="§ 6.3.1 Production">§ 6.3.1 Production</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-didresolutionmetadata" aria-label="Links in this document to definition: didResolutionMetadata">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-didresolutionmetadata" aria-label="Permalink for definition: didResolutionMetadata. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-didresolutionmetadata-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-didresolutionmetadata-2" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-diddocument" aria-label="Links in this document to definition: didDocument">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-diddocument" aria-label="Permalink for definition: didDocument. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-diddocument-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-diddocumentstream" aria-label="Links in this document to definition: didDocumentStream">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-diddocumentstream" aria-label="Permalink for definition: didDocumentStream. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-diddocumentstream-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-diddocumentmetadata" aria-label="Links in this document to definition: didDocumentMetadata">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-diddocumentmetadata" aria-label="Permalink for definition: didDocumentMetadata. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-diddocumentmetadata-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-diddocumentmetadata-2" title="Reference 2">(2)</a>
</li><li>
<a href="#ref-for-dfn-diddocumentmetadata-3" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-equivalentid" aria-label="Links in this document to definition: equivalentId">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-equivalentid" aria-label="Permalink for definition: equivalentId. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-equivalentid-1" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-equivalentid-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-equivalentid-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-equivalentid-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-equivalentid-5" title="Reference 5">(5)</a> <a href="#ref-for-dfn-equivalentid-6" title="Reference 6">(6)</a> <a href="#ref-for-dfn-equivalentid-7" title="Reference 7">(7)</a> <a href="#ref-for-dfn-equivalentid-8" title="Reference 8">(8)</a> <a href="#ref-for-dfn-equivalentid-9" title="Reference 9">(9)</a> <a href="#ref-for-dfn-equivalentid-10" title="Reference 10">(10)</a> <a href="#ref-for-dfn-equivalentid-11" title="Reference 11">(11)</a> <a href="#ref-for-dfn-equivalentid-12" title="Reference 12">(12)</a>
</li><li>
<a href="#ref-for-dfn-equivalentid-13" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-equivalentid-14" title="Reference 2">(2)</a>
</li>
</ul>
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-canonicalid" aria-label="Links in this document to definition: canonicalId">
<span class="caret"></span>
<div>
<a class="self-link" href="#dfn-canonicalid" aria-label="Permalink for definition: canonicalId. Activate to close this dialog.">Permalink</a>
</div>
<p><b>Referenced in:</b></p>
<ul>
<li>
<a href="#ref-for-dfn-canonicalid-1" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-canonicalid-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-canonicalid-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-canonicalid-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-canonicalid-5" title="Reference 5">(5)</a> <a href="#ref-for-dfn-canonicalid-6" title="Reference 6">(6)</a> <a href="#ref-for-dfn-canonicalid-7" title="Reference 7">(7)</a> <a href="#ref-for-dfn-canonicalid-8" title="Reference 8">(8)</a> <a href="#ref-for-dfn-canonicalid-9" title="Reference 9">(9)</a> <a href="#ref-for-dfn-canonicalid-10" title="Reference 10">(10)</a>
</li><li>
<a href="#ref-for-dfn-canonicalid-11" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-canonicalid-12" title="Reference 2">(2)</a>
</li>
</ul>
</div><script id="respec-dfn-panel">(() => {
// @ts-check
if (document.respec) {
document.respec.ready.then(setupPanel);
} else {
setupPanel();
}
function setupPanel() {
const listener = panelListener();
document.body.addEventListener("keydown", listener);
document.body.addEventListener("click", listener);
}
function panelListener() {
/** @type {HTMLElement} */
let panel = null;
return event => {
const { target, type } = event;
if (!(target instanceof HTMLElement)) return;
// For keys, we only care about Enter key to activate the panel
// otherwise it's activated via a click.
if (type === "keydown" && event.key !== "Enter") return;
const action = deriveAction(event);
switch (action) {
case "show": {
hidePanel(panel);
/** @type {HTMLElement} */
const dfn = target.closest("dfn, .index-term");
panel = document.getElementById(`dfn-panel-for-${dfn.id}`);
const coords = deriveCoordinates(event);
displayPanel(dfn, panel, coords);
break;
}
case "dock": {
panel.style.left = null;
panel.style.top = null;
panel.classList.add("docked");
break;
}
case "hide": {
hidePanel(panel);
panel = null;
break;
}
}
};
}
/**
* @param {MouseEvent|KeyboardEvent} event
*/
function deriveCoordinates(event) {
const target = /** @type HTMLElement */ (event.target);
// We prevent synthetic AT clicks from putting
// the dialog in a weird place. The AT events sometimes
// lack coordinates, so they have clientX/Y = 0
const rect = target.getBoundingClientRect();
if (
event instanceof MouseEvent &&
event.clientX >= rect.left &&
event.clientY >= rect.top
) {
// The event probably happened inside the bounding rect...
return { x: event.clientX, y: event.clientY };
}
// Offset to the middle of the element
const x = rect.x + rect.width / 2;
// Placed at the bottom of the element
const y = rect.y + rect.height;
return { x, y };
}
/**
* @param {Event} event
*/
function deriveAction(event) {
const target = /** @type {HTMLElement} */ (event.target);
const hitALink = !!target.closest("a");
if (target.closest("dfn:not([data-cite]), .index-term")) {
return hitALink ? "none" : "show";
}
if (target.closest(".dfn-panel")) {
if (hitALink) {
return target.classList.contains("self-link") ? "hide" : "dock";
}
const panel = target.closest(".dfn-panel");
return panel.classList.contains("docked") ? "hide" : "none";
}
if (document.querySelector(".dfn-panel:not([hidden])")) {
return "hide";
}
return "none";
}
/**
* @param {HTMLElement} dfn
* @param {HTMLElement} panel
* @param {{ x: number, y: number }} clickPosition
*/
function displayPanel(dfn, panel, { x, y }) {
panel.hidden = false;
// distance (px) between edge of panel and the pointing triangle (caret)
const MARGIN = 20;
const dfnRects = dfn.getClientRects();
// Find the `top` offset when the `dfn` can be spread across multiple lines
let closestTop = 0;
let minDiff = Infinity;
for (const rect of dfnRects) {
const { top, bottom } = rect;
const diffFromClickY = Math.abs((top + bottom) / 2 - y);
if (diffFromClickY < minDiff) {
minDiff = diffFromClickY;
closestTop = top;
}
}
const top = window.scrollY + closestTop + dfnRects[0].height;
const left = x - MARGIN;
panel.style.left = `${left}px`;
panel.style.top = `${top}px`;
// Find if the panel is flowing out of the window
const panelRect = panel.getBoundingClientRect();
const SCREEN_WIDTH = Math.min(window.innerWidth, window.screen.width);
if (panelRect.right > SCREEN_WIDTH) {
const newLeft = Math.max(MARGIN, x + MARGIN - panelRect.width);
const newCaretOffset = left - newLeft;
panel.style.left = `${newLeft}px`;
/** @type {HTMLElement} */
const caret = panel.querySelector(".caret");
caret.style.left = `${newCaretOffset}px`;
}
// As it's a dialog, we trap focus.
// TODO: when <dialog> becomes a implemented, we should really
// use that.
trapFocus(panel, dfn);
}
/**
* @param {HTMLElement} panel
* @param {HTMLElement} dfn
* @returns
*/
function trapFocus(panel, dfn) {
/** @type NodeListOf<HTMLAnchorElement> elements */
const anchors = panel.querySelectorAll("a[href]");
// No need to trap focus
if (!anchors.length) return;
// Move focus to first anchor element
const first = anchors.item(0);
first.focus();
const trapListener = createTrapListener(anchors, panel, dfn);
panel.addEventListener("keydown", trapListener);
// Hiding the panel releases the trap
const mo = new MutationObserver(records => {
const [record] = records;
const target = /** @type HTMLElement */ (record.target);
if (target.hidden) {
panel.removeEventListener("keydown", trapListener);
mo.disconnect();
}
});
mo.observe(panel, { attributes: true, attributeFilter: ["hidden"] });
}
/**
*
* @param {NodeListOf<HTMLAnchorElement>} anchors
* @param {HTMLElement} panel
* @param {HTMLElement} dfn
* @returns
*/
function createTrapListener(anchors, panel, dfn) {
const lastIndex = anchors.length - 1;
let currentIndex = 0;
return event => {
switch (event.key) {
// Hitting "Tab" traps us in a nice loop around elements.
case "Tab": {
event.preventDefault();
currentIndex += event.shiftKey ? -1 : +1;
if (currentIndex < 0) {
currentIndex = lastIndex;
} else if (currentIndex > lastIndex) {
currentIndex = 0;
}
anchors.item(currentIndex).focus();
break;
}
// Hitting "Enter" on an anchor releases the trap.
case "Enter":
hidePanel(panel);
break;
// Hitting "Escape" returns focus to dfn.
case "Escape":
hidePanel(panel);
dfn.focus();
return;
}
};
}
/** @param {HTMLElement} panel */
function hidePanel(panel) {
if (!panel) return;
panel.hidden = true;
panel.classList.remove("docked");
}
})()</script><script src="https://www.w3.org/scripts/TR/2021/fixup.js"></script></body></html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment