Created
June 28, 2022 23:32
-
-
Save msporny/976c9587eff80b1a2d8c1795f294fe15 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html><html lang="en" dir="ltr"><head> | |
<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> | |
<meta name="generator" content="ReSpec 32.1.10"> | |
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> | |
<style> | |
span.example-title{text-transform:none} | |
:is(aside,div).example,div.illegal-example{padding:.5em;margin:1em 0;position:relative;clear:both} | |
div.illegal-example{color:red} | |
div.illegal-example p{color:#000} | |
:is(aside,div).example{border-left-width:.5em;border-left-style:solid;border-color:#e0cb52;background:#fcfaee} | |
aside.example div.example{border-left-width:.1em;border-color:#999;background:#fff} | |
.example pre{background-color:rgba(0,0,0,.03)} | |
</style> | |
<style> | |
.issue-label{text-transform:initial} | |
.warning>p:first-child{margin-top:0} | |
.warning{padding:.5em;border-left-width:.5em;border-left-style:solid} | |
span.warning{padding:.1em .5em .15em} | |
.issue.closed span.issue-number{text-decoration:line-through} | |
.issue.closed span.issue-number::after{content:" (Closed)";font-size:smaller} | |
.warning{border-color:#f11;border-width:.2em;border-style:solid;background:#fbe9e9} | |
.warning-title:before{content:"⚠";font-size:1.3em;float:left;padding-right:.3em;margin-top:-.3em} | |
li.task-list-item{list-style:none} | |
input.task-list-item-checkbox{margin:0 .35em .25em -1.6em;vertical-align:middle} | |
.issue a.respec-gh-label{padding:5px;margin:0 2px 0 2px;font-size:10px;text-transform:none;text-decoration:none;font-weight:700;border-radius:4px;position:relative;bottom:2px;border:none;display:inline-block} | |
</style> | |
<style> | |
dfn{cursor:pointer} | |
.dfn-panel{position:absolute;z-index:35;min-width:300px;max-width:500px;padding:.5em .75em;margin-top:.6em;font-family:"Helvetica Neue",sans-serif;font-size:small;background:#fff;color:#000;box-shadow:0 1em 3em -.4em rgba(0,0,0,.3),0 0 1px 1px rgba(0,0,0,.05);border-radius:2px} | |
.dfn-panel:not(.docked)>.caret{position:absolute;top:-9px} | |
.dfn-panel:not(.docked)>.caret::after,.dfn-panel:not(.docked)>.caret::before{content:"";position:absolute;border:10px solid transparent;border-top:0;border-bottom:10px solid #fff;top:0} | |
.dfn-panel:not(.docked)>.caret::before{border-bottom:9px solid #a2a9b1} | |
.dfn-panel *{margin:0} | |
.dfn-panel b{display:block;color:#000;margin-top:.25em} | |
.dfn-panel ul a[href]{color:#333} | |
.dfn-panel>div{display:flex} | |
.dfn-panel a.self-link{font-weight:700;margin-right:auto} | |
.dfn-panel .marker{padding:.1em;margin-left:.5em;border-radius:.2em;text-align:center;white-space:nowrap;font-size:90%;color:#040b1c} | |
.dfn-panel .marker.dfn-exported{background:#d1edfd;box-shadow:0 0 0 .125em #1ca5f940} | |
.dfn-panel .marker.idl-block{background:#8ccbf2;box-shadow:0 0 0 .125em #0670b161} | |
.dfn-panel a:not(:hover){text-decoration:none!important;border-bottom:none!important} | |
.dfn-panel a[href]:hover{border-bottom-width:1px} | |
.dfn-panel ul{padding:0} | |
.dfn-panel li{margin-left:1em} | |
.dfn-panel.docked{position:fixed;left:.5em;top:unset;bottom:2em;margin:0 auto;max-width:calc(100vw - .75em * 2 - .5em - .2em * 2);max-height:30vh;overflow:auto} | |
</style> | |
<title>Decentralized Identifiers (DIDs) v1.0</title> | |
<style id="respec-mainstyle"> | |
@keyframes pop{ | |
0%{transform:scale(1,1)} | |
25%{transform:scale(1.25,1.25);opacity:.75} | |
100%{transform:scale(1,1)} | |
} | |
:is(h1,h2,h3,h4,h5,h6,a) abbr{border:none} | |
dfn{font-weight:700} | |
a.internalDFN{color:inherit;border-bottom:1px solid #99c;text-decoration:none} | |
a.externalDFN{color:inherit;border-bottom:1px dotted #ccc;text-decoration:none} | |
a.bibref{text-decoration:none} | |
.respec-offending-element:target{animation:pop .25s ease-in-out 0s 1} | |
.respec-offending-element,a[href].respec-offending-element{text-decoration:red wavy underline} | |
@supports not (text-decoration:red wavy underline){ | |
.respec-offending-element:not(pre){display:inline-block} | |
.respec-offending-element{background:url(data:image/gif;base64,R0lGODdhBAADAPEAANv///8AAP///wAAACwAAAAABAADAEACBZQjmIAFADs=) bottom repeat-x} | |
} | |
#references :target{background:#eaf3ff;animation:pop .4s ease-in-out 0s 1} | |
cite .bibref{font-style:normal} | |
code{color:#c63501} | |
th code{color:inherit} | |
a[href].orcid{padding-left:4px;padding-right:4px} | |
a[href].orcid>svg{margin-bottom:-2px} | |
.toc a,.tof a{text-decoration:none} | |
a .figno,a .secno{color:#000} | |
ol.tof,ul.tof{list-style:none outside none} | |
.caption{margin-top:.5em;font-style:italic} | |
table.simple{border-spacing:0;border-collapse:collapse;border-bottom:3px solid #005a9c} | |
.simple th{background:#005a9c;color:#fff;padding:3px 5px;text-align:left} | |
.simple th a{color:#fff;padding:3px 5px;text-align:left} | |
.simple th[scope=row]{background:inherit;color:inherit;border-top:1px solid #ddd} | |
.simple td{padding:3px 10px;border-top:1px solid #ddd} | |
.simple tr:nth-child(even){background:#f0f6ff} | |
.section dd>p:first-child{margin-top:0} | |
.section dd>p:last-child{margin-bottom:0} | |
.section dd{margin-bottom:1em} | |
.section dl.attrs dd,.section dl.eldef dd{margin-bottom:0} | |
#issue-summary>ul{column-count:2} | |
#issue-summary li{list-style:none;display:inline-block} | |
details.respec-tests-details{margin-left:1em;display:inline-block;vertical-align:top} | |
details.respec-tests-details>*{padding-right:2em} | |
details.respec-tests-details[open]{z-index:999999;position:absolute;border:thin solid #cad3e2;border-radius:.3em;background-color:#fff;padding-bottom:.5em} | |
details.respec-tests-details[open]>summary{border-bottom:thin solid #cad3e2;padding-left:1em;margin-bottom:1em;line-height:2em} | |
details.respec-tests-details>ul{width:100%;margin-top:-.3em} | |
details.respec-tests-details>li{padding-left:1em} | |
.self-link:hover{opacity:1;text-decoration:none;background-color:transparent} | |
aside.example .marker>a.self-link{color:inherit} | |
.header-wrapper{display:flex;align-items:baseline} | |
:is(h2,h3,h4,h5,h6):not(#toc>h2,#abstract>h2,#sotd>h2,.head>h2){position:relative;left:-.5em} | |
:is(h2,h3,h4,h5,h6):not(#toch2)+a.self-link{color:inherit;order:-1;position:relative;left:-1.1em;font-size:1rem;opacity:.5} | |
:is(h2,h3,h4,h5,h6)+a.self-link::before{content:"§";text-decoration:none;color:var(--heading-text)} | |
:is(h2,h3)+a.self-link{top:-.2em} | |
:is(h4,h5,h6)+a.self-link::before{color:#000} | |
@media (max-width:767px){ | |
dd{margin-left:0} | |
} | |
@media print{ | |
.removeOnSave{display:none} | |
} | |
</style> | |
<style> | |
pre .highlight { | |
font-weight: bold; | |
color: green; | |
} | |
pre .comment { | |
color: SteelBlue; | |
user-select: none; | |
} | |
code a[href] { | |
color: inherit; | |
border-bottom: none; | |
} | |
code a[href]:hover { | |
border-bottom: 1px solid #c63501; | |
} | |
table.column-width-50 td { | |
width: 50%; | |
} | |
.longdesc { | |
display: none; | |
} | |
.longdesc:target { | |
display: block; | |
background-color: #ff9; | |
} | |
</style> | |
<meta name="description" content="Decentralized identifiers (DIDs) are a new type of identifier that | |
enables verifiable, decentralized digital identity. A DID refers to any | |
subject (e.g., a person, organization, thing, data model, abstract entity, etc.) | |
as determined by the controller of the DID. In contrast to | |
typical, federated identifiers, DIDs have been designed so that they may | |
be decoupled from centralized registries, identity providers, and certificate | |
authorities. Specifically, while other parties might be used to help enable the | |
discovery of information related to a DID, the design enables the | |
controller of a DID to prove control over it without requiring permission | |
from any other party. DIDs are URIs that associate a DID | |
subject with a DID document allowing trustable interactions | |
associated with that subject."> | |
<link rel="canonical" href="https://www.w3.org/TR/did-core/"> | |
<style> | |
.hljs{display:block;overflow-x:auto;padding:.5em;color:#383a42;background:#fafafa} | |
.hljs-comment,.hljs-quote{color:#717277;font-style:italic} | |
.hljs-doctag,.hljs-formula,.hljs-keyword{color:#a626a4} | |
.hljs-deletion,.hljs-name,.hljs-section,.hljs-selector-tag,.hljs-subst{color:#ca4706;font-weight:700} | |
.hljs-literal{color:#0b76c5} | |
.hljs-addition,.hljs-attribute,.hljs-meta-string,.hljs-regexp,.hljs-string{color:#42803c} | |
.hljs-built_in,.hljs-class .hljs-title{color:#9a6a01} | |
.hljs-attr,.hljs-number,.hljs-selector-attr,.hljs-selector-class,.hljs-selector-pseudo,.hljs-template-variable,.hljs-type,.hljs-variable{color:#986801} | |
.hljs-bullet,.hljs-link,.hljs-meta,.hljs-selector-id,.hljs-symbol,.hljs-title{color:#336ae3} | |
.hljs-emphasis{font-style:italic} | |
.hljs-strong{font-weight:700} | |
.hljs-link{text-decoration:underline} | |
</style> | |
<style> | |
var{position:relative;cursor:pointer} | |
var[data-type]::after,var[data-type]::before{position:absolute;left:50%;top:-6px;opacity:0;transition:opacity .4s;pointer-events:none} | |
var[data-type]::before{content:"";transform:translateX(-50%);border-width:4px 6px 0 6px;border-style:solid;border-color:transparent;border-top-color:#000} | |
var[data-type]::after{content:attr(data-type);transform:translateX(-50%) translateY(-100%);background:#000;text-align:center;font-family:"Dank Mono","Fira Code",monospace;font-style:normal;padding:6px;border-radius:3px;color:#daca88;text-indent:0;font-weight:400} | |
var[data-type]:hover::after,var[data-type]:hover::before{opacity:1} | |
</style> | |
<script id="initialUserConfig" type="application/json">{ | |
"group": "did", | |
"wgPublicList": "public-did-wg", | |
"shortName": "did-core", | |
"specStatus": "REC", | |
"prEnd": "2021-08-31", | |
"crEnd": "2021-07-13", | |
"implementationReportURI": "https://w3c.github.io/did-test-suite/", | |
"edDraftURI": "https://w3c.github.io/did-core/", | |
"subtitle": "Core architecture, data model, and representations", | |
"publishDate": "2022-06-30", | |
"previousPublishDate": "2021-06-15", | |
"previousMaturity": "CR", | |
"pluralize": true, | |
"localBiblio": { | |
"REST": { | |
"title": "Architectural Styles and the Design of Network-based Software Architectures", | |
"date": "2000", | |
"href": "http://www.ics.uci.edu/~fielding/pubs/dissertation/", | |
"authors": [ | |
"Fielding, Roy Thomas" | |
], | |
"publisher": "University of California, Irvine." | |
}, | |
"VC-USECASES": { | |
"title": "Verifiable Claims Use Cases", | |
"href": "https://www.w3.org/TR/verifiable-claims-use-cases/", | |
"authors": [ | |
"Shane McCarron", | |
"Daniel Burnett", | |
"Gregg Kellogg", | |
"Brian Sletten", | |
"Manu Sporny" | |
], | |
"status": "FPWD", | |
"publisher": "Verifiable Claims Working Group" | |
}, | |
"HTTP-SIGNATURES": { | |
"aliasOf": "http-signatures" | |
}, | |
"MACAROONS": { | |
"title": "Macaroons", | |
"href": "http://macaroons.io/", | |
"authors": [ | |
"Arnar Birgisson", | |
"Joe Gibbs Politz", | |
"Úlfar Erlingsson", | |
"Ankur Taly", | |
"Michael Vrable", | |
"Mark Lentczner" | |
], | |
"status": "unofficial", | |
"publisher": "Credentials Community Group" | |
}, | |
"OPEN-BADGES": { | |
"title": "Open Badges", | |
"href": "https://github.com/openbadges/openbadges-specification", | |
"authors": [ | |
"Brian Brennan", | |
"Mike Larsson", | |
"Chris McAvoy", | |
"Nate Otto", | |
"Kerri Lemoie" | |
], | |
"status": "BA-DRAFT", | |
"publisher": "Badge Alliance Standard Working Group" | |
}, | |
"RDF-NORMALIZATION": { | |
"title": "RDF Dataset Normalization", | |
"href": "http://json-ld.github.io/normalization/spec/", | |
"authors": [ | |
"Dave Longley", | |
"Manu Sporny" | |
], | |
"status": "CG-DRAFT", | |
"publisher": "Credentials W3C Community Group" | |
}, | |
"LD-PROOFS": { | |
"title": "Linked Data Proofs", | |
"href": "https://w3c-dvcg.github.io/ld-proofs/", | |
"authors": [ | |
"Manu Sporny", | |
"Dave Longley" | |
], | |
"status": "CG-DRAFT", | |
"publisher": "Digital Verification Community Group" | |
}, | |
"LD-SIGNATURES": { | |
"title": "Linked Data Signatures", | |
"href": "https://w3c-dvcg.github.io/ld-signatures/", | |
"authors": [ | |
"Manu Sporny", | |
"Dave Longley" | |
], | |
"status": "CG-DRAFT", | |
"publisher": "Digital Verification Community Group" | |
}, | |
"MATRIX-URIS": { | |
"title": "Matrix URIs - Ideas about Web Architecture", | |
"date": "December 1996", | |
"href": "https://www.w3.org/DesignIssues/MatrixURIs.html", | |
"authors": [ | |
"Tim Berners-Lee" | |
], | |
"status": "Personal View", | |
"id": "matrix-uris" | |
}, | |
"HASHLINK": { | |
"title": "Cryptographic Hyperlinks", | |
"date": "December 2018", | |
"href": "https://tools.ietf.org/html/draft-sporny-hashlink-05", | |
"authors": [ | |
"Manu Sporny" | |
], | |
"status": "Internet-Draft", | |
"publisher": "IETF", | |
"id": "hashlink" | |
}, | |
"BASE58": { | |
"title": "The Base58 Encoding Scheme", | |
"date": "October 2020", | |
"href": "https://tools.ietf.org/html/draft-msporny-base58", | |
"authors": [ | |
"Manu Sporny" | |
], | |
"status": "Internet-Draft", | |
"publisher": "IETF" | |
}, | |
"DNS-DID": { | |
"title": "The Decentralized Identifier (DID) in the DNS", | |
"date": "February 2019", | |
"href": "https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/", | |
"authors": [ | |
"Alexander Mayrhofer", | |
"Dimitrij Klesev", | |
"Markus Sabadello" | |
], | |
"status": "Internet-Draft", | |
"id": "dns-did" | |
}, | |
"DID-RESOLUTION": { | |
"title": "Decentralized Identifier Resolution", | |
"href": "https://w3c-ccg.github.io/did-resolution/", | |
"authors": [ | |
"Markus Sabadello", | |
"Dmitri Zagidulin" | |
], | |
"status": "Draft Community Group Report", | |
"publisher": "Credentials Community Group", | |
"id": "did-resolution" | |
}, | |
"DID-RUBRIC": { | |
"title": "Decentralized Characteristics Rubric v1.0", | |
"href": "https://w3c.github.io/did-rubric/", | |
"authors": [ | |
"Joe Andrieu" | |
], | |
"status": "Draft Community Group Report", | |
"publisher": "Credentials Community Group", | |
"id": "did-rubric" | |
}, | |
"PRIVACY-BY-DESIGN": { | |
"title": "Privacy by Design", | |
"href": "https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf", | |
"authors": [ | |
"Ann Cavoukian" | |
], | |
"date": "2011", | |
"publisher": "Information and Privacy Commissioner", | |
"id": "privacy-by-design" | |
}, | |
"MULTIBASE": { | |
"title": "The Multibase Encoding Scheme", | |
"date": "February 2021", | |
"href": "https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03", | |
"authors": [ | |
"Juan Benet", | |
"Manu Sporny" | |
], | |
"status": "Internet-Draft", | |
"publisher": "IETF", | |
"id": "multibase" | |
} | |
}, | |
"xref": "web-platform", | |
"github": { | |
"repoURL": "https://github.com/w3c/did-core/", | |
"branch": "main" | |
}, | |
"includePermalinks": false, | |
"preProcess": [], | |
"postProcess": [ | |
null, | |
null | |
], | |
"editors": [ | |
{ | |
"name": "Manu Sporny", | |
"url": "http://manu.sporny.org/", | |
"company": "Digital Bazaar", | |
"companyURL": "https://digitalbazaar.com/", | |
"w3cid": 41758 | |
}, | |
{ | |
"name": "Amy Guy", | |
"url": "https://rhiaro.co.uk/", | |
"company": "Digital Bazaar", | |
"companyURL": "https://digitalbazaar.com/", | |
"w3cid": 69000 | |
}, | |
{ | |
"name": "Markus Sabadello", | |
"url": "https://www.linkedin.com/in/markus-sabadello-353a0821", | |
"company": "Danube Tech", | |
"companyURL": "https://danubetech.com/", | |
"w3cid": 46729 | |
}, | |
{ | |
"name": "Drummond Reed", | |
"url": "https://www.linkedin.com/in/drummondreed/", | |
"company": "Evernym/Avast", | |
"companyURL": "https://www.evernym.com/", | |
"w3cid": 3096 | |
} | |
], | |
"authors": [ | |
{ | |
"name": "Manu Sporny", | |
"url": "http://manu.sporny.org/", | |
"company": "Digital Bazaar", | |
"companyURL": "https://digitalbazaar.com/", | |
"w3cid": 41758 | |
}, | |
{ | |
"name": "Dave Longley", | |
"url": "https://github.com/dlongley", | |
"company": "Digital Bazaar", | |
"companyURL": "https://digitalbazaar.com/", | |
"w3cid": 48025 | |
}, | |
{ | |
"name": "Markus Sabadello", | |
"url": "https://www.linkedin.com/in/markus-sabadello-353a0821", | |
"company": "Danube Tech", | |
"companyURL": "https://danubetech.com/", | |
"w3cid": 46729 | |
}, | |
{ | |
"name": "Drummond Reed", | |
"url": "https://www.linkedin.com/in/drummondreed/", | |
"company": "Evernym/Avast", | |
"companyURL": "https://www.evernym.com/", | |
"w3cid": 3096 | |
}, | |
{ | |
"name": "Orie Steele", | |
"url": "https://www.linkedin.com/in/or13b/", | |
"company": "Transmute", | |
"companyURL": "https://www.transmute.industries/" | |
}, | |
{ | |
"name": "Christopher Allen", | |
"url": "https://www.linkedin.com/in/christophera", | |
"company": "Blockchain Commons", | |
"companyURL": "https://www.BlockchainCommons.com", | |
"w3cid": 85560 | |
} | |
], | |
"otherLinks": [ | |
{ | |
"key": "Related Documents", | |
"data": [ | |
{ | |
"value": "DID Use Cases and Requirements", | |
"href": "https://www.w3.org/TR/did-use-cases/" | |
}, | |
{ | |
"value": "DID Specification Registries", | |
"href": "https://www.w3.org/TR/did-spec-registries/" | |
}, | |
{ | |
"value": "DID Core Implementation Report", | |
"href": "https://w3c.github.io/did-test-suite/" | |
} | |
] | |
} | |
], | |
"errata": "https://w3c.github.io/did-core/errata.html", | |
"publishISODate": "2022-06-30T00:00:00.000Z", | |
"generatedSubtitle": "W3C Recommendation 30 June 2022" | |
}</script> | |
<link rel="stylesheet" href="https://www.w3.org/StyleSheets/TR/2021/W3C-REC"></head> | |
<body data-cite="infra rfc3986 HTML INFRA URL WEBIDL DOM FETCH" class="h-entry"><div class="head"> | |
<p class="logos"><a class="logo" href="https://www.w3.org/"><img crossorigin="" alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> | |
</a></p> | |
<h1 id="title" class="title">Decentralized Identifiers (DIDs) v1.0</h1> <h2 id="subtitle" class="subtitle">Core architecture, data model, and representations</h2> | |
<p id="w3c-state"><a href="https://www.w3.org/standards/types#REC">W3C Recommendation</a> <time class="dt-published" datetime="2022-06-30">30 June 2022</time></p> | |
<details open=""> | |
<summary>More details about this document</summary> | |
<dl> | |
<dt>This version:</dt><dd> | |
<a class="u-url" href="https://www.w3.org/TR/2022/REC-did-core-20220630/">https://www.w3.org/TR/2022/REC-did-core-20220630/</a> | |
</dd> | |
<dt>Latest published version:</dt><dd> | |
<a href="https://www.w3.org/TR/did-core/">https://www.w3.org/TR/did-core/</a> | |
</dd> | |
<dt>Latest editor's draft:</dt><dd><a href="https://w3c.github.io/did-core/">https://w3c.github.io/did-core/</a></dd> | |
<dt>History:</dt><dd> | |
<a href="https://www.w3.org/standards/history/did-core">https://www.w3.org/standards/history/did-core</a> | |
</dd><dd> | |
<a href="https://github.com/w3c/did-core/commits/main">Commit history</a> | |
</dd> | |
<dt>Implementation report:</dt><dd> | |
<a href="https://w3c.github.io/did-test-suite/">https://w3c.github.io/did-test-suite/</a> | |
</dd> | |
<dt>Editors:</dt><dd class="editor p-author h-card vcard" data-editor-id="41758"> | |
<a class="u-url url p-name fn" href="http://manu.sporny.org/">Manu Sporny</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>) | |
</dd><dd class="editor p-author h-card vcard" data-editor-id="69000"> | |
<a class="u-url url p-name fn" href="https://rhiaro.co.uk/">Amy Guy</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>) | |
</dd><dd class="editor p-author h-card vcard" data-editor-id="46729"> | |
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/markus-sabadello-353a0821">Markus Sabadello</a> (<a class="p-org org h-org" href="https://danubetech.com/">Danube Tech</a>) | |
</dd><dd class="editor p-author h-card vcard" data-editor-id="3096"> | |
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/drummondreed/">Drummond Reed</a> (<a class="p-org org h-org" href="https://www.evernym.com/">Evernym/Avast</a>) | |
</dd> | |
<dt>Authors:</dt><dd class="editor p-author h-card vcard" data-editor-id="41758"> | |
<a class="u-url url p-name fn" href="http://manu.sporny.org/">Manu Sporny</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>) | |
</dd><dd class="editor p-author h-card vcard" data-editor-id="48025"> | |
<a class="u-url url p-name fn" href="https://github.com/dlongley">Dave Longley</a> (<a class="p-org org h-org" href="https://digitalbazaar.com/">Digital Bazaar</a>) | |
</dd><dd class="editor p-author h-card vcard" data-editor-id="46729"> | |
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/markus-sabadello-353a0821">Markus Sabadello</a> (<a class="p-org org h-org" href="https://danubetech.com/">Danube Tech</a>) | |
</dd><dd class="editor p-author h-card vcard" data-editor-id="3096"> | |
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/drummondreed/">Drummond Reed</a> (<a class="p-org org h-org" href="https://www.evernym.com/">Evernym/Avast</a>) | |
</dd><dd class="editor p-author h-card vcard"> | |
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/or13b/">Orie Steele</a> (<a class="p-org org h-org" href="https://www.transmute.industries/">Transmute</a>) | |
</dd><dd class="editor p-author h-card vcard" data-editor-id="85560"> | |
<a class="u-url url p-name fn" href="https://www.linkedin.com/in/christophera">Christopher Allen</a> (<a class="p-org org h-org" href="https://www.BlockchainCommons.com">Blockchain Commons</a>) | |
</dd> | |
<dt>Feedback:</dt><dd> | |
<a href="https://github.com/w3c/did-core/">GitHub w3c/did-core</a> | |
(<a href="https://github.com/w3c/did-core/pulls/">pull requests</a>, | |
<a href="https://github.com/w3c/did-core/issues/new/choose">new issue</a>, | |
<a href="https://github.com/w3c/did-core/issues/">open issues</a>) | |
</dd><dd><a href="mailto:public-did-wg@w3.org?subject=%5Bdid-core%5D%20YOUR%20TOPIC%20HERE">public-did-wg@w3.org</a> with subject line <kbd>[did-core] <em>… message topic …</em></kbd> (<a rel="discussion" href="https://lists.w3.org/Archives/Public/public-did-wg">archives</a>)</dd> | |
<dt>Errata:</dt><dd><a href="https://w3c.github.io/did-core/errata.html">Errata exists</a>.</dd> | |
<dt>Related Documents</dt><dd> | |
<a href="https://www.w3.org/TR/did-use-cases/">DID Use Cases and Requirements</a> | |
</dd><dd> | |
<a href="https://www.w3.org/TR/did-spec-registries/">DID Specification Registries</a> | |
</dd><dd> | |
<a href="https://w3c.github.io/did-test-suite/">DID Core Implementation Report</a> | |
</dd> | |
</dl> | |
</details> | |
<p> | |
See also | |
<a href="https://www.w3.org/Translations/?technology=did-core"> | |
<strong>translations</strong></a>. | |
</p> | |
<p class="copyright"> | |
<a href="https://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> | |
© | |
2022 | |
<a href="https://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="https://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, | |
<a href="https://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="https://www.keio.ac.jp/">Keio</a>, | |
<a href="https://ev.buaa.edu.cn/">Beihang</a>). W3C | |
<a href="https://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, | |
<a href="https://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and | |
<a rel="license" href="https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document" title="W3C Software and Document Notice and License">permissive document license</a> rules apply. | |
</p> | |
<hr title="Separator for header"> | |
</div> | |
<section id="abstract" class="introductory"><h2>Abstract</h2> | |
<p> | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-1">Decentralized identifiers</a> (DIDs) are a new type of identifier that | |
enables verifiable, decentralized digital identity. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-2">DID</a> refers to any | |
subject (e.g., a person, organization, thing, data model, abstract entity, etc.) | |
as determined by the controller of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-3">DID</a>. In contrast to | |
typical, federated identifiers, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-4">DIDs</a> have been designed so that they may | |
be decoupled from centralized registries, identity providers, and certificate | |
authorities. Specifically, while other parties might be used to help enable the | |
discovery of information related to a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-5">DID</a>, the design enables the | |
controller of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-6">DID</a> to prove control over it without requiring permission | |
from any other party. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-7">DIDs</a> are <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-1">URIs</a> that associate a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-1">DID | |
subject</a> with a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-1">DID document</a> allowing trustable interactions | |
associated with that subject. | |
</p> | |
<p> | |
Each <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-2">DID document</a> can express cryptographic material, <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-1">verification | |
methods</a>, or <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-1">services</a>, which provide a set of mechanisms enabling a | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-1">DID controller</a> to prove control of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-8">DID</a>. <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-2">Services</a> enable | |
trusted interactions associated with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-2">DID subject</a>. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-9">DID</a> might | |
provide the means to return the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-3">DID subject</a> itself, if the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-4">DID | |
subject</a> is an information resource such as a data model. | |
</p> | |
<p> | |
This document specifies the DID syntax, a common data model, core properties, | |
serialized representations, DID operations, and an explanation of the process | |
of resolving DIDs to the resources that they represent. | |
</p> | |
</section> | |
<section id="sotd" class="introductory"><h2>Status of This Document</h2><p><em>This section describes the status of this | |
document at the time of its publication. A list of current <abbr title="World Wide Web Consortium">W3C</abbr> | |
publications and the latest revision of this technical report can be found | |
in the <a href="https://www.w3.org/TR/"><abbr title="World Wide Web Consortium">W3C</abbr> technical reports index</a> at | |
https://www.w3.org/TR/.</em></p> | |
<p> | |
The <abbr title="World Wide Web Consortium">W3C</abbr> Decentralized Identifier Working Group has published this document as a | |
<abbr title="World Wide Web Consortium">W3C</abbr> Proposed Recommendation and is requesting that interested parties | |
review this specification by August 26th, 2021. | |
</p> | |
<p> | |
At the time of publication, there existed | |
<a href="https://w3c.github.io/did-spec-registries/#did-methods">103 | |
experimental DID Method specifications</a>, 32 experimental DID Method driver | |
implementations, a <a href="https://w3c.github.io/did-test-suite/">test suite</a> that determines | |
whether or not a given implementation is conformant with this specification | |
and 46 implementations submitted to the conformance test suite. | |
Readers are advised to heed the <a href="https://github.com/w3c/did-core/issues">DID Core issues</a> and <a href="https://github.com/w3c/did-test-suite/issues"> DID Core Test Suite | |
issues</a> that each contain the latest list of concerns and proposed changes | |
that might result in alterations to this specification. At the time of | |
publication, no additional substantive issues, changes, or modifications | |
are expected. | |
</p> | |
<p> | |
Comments regarding this document are welcome. Please file issues | |
directly on <a href="https://github.com/w3c/did-core/issues/">GitHub</a>, | |
or send them | |
to <a href="mailto:public-did-wg@w3.org">public-did-wg@w3.org</a> ( | |
<a href="mailto:public-did-wg-request@w3.org?subject=subscribe">subscribe</a>, | |
<a href="https://lists.w3.org/Archives/Public/public-did-wg/">archives</a>). | |
</p> | |
<p> | |
This document was published by the <a href="https://www.w3.org/groups/wg/did">Decentralized Identifier Working Group</a> as | |
a Recommendation using the | |
<a href="https://www.w3.org/2021/Process-20211102/#recs-and-notes">Recommendation track</a>. | |
</p><p> | |
<abbr title="World Wide Web Consortium">W3C</abbr> recommends the wide deployment of this specification as a standard for | |
the Web. | |
</p><p> | |
A <abbr title="World Wide Web Consortium">W3C</abbr> Recommendation is a specification that, after extensive | |
consensus-building, is endorsed by | |
<abbr title="World Wide Web Consortium">W3C</abbr> and its Members, and | |
has commitments from Working Group members to | |
<a href="https://www.w3.org/Consortium/Patent-Policy/#sec-Requirements">royalty-free licensing</a> | |
for implementations. | |
</p><p> | |
This document was produced by a group | |
operating under the | |
<a href="https://www.w3.org/Consortium/Patent-Policy/"><abbr title="World Wide Web Consortium">W3C</abbr> Patent | |
Policy</a>. | |
<abbr title="World Wide Web Consortium">W3C</abbr> maintains a | |
<a rel="disclosure" href="https://www.w3.org/groups/wg/did/ipr">public list of any patent disclosures</a> | |
made in connection with the deliverables of | |
the group; that page also includes | |
instructions for disclosing a patent. An individual who has actual | |
knowledge of a patent which the individual believes contains | |
<a href="https://www.w3.org/Consortium/Patent-Policy/#def-essential">Essential Claim(s)</a> | |
must disclose the information in accordance with | |
<a href="https://www.w3.org/Consortium/Patent-Policy/#sec-Disclosure">section 6 of the <abbr title="World Wide Web Consortium">W3C</abbr> Patent Policy</a>. | |
</p><p> | |
This document is governed by the | |
<a id="w3c_process_revision" href="https://www.w3.org/2021/Process-20211102/">2 November 2021 <abbr title="World Wide Web Consortium">W3C</abbr> Process Document</a>. | |
</p></section><nav id="toc"><h2 class="introductory" id="table-of-contents">Table of Contents</h2><ol class="toc"><li class="tocline"><a class="tocxref" href="#abstract">Abstract</a></li><li class="tocline"><a class="tocxref" href="#sotd">Status of This Document</a></li><li class="tocline"><a class="tocxref" href="#introduction"><bdi class="secno">1. </bdi>Introduction</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#a-simple-example"><bdi class="secno">1.1 </bdi>A Simple Example</a></li><li class="tocline"><a class="tocxref" href="#design-goals"><bdi class="secno">1.2 </bdi>Design Goals</a></li><li class="tocline"><a class="tocxref" href="#architecture-overview"><bdi class="secno">1.3 </bdi> | |
Architecture Overview | |
</a></li><li class="tocline"><a class="tocxref" href="#conformance"><bdi class="secno">1.4 </bdi>Conformance</a></li></ol></li><li class="tocline"><a class="tocxref" href="#terminology"><bdi class="secno">2. </bdi>Terminology</a></li><li class="tocline"><a class="tocxref" href="#identifier"><bdi class="secno">3. </bdi>Identifier</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-syntax"><bdi class="secno">3.1 </bdi>DID Syntax</a></li><li class="tocline"><a class="tocxref" href="#did-url-syntax"><bdi class="secno">3.2 </bdi>DID URL Syntax</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-parameters"><bdi class="secno">3.2.1 </bdi>DID Parameters</a></li><li class="tocline"><a class="tocxref" href="#relative-did-urls"><bdi class="secno">3.2.2 </bdi>Relative DID URLs</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#data-model"><bdi class="secno">4. </bdi>Data Model</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#extensibility"><bdi class="secno">4.1 </bdi>Extensibility</a></li></ol></li><li class="tocline"><a class="tocxref" href="#core-properties"><bdi class="secno">5. </bdi>Core Properties</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#identifiers"><bdi class="secno">5.1 </bdi>Identifiers</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-subject"><bdi class="secno">5.1.1 </bdi>DID Subject</a></li><li class="tocline"><a class="tocxref" href="#did-controller"><bdi class="secno">5.1.2 </bdi>DID Controller</a></li><li class="tocline"><a class="tocxref" href="#also-known-as"><bdi class="secno">5.1.3 </bdi>Also Known As</a></li></ol></li><li class="tocline"><a class="tocxref" href="#verification-methods"><bdi class="secno">5.2 </bdi>Verification Methods</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#verification-material"><bdi class="secno">5.2.1 </bdi>Verification Material</a></li><li class="tocline"><a class="tocxref" href="#referring-to-verification-methods"><bdi class="secno">5.2.2 </bdi>Referring to Verification Methods</a></li></ol></li><li class="tocline"><a class="tocxref" href="#verification-relationships"><bdi class="secno">5.3 </bdi>Verification Relationships</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#authentication"><bdi class="secno">5.3.1 </bdi>Authentication</a></li><li class="tocline"><a class="tocxref" href="#assertion"><bdi class="secno">5.3.2 </bdi>Assertion</a></li><li class="tocline"><a class="tocxref" href="#key-agreement"><bdi class="secno">5.3.3 </bdi>Key Agreement</a></li><li class="tocline"><a class="tocxref" href="#capability-invocation"><bdi class="secno">5.3.4 </bdi>Capability Invocation</a></li><li class="tocline"><a class="tocxref" href="#capability-delegation"><bdi class="secno">5.3.5 </bdi>Capability Delegation</a></li></ol></li><li class="tocline"><a class="tocxref" href="#services"><bdi class="secno">5.4 </bdi>Services</a></li></ol></li><li class="tocline"><a class="tocxref" href="#representations"><bdi class="secno">6. </bdi>Representations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#production-and-consumption"><bdi class="secno">6.1 </bdi>Production and Consumption</a></li><li class="tocline"><a class="tocxref" href="#json"><bdi class="secno">6.2 </bdi>JSON</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#production"><bdi class="secno">6.2.1 </bdi>Production</a></li><li class="tocline"><a class="tocxref" href="#consumption"><bdi class="secno">6.2.2 </bdi>Consumption</a></li></ol></li><li class="tocline"><a class="tocxref" href="#json-ld"><bdi class="secno">6.3 </bdi>JSON-LD</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#production-0"><bdi class="secno">6.3.1 </bdi>Production</a></li><li class="tocline"><a class="tocxref" href="#consumption-0"><bdi class="secno">6.3.2 </bdi>Consumption</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#resolution"><bdi class="secno">7. </bdi>Resolution</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-resolution"><bdi class="secno">7.1 </bdi>DID Resolution</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-resolution-options"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</a></li><li class="tocline"><a class="tocxref" href="#did-resolution-metadata"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a></li><li class="tocline"><a class="tocxref" href="#did-document-metadata"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</a></li></ol></li><li class="tocline"><a class="tocxref" href="#did-url-dereferencing"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-url-dereferencing-options"><bdi class="secno">7.2.1 </bdi>DID URL Dereferencing Options</a></li><li class="tocline"><a class="tocxref" href="#did-url-dereferencing-metadata"><bdi class="secno">7.2.2 </bdi>DID URL Dereferencing Metadata</a></li></ol></li><li class="tocline"><a class="tocxref" href="#metadata-structure"><bdi class="secno">7.3 </bdi>Metadata Structure</a></li></ol></li><li class="tocline"><a class="tocxref" href="#methods"><bdi class="secno">8. </bdi>Methods</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#method-syntax"><bdi class="secno">8.1 </bdi>Method Syntax</a></li><li class="tocline"><a class="tocxref" href="#method-operations"><bdi class="secno">8.2 </bdi>Method Operations</a></li><li class="tocline"><a class="tocxref" href="#security-requirements"><bdi class="secno">8.3 </bdi>Security Requirements</a></li><li class="tocline"><a class="tocxref" href="#privacy-requirements"><bdi class="secno">8.4 </bdi>Privacy Requirements</a></li></ol></li><li class="tocline"><a class="tocxref" href="#security-considerations"><bdi class="secno">9. </bdi>Security Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#choosing-did-resolvers"><bdi class="secno">9.1 </bdi>Choosing DID Resolvers</a></li><li class="tocline"><a class="tocxref" href="#proving-control-and-binding"><bdi class="secno">9.2 </bdi>Proving Control and Binding</a></li><li class="tocline"><a class="tocxref" href="#authentication-service-endpoints"><bdi class="secno">9.3 </bdi>Authentication Service Endpoints</a></li><li class="tocline"><a class="tocxref" href="#non-repudiation"><bdi class="secno">9.4 </bdi>Non-Repudiation</a></li><li class="tocline"><a class="tocxref" href="#notification-of-did-document-changes"><bdi class="secno">9.5 </bdi>Notification of DID Document Changes</a></li><li class="tocline"><a class="tocxref" href="#key-and-signature-expiration"><bdi class="secno">9.6 </bdi>Key and Signature Expiration</a></li><li class="tocline"><a class="tocxref" href="#verification-method-rotation"><bdi class="secno">9.7 </bdi>Verification Method Rotation</a></li><li class="tocline"><a class="tocxref" href="#verification-method-revocation"><bdi class="secno">9.8 </bdi>Verification Method Revocation</a></li><li class="tocline"><a class="tocxref" href="#did-recovery"><bdi class="secno">9.9 </bdi>DID Recovery</a></li><li class="tocline"><a class="tocxref" href="#the-role-of-human-friendly-identifiers"><bdi class="secno">9.10 </bdi>The Role of Human-Friendly Identifiers</a></li><li class="tocline"><a class="tocxref" href="#dids-as-enhanced-urns"><bdi class="secno">9.11 </bdi>DIDs as Enhanced URNs</a></li><li class="tocline"><a class="tocxref" href="#immutability"><bdi class="secno">9.12 </bdi>Immutability</a></li><li class="tocline"><a class="tocxref" href="#encrypted-data-in-did-documents"><bdi class="secno">9.13 </bdi>Encrypted Data in DID Documents</a></li><li class="tocline"><a class="tocxref" href="#equivalence-properties"><bdi class="secno">9.14 </bdi>Equivalence Properties</a></li><li class="tocline"><a class="tocxref" href="#content-integrity-protection"><bdi class="secno">9.15 </bdi>Content Integrity Protection</a></li><li class="tocline"><a class="tocxref" href="#persistence"><bdi class="secno">9.16 </bdi>Persistence</a></li><li class="tocline"><a class="tocxref" href="#level-of-assurance"><bdi class="secno">9.17 </bdi>Level of Assurance</a></li></ol></li><li class="tocline"><a class="tocxref" href="#privacy-considerations"><bdi class="secno">10. </bdi>Privacy Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#keep-personal-data-private"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a></li><li class="tocline"><a class="tocxref" href="#did-correlation-risks"><bdi class="secno">10.2 </bdi>DID Correlation Risks</a></li><li class="tocline"><a class="tocxref" href="#did-document-correlation-risks"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</a></li><li class="tocline"><a class="tocxref" href="#did-subject-classification"><bdi class="secno">10.4 </bdi>DID Subject Classification</a></li><li class="tocline"><a class="tocxref" href="#herd-privacy"><bdi class="secno">10.5 </bdi>Herd Privacy</a></li><li class="tocline"><a class="tocxref" href="#service-privacy"><bdi class="secno">10.6 </bdi>Service Privacy</a></li></ol></li><li class="tocline"><a class="tocxref" href="#examples"><bdi class="secno">A. </bdi>Examples</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#did-documents"><bdi class="secno">A.1 </bdi>DID Documents</a></li><li class="tocline"><a class="tocxref" href="#proving"><bdi class="secno">A.2 </bdi>Proving</a></li><li class="tocline"><a class="tocxref" href="#encrypting"><bdi class="secno">A.3 </bdi>Encrypting</a></li></ol></li><li class="tocline"><a class="tocxref" href="#architectural-considerations"><bdi class="secno">B. </bdi>Architectural Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#detailed-architecture-diagram"><bdi class="secno">B.1 </bdi>Detailed Architecture Diagram</a></li><li class="tocline"><a class="tocxref" href="#creation-of-a-did"><bdi class="secno">B.2 </bdi>Creation of a DID</a></li><li class="tocline"><a class="tocxref" href="#determining-the-did-subject"><bdi class="secno">B.3 </bdi>Determining the DID subject</a></li><li class="tocline"><a class="tocxref" href="#referring-to-the-did-document"><bdi class="secno">B.4 </bdi>Referring to the DID document</a></li><li class="tocline"><a class="tocxref" href="#statements-in-the-did-document"><bdi class="secno">B.5 </bdi>Statements in the DID document</a></li><li class="tocline"><a class="tocxref" href="#discovering-more-information-about-the-did-subject"><bdi class="secno">B.6 </bdi>Discovering more information about the DID subject</a></li><li class="tocline"><a class="tocxref" href="#serving-a-representation-of-the-did-subject"><bdi class="secno">B.7 </bdi>Serving a representation of the DID subject</a></li><li class="tocline"><a class="tocxref" href="#assigning-dids-to-existing-web-resources"><bdi class="secno">B.8 </bdi>Assigning DIDs to existing web resources</a></li><li class="tocline"><a class="tocxref" href="#the-relationship-between-did-controllers-and-did-subjects"><bdi class="secno">B.9 </bdi>The relationship between DID controllers and DID subjects</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#set-1-the-did-subject-is-the-did-controller"><bdi class="secno">B.9.1 </bdi>Set #1: The DID subject <em>is</em> the DID controller</a></li><li class="tocline"><a class="tocxref" href="#set-2-the-did-subject-is-not-the-did-controller"><bdi class="secno">B.9.2 </bdi>Set #2: The DID subject is <em>not</em> the DID controller</a></li></ol></li><li class="tocline"><a class="tocxref" href="#multiple-did-controllers"><bdi class="secno">B.10 </bdi>Multiple DID controllers</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#independent-control"><bdi class="secno">B.10.1 </bdi>Independent Control</a></li><li class="tocline"><a class="tocxref" href="#group-control"><bdi class="secno">B.10.2 </bdi>Group Control</a></li></ol></li><li class="tocline"><a class="tocxref" href="#changing-the-did-subject"><bdi class="secno">B.11 </bdi>Changing the DID subject</a></li><li class="tocline"><a class="tocxref" href="#changing-the-did-controller"><bdi class="secno">B.12 </bdi>Changing the DID controller</a></li></ol></li><li class="tocline"><a class="tocxref" href="#revision-history"><bdi class="secno">C. </bdi>Revision History</a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</a></li><li class="tocline"><a class="tocxref" href="#iana-considerations"><bdi class="secno">E. </bdi>IANA Considerations</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#application-did-json"><bdi class="secno">E.1 </bdi>application/did+json</a></li><li class="tocline"><a class="tocxref" href="#application-did-ld-json"><bdi class="secno">E.2 </bdi>application/did+ld+json</a></li></ol></li><li class="tocline"><a class="tocxref" href="#references"><bdi class="secno">F. </bdi>References</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#normative-references"><bdi class="secno">F.1 </bdi>Normative references</a></li><li class="tocline"><a class="tocxref" href="#informative-references"><bdi class="secno">F.2 </bdi>Informative references</a></li></ol></li></ol></nav> | |
<section class="informative" id="introduction"><div class="header-wrapper"><h2 id="x1-introduction"><bdi class="secno">1. </bdi>Introduction</h2><a class="self-link" href="#introduction" aria-label="Permalink for Section 1."></a></div><p><em>This section is non-normative.</em></p> | |
<p> | |
As individuals and organizations, many of us use globally unique identifiers in | |
a wide variety of contexts. They serve as communications addresses (telephone | |
numbers, email addresses, usernames on social media), ID numbers (for passports, | |
drivers licenses, tax IDs, health insurance), and product identifiers (serial | |
numbers, barcodes, RFIDs). URIs (Uniform Resource Identifiers) are used for | |
resources on the Web and each web page you view in a browser has a globally | |
unique URL (Uniform Resource Locator). | |
</p> | |
<p> | |
The vast majority of these globally unique identifiers are not under our | |
control. They are issued by external authorities that decide who or what they | |
refer to and when they can be revoked. They are useful only in certain contexts | |
and recognized only by certain bodies not of our choosing. They might | |
disappear or cease to be valid with the failure of an organization. They might | |
unnecessarily reveal personal information. In many cases, they can be | |
fraudulently replicated and asserted by a malicious third-party, which is | |
more commonly known as "identity theft". | |
</p> | |
<p> | |
The Decentralized Identifiers (DIDs) defined in this specification are a new | |
type of globally unique identifier. They are designed to enable individuals and | |
organizations to generate their own identifiers using systems they trust. These | |
new identifiers enable entities to prove control over them by authenticating | |
using cryptographic proofs such as digital signatures. | |
</p> | |
<p> | |
Since the generation and assertion of Decentralized Identifiers is | |
entity-controlled, each entity can have as many DIDs as necessary to maintain | |
their desired separation of identities, personas, and interactions. The use of | |
these identifiers can be scoped appropriately to different contexts. They | |
support interactions with other people, institutions, or systems that require | |
entities to identify themselves, or things they control, while providing control | |
over how much personal or private data should be revealed, all without depending | |
on a central authority to guarantee the continued existence of the identifier. | |
These ideas are explored in the DID Use Cases document [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-use-cases" title="Use Cases and Requirements for Decentralized Identifiers">DID-USE-CASES</a></cite>]. | |
</p> | |
<p> | |
This specification does not presuppose any particular technology or cryptography | |
to underpin the generation, persistence, resolution, or interpretation of DIDs. | |
For example, implementers can create Decentralized Identifiers based on | |
identifiers registered in federated or centralized identity management systems. | |
Indeed, almost all types of identifier systems can add support for DIDs. This | |
creates an interoperability bridge between the worlds of centralized, federated, | |
and decentralized identifiers. This also enables implementers to design specific | |
types of DIDs to work with the computing infrastructure they trust, such as | |
distributed ledgers, decentralized file systems, distributed databases, and | |
peer-to-peer networks. | |
</p> | |
<p> | |
This specification is for: | |
</p> | |
<ul> | |
<li> | |
Anyone that wants to understand the core architectural principles that | |
are the foundation for Decentralized Identifiers; | |
</li> | |
<li> | |
Software developers that want to produce and consume Decentralized Identifiers | |
and their associated data formats; | |
</li> | |
<li> | |
Systems integrators that want to understand how to use Decentralized | |
Identifiers in their software and hardware systems; | |
</li> | |
<li> | |
Specification authors that want to create new DID infrastructures, known as DID | |
methods, that conform to the ecosystem described by this document. | |
</li> | |
</ul> | |
<p> | |
In addition to this specification, readers might find the | |
Use Cases and Requirements for Decentralized Identifiers [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-use-cases" title="Use Cases and Requirements for Decentralized Identifiers">DID-USE-CASES</a></cite>] | |
document useful. | |
</p> | |
<section class="informative" id="a-simple-example"><div class="header-wrapper"><h3 id="x1-1-a-simple-example"><bdi class="secno">1.1 </bdi>A Simple Example</h3><a class="self-link" href="#a-simple-example" aria-label="Permalink for Section 1.1"></a></div><p><em>This section is non-normative.</em></p> | |
<p> | |
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-10">DID</a> is a simple text string consisting of three parts: 1) the | |
<code>did</code> URI scheme identifier, 2) the identifier for the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-1">DID | |
method</a>, and 3) the DID method-specific identifier. | |
</p> | |
<figure id="parts-of-a-did"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/parts-of-a-did.svg" alt=" | |
A diagram showing the parts of a DID. The left-most letters spell 'did' in blue, | |
are enclosed in a horizontal bracket from above and a label that reads 'scheme' | |
above the bracket. A gray colon follows the 'did' letters. The middle letters | |
spell 'example' in magenta, are enclosed in a horizontal bracket from below and | |
a label that reads 'DID Method' below the bracket. A gray colon follows the | |
DID Method. Finally, the letters at the end read '123456789abcdefghi' in | |
green, are enclosed in a horizontal bracket from below and a label that | |
reads 'DID Method Specific String' below the bracket. | |
" height="157" width="500"> | |
<figcaption>Figure <bdi class="figno">1</bdi> <span class="fig-title"> | |
A simple example of a decentralized identifier (DID) | |
</span></figcaption> | |
</figure> | |
<p> | |
The example <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-11">DID</a> above resolves to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-3">DID document</a>. A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-4">DID | |
document</a> contains information associated with the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-12">DID</a>, such as ways | |
to cryptographically <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-1">authenticate</a> a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-2">DID controller</a>. | |
</p> | |
<div class="example" id="example-a-simple-did-document"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-simple-did-document">Example<bdi> 1</bdi></a><span class="example-title">: A simple DID document</span> | |
</div> <pre class="nohighlight">{ | |
"@context": [ | |
"https://www.w3.org/ns/did/v1", | |
"https://w3id.org/security/suites/ed25519-2020/v1" | |
] | |
"id": "did:example:123456789abcdefghi", | |
"authentication": [{ | |
<span class="comment">// used to authenticate as did:...fghi</span> | |
"id": "did:example:123456789abcdefghi#keys-1", | |
"type": "Ed25519VerificationKey2020", | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
}] | |
}</pre> | |
</div> | |
</section> | |
<section class="informative" id="design-goals"><div class="header-wrapper"><h3 id="x1-2-design-goals"><bdi class="secno">1.2 </bdi>Design Goals</h3><a class="self-link" href="#design-goals" aria-label="Permalink for Section 1.2"></a></div><p><em>This section is non-normative.</em></p> | |
<p> | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-13">Decentralized Identifiers</a> are a component of larger systems, such as the | |
Verifiable Credentials ecosystem [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>], which influenced the design | |
goals for this specification. The design goals for Decentralized Identifiers | |
are summarized here. | |
</p> | |
<table class="simple"> | |
<thead> | |
<tr> | |
<th> | |
Goal | |
</th> | |
<th> | |
Description | |
</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td> | |
Decentralization | |
</td> | |
<td> | |
Eliminate the requirement for centralized authorities or single point failure in | |
identifier management, including the registration of globally unique | |
identifiers, public verification keys, <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-3">services</a>, and other information. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Control | |
</td> | |
<td> | |
Give entities, both human and non-human, the power to directly control their | |
digital identifiers without the need to rely on external authorities. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Privacy | |
</td> | |
<td> | |
Enable entities to control the privacy of their information, including minimal, | |
selective, and progressive disclosure of attributes or other data. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Security | |
</td> | |
<td> | |
Enable sufficient security for requesting parties to depend on <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-5">DID | |
documents</a> for their required level of assurance. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Proof-based | |
</td> | |
<td> | |
Enable <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-3">DID controllers</a> to provide cryptographic proof when interacting | |
with other entities. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Discoverability | |
</td> | |
<td> | |
Make it possible for entities to discover <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-14">DIDs</a> for other entities, to | |
learn more about or interact with those entities. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Interoperability | |
</td> | |
<td> | |
Use interoperable standards so <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-15">DID</a> infrastructure can make use of | |
existing tools and software libraries designed for interoperability. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Portability | |
</td> | |
<td> | |
Be system- and network-independent and enable entities to use their digital | |
identifiers with any system that supports <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-16">DIDs</a> and <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-2">DID methods</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Simplicity | |
</td> | |
<td> | |
Favor a reduced set of simple features to make the technology easier to | |
understand, implement, and deploy. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
Extensibility | |
</td> | |
<td> | |
Where possible, enable extensibility provided it does not greatly hinder | |
interoperability, portability, or simplicity. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
</section> | |
<section class="informative" id="architecture-overview"><div class="header-wrapper"><h3 id="x1-3-architecture-overview"><bdi class="secno">1.3 </bdi> | |
Architecture Overview | |
</h3><a class="self-link" href="#architecture-overview" aria-label="Permalink for Section 1.3"></a></div><p><em>This section is non-normative.</em></p> | |
<p> | |
This section provides a basic overview of the major components of | |
Decentralized Identifier architecture. | |
</p> | |
<figure id="brief-architecture-overview"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/did_brief_architecture_overview.svg" alt=" | |
DIDs and DID documents are recorded on a Verifiable Data Registry; DIDs resolve | |
to DID documents; DIDs refer to DID subjects; a DID controller controls a DID | |
document; DID URLs contains a DID; DID URLs dereferenced to DID document | |
fragments or external resources. | |
" height="555" width="944"> | |
<figcaption>Figure <bdi class="figno">2</bdi> <span class="fig-title"> | |
Overview of DID architecture and the relationship of the basic components. | |
See also: <a class="longdesc-link" href="#brief-architecture-overview-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="brief-architecture-overview-longdesc"> | |
<p> | |
Six internally-labeled shapes appear in the diagram, with labeled arrows | |
between them, as follows. In the center of the diagram is a rectangle labeled | |
DID URL, containing small typewritten text "did:example:123/path/to/rsrc". At | |
the center top of the diagram is a rectangle labeled, "DID", containing small | |
typewritten text "did:example:123". At the top left of the diagram is an oval, | |
labeled "DID Subject". At the bottom center of the diagram is a rectangle | |
labeled, "DID document". At the bottom left is an oval, labeled, "DID | |
Controller". On the center right of the diagram is a two-dimensional rendering | |
of a cylinder, labeled, "Verifiable Data Registry". | |
</p> | |
<p> | |
From the top of the "DID URL" rectangle, an arrow, labeled "contains", extends | |
upwards, pointing to the "DID" rectangle. From the bottom of the "DID URL" | |
rectangle, an arrow, labeled "refers, and | |
<strong><em>dereferences</em></strong>, to", extends downward, pointing to the | |
"DID document" rectangle. An arrow from the "DID" rectangle, labeled | |
"<strong><em>resolves</em></strong> to", points down to the "DID document" | |
rectangle. An arrow from the "DID" rectangle, labeled "refers to", points left | |
to the "DID subject" oval. An arrow from the "DID controller" oval, labeled | |
"controls", points right to the "DID document" rectangle. An arrow from the | |
"DID" rectangle, labeled "recorded on", points downards to the right, to the | |
"Verifiable Data Registry" cylinder. An arrow from the "DID document" rectangle, | |
labeled "recorded on", points upwards to the right to the "Verifiable Data | |
Registry" cylinder. | |
</p> | |
</div> | |
<dl> | |
<dt> | |
DIDs and DID URLs | |
</dt> | |
<dd> | |
A Decentralized Identifier, or <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-17">DID</a>, is a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-2">URI</a> composed of three | |
parts: the scheme <code>did:</code>, a method identifier, and a unique, | |
method-specific identifier specified by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-3">DID method</a>. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-18">DIDs</a> are | |
resolvable to <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-6">DID documents</a>. A <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-1">DID URL</a> extends the syntax of a | |
basic <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-19">DID</a> to incorporate other standard <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-3">URI</a> components such as | |
path, query, and fragment in order to locate a particular | |
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-1">resource</a>—for example, a cryptographic public key inside a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-7">DID | |
document</a>, or a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-2">resource</a> external to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-8">DID document</a>. | |
These concepts are elaborated upon in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a> and <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>. | |
</dd> | |
<dt> | |
DID subjects | |
</dt> | |
<dd> | |
The subject of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-20">DID</a> is, by definition, the entity identified by the | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-21">DID</a>. The <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-5">DID subject</a> might also be the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-4">DID controller</a>. | |
Anything can be the subject of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-22">DID</a>: person, group, organization, | |
thing, or concept. This is further defined in <a href="#did-subject" class="sec-ref"><bdi class="secno">5.1.1 </bdi>DID Subject</a>. | |
</dd> | |
<dt> | |
DID controllers | |
</dt> | |
<dd> | |
The <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-1">controller</a> of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-23">DID</a> is the entity (person, organization, or | |
autonomous software) that has the capability—as defined by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-4">DID | |
method</a>—to make changes to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-9">DID document</a>. This capability is | |
typically asserted by the control of a set of cryptographic keys used by | |
software acting on behalf of the controller, though it might also be asserted | |
via other mechanisms. Note that a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-24">DID</a> might have more than one | |
controller, and the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-6">DID subject</a> can be the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-5">DID controller</a>, or one | |
of them. This concept is documented in <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>. | |
</dd> | |
<dt> | |
Verifiable data registries | |
</dt> | |
<dd> | |
In order to be resolvable to <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-10">DID documents</a>, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-25">DIDs</a> are typically | |
recorded on an underlying system or network of some kind. Regardless of the | |
specific technology used, any such system that supports recording <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-26">DIDs</a> | |
and returning data necessary to produce <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-11">DID documents</a> is called a | |
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-1">verifiable data registry</a>. Examples include <a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-1">distributed ledgers</a>, | |
decentralized file systems, databases of any kind, peer-to-peer networks, and | |
other forms of trusted data storage. This concept is further elaborated upon in | |
<a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>. | |
</dd> | |
<dt> | |
DID documents | |
</dt> | |
<dd> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-12">DID documents</a> contain information associated with a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-27">DID</a>. They | |
typically express <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-2">verification methods</a>, such as cryptographic public | |
keys, and <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-4">services</a> relevant to interactions with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-7">DID subject</a>. | |
The generic properties supported in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-13">DID document</a> are specified in <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>. A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-14">DID document</a> can be serialized to a byte | |
stream (see <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>). The properties present in | |
a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-15">DID document</a> can be updated according to the applicable operations | |
outlined in <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>. | |
</dd> | |
<dt> | |
DID methods | |
</dt> | |
<dd> | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-5">DID methods</a> are the mechanism by which a particular type of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-28">DID</a> | |
and its associated <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-16">DID document</a> are created, resolved, updated, and | |
deactivated. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-6">DID methods</a> are defined using separate DID method | |
specifications as defined in <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>. | |
</dd> | |
<dt> | |
DID resolvers and DID resolution | |
</dt> | |
<dd> | |
A <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-1">DID resolver</a> is a system component that takes a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-29">DID</a> as input and | |
produces a conforming <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-17">DID document</a> as output. This process is called | |
<a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-1">DID resolution</a>. The steps for resolving a specific type of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-30">DID</a> are | |
defined by the relevant <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-7">DID method</a> specification. The process of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-2">DID | |
resolution</a> is elaborated upon in <a href="#resolution" class="sec-ref"><bdi class="secno">7. </bdi>Resolution</a>. | |
</dd> | |
<dt> | |
DID URL dereferencers and DID URL dereferencing | |
</dt> | |
<dd> | |
A <a href="#dfn-did-url-dereferencers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencers-1">DID URL dereferencer</a> is a system component that takes a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-2">DID URL</a> | |
as input and produces a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-3">resource</a> as output. This process is | |
called <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-1">DID URL dereferencing</a>. The process of <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-2">DID URL dereferencing</a> | |
is elaborated upon in <a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>. | |
</dd> | |
</dl> | |
</section> | |
<section id="conformance"><div class="header-wrapper"><h3 id="x1-4-conformance"><bdi class="secno">1.4 </bdi>Conformance</h3><a class="self-link" href="#conformance" aria-label="Permalink for Section 1.4"></a></div><p>As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.</p><p> | |
The key words <em class="rfc2119">MAY</em>, <em class="rfc2119">MUST</em>, <em class="rfc2119">MUST NOT</em>, <em class="rfc2119">OPTIONAL</em>, <em class="rfc2119">RECOMMENDED</em>, <em class="rfc2119">REQUIRED</em>, <em class="rfc2119">SHOULD</em>, and <em class="rfc2119">SHOULD NOT</em> in this document | |
are to be interpreted as described in | |
<a href="https://datatracker.ietf.org/doc/html/bcp14">BCP 14</a> | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc2119" title="Key words for use in RFCs to Indicate Requirement Levels">RFC2119</a></cite>] [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8174" title="Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words">RFC8174</a></cite>] | |
when, and only when, they appear in all capitals, as shown here. | |
</p> | |
<p> | |
This document contains examples that contain JSON and JSON-LD content. | |
Some of these examples contain characters that are invalid, such as inline | |
comments (<code>//</code>) and the use of ellipsis (<code>...</code>) to denote | |
information that adds little value to the example. Implementers are cautioned to | |
remove this content if they desire to use the information as valid JSON | |
or JSON-LD. | |
</p> | |
<p> | |
Some examples contain terms, both property names and values, that are not | |
defined in this specification. These are indicated with a comment (<code>// | |
external (property name|value)</code>). Such terms, when used in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-18">DID | |
document</a>, are expected to be registered in the DID Specification Registries | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] with links to both a formal definition and a JSON-LD | |
context. | |
</p> | |
<p> | |
Interoperability of implementations for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-31">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-19">DID documents</a> is | |
tested by evaluating an implementation's ability to create and parse <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-32">DIDs</a> | |
and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-20">DID documents</a> that conform to this specification. Interoperability | |
for producers and consumers of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-33">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-21">DID documents</a> is provided | |
by ensuring the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-34">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-22">DID documents</a> conform. Interoperability | |
for <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-8">DID method</a> specifications is provided by the details in each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-9">DID | |
method</a> specification. It is understood that, in the same way that a web | |
browser is not required to implement all known <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-4">URI</a> schemes, conformant | |
software that works with <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-35">DIDs</a> is not required to implement all known | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-10">DID methods</a>. However, all implementations of a given <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-11">DID method</a> | |
are expected to be interoperable for that method. | |
</p> | |
<p> | |
A <dfn data-plurals="conforming dids" id="dfn-conforming-did" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID</dfn> is any concrete expression of the rules specified in | |
<a href="#identifier" class="sec-ref"><bdi class="secno">3. </bdi>Identifier</a> which complies with relevant normative statements in | |
that section. | |
</p> | |
<p> | |
A <dfn data-plurals="conforming did documents" id="dfn-conforming-did-document" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID document</dfn> is any concrete expression of the data | |
model described in this specification which complies with the relevant normative | |
statements in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a> and <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>. A | |
serialization format for the conforming document is deterministic, | |
bi-directional, and lossless, as described in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>. | |
</p> | |
<p> | |
A <dfn data-plurals="conforming producers" id="dfn-conforming-producer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming producer</dfn> is any algorithm realized as software and/or | |
hardware that generates <a href="#dfn-conforming-did" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-1">conforming DIDs</a> or <a href="#dfn-conforming-did-document" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-document-1">conforming DID | |
Documents</a> and complies with the relevant normative statements in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>. | |
</p> | |
<p> | |
A <dfn data-plurals="conforming consumers" id="dfn-conforming-consumer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming consumer</dfn> is any algorithm realized as software and/or | |
hardware that consumes <a href="#dfn-conforming-did" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-2">conforming DIDs</a> or <a href="#dfn-conforming-did-document" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-document-2">conforming DID documents</a> | |
and complies with the relevant normative statements in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>. | |
</p> | |
<p> | |
A <dfn class="lint-ignore" id="dfn-conforming-did-resolver" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID resolver</dfn> is any algorithm | |
realized as software and/or hardware that complies with the relevant normative | |
statements in <a href="#did-resolution" class="sec-ref"><bdi class="secno">7.1 </bdi>DID Resolution</a>. | |
</p> | |
<p> | |
A <dfn class="lint-ignore" id="dfn-conforming-did-url-dereferencer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID URL dereferencer</dfn> is any | |
algorithm realized as software and/or hardware that complies with the relevant | |
normative statements in <a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>. | |
</p> | |
<p> | |
A <dfn class="lint-ignore" id="dfn-conforming-did-method" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">conforming DID method</dfn> is any specification that | |
complies with the relevant normative statements in <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>. | |
</p> | |
</section> | |
</section> | |
<section class="informative" id="terminology"><div class="header-wrapper"><h2 id="x2-terminology"><bdi class="secno">2. </bdi>Terminology</h2><a class="self-link" href="#terminology" aria-label="Permalink for Section 2."></a></div><p><em>This section is non-normative.</em></p> | |
<div><p> | |
This section defines the terms used in this specification and throughout | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-36">decentralized identifier</a> infrastructure. A link to these terms is | |
included whenever they appear in this specification. | |
</p> | |
<dl class="termlist"> | |
<dt><dfn data-lt="amplification|amplification attack" id="dfn-amplification" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">amplification attack</dfn></dt> | |
<dd> | |
A class of attack where the attacker attempts to exhaust a target system's | |
CPU, storage, network, or other resources by providing small, valid inputs into | |
the system that result in damaging effects that can be exponentially more costly | |
to process than the inputs themselves. | |
</dd> | |
<dt><dfn data-lt="authenticated|authenticate" id="dfn-authenticated" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">authenticate</dfn></dt> | |
<dd> | |
Authentication is a process by which an entity can prove it has a specific | |
attribute or controls a specific secret using one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-3">verification | |
methods</a>. With <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-37">DIDs</a>, a common example would be proving control of the | |
cryptographic private key associated with a public key published in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-23">DID | |
document</a>. | |
</dd> | |
<dt><dfn data-lt="cryptosuite|cryptographic suite" id="dfn-cryptosuite" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">cryptographic suite</dfn></dt> | |
<dd> | |
A specification defining the usage of specific cryptographic primitives in | |
order to achieve a particular security goal. These documents are often used | |
to specify <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-4">verification methods</a>, digital signature types, | |
their identifiers, and other related properties. | |
</dd> | |
<dt><dfn data-lt="decentralized identifiers|DID|DIDs|decentralized identifier" data-plurals="dids|did" id="dfn-decentralized-identifiers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">decentralized identifier</dfn> (DID)</dt> | |
<dd> | |
A globally unique persistent identifier that does not require a centralized | |
registration authority and is often generated and/or registered | |
cryptographically. The generic format of a DID is defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. A specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-1">DID scheme</a> is defined in a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-12">DID | |
method</a> specification. Many—but not all—DID methods make use of | |
<a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-2">distributed ledger technology</a> (DLT) or some other form of decentralized | |
network. | |
</dd> | |
<dt><dfn id="dfn-decentralized-identity-management" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">decentralized identity management</dfn></dt> | |
<dd> | |
<a href="https://en.wikipedia.org/wiki/Identity_management">Identity | |
management</a> that is based on the use of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-38">decentralized identifiers</a>. | |
Decentralized identity management extends authority for identifier generation, | |
registration, and assignment beyond traditional roots of trust such as | |
<a href="https://en.wikipedia.org/wiki/X.500">X.500 directory services</a>, | |
the <a href="https://en.wikipedia.org/wiki/Domain_Name_System">Domain Name System</a>, | |
and most national ID systems. | |
</dd> | |
<dt><dfn data-lt="did controllers|did controller(s)|DID controller" id="dfn-did-controllers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID controller</dfn></dt> | |
<dd> | |
An entity that has the capability to make changes to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-25">DID document</a>. A | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-40">DID</a> might have more than one DID controller. The DID controller(s) | |
can be denoted by the optional <code>controller</code> property at the top level of the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-26">DID document</a>. Note that a DID controller might be the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-8">DID | |
subject</a>. | |
</dd> | |
<dt><dfn id="dfn-did-delegate" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID delegate</dfn></dt> | |
<dd> | |
An entity to whom a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-6">DID controller</a> has granted permission to use a | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-5">verification method</a> associated with a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-41">DID</a> via a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-27">DID | |
document</a>. For example, a parent who controls a child's <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-28">DID document</a> | |
might permit the child to use their personal device in order to | |
<a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-2">authenticate</a>. In this case, the child is the <a href="#dfn-did-delegate" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-delegate-1">DID delegate</a>. The | |
child's personal device would contain the private cryptographic material | |
enabling the child to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-3">authenticate</a> using the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-42">DID</a>. However, the child | |
might not be permitted to add other personal devices without the parent's | |
permission. | |
</dd> | |
<dt><dfn data-lt="DID documents|DID document" data-plurals="did documents" id="dfn-did-documents" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID document</dfn></dt> | |
<dd> | |
A set of data describing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-9">DID subject</a>, including mechanisms, such as | |
cryptographic public keys, that the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-10">DID subject</a> or a <a href="#dfn-did-delegate" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-delegate-2">DID delegate</a> | |
can use to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-4">authenticate</a> itself and prove its association with the | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-43">DID</a>. A DID document might have one or more different | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-1">representations</a> as defined in <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a> or in the | |
<abbr title="World Wide Web Consortium">W3C</abbr> DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</dd> | |
<dt><dfn data-lt="DID fragments|DID fragment" data-plurals="did fragments" id="dfn-did-fragments" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID fragment</dfn></dt> | |
<dd> | |
The portion of a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-3">DID URL</a> that follows the first hash sign character | |
(<code>#</code>). DID fragment syntax is identical to URI fragment syntax. | |
</dd> | |
<dt><dfn data-lt="DID methods|DID method" data-plurals="did methods" id="dfn-did-methods" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID method</dfn></dt> | |
<dd> | |
A definition of how a specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-2">DID method scheme</a> is implemented. A DID method is | |
defined by a DID method specification, which specifies the precise operations by | |
which <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-44">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-29">DID documents</a> are created, resolved, updated, | |
and deactivated. See <a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>. | |
</dd> | |
<dt><dfn data-lt="DID paths|DID path" data-plurals="did paths" id="dfn-did-paths" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID path</dfn></dt> | |
<dd> | |
The portion of a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-4">DID URL</a> that begins with and includes the first forward | |
slash (<code>/</code>) character and ends with either a question mark | |
(<code>?</code>) character, a fragment hash sign (<code>#</code>) character, | |
or the end of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-5">DID URL</a>. DID path syntax is identical to URI path syntax. | |
See <a href="#path" class="sec-ref">Path</a>. | |
</dd> | |
<dt><dfn data-lt="DID queries|DID query" data-plurals="did queries" id="dfn-did-queries" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID query</dfn></dt> | |
<dd> | |
The portion of a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-6">DID URL</a> that follows and includes the first question | |
mark character (<code>?</code>). DID query syntax is identical to URI query | |
syntax. See <a href="#query" class="sec-ref">Query</a>. | |
</dd> | |
<dt><dfn id="dfn-did-resolution" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID resolution</dfn></dt> | |
<dd> | |
The process that takes as its input a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-45">DID</a> and a set of resolution | |
options and returns a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-30">DID document</a> in a conforming <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-2">representation</a> | |
plus additional metadata. This process relies on the "Read" operation of the | |
applicable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-13">DID method</a>. The inputs and outputs of this process are | |
defined in <a href="#did-resolution" class="sec-ref"><bdi class="secno">7.1 </bdi>DID Resolution</a>. | |
</dd> | |
<dt><dfn data-lt="DID resolvers|DID resolver" data-plurals="did resolvers" id="dfn-did-resolvers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID resolver</dfn></dt> | |
<dd> | |
A <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-3">DID resolver</a> is a software and/or hardware component that performs the | |
<a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-3">DID resolution</a> function by taking a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-46">DID</a> as input and producing a | |
conforming <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-31">DID document</a> as output. | |
</dd> | |
<dt><dfn data-lt="DID schemes|DID method scheme|DID scheme" id="dfn-did-schemes" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID scheme</dfn></dt> | |
<dd> | |
The formal syntax of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-47">decentralized identifier</a>. The generic DID scheme | |
begins with the prefix <code>did:</code> as defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. Each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-14">DID method</a> specification defines a specific | |
DID method scheme that works with that specific <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-15">DID method</a>. In a specific DID | |
method scheme, the DID method name follows the first colon and terminates with | |
the second colon, e.g., <code>did:example:</code> | |
</dd> | |
<dt><dfn data-lt="DID subjects|DID subject" data-plurals="did subjects" id="dfn-did-subjects" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID subject</dfn></dt> | |
<dd> | |
The entity identified by a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-48">DID</a> and described by a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-32">DID document</a>. | |
Anything can be a DID subject: person, group, organization, physical thing, | |
digital thing, logical thing, etc. | |
</dd> | |
<dt><dfn data-lt="DID URLs|DID URL" data-plurals="did urls" id="dfn-did-urls" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID URL</dfn></dt> | |
<dd> | |
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-49">DID</a> plus any additional syntactic component that conforms to the | |
definition in <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>. This includes an optional <a href="#dfn-did-paths" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-paths-1">DID | |
path</a> (with its leading <code>/</code> character), optional <a href="#dfn-did-queries" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-queries-1">DID query</a> | |
(with its leading <code>?</code> character), and optional <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-1">DID fragment</a> | |
(with its leading <code>#</code> character). | |
</dd> | |
<dt><dfn id="dfn-did-url-dereferencing" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID URL dereferencing</dfn></dt> | |
<dd> | |
The process that takes as its input a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-7">DID URL</a> and a set of input | |
metadata, and returns a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-4">resource</a>. This resource might be a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-33">DID | |
document</a> plus additional metadata, a secondary resource | |
contained within the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-34">DID document</a>, or a resource entirely | |
external to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-35">DID document</a>. The process uses <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-4">DID resolution</a> to | |
fetch a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-36">DID document</a> indicated by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-50">DID</a> contained within the | |
<a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-8">DID URL</a>. The dereferencing process can then perform additional processing | |
on the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-37">DID document</a> to return the dereferenced resource indicated by the | |
<a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-9">DID URL</a>. The inputs and outputs of this process are defined in | |
<a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>. | |
</dd> | |
<dt><dfn data-lt="DID URL dereferencers|DID URL dereferencer" id="dfn-did-url-dereferencers" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">DID URL dereferencer</dfn></dt> | |
<dd> | |
A software and/or hardware system that performs the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-3">DID URL dereferencing</a> | |
function for a given <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-10">DID URL</a> or <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-38">DID document</a>. | |
</dd> | |
<dt><dfn data-lt="distributed ledger technology|DLT|distributed ledger" data-plurals="distributed ledgers|dlts" id="dfn-distributed-ledger-technology" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">distributed ledger</dfn> (DLT)</dt> | |
<dd> | |
A non-centralized system for recording events. These systems establish | |
sufficient confidence for participants to rely upon the data recorded by others | |
to make operational decisions. They typically use distributed databases where | |
different nodes use a consensus protocol to confirm the ordering of | |
cryptographically signed transactions. The linking of digitally signed | |
transactions over time often makes the history of the ledger effectively | |
immutable. | |
</dd> | |
<dt><dfn data-plurals="public key descriptions" id="dfn-public-key-description" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">public key description</dfn></dt> | |
<dd> | |
A data object contained inside a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-39">DID document</a> that contains all the | |
metadata necessary to use a public key or a verification key. | |
</dd> | |
<dt><dfn data-lt="resources|resource" id="dfn-resources" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">resource</dfn></dt> | |
<dd> | |
As defined by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]: "...the term 'resource' is used in a general sense | |
for whatever might be identified by a URI." Similarly, any resource might serve | |
as a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-11">DID subject</a> identified by a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-51">DID</a>. | |
</dd> | |
<dt><dfn data-lt="representations|representation" id="dfn-representations" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">representation</dfn></dt> | |
<dd> | |
As defined for HTTP by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7231" title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">RFC7231</a></cite>]: "information that is intended to reflect a | |
past, current, or desired state of a given resource, in a format that can be | |
readily communicated via the protocol, and that consists of a set of | |
representation metadata and a potentially unbounded stream of representation | |
data." A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-40">DID document</a> is a representation of information describing a | |
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-12">DID subject</a>. See <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>. | |
</dd> | |
<dt><dfn data-lt="representation-specific entry|non-representation-specific entry|representation-specific entries" data-plurals="non-representation-specific entries" id="dfn-representation-specific-entry" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">representation-specific entries</dfn></dt> | |
<dd> | |
Entries in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-41">DID document</a> whose meaning is particular to a specific | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-3">representation</a>. Defined in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a> and | |
<a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>. For example, <a href="#dfn-context" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-context-1"><code>@context</code></a> in | |
the <a href="#json-ld">JSON-LD representation</a> is a | |
<em>representation-specific entry</em>. | |
</dd> | |
<dt><dfn data-lt="service|services" id="dfn-service" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">services</dfn></dt> | |
<dd> | |
Means of communicating or interacting with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-13">DID subject</a> or | |
associated entities via one or more <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-1">service endpoints</a>. | |
Examples include discovery services, agent services, social networking | |
services, file storage services, and verifiable credential repository services. | |
</dd> | |
<dt><dfn data-lt="service endpoints|service endpoint" id="dfn-service-endpoints" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">service endpoint</dfn></dt> | |
<dd> | |
A network address, such as an HTTP URL, at which <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-5">services</a> operate on | |
behalf of a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-14">DID subject</a>. | |
</dd> | |
<dt><dfn data-lt="URI|URIs|Uniform Resource Identifier" data-plurals="uris" id="dfn-uri" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Uniform Resource Identifier</dfn> (URI)</dt> | |
<dd> | |
The standard identifier format for all resources on the World Wide Web as | |
defined by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-52">DID</a> is a type of URI scheme. | |
</dd> | |
<dt><dfn data-lt="verifiable credentials|verifiable credential" id="dfn-verifiable-credentials" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verifiable credential</dfn></dt> | |
<dd> | |
A standard data model and representation format for cryptographically-verifiable | |
digital credentials as defined by the <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials specification | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>]. | |
</dd> | |
<dt> | |
<dfn data-lt="verifiable data registry|verifiable data registries" id="dfn-verifiable-data-registry" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn"> | |
verifiable data registry</dfn> | |
</dt> | |
<dd> | |
A system that facilitates the creation, verification, updating, and/or | |
deactivation of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-53">decentralized identifiers</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-42">DID documents</a>. A | |
verifiable data registry might also be used for other | |
cryptographically-verifiable data structures such as <a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-1">verifiable | |
credentials</a>. For more information, see the <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials | |
specification [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>]. | |
</dd> | |
<dt><dfn data-plurals="verifiable timestamps" id="dfn-verifiable-timestamp" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verifiable timestamp</dfn></dt> | |
<dd> | |
A verifiable timestamp enables a third-party to verify that a data object | |
existed at a specific moment in time and that it has not been modified or | |
corrupted since that moment in time. If the data integrity could reasonably have | |
been modified or corrupted since that moment in time, the timestamp is not | |
verifiable. | |
</dd> | |
<dt><dfn data-lt="" data-plurals="verification methods" id="dfn-verification-method" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verification method</dfn></dt> | |
<dd> | |
<p> | |
A set of parameters that can be used together with a process to independently | |
verify a proof. For example, a cryptographic public key can be used as a | |
verification method with respect to a digital signature; in such usage, it | |
verifies that the signer possessed the associated cryptographic private key. | |
</p> | |
<p> | |
"Verification" and "proof" in this definition are intended to apply broadly. For | |
example, a cryptographic public key might be used during Diffie-Hellman key | |
exchange to negotiate a shared symmetric key for encryption. This guarantees the | |
integrity of the key agreement process. It is thus another type of verification | |
method, even though descriptions of the process might not use the words | |
"verification" or "proof." | |
</p> | |
</dd> | |
<dt><dfn data-lt="" data-plurals="verification relationships" id="dfn-verification-relationship" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verification relationship</dfn></dt> | |
<dd> | |
<p> | |
An expression of the relationship between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-15">DID subject</a> and a | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-6">verification method</a>. An example of a verification relationship is | |
<a href="#authentication" class="sec-ref"><bdi class="secno">5.3.1 </bdi>Authentication</a>. | |
</p> | |
</dd> | |
<dt><dfn data-lt="UUID|UUIDs|Universally Unique Identifier" data-plurals="uuid" id="dfn-uuid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Universally Unique Identifier</dfn> (UUID)</dt> | |
<dd> | |
A type of globally unique identifier defined by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc4122" title="A Universally Unique IDentifier (UUID) URN Namespace">RFC4122</a></cite>]. UUIDs are similar | |
to DIDs in that they do not require a centralized registration authority. UUIDs | |
differ from DIDs in that they are not resolvable or | |
cryptographically-verifiable. | |
</dd> | |
</dl> | |
</div> | |
<p> | |
In addition to the terminology above, this specification also uses terminology | |
from the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification to formally define the <a href="#data-model">data model</a>. When [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] terminology is used, such as | |
<a href="https://infra.spec.whatwg.org/#strings">string</a>, <a href="https://infra.spec.whatwg.org/#ordered-set">set</a>, and <a href="https://infra.spec.whatwg.org/#maps">map</a>, it is linked directly to that specification. | |
</p> | |
</section> | |
<section id="identifier"><div class="header-wrapper"><h2 id="x3-identifier"><bdi class="secno">3. </bdi>Identifier</h2><a class="self-link" href="#identifier" aria-label="Permalink for Section 3."></a></div> | |
<p> | |
This section describes the formal syntax for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-54">DIDs</a> and <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-11">DID URLs</a>. | |
The term "generic" is used to differentiate the syntax defined here from syntax | |
defined by <em>specific</em> <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-16">DID methods</a> in their respective | |
specifications. The creation processes, and their timing, for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-55">DIDs</a> and | |
<a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-12">DID URLs</a> are described in <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a> and | |
<a href="#creation-of-a-did" class="sec-ref"><bdi class="secno">B.2 </bdi>Creation of a DID</a>. | |
</p> | |
<section class="normative" id="did-syntax"><div class="header-wrapper"><h3 id="x3-1-did-syntax"><bdi class="secno">3.1 </bdi>DID Syntax</h3><a class="self-link" href="#did-syntax" aria-label="Permalink for Section 3.1"></a></div> | |
<p> | |
The generic <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-3">DID scheme</a> is a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-5">URI</a> scheme conformant with | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. The ABNF definition can be found below, which uses the syntax in | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc5234" title="Augmented BNF for Syntax Specifications: ABNF">RFC5234</a></cite>] and the corresponding definitions for <code>ALPHA</code> and | |
<code>DIGIT</code>. All other rule names not defined in the ABNF below are | |
defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. All <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-56">DIDs</a> <em class="rfc2119">MUST</em> conform to the | |
DID Syntax ABNF Rules. | |
</p> | |
<table class="simple"> | |
<thead> | |
<tr> | |
<th> | |
The DID Syntax ABNF Rules | |
</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td> | |
<pre class="nohighlight">did = "did:" method-name ":" method-specific-id | |
method-name = 1*method-char | |
method-char = %x61-7A / DIGIT | |
method-specific-id = *( *idchar ":" ) 1*idchar | |
idchar = ALPHA / DIGIT / "." / "-" / "_" / pct-encoded | |
pct-encoded = "%" HEXDIG HEXDIG</pre> | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<p> | |
For requirements on <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-17">DID methods</a> relating to the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-57">DID</a> syntax, see | |
Section <a href="#method-syntax" class="sec-ref"><bdi class="secno">8.1 </bdi>Method Syntax</a>. | |
</p> | |
</section> | |
<section class="normative" id="did-url-syntax"><div class="header-wrapper"><h3 id="x3-2-did-url-syntax"><bdi class="secno">3.2 </bdi>DID URL Syntax</h3><a class="self-link" href="#did-url-syntax" aria-label="Permalink for Section 3.2"></a></div> | |
<p> | |
A <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-13">DID URL</a> is a network location identifier for a specific | |
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-5">resource</a>. It can be used to retrieve things like representations | |
of <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-16">DID subjects</a>, <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-7">verification methods</a>, <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-6">services</a>, | |
specific parts of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-43">DID document</a>, or other resources. | |
</p> | |
<p> | |
The following is the ABNF definition using the syntax in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc5234" title="Augmented BNF for Syntax Specifications: ABNF">RFC5234</a></cite>]. It builds | |
on the <code>did</code> scheme defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.3"><code>path-abempty</code></a>, <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.4"><code>query</code></a>, and <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.5"><code>fragment</code></a> components are | |
defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. All <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-14">DID URLs</a> <em class="rfc2119">MUST</em> conform to the | |
DID URL Syntax ABNF Rules. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-18">DID methods</a> can further restrict these | |
rules, as described in <a href="#method-syntax" class="sec-ref"><bdi class="secno">8.1 </bdi>Method Syntax</a>. | |
</p> | |
<table class="simple"> | |
<thead> | |
<tr> | |
<th> | |
The DID URL Syntax ABNF Rules | |
</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td> | |
<pre class="nohighlight">did-url = did path-abempty [ "?" query ] [ "#" fragment ]</pre> | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<div class="note" role="note" id="issue-container-generatedID"><div role="heading" class="note-title marker" id="h-note" aria-level="4"><span>Note</span><span class="issue-label">: Semicolon character is reserved for future use</span></div><p class=""> | |
Although the semicolon (<code>;</code>) character can be used according to the | |
rules of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-15">DID URL</a> syntax, future versions of this specification may | |
use it as a sub-delimiter for parameters as described in [<cite><a class="bibref" data-link-type="biblio" href="#bib-matrix-uris" title="Matrix URIs - Ideas about Web Architecture">MATRIX-URIS</a></cite>]. To | |
avoid future conflicts, developers ought to refrain from using it. | |
</p></div> | |
<section class="notoc"><div class="header-wrapper"><h4 id="path">Path</h4><a class="self-link" href="#path" aria-label="Permalink for this Section"></a></div> | |
<p> | |
A <a href="#dfn-did-paths" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-paths-2">DID path</a> is identical to a generic <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-6">URI</a> path and conforms to the | |
<code>path-abempty</code> ABNF rule in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.3">RFC 3986, section 3.3</a>. As with | |
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-7">URIs</a>, path semantics can be specified by <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-19">DID Methods</a>, which in | |
turn might enable <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-7">DID controllers</a> to further specialize those semantics. | |
</p> | |
<div class="example" id="example-2"> | |
<div class="marker"> | |
<a class="self-link" href="#example-2">Example<bdi> 2</bdi></a> | |
</div> <pre class="nohighlight">did:example:123456/path</pre> | |
</div> | |
</section> | |
<section class="notoc"><div class="header-wrapper"><h4 id="query">Query</h4><a class="self-link" href="#query" aria-label="Permalink for this Section"></a></div> | |
<p> | |
A <a href="#dfn-did-queries" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-queries-2">DID query</a> is identical to a generic <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-8">URI</a> query and conforms to | |
the <code>query</code> ABNF rule in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.4">RFC 3986, section 3.4</a>. This syntax | |
feature is elaborated upon in <a href="#did-parameters" class="sec-ref"><bdi class="secno">3.2.1 </bdi>DID Parameters</a>. | |
</p> | |
<div class="example" id="example-3"> | |
<div class="marker"> | |
<a class="self-link" href="#example-3">Example<bdi> 3</bdi></a> | |
</div> <pre class="nohighlight">did:example:123456?versionId=1</pre> | |
</div> | |
</section> | |
<section class="notoc"><div class="header-wrapper"><h4 id="fragment">Fragment</h4><a class="self-link" href="#fragment" aria-label="Permalink for this Section"></a></div> | |
<p> | |
<a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-2">DID fragment</a> syntax and semantics are identical to a generic <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-9">URI</a> | |
fragment and conforms to the <code>fragment</code> ABNF rule in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.5">RFC 3986, section 3.5</a>. | |
</p> | |
<p> | |
A <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-3">DID fragment</a> is used as a method-independent reference into a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-44">DID | |
document</a> or external <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-6">resource</a>. Some examples of DID fragment | |
identifiers are shown below. | |
</p> | |
<div class="example" id="example-a-unique-verification-method-in-a-did-document"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-unique-verification-method-in-a-did-document">Example<bdi> 4</bdi></a><span class="example-title">: A unique verification method in a DID Document</span> | |
</div> <pre class="nohighlight">did:example:123#public-key-0</pre> | |
</div> | |
<div class="example" id="example-a-unique-service-in-a-did-document"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-unique-service-in-a-did-document">Example<bdi> 5</bdi></a><span class="example-title">: A unique service in a DID Document</span> | |
</div> <pre class="nohighlight">did:example:123#agent</pre> | |
</div> | |
<div class="example" id="example-a-resource-external-to-a-did-document"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-resource-external-to-a-did-document">Example<bdi> 6</bdi></a><span class="example-title">: A resource external to a DID Document</span> | |
</div> <pre class="nohighlight">did:example:123?service=agent&relativeRef=/credentials#degree</pre> | |
</div> | |
<div class="note" role="note" id="issue-container-generatedID-0"><div role="heading" class="note-title marker" id="h-note-0" aria-level="5"><span>Note</span><span class="issue-label">: Fragment semantics across representations</span></div><p class=""> | |
In order to maximize interoperability, implementers are urged to ensure that | |
<a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-4">DID fragments</a> are interpreted in the same way across | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-4">representations</a> (see <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>). For example, while | |
JSON Pointer [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6901" title="JavaScript Object Notation (JSON) Pointer">RFC6901</a></cite>] can be used in a <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-5">DID fragment</a>, it will not be | |
interpreted in the same way across non-JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-5">representations</a>. | |
</p></div> | |
<p> | |
Additional semantics for fragment identifiers, which are compatible with and | |
layered upon the semantics in this section, are described for JSON-LD | |
representations in <a href="#application-did-ld-json" class="sec-ref"><bdi class="secno">E.2 </bdi>application/did+ld+json</a>. For information | |
about how to dereference a <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-6">DID fragment</a>, see <a href="#did-url-dereferencing" class="sec-ref"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</a>. | |
</p> | |
</section> | |
<section id="did-parameters"><div class="header-wrapper"><h4 id="x3-2-1-did-parameters"><bdi class="secno">3.2.1 </bdi>DID Parameters</h4><a class="self-link" href="#did-parameters" aria-label="Permalink for Section 3.2.1"></a></div> | |
<p> | |
The <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-16">DID URL</a> syntax supports a simple format for parameters based on the | |
<code>query</code> component described in <a href="#query" class="sec-ref">Query</a>. Adding a DID | |
parameter to a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-17">DID URL</a> means that the parameter becomes part of the | |
identifier for a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-7">resource</a>. | |
</p> | |
<div class="example" id="example-a-did-url-with-a-versiontime-did-parameter"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-did-url-with-a-versiontime-did-parameter">Example<bdi> 7</bdi></a><span class="example-title">: A DID URL with a 'versionTime' DID parameter</span> | |
</div> <pre class="nohighlight">did:example:123?versionTime=2021-05-10T17:00:00Z</pre> | |
</div> | |
<div class="example" id="example-a-did-url-with-a-service-and-a-relativeref-did-parameter"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-did-url-with-a-service-and-a-relativeref-did-parameter">Example<bdi> 8</bdi></a><span class="example-title">: A DID URL with a 'service' and a 'relativeRef' DID parameter</span> | |
</div> <pre class="nohighlight">did:example:123?service=files&relativeRef=/resume.pdf</pre> | |
</div> | |
<p> | |
Some DID parameters are completely independent of of any specific <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-20">DID | |
method</a> and function the same way for all <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-58">DIDs</a>. Other DID parameters | |
are not supported by all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-21">DID methods</a>. Where optional parameters are | |
supported, they are expected to operate uniformly across the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-22">DID methods</a> | |
that do support them. The following table provides common DID parameters that | |
function the same way across all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-23">DID methods</a>. Support for all | |
<a href="#did-parameters">DID Parameters</a> is <em class="rfc2119">OPTIONAL</em>. | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-1"><div role="heading" class="note-title marker" id="h-note-1" aria-level="5"><span>Note</span></div><p class=""> | |
It is generally expected that DID URL dereferencer implementations will | |
reference [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>] for additional implementation details. The scope | |
of this specification only defines the contract of the most common | |
query parameters. | |
</p></div> | |
<table class="simple"> | |
<thead> | |
<tr> | |
<th> | |
Parameter Name | |
</th> | |
<th> | |
Description | |
</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td> | |
<code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-7">service</a></code> | |
</td> | |
<td> | |
Identifies a service from the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-45">DID document</a> by service ID. | |
If present, the associated value <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<code>relativeRef</code> | |
</td> | |
<td> | |
A relative <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-10">URI</a> reference according to <a href="https://www.rfc-editor.org/rfc/rfc3986#section-4.2">RFC3986 Section 4.2</a> that identifies a | |
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-8">resource</a> at a <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-2">service endpoint</a>, which is selected from a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-46">DID | |
document</a> by using the <code>service</code> parameter. | |
If present, the associated value <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a> and <em class="rfc2119">MUST</em> use percent-encoding for | |
certain characters as specified in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-2.1">RFC3986 | |
Section 2.1</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<code>versionId</code> | |
</td> | |
<td> | |
Identifies a specific version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-47">DID document</a> to be resolved (the | |
version ID could be sequential, or a <a href="#dfn-uuid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uuid-1">UUID</a>, or method-specific). | |
If present, the associated value <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<code>versionTime</code> | |
</td> | |
<td> | |
Identifies a certain version timestamp of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-48">DID document</a> to be resolved. | |
That is, the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-49">DID document</a> that was valid for a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-59">DID</a> at a certain | |
time. If present, the associated value | |
<em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a> which is a valid XML | |
datetime value, as defined in section 3.3.7 of <a href="https://www.w3.org/TR/xmlschema11-2/"><abbr title="World Wide Web Consortium">W3C</abbr> XML Schema Definition Language | |
(XSD) 1.1 Part 2: Datatypes</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-xmlschema11-2" title="W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes">XMLSCHEMA11-2</a></cite>]. This datetime value <em class="rfc2119">MUST</em> be | |
normalized to UTC 00:00:00 and without sub-second decimal precision. | |
For example: <code>2020-12-20T19:17:47Z</code>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<code>hl</code> | |
</td> | |
<td> | |
A resource hash of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-50">DID document</a> to add integrity protection, as | |
specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-hashlink" title="Cryptographic Hyperlinks">HASHLINK</a></cite>]. This parameter is non-normative. | |
If present, the associated value <em class="rfc2119">MUST</em> be an | |
<a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<p> | |
Implementers as well as <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-24">DID method</a> specification authors might use | |
additional DID parameters that are not listed here. For maximum | |
interoperability, it is <em class="rfc2119">RECOMMENDED</em> that DID parameters use the DID | |
Specification Registries mechanism [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>], to avoid collision | |
with other uses of the same DID parameter with different semantics. | |
</p> | |
<p> | |
DID parameters might be used if there is a clear use case where the parameter | |
needs to be part of a <a data-type="dfn" href="https://url.spec.whatwg.org/#concept-url">URL</a> that references a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-9">resource</a> with more | |
precision than using the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-60">DID</a> alone. It is expected that DID parameters | |
are <em>not</em> used if the same functionality can be expressed by passing | |
input metadata to a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-4">DID resolver</a>. Additional considerations for | |
processing these parameters are discussed in [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>]. | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-2"><div role="heading" class="note-title marker" id="h-note-2" aria-level="5"><span>Note</span><span class="issue-label">: DID parameters and DID resolution</span></div><p class=""> | |
The <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-5">DID resolution</a> and the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-4">DID URL dereferencing</a> functions can | |
be influenced by passing input metadata to a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-5">DID resolver</a> that are | |
not part of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-18">DID URL</a> (see <a href="#did-resolution-options" class="sec-ref"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</a>). This is comparable to | |
HTTP, where certain parameters could either be included in an HTTP URL, or | |
alternatively passed as HTTP headers during the dereferencing process. The | |
important distinction is that DID parameters that are part of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-19">DID | |
URL</a> should be used to specify <em>what <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-10">resource</a> is being | |
identified</em>, whereas input metadata that is not part of the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-20">DID URL</a> | |
should be use to control <em>how that <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-11">resource</a> is resolved or | |
dereferenced</em>. | |
</p></div> | |
</section> | |
<section id="relative-did-urls"><div class="header-wrapper"><h4 id="x3-2-2-relative-did-urls"><bdi class="secno">3.2.2 </bdi>Relative DID URLs</h4><a class="self-link" href="#relative-did-urls" aria-label="Permalink for Section 3.2.2"></a></div> | |
<p> | |
A relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-21">DID URL</a> is any URL value in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-51">DID document</a> that does | |
not start with <code>did:<method-name>:<method-specific-id></code>. More | |
specifically, it is any URL value that does not start with the ABNF defined in | |
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The URL is expected to reference | |
a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-12">resource</a> in the same <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-52">DID document</a>. Relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-22">DID URLs</a> <em class="rfc2119">MAY</em> | |
contain relative path components, query parameters, and fragment identifiers. | |
</p> | |
<p> | |
When resolving a relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-23">DID URL</a> reference, the algorithm specified in | |
<a href="https://www.rfc-editor.org/rfc/rfc3986#section-5">RFC3986 Section 5: Reference Resolution</a> | |
<em class="rfc2119">MUST</em> be used. The <strong>base URI</strong> value is the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-61">DID</a> that is | |
associated with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-17">DID subject</a>, see <a href="#did-subject" class="sec-ref"><bdi class="secno">5.1.1 </bdi>DID Subject</a>. The | |
<strong>scheme</strong> is <code>did</code>. The <strong>authority</strong> is a | |
combination of <code><method-name>:<method-specific-id></code>, and the | |
<strong>path</strong>, <strong>query</strong>, and <strong>fragment</strong> | |
values are those defined in <a href="#path" class="sec-ref">Path</a>, <a href="#query" class="sec-ref">Query</a>, and <a href="#fragment" class="sec-ref">Fragment</a>, respectively. | |
</p> | |
<p> | |
Relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-24">DID URLs</a> are often used to reference <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-8">verification methods</a> | |
and <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-8">services</a> in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-53">DID Document</a> without having to use absolute | |
URLs. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-25">DID methods</a> where storage size is a consideration might use | |
relative URLs to reduce the storage size of <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-54">DID documents</a>. | |
</p> | |
<div class="example" id="example-an-example-of-a-relative-did-url"> | |
<div class="marker"> | |
<a class="self-link" href="#example-an-example-of-a-relative-did-url">Example<bdi> 9</bdi></a><span class="example-title">: An example of a relative DID URL</span> | |
</div> <pre class="nohighlight">{ | |
"@context": [ | |
"https://www.w3.org/ns/did/v1", | |
"https://w3id.org/security/suites/ed25519-2020/v1" | |
] | |
"id": "did:example:123456789abcdefghi", | |
"verificationMethod": [{ | |
"id": "did:example:123456789abcdefghi#key-1", | |
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span> | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
}, ...], | |
"authentication": [ | |
<span class="comment"> // a relative DID URL used to reference a verification method above</span> | |
"<span class="highlight">#key-1</span>" | |
] | |
}</pre> | |
</div> | |
<p> | |
In the example above, the relative <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-25">DID URL</a> value will be transformed to | |
an absolute <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-26">DID URL</a> value of | |
<code>did:example:123456789abcdefghi#key-1</code>. | |
</p> | |
</section> | |
</section> | |
</section> | |
<section id="data-model"><div class="header-wrapper"><h2 id="x4-data-model"><bdi class="secno">4. </bdi>Data Model</h2><a class="self-link" href="#data-model" aria-label="Permalink for Section 4."></a></div> | |
<p> | |
This specification defines a data model that can be used to express <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-55">DID | |
documents</a> and DID document data structures, which can then be serialized | |
into multiple concrete <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-6">representations</a>. This section provides a | |
high-level description of the data model, descriptions of the ways different | |
types of properties are expressed in the data model, and instructions for | |
extending the data model. | |
</p> | |
<p> | |
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-56">DID document</a> consists of a <a href="https://infra.spec.whatwg.org/#maps">map</a> of <a href="https://infra.spec.whatwg.org/#map-entry">entries</a>, where each entry consists of a | |
key/value pair. The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-57">DID document</a> data model contains at least two | |
different classes of entries. The first class of entries is called properties, | |
and is specified in section <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>. The second class | |
is made up of <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-1">representation-specific entries</a>, and is specified in | |
section <a href="#representations" class="sec-ref"><bdi class="secno">6. </bdi>Representations</a>. | |
</p> | |
<figure id="did-document-entries"> | |
<img style="margin: auto; display: block;" src="diagrams/diagram-did-document-entries.svg" alt=" | |
Diagram illustrating the entries in the DID document, including properties | |
and representation-specific entries; some entries are defined by this | |
specification; others are defined by registered or unregistered extensions." height="502" width="1320"> | |
<figcaption>Figure <bdi class="figno">3</bdi> <span class="fig-title"> | |
The entries in a DID document. | |
See also: <a class="longdesc-link" href="#did-document-entries-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="did-document-entries-longdesc"> | |
The diagram is titled, "Entries in the DID Document map". A dotted grey line | |
runs horizontally through the center of the diagram. The space above the line | |
is labeled "Properties", and the space below it, "Representation-specific | |
entries". Six labeled rectangles appear in the diagram, three lying above the | |
dotted grey line and three below it. A large green rectangle, labeled "DID | |
Specification Registries", encloses the four leftmost rectangles (upper left, | |
upper center, lower left, and lower center). The two leftmost rectangles | |
(upper left and lower left) are outlined in blue and labeled in blue, as | |
follows. The upper left rectangle is labeled "Core Properties", and contains | |
text "id, alsoKnownAs, controller, authentication, verificationMethod, service, | |
serviceEndpoint, ...". The lower left rectangle is labeled "Core | |
Representation-specific Entries", and contains text "@context". The four | |
rightmost rectangles (upper center, upper right, lower center, and lower right) | |
are outlined in grey and labeled in black, as follows. The upper center | |
rectangle is labeled, "Property Extensions", and contains text | |
"ethereumAddress". The lower center rectangle is labeled, | |
"Representation-specific Entry Extensions", and contains no other text. The | |
upper right rectangle is labeled, "Unregistered Property Extensions", and | |
contains text "foo". The lower right rectangle is labeled "Unregistered | |
Representation-specific Entry Extensions", and contains text "%YAML, xmlns". | |
</div> | |
<p> | |
All entry keys in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-58">DID document</a> data model are <a href="https://infra.spec.whatwg.org/#strings">strings</a>. All entry values are expressed using one | |
of the abstract data types in the table below, and each <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-7">representation</a> | |
specifies the concrete serialization format of each data type. | |
</p> | |
<table class="simple" id="data-types"> | |
<thead> | |
<tr> | |
<th> | |
Data Type | |
</th> | |
<th> | |
Considerations | |
</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#maps">map</a> | |
</td> | |
<td> | |
A finite ordered sequence of key/value pairs, with no key appearing twice as | |
specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. A map is sometimes referred to as an | |
<a href="https://infra.spec.whatwg.org/#maps">ordered map</a> in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#list">list</a> | |
</td> | |
<td> | |
A finite ordered sequence of items as specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> | |
</td> | |
<td> | |
A finite ordered sequence of items that does not contain the same item twice | |
as specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. A set is sometimes referred to as an | |
<a href="https://infra.spec.whatwg.org/#ordered-set">ordered set</a> in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<dfn data-plurals="datetimes" id="dfn-datetime" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">datetime</dfn> | |
</td> | |
<td> | |
A date and time value that is capable of losslessly expressing all values | |
expressible by a <code>dateTime</code> as specified in | |
[<a href="https://www.w3.org/TR/xmlschema11-2/#dateTime">XMLSCHEMA11-2</a>]. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#string">string</a> | |
</td> | |
<td> | |
A sequence of code units often used to represent human readable language | |
as specified in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<dfn id="dfn-integer" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">integer</dfn> | |
</td> | |
<td> | |
A real number without a fractional component as specified in | |
[<a href="https://www.w3.org/TR/xmlschema11-2/#decimal">XMLSCHEMA11-2</a>]. To maximize | |
interoperability, implementers are urged to heed the advice regarding | |
integers in <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">RFC8259, Section 6: Numbers</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<dfn id="dfn-double" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">double</dfn> | |
</td> | |
<td> | |
A value that is often used to approximate arbitrary real numbers as specified | |
in [<a href="https://www.w3.org/TR/xmlschema11-2/#double">XMLSCHEMA11-2</a>]. To maximize | |
interoperability, implementers are urged to heed the advice regarding | |
doubles in <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">RFC8259, Section 6: Numbers</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#boolean">boolean</a> | |
</td> | |
<td> | |
A value that is either true or false as defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#nulls">null</a> | |
</td> | |
<td> | |
A value that is used to indicate the lack of a value as defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>]. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<p class="advisement" title="Ordering of values"> | |
As a result of the <a href="#data-model">data model</a> being defined using | |
terminology from [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>], property values which can contain more than one | |
item, such as <a href="https://infra.spec.whatwg.org/#list">lists</a>, <a href="https://infra.spec.whatwg.org/#ordered-map">maps</a> and <a href="https://infra.spec.whatwg.org/#ordered-set">sets</a>, are explicitly ordered. All list-like | |
value structures in [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] are ordered, whether or not that order is | |
significant. For the purposes of this specification, unless otherwise stated, <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> and <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> ordering is not important and | |
implementations are not expected to produce or consume deterministically ordered | |
values. | |
</p> | |
<section id="extensibility"><div class="header-wrapper"><h3 id="x4-1-extensibility"><bdi class="secno">4.1 </bdi>Extensibility</h3><a class="self-link" href="#extensibility" aria-label="Permalink for Section 4.1"></a></div> | |
<p> | |
The data model supports two types of extensibility. | |
</p> | |
<ol> | |
<li> | |
For maximum interoperability, it is <em class="rfc2119">RECOMMENDED</em> that extensions use the | |
<abbr title="World Wide Web Consortium">W3C</abbr> DID Specification Registries mechanism [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. The use of | |
this mechanism for new properties or other extensions is the only specified | |
mechanism that ensures that two different <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-8">representations</a> will be able to | |
work together. | |
</li> | |
<li> | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-9">Representations</a> <em class="rfc2119">MAY</em> define other extensibility mechanisms, including ones | |
that do not require the use of the DID Specification Registries. Such extension | |
mechanisms <em class="rfc2119">SHOULD</em> support lossless conversion into any other conformant | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-10">representation</a>. Extension mechanisms for a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-11">representation</a> <em class="rfc2119">SHOULD</em> | |
define a mapping of all properties and <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-12">representation</a> syntax into the <a href="#data-model">data model</a> and its type system. | |
</li> | |
</ol> | |
<div class="note" role="note" id="issue-container-generatedID-3"><div role="heading" class="note-title marker" id="h-note-3" aria-level="4"><span>Note</span><span class="issue-label">: Unregistered extensions are less reliable</span></div><p class=""> | |
It is always possible for two specific implementations to agree out-of-band to | |
use a mutually understood extension or <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-13">representation</a> that is not | |
recorded in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]; | |
interoperability between such implementations and the larger ecosystem will be | |
less reliable. | |
</p></div> | |
</section> | |
</section> | |
<section id="core-properties"><div class="header-wrapper"><h2 id="x5-core-properties"><bdi class="secno">5. </bdi>Core Properties</h2><a class="self-link" href="#core-properties" aria-label="Permalink for Section 5."></a></div> | |
<p> | |
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-62">DID</a> is associated with a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-59">DID document</a>. | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-60">DID documents</a> are expressed using the | |
<a href="#data-model">data model</a> and can be serialized into a | |
<a href="#representations">representation</a>. | |
The following sections define the properties in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-61">DID document</a>, | |
including whether these properties are required or optional. These properties | |
describe relationships between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-18">DID subject</a> and the value of the | |
property. | |
</p> | |
<p> | |
The following tables contain informative references for the core properties | |
defined by this specification, with expected values, and whether or not they are | |
required. The property names in the tables are linked to the normative | |
definitions and more detailed descriptions of each property. | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-4"><div role="heading" class="note-title marker" id="h-note-4" aria-level="3"><span>Note</span><span class="issue-label">: Property names used in maps of different types</span></div><p class=""> | |
The property names <code>id</code>, <code>type</code>, and | |
<code>controller</code> can be present in maps of different types | |
with possible differences in constraints. | |
</p></div> | |
<section class="notoc"><div class="header-wrapper"><h3 id="did-document-properties">DID Document properties</h3><a class="self-link" href="#did-document-properties" aria-label="Permalink for this Section"></a></div> | |
<table class="simple"> | |
<thead> | |
<tr> | |
<th>Property</th> | |
<th>Required?</th> | |
<th>Value constraints</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td><code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-1">id</a></code></td> | |
<td>yes</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in | |
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-1">alsoKnownAs</a></code></td> | |
<td>no</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of | |
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules of | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-11">URIs</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-2">controller</a></code></td> | |
<td>no</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> or a | |
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of | |
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules in | |
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-verificationmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verificationmethod-1">verificationMethod</a></code></td> | |
<td>no</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-9">Verification Method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">maps</a> | |
that conform to the rules in <a href="#verification-method-properties" class="sec-ref">Verification Method properties</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-1">authentication</a></code></td> | |
<td>no</td> | |
<td rowspan="5"> | |
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of either <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-10">Verification | |
Method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">maps</a> that conform to | |
the rules in <a href="#verification-method-properties" class="sec-ref">Verification Method properties</a>) or | |
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules in | |
<a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-assertionmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-assertionmethod-1">assertionMethod</a></code></td> | |
<td>no</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-keyagreement" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-keyagreement-1">keyAgreement</a></code></td> | |
<td>no</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-capabilityinvocation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilityinvocation-1">capabilityInvocation</a></code></td> | |
<td>no</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-capabilitydelegation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilitydelegation-1">capabilityDelegation</a></code></td> | |
<td>no</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-9">service</a></code></td> | |
<td>no</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-3">Service Endpoint</a> | |
<a href="https://infra.spec.whatwg.org/#ordered-map">maps</a> that conform to the rules in | |
<a href="#service-properties" class="sec-ref">Service properties</a>. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
</section> | |
<section class="notoc"><div class="header-wrapper"><h3 id="verification-method-properties">Verification Method properties</h3><a class="self-link" href="#verification-method-properties" aria-label="Permalink for this Section"></a></div> | |
<table class="simple"> | |
<thead> | |
<tr> | |
<th>Property</th> | |
<th>Required?</th> | |
<th>Value constraints</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td><code>id</code></td> | |
<td>yes</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in | |
<a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-3">controller</a></code></td> | |
<td>yes</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in | |
<a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code>type</code></td> | |
<td>yes</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-publickeyjwk" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeyjwk-1">publicKeyJwk</a></code></td> | |
<td>no</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#maps">map</a> representing a JSON Web Key that conforms | |
to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7517" title="JSON Web Key (JWK)">RFC7517</a></cite>]. See <a href="#dfn-publickeyjwk" id="ref-for-dfn-publickeyjwk-2">definition of publicKeyJwk</a> | |
for additional constraints. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-publickeymultibase" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeymultibase-1">publicKeyMultibase</a></code></td> | |
<td>no</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to a | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] encoded public key. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
</section> | |
<section class="notoc"><div class="header-wrapper"><h3 id="service-properties">Service properties</h3><a class="self-link" href="#service-properties" aria-label="Permalink for this Section"></a></div> | |
<table class="simple"> | |
<thead> | |
<tr> | |
<th>Property</th> | |
<th>Required?</th> | |
<th>Value constraints</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td><code>id</code></td> | |
<td>yes</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules of | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-12">URIs</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code>type</code></td> | |
<td>yes</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> or a | |
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of | |
<a href="https://infra.spec.whatwg.org/#string">strings</a>. | |
</td> | |
</tr> | |
<tr> | |
<td><code><a href="#dfn-serviceendpoint" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-serviceendpoint-1">serviceEndpoint</a></code></td> | |
<td>yes</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules of | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-13">URIs</a>, a <a href="https://infra.spec.whatwg.org/#string">map</a>, or a | |
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> composed of a one or more | |
<a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules of | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] for <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-14">URIs</a> and/or <a href="https://infra.spec.whatwg.org/#string">maps</a>. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
</section> | |
<section id="identifiers"><div class="header-wrapper"><h3 id="x5-1-identifiers"><bdi class="secno">5.1 </bdi>Identifiers</h3><a class="self-link" href="#identifiers" aria-label="Permalink for Section 5.1"></a></div> | |
<p> | |
This section describes the mechanisms by which <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-62">DID documents</a> | |
include identifiers for <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-19">DID subjects</a> and <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-8">DID controllers</a>. | |
</p> | |
<section id="did-subject"><div class="header-wrapper"><h4 id="x5-1-1-did-subject"><bdi class="secno">5.1.1 </bdi>DID Subject</h4><a class="self-link" href="#did-subject" aria-label="Permalink for Section 5.1.1"></a></div> | |
<p> | |
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-63">DID</a> for a particular <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-20">DID subject</a> is expressed using the | |
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-2">id</a></code> property in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-63">DID document</a>. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-id" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">id</dfn></dt> | |
<dd> | |
The value of <code>id</code> <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a> and <em class="rfc2119">MUST</em> exist in the root <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> of the <a href="#data-model">data | |
model</a> for the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-64">DID document</a>. | |
</dd> | |
</dl> | |
<div class="example" id="example-10"> | |
<div class="marker"> | |
<a class="self-link" href="#example-10">Example<bdi> 10</bdi></a> | |
</div> <pre class="nohighlight">{ | |
"id": "did:example:123456789abcdefghijk" | |
}</pre> | |
</div> | |
<p> | |
The <code>id</code> property only denotes the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-64">DID</a> of the | |
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-21">DID subject</a> when it is present in the <em>topmost</em> | |
<a href="https://infra.spec.whatwg.org/#ordered-map">map</a> of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-65">DID document</a>. | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-5"><div role="heading" class="note-title marker" id="h-note-5" aria-level="5"><span>Note</span><span class="issue-label">: Intermediate representations</span></div><p class=""> | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-26">DID method</a> specifications can create intermediate representations of a | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-66">DID document</a> that do not contain the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-3">id</a></code> property, | |
such as when a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-6">DID resolver</a> is performing <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-6">DID resolution</a>. | |
However, the fully resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-67">DID document</a> always contains a valid | |
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-4">id</a></code> property. | |
</p></div> | |
</section> | |
<section id="did-controller"><div class="header-wrapper"><h4 id="x5-1-2-did-controller"><bdi class="secno">5.1.2 </bdi>DID Controller</h4><a class="self-link" href="#did-controller" aria-label="Permalink for Section 5.1.2"></a></div> | |
<p> | |
A <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-9">DID controller</a> is an entity that is authorized to make changes to a | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-68">DID document</a>. The process of authorizing a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-10">DID controller</a> is | |
defined by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-27">DID method</a>. | |
</p> | |
<dl> | |
<dt><dfn data-plurals="controllers" id="dfn-controller" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">controller</dfn></dt> | |
<dd> | |
The <code>controller</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value <em class="rfc2119">MUST</em> | |
be a <a href="https://infra.spec.whatwg.org/#string">string</a> or a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="https://infra.spec.whatwg.org/#string">strings</a> that conform to the rules in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-69">DID document</a>(s) <em class="rfc2119">SHOULD</em> | |
contain <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-1">verification relationships</a> that explicitly permit the use of | |
certain <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-11">verification methods</a> for specific purposes. | |
</dd> | |
</dl> | |
<p> | |
When a <code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-4">controller</a></code> property is present in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-70">DID | |
document</a>, its value expresses one or more <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-65">DIDs</a>. Any <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-12">verification | |
methods</a> contained in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-71">DID documents</a> for those <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-66">DIDs</a> <em class="rfc2119">SHOULD</em> | |
be accepted as authoritative, such that proofs that satisfy those | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-13">verification methods</a> are to be considered equivalent to proofs provided | |
by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-22">DID subject</a>. | |
</p> | |
<div class="example" id="example-did-document-with-a-controller-property"> | |
<div class="marker"> | |
<a class="self-link" href="#example-did-document-with-a-controller-property">Example<bdi> 11</bdi></a><span class="example-title">: DID document with a controller property</span> | |
</div> <pre class="nohighlight">{ | |
"@context": "https://www.w3.org/ns/did/v1", | |
"id": "did:example:123456789abcdefghi", | |
"controller": "did:example:bcehfew7h32f32h7af3", | |
}</pre> | |
</div> | |
<div class="note" role="note" id="issue-container-generatedID-6"><div role="heading" class="note-title marker" id="h-note-6" aria-level="5"><span>Note</span><span class="issue-label">: Authorization vs authentication</span></div><p class=""> | |
Note that authorization provided by the value of <code>controller</code> is | |
separate from authentication as described in <a href="#authentication" class="sec-ref"><bdi class="secno">5.3.1 </bdi>Authentication</a>. | |
This is particularly important for key recovery in the case of cryptographic key | |
loss, where the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-23">DID subject</a> no longer has access to their keys, or key | |
compromise, where the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-11">DID controller</a>'s trusted third parties need to | |
override malicious activity by an attacker. See <a href="#security-considerations" class="sec-ref"><bdi class="secno">9. </bdi>Security Considerations</a> for information related to threat models | |
and attack vectors. | |
</p></div> | |
</section> | |
<section id="also-known-as"><div class="header-wrapper"><h4 id="x5-1-3-also-known-as"><bdi class="secno">5.1.3 </bdi>Also Known As</h4><a class="self-link" href="#also-known-as" aria-label="Permalink for Section 5.1.3"></a></div> | |
<p> | |
A <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-24">DID subject</a> can have multiple identifiers for different purposes, or | |
at different times. The assertion that two or more <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-67">DIDs</a> (or other types | |
of <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-15">URI</a>) refer to the same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-25">DID subject</a> can be made using the | |
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-2">alsoKnownAs</a></code> property. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-alsoknownas" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">alsoKnownAs</dfn></dt> | |
<dd> | |
The <code>alsoKnownAs</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value <em class="rfc2119">MUST</em> | |
be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> where each item in the | |
set is a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-16">URI</a> conforming to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. | |
</dd> | |
<dd> | |
This relationship is a statement that the subject of this identifier is | |
also identified by one or more other identifiers. | |
</dd> | |
</dl> | |
<div class="note" role="note" id="issue-container-generatedID-7"><div role="heading" class="note-title marker" id="h-note-7" aria-level="5"><span>Note</span><span class="issue-label">: Equivalence and alsoKnownAs</span></div><div class=""> | |
<p> | |
Applications might choose to consider two identifiers related by | |
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-3">alsoKnownAs</a></code> to be equivalent <em>if</em> the | |
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-4">alsoKnownAs</a></code> relationship is reciprocated in the reverse | |
direction. It is best practice <em>not</em> to consider them equivalent in the | |
absence of this inverse relationship. In other words, the presence of an | |
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-5">alsoKnownAs</a></code> assertion does not prove that this assertion | |
is true. Therefore, it is strongly advised that a requesting party obtain | |
independent verification of an <code>alsoKnownAs</code> assertion. | |
</p> | |
<p> | |
Given that the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-26">DID subject</a> might use different identifiers for different | |
purposes, an expectation of strong equivalence between the two identifiers, or | |
merging the information of the two corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-72">DID documents</a>, is not | |
necessarily appropriate, <em>even with</em> a reciprocal relationship. | |
</p> | |
</div></div> | |
</section> | |
</section> | |
<section id="verification-methods"><div class="header-wrapper"><h3 id="x5-2-verification-methods"><bdi class="secno">5.2 </bdi>Verification Methods</h3><a class="self-link" href="#verification-methods" aria-label="Permalink for Section 5.2"></a></div> | |
<p> | |
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-73">DID document</a> can express <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-14">verification methods</a>, such as | |
cryptographic public keys, which can be used to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-5">authenticate</a> or authorize | |
interactions with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-27">DID subject</a> or associated parties. For example, a | |
cryptographic public key can be used as a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-15">verification method</a> with | |
respect to a digital signature; in such usage, it verifies that the signer | |
could use the associated cryptographic private key. <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-16">Verification methods</a> | |
might take many parameters. An example of this is a set of five cryptographic | |
keys from which any three are required to contribute to a cryptographic | |
threshold signature. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-verificationmethod" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">verificationMethod</dfn></dt> | |
<dd> | |
<p> | |
The <code>verificationMethod</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value | |
<em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-17">verification | |
methods</a>, where each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-18">verification method</a> is expressed using a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a>. The <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-19">verification method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> <em class="rfc2119">MUST</em> include the <code>id</code>, | |
<code>type</code>, <code>controller</code>, and specific verification material | |
properties that are determined by the value of <code>type</code> and are defined | |
in <a href="#verification-material" class="sec-ref"><bdi class="secno">5.2.1 </bdi>Verification Material</a>. A <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-20">verification method</a> <em class="rfc2119">MAY</em> | |
include additional properties. <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-21">Verification methods</a> <em class="rfc2119">SHOULD</em> be registered | |
in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</p> | |
<dl> | |
<dt>id</dt> | |
<dd> | |
<p> | |
The value of the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-5">id</a></code> property for a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-22">verification | |
method</a> <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the | |
rules in Section <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>. | |
</p> | |
</dd> | |
<dt>type</dt> | |
<dd> | |
The value of the <code>type</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that references exactly one <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-23">verification | |
method</a> type. In order to maximize global interoperability, the | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-24">verification method</a> type <em class="rfc2119">SHOULD</em> be registered in the DID Specification | |
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</dd> | |
<dt>controller</dt> | |
<dd> | |
The value of the <code>controller</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. | |
</dd> | |
</dl> | |
</dd> | |
</dl> | |
<div class="example" id="example-example-verification-method-structure"> | |
<div class="marker"> | |
<a class="self-link" href="#example-example-verification-method-structure">Example<bdi> 12</bdi></a><span class="example-title">: Example verification method structure</span> | |
</div> <pre aria-busy="false"><code class="hljs javascript">{ | |
<span class="hljs-string">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/suites/jws-2020/v1"</span> | |
<span class="hljs-string">"https://w3id.org/security/suites/ed25519-2020/v1"</span> | |
] | |
<span class="hljs-string">"id"</span>: <span class="hljs-string">"did:example:123456789abcdefghi"</span>, | |
... | |
<span class="hljs-string">"verificationMethod"</span>: [{ | |
<span class="hljs-string">"id"</span>: ..., | |
<span class="hljs-string">"type"</span>: ..., | |
<span class="hljs-string">"controller"</span>: ..., | |
<span class="hljs-string">"publicKeyJwk"</span>: ... | |
}, { | |
<span class="hljs-string">"id"</span>: ..., | |
<span class="hljs-string">"type"</span>: ..., | |
<span class="hljs-string">"controller"</span>: ..., | |
<span class="hljs-string">"publicKeyMultibase"</span>: ... | |
}] | |
}</code></pre> | |
</div> | |
<div class="note" role="note" id="issue-container-generatedID-8"><div role="heading" class="note-title marker" id="h-note-8" aria-level="4"><span>Note</span><span class="issue-label">: Verification method controller(s) and DID controller(s)</span></div><p class=""> | |
The semantics of the <code>controller</code> property are the same when the | |
subject of the relationship is the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-74">DID document</a> as when the subject of | |
the relationship is a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-25">verification method</a>, such as a cryptographic public | |
key. Since a key can't control itself, and the key controller cannot be inferred | |
from the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-75">DID document</a>, it is necessary to explicitly express the identity | |
of the controller of the key. The difference is that the value of | |
<code>controller</code> for a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-26">verification method</a> is <em>not</em> | |
necessarily a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-12">DID controller</a>. <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-13">DID controllers</a> are expressed | |
using the <code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-5">controller</a></code> property at the highest level of the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-76">DID document</a> (the topmost <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> in the | |
<a href="#data-model">data model</a>); see <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>. | |
</p></div> | |
<section id="verification-material"><div class="header-wrapper"><h4 id="x5-2-1-verification-material"><bdi class="secno">5.2.1 </bdi>Verification Material</h4><a class="self-link" href="#verification-material" aria-label="Permalink for Section 5.2.1"></a></div> | |
<p> | |
Verification material is any information that is used by a process that applies | |
a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-27">verification method</a>. The <code>type</code> of a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-28">verification | |
method</a> is expected to be used to determine its compatibility with such | |
processes. Examples of verification material properties are | |
<code><a href="#dfn-publickeyjwk" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeyjwk-3">publicKeyJwk</a></code> or <code><a href="#dfn-publickeymultibase" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-publickeymultibase-2">publicKeyMultibase</a></code>. A | |
<a href="#dfn-cryptosuite" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-cryptosuite-1">cryptographic suite</a> specification is responsible for specifying the | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-29">verification method</a> <code>type</code> and its associated verification | |
material. For example, see | |
<a href="https://w3c-ccg.github.io/lds-jws2020/">JSON | |
Web Signature 2020</a> and <a href="https://w3c-ccg.github.io/lds-ed25519-2020/">Ed25519 Signature 2020</a>. | |
For all registered <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-30">verification method</a> types and associated verification | |
material available for <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-68">DIDs</a>, please see the DID Specification Registries | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</p> | |
<p> | |
To increase the likelihood of interoperable implementations, this specification | |
limits the number of formats for expressing verification material in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-77">DID | |
document</a>. The fewer formats that implementers have to | |
implement, the more likely it will be that they will support all of them. This | |
approach attempts to strike a delicate balance between ease of implementation | |
and supporting formats that have historically had broad deployment. | |
Two supported verification material properties are listed below: | |
</p> | |
<dl> | |
<dt><dfn id="dfn-publickeyjwk" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">publicKeyJwk</dfn></dt> | |
<dd> | |
<p> | |
The <code>publicKeyJwk</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the value <em class="rfc2119">MUST</em> | |
be a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> representing a JSON Web Key that | |
conforms to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7517" title="JSON Web Key (JWK)">RFC7517</a></cite>]. The <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> <em class="rfc2119">MUST NOT</em> | |
contain "d", or any other members of the private information class as described | |
in <a href="https://tools.ietf.org/html/rfc7517#section-8.1.1">Registration | |
Template</a>. It is <em class="rfc2119">RECOMMENDED</em> that verification methods that use JWKs | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7517" title="JSON Web Key (JWK)">RFC7517</a></cite>] to represent their public keys use the value of <code>kid</code> as | |
their <a href="#fragment">fragment identifier</a>. It is <em class="rfc2119">RECOMMENDED</em> that JWK | |
<code>kid</code> values are set to the public key fingerprint [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7638" title="JSON Web Key (JWK) Thumbprint">RFC7638</a></cite>]. See | |
the first key in <a href="#example-various-verification-method-types" class="box-ref">Example<bdi> 13</bdi></a> for | |
an example of a public key with a compound key identifier. | |
</p> | |
</dd> | |
<dt><dfn id="dfn-publickeymultibase" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">publicKeyMultibase</dfn></dt> | |
<dd> | |
<p> | |
The <code>publicKeyMultibase</code> property is <em class="rfc2119">OPTIONAL</em>. This feature is | |
non-normative. If present, the value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> representation of a [<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] encoded | |
public key. | |
</p> | |
<p class="advisement"> | |
Note that the [<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] specification is not yet a standard and is | |
subject to change. There might be some use cases for this data format | |
where <code><b>public</b>KeyMultibase</code> is defined, to allow for | |
expression of public keys, but <code><b>private</b>KeyMultibase</code> | |
is not defined, to protect against accidental leakage of secret keys. | |
</p> | |
</dd> | |
</dl> | |
<p> | |
A <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-31">verification method</a> <em class="rfc2119">MUST NOT</em> contain multiple verification material | |
properties for the same material. For example, expressing key material in a | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-32">verification method</a> using both <code>publicKeyJwk</code> and | |
<code>publicKeyMultibase</code> at the same time is prohibited. | |
</p> | |
<p> | |
An example of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-78">DID document</a> containing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-33">verification methods</a> using | |
both properties above is shown below. | |
</p> | |
<div class="example" id="example-various-verification-method-types"> | |
<div class="marker"> | |
<a class="self-link" href="#example-various-verification-method-types">Example<bdi> 13</bdi></a><span class="example-title">: Verification methods using publicKeyJwk and publicKeyMultibase</span> | |
</div> <pre class="nohighlight">{ | |
"@context": [ | |
"https://www.w3.org/ns/did/v1", | |
"https://w3id.org/security/suites/jws-2020/v1", | |
"https://w3id.org/security/suites/ed25519-2020/v1" | |
] | |
"id": "did:example:123456789abcdefghi", | |
<span class="comment">...</span> | |
"verificationMethod": [{ | |
"id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A", | |
"type": "JsonWebKey2020", <span class="comment">// external (property value)</span> | |
"controller": "did:example:123", | |
"publicKeyJwk": { | |
"crv": "Ed25519", <span class="comment">// external (property name)</span> | |
"x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ", <span class="comment">// external (property name)</span> | |
"kty": "OKP", <span class="comment">// external (property name)</span> | |
"kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A" <span class="comment">// external (property name)</span> | |
} | |
}, { | |
"id": "did:example:123456789abcdefghi#keys-1", | |
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span> | |
"controller": "did:example:pqrstuvwxyz0987654321", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
}], | |
<span class="comment">...</span> | |
}</pre> | |
</div> | |
</section> | |
<section id="referring-to-verification-methods"><div class="header-wrapper"><h4 id="x5-2-2-referring-to-verification-methods"><bdi class="secno">5.2.2 </bdi>Referring to Verification Methods</h4><a class="self-link" href="#referring-to-verification-methods" aria-label="Permalink for Section 5.2.2"></a></div> | |
<p> | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-34">Verification methods</a> can be embedded in or referenced from properties | |
associated with various <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-2">verification relationships</a> as described in <a href="#verification-relationships" class="sec-ref"><bdi class="secno">5.3 </bdi>Verification Relationships</a>. Referencing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-35">verification methods</a> | |
allows them to be used by more than one <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-3">verification relationship</a>. | |
</p> | |
<p> | |
If the value of a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-36">verification method</a> property is a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a>, the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-37">verification method</a> has been | |
embedded and its properties can be accessed directly. However, if the value is a | |
URL <a href="https://infra.spec.whatwg.org/#string">string</a>, the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-38">verification method</a> has | |
been included by reference and its properties will need to be retrieved from | |
elsewhere in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-79">DID document</a> or from another <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-80">DID document</a>. This | |
is done by dereferencing the URL and searching the resulting <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-13">resource</a> for a | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-39">verification method</a> <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> with an | |
<code>id</code> property whose value matches the URL. | |
</p> | |
<div class="example" id="example-embedding-and-referencing-verification-methods"> | |
<div class="marker"> | |
<a class="self-link" href="#example-embedding-and-referencing-verification-methods">Example<bdi> 14</bdi></a><span class="example-title">: Embedding and referencing verification methods</span> | |
</div> <pre class="nohighlight">{ | |
<span class="comment">...</span> | |
"authentication": [ | |
<span class="comment">// this key is referenced and might be used by</span> | |
<span class="comment">// more than one verification relationship</span> | |
"did:example:123456789abcdefghi#keys-1", | |
<span class="comment">// this key is embedded and may *only* be used for authentication</span> | |
{ | |
"id": "did:example:123456789abcdefghi#keys-2", | |
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span> | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
} | |
], | |
<span class="comment">...</span> | |
}</pre> | |
</div> | |
</section> | |
</section> | |
<section id="verification-relationships"><div class="header-wrapper"><h3 id="x5-3-verification-relationships"><bdi class="secno">5.3 </bdi>Verification Relationships</h3><a class="self-link" href="#verification-relationships" aria-label="Permalink for Section 5.3"></a></div> | |
<p> | |
A <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-4">verification relationship</a> expresses the relationship between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-28">DID | |
subject</a> and a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-40">verification method</a>. | |
</p> | |
<p> | |
Different <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-5">verification relationships</a> enable the associated | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-41">verification methods</a> to be used for different purposes. It is up to a | |
<em>verifier</em> to ascertain the validity of a verification attempt by | |
checking that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-42">verification method</a> used is contained in the | |
appropriate <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-6">verification relationship</a> property of the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-81">DID Document</a>. | |
</p> | |
<p> | |
The <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-7">verification relationship</a> between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-29">DID subject</a> and the | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-43">verification method</a> is explicit in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-82">DID document</a>. | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-44">Verification methods</a> that are not associated with a particular | |
<a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-8">verification relationship</a> cannot be used for that <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-9">verification | |
relationship</a>. For example, a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-45">verification method</a> in the value of | |
the <code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-2">authentication</a></code> property cannot be used to engage in | |
key agreement protocols with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-30">DID subject</a>—the value of the | |
<code><a href="#dfn-keyagreement" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-keyagreement-2">keyAgreement</a></code> property needs to be used for that. | |
</p> | |
<p> | |
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-83">DID document</a> does not express revoked keys using a <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-10">verification | |
relationship</a>. If a referenced verification method is not in the latest | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-84">DID Document</a> used to dereference it, then that verification method is | |
considered invalid or revoked. Each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-28">DID method</a> specification is expected | |
to detail how revocation is performed and tracked. | |
</p> | |
<p> | |
The following sections define several useful <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-11">verification relationships</a>. | |
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-85">DID document</a> <em class="rfc2119">MAY</em> include any of these, or other properties, to | |
express a specific <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-12">verification relationship</a>. In order to maximize global | |
interoperability, any such properties used <em class="rfc2119">SHOULD</em> be registered in the DID | |
Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</p> | |
<section id="authentication"><div class="header-wrapper"><h4 id="x5-3-1-authentication"><bdi class="secno">5.3.1 </bdi>Authentication</h4><a class="self-link" href="#authentication" aria-label="Permalink for Section 5.3.1"></a></div> | |
<p> | |
The <code>authentication</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-13">verification relationship</a> is used to | |
specify how the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-31">DID subject</a> is expected to be <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-6">authenticated</a>, for | |
purposes such as logging into a website or engaging in any sort of | |
challenge-response protocol. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-authentication" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">authentication</dfn></dt> | |
<dd> | |
The <code>authentication</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the associated | |
value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of one or more | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-46">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-47">verification method</a> <em class="rfc2119">MAY</em> be embedded or | |
referenced. | |
</dd> | |
</dl> | |
<div class="example" id="example-authentication-property-containing-three-verification-methods"> | |
<div class="marker"> | |
<a class="self-link" href="#example-authentication-property-containing-three-verification-methods">Example<bdi> 15</bdi></a><span class="example-title">: Authentication property | |
containing three verification methods</span> | |
</div> <pre class="nohighlight">{ | |
"@context": [ | |
"https://www.w3.org/ns/did/v1", | |
"https://w3id.org/security/suites/ed25519-2020/v1" | |
], | |
"id": "did:example:123456789abcdefghi", | |
<span class="comment">...</span> | |
"authentication": [ | |
<span class="comment">// this method can be used to authenticate as did:...fghi</span> | |
"did:example:123456789abcdefghi#keys-1", | |
<span class="comment">// this method is *only* approved for authentication, it may not</span> | |
<span class="comment">// be used for any other proof purpose, so its full description is</span> | |
<span class="comment">// embedded here rather than using only a reference</span> | |
{ | |
"id": "did:example:123456789abcdefghi#keys-2", | |
"type": "Ed25519VerificationKey2020", | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
} | |
], | |
<span class="comment">...</span> | |
}</pre> | |
</div> | |
<p> | |
If authentication is established, it is up to the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-29">DID method</a> or other | |
application to decide what to do with that information. A particular <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-30">DID | |
method</a> could decide that authenticating as a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-14">DID controller</a> is | |
sufficient to, for example, update or delete the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-86">DID document</a>. Another | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-31">DID method</a> could require different keys, or a different <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-48">verification | |
method</a> entirely, to be presented in order to update or delete the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-87">DID | |
document</a> than that used to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-7">authenticate</a>. In other words, what is done | |
<em>after</em> the authentication check is out of scope for the <a href="#data-model">data model</a>; <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-32">DID methods</a> and applications are | |
expected to define this themselves. | |
</p> | |
<p> | |
This is useful to any <em>authentication verifier</em> that needs to check to | |
see if an entity that is attempting to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-8">authenticate</a> is, in fact, | |
presenting a valid proof of authentication. When a <em>verifier</em> receives | |
some data (in some protocol-specific format) that contains a proof that was made | |
for the purpose of "authentication", and that says that an entity is identified | |
by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-69">DID</a>, then that <em>verifier</em> checks to ensure that the proof | |
can be verified using a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-49">verification method</a> (e.g., public key) listed | |
under <code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-3">authentication</a></code> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-88">DID Document</a>. | |
</p> | |
<p> | |
Note that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-50">verification method</a> indicated by the | |
<code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-4">authentication</a></code> property of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-89">DID document</a> can only be | |
used to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-9">authenticate</a> the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-32">DID subject</a>. To <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-10">authenticate</a> a | |
different <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-15">DID controller</a>, the entity associated with the value of | |
<code>controller</code>, as defined in <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>, needs to | |
<a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-11">authenticate</a> with its <em>own</em> <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-90">DID document</a> and associated | |
<code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-5">authentication</a></code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-14">verification relationship</a>. | |
</p> | |
</section> | |
<section id="assertion"><div class="header-wrapper"><h4 id="x5-3-2-assertion"><bdi class="secno">5.3.2 </bdi>Assertion</h4><a class="self-link" href="#assertion" aria-label="Permalink for Section 5.3.2"></a></div> | |
<p> | |
The <code>assertionMethod</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-15">verification relationship</a> is used to | |
specify how the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-33">DID subject</a> is expected to express claims, such as for | |
the purposes of issuing a Verifiable Credential [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>]. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-assertionmethod" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">assertionMethod</dfn></dt> | |
<dd> | |
The <code>assertionMethod</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the | |
associated value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of | |
one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-51">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-52">verification method</a> <em class="rfc2119">MAY</em> be | |
embedded or referenced. | |
</dd> | |
</dl> | |
<p> | |
This property is useful, for example, during the processing of a <a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-2">verifiable | |
credential</a> by a verifier. During verification, a verifier checks to see if a | |
<a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-3">verifiable credential</a> contains a proof created by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-34">DID subject</a> | |
by checking that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-53">verification method</a> used to assert the proof is | |
associated with the <code><a href="#dfn-assertionmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-assertionmethod-2">assertionMethod</a></code> property in the | |
corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-91">DID document</a>. | |
</p> | |
<div class="example" id="example-assertion-method-property-containing-two-verification-methods"> | |
<div class="marker"> | |
<a class="self-link" href="#example-assertion-method-property-containing-two-verification-methods">Example<bdi> 16</bdi></a><span class="example-title">: Assertion method property | |
containing two verification methods</span> | |
</div> <pre class="nohighlight">{ | |
"@context": [ | |
"https://www.w3.org/ns/did/v1", | |
"https://w3id.org/security/suites/ed25519-2020/v1" | |
], | |
"id": "did:example:123456789abcdefghi", | |
<span class="comment">...</span> | |
"assertionMethod": [ | |
<span class="comment">// this method can be used to assert statements as did:...fghi</span> | |
"did:example:123456789abcdefghi#keys-1", | |
<span class="comment">// this method is *only* approved for assertion of statements, it is not</span> | |
<span class="comment">// used for any other verification relationship, so its full description is</span> | |
<span class="comment">// embedded here rather than using a reference</span> | |
{ | |
"id": "did:example:123456789abcdefghi#keys-2", | |
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span> | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
} | |
], | |
<span class="comment">...</span> | |
}</pre> | |
</div> | |
</section> | |
<section id="key-agreement"><div class="header-wrapper"><h4 id="x5-3-3-key-agreement"><bdi class="secno">5.3.3 </bdi>Key Agreement</h4><a class="self-link" href="#key-agreement" aria-label="Permalink for Section 5.3.3"></a></div> | |
<p> | |
The <code>keyAgreement</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-16">verification relationship</a> is used to | |
specify how an entity can generate encryption material in order to transmit | |
confidential information intended for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-35">DID subject</a>, such as for | |
the purposes of establishing a secure communication channel with the recipient. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-keyagreement" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">keyAgreement</dfn></dt> | |
<dd> | |
The <code>keyAgreement</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the associated | |
value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of one or more | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-54">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-55">verification method</a> <em class="rfc2119">MAY</em> be embedded or | |
referenced. | |
</dd> | |
</dl> | |
<p> | |
An example of when this property is useful is when encrypting a message intended | |
for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-36">DID subject</a>. In this case, the counterparty uses the | |
cryptographic public key information in the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-56">verification method</a> to wrap a | |
decryption key for the recipient. | |
</p> | |
<div class="example" id="example-key-agreement-property-containing-two-verification-methods"> | |
<div class="marker"> | |
<a class="self-link" href="#example-key-agreement-property-containing-two-verification-methods">Example<bdi> 17</bdi></a><span class="example-title">: Key agreement property | |
containing two verification methods</span> | |
</div> <pre class="nohighlight">{ | |
"@context": "https://www.w3.org/ns/did/v1", | |
"id": "did:example:123456789abcdefghi", | |
<span class="comment">...</span> | |
"keyAgreement": [ | |
<span class="comment">// this method can be used to perform key agreement as did:...fghi</span> | |
"did:example:123456789abcdefghi#keys-1", | |
<span class="comment">// this method is *only* approved for key agreement usage, it will not</span> | |
<span class="comment">// be used for any other verification relationship, so its full description is</span> | |
<span class="comment">// embedded here rather than using only a reference</span> | |
{ | |
"id": "did:example:123#zC9ByQ8aJs8vrNXyDhPHHNNMSHPcaSgNpjjsBYpMMjsTdS", | |
"type": "X25519KeyAgreementKey2019", <span class="comment">// external (property value)</span> | |
"controller": "did:example:123", | |
"publicKeyMultibase": "z9hFgmPVfmBZwRvFEyniQDBkz9LmV7gDEqytWyGZLmDXE" | |
} | |
], | |
<span class="comment">...</span> | |
}</pre> | |
</div> | |
</section> | |
<section id="capability-invocation"><div class="header-wrapper"><h4 id="x5-3-4-capability-invocation"><bdi class="secno">5.3.4 </bdi>Capability Invocation</h4><a class="self-link" href="#capability-invocation" aria-label="Permalink for Section 5.3.4"></a></div> | |
<p> | |
The <code>capabilityInvocation</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-17">verification relationship</a> is used | |
to specify a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-57">verification method</a> that might be used by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-37">DID | |
subject</a> to invoke a cryptographic capability, such as the authorization to | |
update the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-92">DID Document</a>. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-capabilityinvocation" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">capabilityInvocation</dfn></dt> | |
<dd> | |
The <code>capabilityInvocation</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the | |
associated value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of | |
one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-58">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-59">verification method</a> <em class="rfc2119">MAY</em> be | |
embedded or referenced. | |
</dd> | |
</dl> | |
<p> | |
An example of when this property is useful is when a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-38">DID subject</a> needs to | |
access a protected HTTP API that requires authorization in order to use it. In | |
order to authorize when using the HTTP API, the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-39">DID subject</a> | |
uses a capability that is associated with a particular URL that is | |
exposed via the HTTP API. The invocation of the capability could be | |
expressed in a number of ways, e.g., as a digitally signed | |
message that is placed into the HTTP Headers. | |
</p> | |
<p> | |
The server providing the HTTP API is the <em>verifier</em> of the capability and | |
it would need to verify that the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-60">verification method</a> referred to by the | |
invoked capability exists in the <code><a href="#dfn-capabilityinvocation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilityinvocation-2">capabilityInvocation</a></code> | |
property of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-93">DID document</a>. The verifier would also check to make sure | |
that the action being performed is valid and the capability is appropriate for | |
the resource being accessed. If the verification is successful, the server has | |
cryptographically determined that the invoker is authorized to access the | |
protected resource. | |
</p> | |
<div class="example" id="example-capability-invocation-property-containing-two-verification-methods"> | |
<div class="marker"> | |
<a class="self-link" href="#example-capability-invocation-property-containing-two-verification-methods">Example<bdi> 18</bdi></a><span class="example-title">: Capability invocation property | |
containing two verification methods</span> | |
</div> <pre class="nohighlight">{ | |
"@context": [ | |
"https://www.w3.org/ns/did/v1", | |
"https://w3id.org/security/suites/ed25519-2020/v1" | |
], | |
"id": "did:example:123456789abcdefghi", | |
<span class="comment">...</span> | |
"capabilityInvocation": [ | |
<span class="comment">// this method can be used to invoke capabilities as did:...fghi</span> | |
"did:example:123456789abcdefghi#keys-1", | |
<span class="comment">// this method is *only* approved for capability invocation usage, it will not</span> | |
<span class="comment">// be used for any other verification relationship, so its full description is</span> | |
<span class="comment">// embedded here rather than using only a reference</span> | |
{ | |
"id": "did:example:123456789abcdefghi#keys-2", | |
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span> | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
} | |
], | |
<span class="comment">...</span> | |
}</pre> | |
</div> | |
</section> | |
<section id="capability-delegation"><div class="header-wrapper"><h4 id="x5-3-5-capability-delegation"><bdi class="secno">5.3.5 </bdi>Capability Delegation</h4><a class="self-link" href="#capability-delegation" aria-label="Permalink for Section 5.3.5"></a></div> | |
<p> | |
The <code>capabilityDelegation</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-18">verification relationship</a> is used | |
to specify a mechanism that might be used by the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-40">DID subject</a> to delegate | |
a cryptographic capability to another party, such as delegating the authority | |
to access a specific HTTP API to a subordinate. | |
</p> | |
<dl> | |
<dt><dfn id="dfn-capabilitydelegation" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">capabilityDelegation</dfn></dt> | |
<dd> | |
The <code>capabilityDelegation</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the | |
associated value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of | |
one or more <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-61">verification methods</a>. Each <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-62">verification method</a> <em class="rfc2119">MAY</em> be | |
embedded or referenced. | |
</dd> | |
</dl> | |
<p> | |
An example of when this property is useful is when a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-16">DID controller</a> | |
chooses to delegate their capability to access a protected HTTP API to a party | |
other than themselves. In order to delegate the capability, the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-41">DID | |
subject</a> would use a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-63">verification method</a> associated with the | |
<code>capabilityDelegation</code> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-19">verification relationship</a> to | |
cryptographically sign the capability over to another <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-42">DID subject</a>. The | |
delegate would then use the capability in a manner that is similar to the | |
example described in <a href="#capability-invocation" class="sec-ref"><bdi class="secno">5.3.4 </bdi>Capability Invocation</a>. | |
</p> | |
<div class="example" id="example-capability-delegation-property-containing-two-verification-methods"> | |
<div class="marker"> | |
<a class="self-link" href="#example-capability-delegation-property-containing-two-verification-methods">Example<bdi> 19</bdi></a><span class="example-title">: Capability Delegation property | |
containing two verification methods</span> | |
</div> <pre class="nohighlight">{ | |
"@context": [ | |
"https://www.w3.org/ns/did/v1", | |
"https://w3id.org/security/suites/ed25519-2020/v1" | |
], | |
"id": "did:example:123456789abcdefghi", | |
<span class="comment">...</span> | |
"capabilityDelegation": [ | |
<span class="comment">// this method can be used to perform capability delegation as did:...fghi</span> | |
"did:example:123456789abcdefghi#keys-1", | |
<span class="comment">// this method is *only* approved for granting capabilities; it will not</span> | |
<span class="comment">// be used for any other verification relationship, so its full description is</span> | |
<span class="comment">// embedded here rather than using only a reference</span> | |
{ | |
"id": "did:example:123456789abcdefghi#keys-2", | |
"type": "Ed25519VerificationKey2020", <span class="comment">// external (property value)</span> | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
} | |
], | |
<span class="comment">...</span> | |
}</pre> | |
</div> | |
</section> | |
</section> | |
<section id="services"><div class="header-wrapper"><h3 id="x5-4-services"><bdi class="secno">5.4 </bdi>Services</h3><a class="self-link" href="#services" aria-label="Permalink for Section 5.4"></a></div> | |
<p> | |
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-10">Services</a> are used in <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-94">DID documents</a> to express ways of | |
communicating with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-43">DID subject</a> or associated entities. A | |
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-11">service</a> can be any type of service the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-44">DID subject</a> wants to | |
advertise, including <a href="#dfn-decentralized-identity-management" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identity-management-1">decentralized identity management</a> services for | |
further discovery, authentication, authorization, or interaction. | |
</p> | |
<p> | |
Due to privacy concerns, revealing public information through <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-12">services</a>, | |
such as social media accounts, personal websites, and email addresses, is | |
discouraged. Further exploration of privacy concerns can be found in <a href="#keep-personal-data-private" class="sec-ref"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a> and <a href="#service-privacy" class="sec-ref"><bdi class="secno">10.6 </bdi>Service Privacy</a>. The | |
information associated with <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-13">services</a> is often service specific. For | |
example, the information associated with an encrypted messaging service can | |
express how to initiate the encrypted link before messaging begins. | |
</p> | |
<p> | |
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-14">Services</a> are expressed using the <code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-15">service</a></code> property, | |
which is described below: | |
</p> | |
<dl> | |
<dt>service</dt> | |
<dd> | |
<p> | |
The <code>service</code> property is <em class="rfc2119">OPTIONAL</em>. If present, the associated value | |
<em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-16">services</a>, | |
where each service is described by a <a href="https://infra.spec.whatwg.org/#ordered-map">map</a>. | |
Each <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-17">service</a> <a href="https://infra.spec.whatwg.org/#ordered-map">map</a> <em class="rfc2119">MUST</em> contain | |
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-6">id</a></code>, <code>type</code>, and | |
<code><a href="#dfn-serviceendpoint" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-serviceendpoint-2">serviceEndpoint</a></code> properties. Each service extension <em class="rfc2119">MAY</em> | |
include additional properties and <em class="rfc2119">MAY</em> further restrict the properties associated | |
with the extension. | |
</p> | |
<dl> | |
<dt>id</dt> | |
<dd> | |
The value of the <code>id</code> property <em class="rfc2119">MUST</em> be a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-17">URI</a> conforming to | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]. A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-1">conforming producer</a> <em class="rfc2119">MUST NOT</em> produce | |
multiple <code>service</code> entries with the same <code>id</code>. | |
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-1">conforming consumer</a> <em class="rfc2119">MUST</em> produce an error if it detects | |
multiple <code>service</code> entries with the same <code>id</code>. | |
</dd> | |
<dt>type</dt> | |
<dd> | |
The value of the <code>type</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> or a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> of <a href="https://infra.spec.whatwg.org/#string">strings</a>. In order to maximize interoperability, | |
the <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-18">service</a> type and its associated properties <em class="rfc2119">SHOULD</em> be | |
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</dd> | |
<dt><dfn id="dfn-serviceendpoint" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">serviceEndpoint</dfn></dt> | |
<dd> | |
The value of the <code>serviceEndpoint</code> property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a>, a <a href="https://infra.spec.whatwg.org/#string">map</a>, or | |
a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> composed of one or more <a href="https://infra.spec.whatwg.org/#string">strings</a> and/or <a href="https://infra.spec.whatwg.org/#string">maps</a>. All <a href="https://infra.spec.whatwg.org/#string">string</a> | |
values <em class="rfc2119">MUST</em> be valid <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-18">URIs</a> conforming to [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] and normalized | |
according to the <a href="https://www.rfc-editor.org/rfc/rfc3986#section-6">Normalization and Comparison | |
rules in RFC3986</a> and to any normalization rules in its applicable <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-19">URI</a> | |
scheme specification. | |
</dd> | |
</dl> | |
</dd></dl> | |
<p> | |
For more information regarding privacy and security considerations related | |
to <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-19">services</a> see <a href="#service-privacy" class="sec-ref"><bdi class="secno">10.6 </bdi>Service Privacy</a>, <a href="#keep-personal-data-private" class="sec-ref"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a>, <a href="#did-document-correlation-risks" class="sec-ref"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</a>, and <a href="#authentication-service-endpoints" class="sec-ref"><bdi class="secno">9.3 </bdi>Authentication Service Endpoints</a>. | |
</p> | |
<div class="example" id="example-usage-of-the-service-property"> | |
<div class="marker"> | |
<a class="self-link" href="#example-usage-of-the-service-property">Example<bdi> 20</bdi></a><span class="example-title">: Usage of the service property</span> | |
</div> <pre class="nohighlight">{ | |
"service": [{ | |
"id":"did:example:123#linked-domain", | |
"type": "LinkedDomains", <span class="comment">// external (property value)</span> | |
"serviceEndpoint": "https://bar.example.com" | |
}] | |
}</pre> | |
</div> | |
</section> | |
</section> | |
<section class="normative" id="representations"><div class="header-wrapper"><h2 id="x6-representations"><bdi class="secno">6. </bdi>Representations</h2><a class="self-link" href="#representations" aria-label="Permalink for Section 6."></a></div> | |
<p> | |
A concrete serialization of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-95">DID document</a> in this specification is | |
called a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-14">representation</a>. A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-15">representation</a> is created by | |
serializing the <a href="#data-model">data model</a> through a process called | |
<dfn id="dfn-production" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">production</dfn>. A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-16">representation</a> is transformed into the <a href="#data-model">data model</a> through a process called | |
<dfn id="dfn-consumption" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">consumption</dfn>. The <em>production</em> and <em>consumption</em> | |
processes enable the conversion of information from one <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-17">representation</a> to | |
another. This specification defines <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-18">representations</a> for JSON and JSON-LD, | |
and developers can use any other <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-19">representation</a>, such as XML or | |
YAML, that is capable of expressing the <a href="#data-model">data model</a>. | |
The following sections define the general rules for <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-1">production</a> and | |
<a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-1">consumption</a>, as well as the JSON and JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-20">representations</a>. | |
</p> | |
<section id="production-and-consumption"><div class="header-wrapper"><h3 id="x6-1-production-and-consumption"><bdi class="secno">6.1 </bdi>Production and Consumption</h3><a class="self-link" href="#production-and-consumption" aria-label="Permalink for Section 6.1"></a></div> | |
<p> | |
In addition to the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-21">representations</a> defined in this specification, | |
implementers can use other <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-22">representations</a>, providing each such | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-23">representation</a> is properly specified (including rules for | |
interoperable handling of properties not listed in the DID Specification | |
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]). See <a href="#extensibility" class="sec-ref"><bdi class="secno">4.1 </bdi>Extensibility</a> | |
for more information. | |
</p> | |
<p> | |
The requirements for all <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-24">representations</a> are as follows: | |
</p> | |
<ol> | |
<li> | |
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-25">representation</a> <em class="rfc2119">MUST</em> define deterministic production and consumption | |
rules for all data types specified in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a>. | |
</li> | |
<li> | |
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-26">representation</a> <em class="rfc2119">MUST</em> be uniquely associated with an IANA-registered | |
Media Type. | |
</li> | |
<li> | |
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-27">representation</a> <em class="rfc2119">MUST</em> define fragment processing rules for its Media | |
Type that are conformant with the fragment processing rules defined in | |
<a href="#fragment" class="sec-ref">Fragment</a>. | |
</li> | |
<li> | |
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-28">representation</a> <em class="rfc2119">SHOULD</em> use the lexical representation of <a href="#data-model">data model</a> data types. For example, JSON and JSON-LD use | |
the XML Schema <code>dateTime</code> lexical serialization to represent | |
<a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-1">datetimes</a>. A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-29">representation</a> <em class="rfc2119">MAY</em> choose to serialize the <a href="#data-model">data model</a> data types using a different lexical | |
serializations as long as the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-2">consumption</a> process back into the <a href="#data-model">data model</a> is lossless. For example, some CBOR-based | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-30">representations</a> express <a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-2">datetime</a> values using integers to | |
represent the number of seconds since the Unix epoch. | |
</li> | |
<li> | |
A <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-31">representation</a> <em class="rfc2119">MAY</em> define <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-2">representation-specific entries</a> that | |
are stored in a <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-3">representation-specific entries</a> | |
<a href="https://infra.spec.whatwg.org/#maps">map</a> | |
for use during the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-2">production</a> and <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-3">consumption</a> process. These | |
entries are used when consuming or producing to aid in ensuring lossless | |
conversion. | |
</li> | |
<li> | |
In order to maximize interoperability, <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-32">representation</a> specification | |
authors <em class="rfc2119">SHOULD</em> register their <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-33">representation</a> in the DID Specification | |
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</li> | |
</ol> | |
<p> | |
The requirements for all <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-2">conforming producers</a> are as follows: | |
</p> | |
<ol> | |
<li> | |
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-3">conforming producer</a> <em class="rfc2119">MUST</em> take a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-96">DID document</a> <a href="#data-model">data model</a> and a <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-4">representation-specific entries</a> | |
<a href="https://infra.spec.whatwg.org/#maps">map</a> as input into the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-3">production</a> process. | |
The <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-4">conforming producer</a> <em class="rfc2119">MAY</em> accept additional options as input | |
into the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-4">production</a> process. | |
</li> | |
<li> | |
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-5">conforming producer</a> <em class="rfc2119">MUST</em> serialize all entries in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-97">DID | |
document</a> <a href="#data-model">data model</a>, and the | |
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-5">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a>, | |
that do not | |
have explicit processing rules for the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-34">representation</a> being produced | |
using only the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-35">representation</a>'s data type processing rules and | |
return the serialization after the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-5">production</a> process completes. | |
</li> | |
<li> | |
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-6">conforming producer</a> <em class="rfc2119">MUST</em> return the Media Type <a href="https://infra.spec.whatwg.org/#string">string</a> associated with the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-36">representation</a> | |
after the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-6">production</a> process completes. | |
</li> | |
<li> | |
A conforming producer <em class="rfc2119">MUST NOT</em> produce non-conforming <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-70">DIDs</a> or <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-98">DID | |
documents</a>. | |
</li> | |
</ol> | |
<p> | |
The requirements for all <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-2">conforming consumers</a> are as follows: | |
</p> | |
<ol> | |
<li> | |
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-3">conforming consumer</a> <em class="rfc2119">MUST</em> take a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-37">representation</a> and | |
Media Type <a href="https://infra.spec.whatwg.org/#string">string</a> as input into | |
the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-4">consumption</a> process. A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-4">conforming consumer</a> <em class="rfc2119">MAY</em> accept | |
additional options as input into the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-5">consumption</a> process. | |
</li> | |
<li> | |
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-5">conforming consumer</a> <em class="rfc2119">MUST</em> determine the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-38">representation</a> of a | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-99">DID document</a> using the Media Type input <a href="https://infra.spec.whatwg.org/#string">string</a>. | |
</li> | |
<li> | |
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-6">conforming consumer</a> <em class="rfc2119">MUST</em> detect any <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-6">representation-specific | |
entry</a> across all known <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-39">representations</a> and place the entry into a | |
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-7">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a> | |
which is returned after the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-6">consumption</a> process completes. A list of | |
all known <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-8">representation-specific entries</a> is available in the | |
DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</li> | |
<li> | |
A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-7">conforming consumer</a> <em class="rfc2119">MUST</em> add all <a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-9">non-representation-specific | |
entries</a> | |
that do not have explicit processing rules for the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-40">representation</a> being | |
consumed to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-100">DID document</a> <a href="#data-model">data model</a> using | |
only the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-41">representation</a>'s data type processing rules and return the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-101">DID document</a> data model after the <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-7">consumption</a> process completes. | |
</li> | |
<li> | |
A conforming consumer <em class="rfc2119">MUST</em> produce errors when consuming non-conforming | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-71">DIDs</a> or <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-102">DID documents</a>. | |
</li> | |
</ol> | |
<figure id="production-consumption"> | |
<img style="margin: auto; display: block;" src="diagrams/diagram-production-consumption.svg" alt=" | |
Diagram illustrating how representations of the data model are produced | |
and consumed, including in JSON and JSON-LD." height="605" width="989"> | |
<figcaption>Figure <bdi class="figno">4</bdi> <span class="fig-title"> | |
Production and consumption of representations. | |
See also: <a class="longdesc-link" href="#production-consumption-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="production-consumption-longdesc"> | |
<p> | |
The upper left quadrant of the diagram contains a rectangle with dashed grey | |
outline, containing two blue-outlined rectangles, one above the other. | |
The upper, larger rectangle is labeled, in blue, "Core Properties", | |
and contains the following <a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation: | |
</p> | |
<pre aria-busy="false"><code class="hljs javascript">«[ | |
<span class="hljs-string">"id"</span> → <span class="hljs-string">"example:123"</span>, | |
<span class="hljs-string">"verificationMethod"</span> → « «[ | |
<span class="hljs-string">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>, | |
<span class="hljs-string">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-string">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>, | |
<span class="hljs-string">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span> | |
]» », | |
<span class="hljs-string">"authentication"</span> → « | |
<span class="hljs-string">"did:example:123#keys-1"</span> | |
» | |
]»</code></pre> | |
The lower, smaller rectangle is labeled, in blue, "Core Representation-specific | |
Entries (JSON-LD)", and contains the following monospaced <a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation: | |
<pre aria-busy="false"><code class="hljs css">«<span class="hljs-selector-attr">[ <span class="hljs-string">"@context"</span> → <span class="hljs-string">"https://www.w3.org/ns/did/v1"</span> ]</span>»</code></pre> | |
<p> | |
From the grey-outlined rectangle, three pairs of arrows extend to three | |
different black-outlined rectangles, one on the upper right of the diagram, one | |
in the lower right, and one in the lower left. Each pair of arrows consists of | |
one blue arrow pointing from the grey-outlined rectangle to the respective | |
black-outlined rectangle, labeled "produce", and one red arrow pointing in the | |
reverse direction, labeled "consume". The black-outlined rectangle in the upper | |
right is labeled "application/did+cbor", and contains hexadecimal data. The | |
rectangle in the lower right is labeled "application/did+json", and contains | |
the following JSON data: | |
</p> | |
<pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: [{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>, | |
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span> | |
}], | |
<span class="hljs-attr">"authentication"</span>: [ | |
<span class="hljs-string">"did:example:123#keys-1"</span> | |
] | |
}</code></pre> | |
<p> | |
The rectangle in the lower left is labeled "application/did+ld+json", and | |
contains the following JSON-LD data: | |
</p> | |
<pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"@context"</span>: [<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>], | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: [{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>, | |
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span> | |
}], | |
<span class="hljs-attr">"authentication"</span>: [ | |
<span class="hljs-string">"did:example:123#keys-1"</span> | |
] | |
}</code></pre> | |
</div> | |
<div class="note" role="note" id="issue-container-generatedID-9"><div role="heading" class="note-title marker" id="h-note-9" aria-level="4"><span>Note</span><span class="issue-label">: Conversion between representations</span></div><p class=""> | |
An implementation is expected to convert between <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-42">representations</a> by using | |
the <em>consumption</em> rules on the source representation resulting in the <a href="#data-model">data model</a> and then using the <em>production</em> rules | |
to serialize <a href="#data-model">data model</a> to the target representation, | |
or any other mechanism that results in the same target representation. | |
</p></div> | |
</section> | |
<section id="json"><div class="header-wrapper"><h3 id="x6-2-json"><bdi class="secno">6.2 </bdi>JSON</h3><a class="self-link" href="#json" aria-label="Permalink for Section 6.2"></a></div> | |
<p> | |
This section defines the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-7">production</a> and <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-8">consumption</a> rules | |
for the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-43">representation</a>. | |
</p> | |
<section id="production"><div class="header-wrapper"><h4 id="x6-2-1-production"><bdi class="secno">6.2.1 </bdi>Production</h4><a class="self-link" href="#production" aria-label="Permalink for Section 6.2.1"></a></div> | |
<p> | |
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-103">DID document</a>, DID document data structures, and | |
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-10">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a> <em class="rfc2119">MUST</em> | |
be serialized to the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-44">representation</a> according to the following | |
<a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-8">production</a> rules: | |
</p> | |
<table class="simple" id="json-representation-production"> | |
<thead> | |
<tr> | |
<th> | |
Data Type | |
</th> | |
<th> | |
JSON Representation Type | |
</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#maps">map</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a>, where each entry is | |
serialized as a member of the JSON Object with the entry key as a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a> member name and the entry value | |
according to its type, as defined in this table. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#list">list</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a>, where each element of the | |
list is serialized, in order, as a value of the array according to its type, as | |
defined in this table. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#ordered-set">set</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a>, where each element of the set | |
is added, in order, as a value of the array according to its type, as defined in | |
this table. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-3">datetime</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a> serialized as an | |
<a href="https://www.w3.org/TR/xmlschema11-2/#dateTime">XML Datetime</a> normalized to | |
UTC 00:00:00 and without sub-second decimal precision. For example: | |
<code>2020-12-20T19:17:47Z</code>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#string">string</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="#dfn-integer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-integer-1">integer</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> without a decimal or | |
fractional component. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="#dfn-double" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-double-1">double</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> with a decimal and | |
fractional component. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#boolean">boolean</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON Boolean</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://infra.spec.whatwg.org/#nulls">null</a> | |
</td> | |
<td> | |
A <a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON null literal</a>. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<p class="advisement" title="INFRA JSON serialization rules"> | |
All implementers creating <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-7">conforming producers</a> that produce JSON | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-45">representations</a> are advised to ensure that their algorithms are aligned | |
with the <a href="https://infra.spec.whatwg.org/#serialize-an-infra-value-to-json-bytes">JSON | |
serialization rules</a> in the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification and the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">precision advisements regarding Numbers</a> in the | |
JSON [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8259" title="The JavaScript Object Notation (JSON) Data Interchange Format">RFC8259</a></cite>] specification. | |
</p> | |
<p> | |
All entries of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-104">DID document</a> <em class="rfc2119">MUST</em> be included in the root <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a>. Entries <em class="rfc2119">MAY</em> contain additional | |
data substructures subject to the value representation rules in the list above. | |
When serializing a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-105">DID document</a>, a <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-8">conforming producer</a> <em class="rfc2119">MUST</em> | |
specify a media type of <code>application/did+json</code> to downstream | |
applications such as described in <a href="#did-resolution-metadata" class="sec-ref"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a>. | |
</p> | |
<div class="example" id="example-example-did-document-in-json-representation"> | |
<div class="marker"> | |
<a class="self-link" href="#example-example-did-document-in-json-representation">Example<bdi> 21</bdi></a><span class="example-title">: Example DID document in JSON representation</span> | |
</div> <pre class="nohighlight">{ | |
"id": "did:example:123456789abcdefghi", | |
"authentication": [{ | |
"id": "did:example:123456789abcdefghi#keys-1", | |
"type": "Ed25519VerificationKey2018", | |
"controller": "did:example:123456789abcdefghi", | |
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" | |
}] | |
}</pre> | |
</div> | |
</section> | |
<section id="consumption"><div class="header-wrapper"><h4 id="x6-2-2-consumption"><bdi class="secno">6.2.2 </bdi>Consumption</h4><a class="self-link" href="#consumption" aria-label="Permalink for Section 6.2.2"></a></div> | |
<p> | |
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-106">DID document</a> and DID document data structures JSON | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-46">representation</a> <em class="rfc2119">MUST</em> be deserialized into the <a href="#data-model">data | |
model</a> according to the following <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-9">consumption</a> rules: | |
</p> | |
<table class="simple column-width-50" id="json-representation-consumption"> | |
<thead> | |
<tr> | |
<th> | |
JSON Representation Type | |
</th> | |
<th> | |
Data Type | |
</th> | |
</tr> | |
</thead> | |
<tbody> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a> | |
</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#maps">map</a>, where each member of the JSON | |
Object is added as an entry to the map. Each entry key is set as the | |
JSON Object member name. Each entry value is set by converting the JSON Object | |
member value according to the JSON representation type as defined in this table. | |
Since order is not specified by JSON Objects, no insertion order is guaranteed. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a> where the <a href="#data-model">data model</a> entry value is a <a href="https://infra.spec.whatwg.org/#list">list</a> or unknown | |
</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#list">list</a>, where each value of the JSON Array is | |
added to the list in order, converted based on the JSON representation type of | |
the array value, as defined in this table. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a> where the <a href="#data-model">data model</a> entry value is a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> | |
</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#ordered-set">set</a>, where each value of | |
the JSON Array is added to the set in order, converted based on the JSON | |
representation type of the array value, as defined in this table. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a> where <a href="#data-model">data model</a> entry value is a <a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-4">datetime</a> | |
</td> | |
<td> | |
A <a href="#dfn-datetime" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-datetime-5">datetime</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a>, where the <a href="#data-model">data model</a> entry value type is <a data-type="dfn" href="https://infra.spec.whatwg.org/#string">string</a> or | |
unknown | |
</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#string">string</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> without a decimal or | |
fractional component | |
</td> | |
<td> | |
An <a href="#dfn-integer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-integer-2">integer</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">JSON Number</a> with a decimal and fractional | |
component, or when entry value is a <a href="#dfn-double" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-double-2">double</a> regardless of inclusion of | |
fractional component | |
</td> | |
<td> | |
A <a href="#dfn-double" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-double-3">double</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON Boolean</a> | |
</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#boolean">boolean</a>. | |
</td> | |
</tr> | |
<tr> | |
<td> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259#section-3">JSON null literal</a> | |
</td> | |
<td> | |
A <a href="https://infra.spec.whatwg.org/#nulls">null</a> value. | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<p class="advisement"> | |
All implementers creating <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-8">conforming consumers</a> that produce JSON | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-47">representations</a> are advised to ensure that their algorithms are aligned | |
with the <a href="https://infra.spec.whatwg.org/#parse-json-bytes-to-an-infra-value">JSON | |
conversion rules</a> in the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification and the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-6">precision advisements regarding Numbers</a> in the | |
JSON [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8259" title="The JavaScript Object Notation (JSON) Data Interchange Format">RFC8259</a></cite>] specification. | |
</p> | |
<p> | |
If media type information is available to a <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-9">conforming consumer</a> and the | |
media type value is <code>application/did+json</code>, then the data structure | |
being consumed is a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-107">DID document</a>, and the root element <em class="rfc2119">MUST</em> be a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a> where all members of the object | |
are entries of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-108">DID document</a>. A <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-10">conforming consumer</a> for a JSON | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-48">representation</a> that is consuming a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-109">DID document</a> with a root | |
element that is not a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-4">JSON Object</a> <em class="rfc2119">MUST</em> | |
report an error. | |
</p> | |
</section> | |
</section> | |
<section id="json-ld"><div class="header-wrapper"><h3 id="x6-3-json-ld"><bdi class="secno">6.3 </bdi>JSON-LD</h3><a class="self-link" href="#json-ld" aria-label="Permalink for Section 6.3"></a></div> | |
<p> | |
JSON-LD [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>] is a JSON-based format used to serialize <a href="http://www.w3.org/TR/ld-glossary/#linked-data">Linked Data</a>. This | |
section defines the <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-9">production</a> and <a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-10">consumption</a> rules for the | |
JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-49">representation</a>. | |
</p> | |
<p> | |
The JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-50">representation</a> defines the following | |
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-11">representation-specific entries</a>: | |
</p> | |
<dl> | |
<dt><dfn id="dfn-context" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">@context</dfn></dt> | |
<dd> | |
The <a href="https://www.w3.org/TR/json-ld11/#the-context">JSON-LD Context</a> | |
is either a <a href="https://infra.spec.whatwg.org/#string">string</a> or a <a href="https://infra.spec.whatwg.org/#list">list</a> containing any combination of <a href="https://infra.spec.whatwg.org/#string">strings</a> and/or <a href="https://infra.spec.whatwg.org/#maps">ordered | |
maps</a>. | |
</dd> | |
</dl> | |
<section id="production-0"><div class="header-wrapper"><h4 id="x6-3-1-production"><bdi class="secno">6.3.1 </bdi>Production</h4><a class="self-link" href="#production-0" aria-label="Permalink for Section 6.3.1"></a></div> | |
<p> | |
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-110">DID document</a>, DID document data structures, and | |
<a href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-12">representation-specific entries</a> <a href="https://infra.spec.whatwg.org/#maps">map</a> <em class="rfc2119">MUST</em> | |
be serialized to the JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-51">representation</a> according to the JSON | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-52">representation</a> <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-10">production</a> rules as defined in <a href="#json" class="sec-ref"><bdi class="secno">6.2 </bdi>JSON</a>. | |
</p> | |
<p> | |
In addition to using the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-53">representation</a> <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-11">production</a> rules, | |
JSON-LD production <em class="rfc2119">MUST</em> include the | |
<a data-lt="representation-specific entry" href="#dfn-representation-specific-entry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representation-specific-entry-13">representation-specific</a> | |
<a href="#dfn-context" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-context-2"><code>@context</code></a> entry. The serialized value of | |
<code>@context</code> <em class="rfc2119">MUST</em> be the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON | |
String</a> <code>https://www.w3.org/ns/did/v1</code>, or a <a href="https://www.rfc-editor.org/rfc/rfc8259#section-5">JSON Array</a> where the first item is the <a href="https://www.rfc-editor.org/rfc/rfc8259#section-7">JSON String</a> | |
<code>https://www.w3.org/ns/did/v1</code> and the subsequent items are | |
serialized according to the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-54">representation</a> <a href="#dfn-production" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-production-12">production</a> | |
rules. | |
</p> | |
<div class="example" id="example-a-valid-serialization-of-a-simple-context-entry"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-valid-serialization-of-a-simple-context-entry">Example<bdi> 22</bdi></a><span class="example-title">: A valid serialization of a simple @context entry</span> | |
</div> <pre aria-busy="false"><code class="hljs javascript">{ | |
<span class="hljs-string">"@context"</span>: <span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>, | |
... | |
}</code></pre> | |
</div> | |
<div class="example" id="example-a-valid-serialization-of-a-layered-context-entry"> | |
<div class="marker"> | |
<a class="self-link" href="#example-a-valid-serialization-of-a-layered-context-entry">Example<bdi> 23</bdi></a><span class="example-title">: A valid serialization of a layered @context entry</span> | |
</div> <pre aria-busy="false"><code class="hljs javascript">{ | |
<span class="hljs-string">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>, | |
<span class="hljs-string">"https://did-method-extension.example/v1"</span> | |
], | |
... | |
}</code></pre> | |
</div> | |
<p class="advisement" title="JSON-LD serialization rules"> | |
All implementers creating <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-9">conforming producers</a> that produce JSON-LD | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-55">representations</a> are advised to ensure that their algorithms | |
produce valid JSON-LD [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>] documents. Invalid JSON-LD documents will | |
cause JSON-LD processors to halt and report errors. | |
</p> | |
<p> | |
In order to achieve interoperability across different <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-56">representations</a>, | |
all JSON-LD Contexts and their terms <em class="rfc2119">SHOULD</em> be registered in the DID | |
Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</p> | |
<p> | |
A <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-10">conforming producer</a> that generates a JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-57">representation</a> | |
<em class="rfc2119">SHOULD NOT</em> produce a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-111">DID document</a> that contains terms not defined via the | |
<code>@context</code> as <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-11">conforming consumers</a> are expected to remove | |
unknown terms. When serializing a JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-58">representation</a> of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-112">DID | |
document</a>, a <a href="#dfn-conforming-producer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-producer-11">conforming producer</a> <em class="rfc2119">MUST</em> specify a media type of | |
<code>application/did+ld+json</code> to downstream applications such as | |
described in <a href="#did-resolution-metadata" class="sec-ref"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a>. | |
</p> | |
</section> | |
<section id="consumption-0"><div class="header-wrapper"><h4 id="x6-3-2-consumption"><bdi class="secno">6.3.2 </bdi>Consumption</h4><a class="self-link" href="#consumption-0" aria-label="Permalink for Section 6.3.2"></a></div> | |
<p> | |
The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-113">DID document</a> and any DID document data structures expressed by a | |
JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-59">representation</a> <em class="rfc2119">MUST</em> be deserialized into the <a href="#data-model">data model</a> according to the JSON <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-60">representation</a> | |
<a href="#dfn-consumption" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-consumption-11">consumption</a> rules as defined in <a href="#json" class="sec-ref"><bdi class="secno">6.2 </bdi>JSON</a>. | |
</p> | |
<p class="advisement" title="JSON-LD serialization rules"> | |
All implementers creating <a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-12">conforming consumers</a> that consume JSON-LD | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-61">representations</a> are advised to ensure that their algorithms only accept | |
valid JSON-LD [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>] documents. Invalid JSON-LD documents will cause | |
JSON-LD processors to halt and report errors. | |
</p> | |
<p> | |
<a href="#dfn-conforming-consumer" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-consumer-13">Conforming consumers</a> that process a JSON-LD <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-62">representation</a> <em class="rfc2119">SHOULD</em> | |
drop all terms from a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-114">DID document</a> that are not defined via the | |
<code>@context</code>. | |
</p> | |
</section> | |
</section> | |
</section> | |
<section class="normative" id="resolution"><div class="header-wrapper"><h2 id="x7-resolution"><bdi class="secno">7. </bdi>Resolution</h2><a class="self-link" href="#resolution" aria-label="Permalink for Section 7."></a></div> | |
<p> | |
This section defines the inputs and outputs of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-7">DID resolution</a> and <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-5">DID | |
URL dereferencing</a>. Their exact implementation is out of scope for this | |
specification, but some considerations for implementers are discussed in | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>]. | |
</p> | |
<p> | |
All conformant <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-7">DID resolvers</a> <em class="rfc2119">MUST</em> implement the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-8">DID resolution</a> | |
functions for at least one <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-33">DID method</a> and <em class="rfc2119">MUST</em> be able to return a | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-115">DID document</a> in at least one conformant <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-63">representation</a>. | |
</p> | |
<section data-dfn-for="Resolver" id="did-resolution"><div class="header-wrapper"><h3 id="x7-1-did-resolution"><bdi class="secno">7.1 </bdi>DID Resolution</h3><a class="self-link" href="#did-resolution" aria-label="Permalink for Section 7.1"></a></div> | |
<p> | |
The <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-9">DID resolution</a> functions resolve a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-72">DID</a> into a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-116">DID | |
document</a> by using the "Read" operation of the applicable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-34">DID method</a> | |
as described in <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a>. The details of how this | |
process is accomplished are outside the scope of this specification, but all | |
conforming <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-8">DID resolvers</a> implement the functions below, which have the | |
following abstract forms: | |
</p> | |
<pre title="Abstract functions for DID Resolution" aria-busy="false"><code class="hljs">resolve(did, resolutionOptions) → | |
« didResolutionMetadata, didDocument, didDocumentMetadata » | |
resolveRepresentation(did, resolutionOptions) → | |
« didResolutionMetadata, didDocumentStream, didDocumentMetadata »</code></pre> | |
<p> | |
The <code>resolve</code> function returns the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-117">DID document</a> in its | |
abstract form (a <a href="https://infra.spec.whatwg.org/#maps">map</a>). The | |
<code>resolveRepresentation</code> function returns a byte stream of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-118">DID | |
Document</a> formatted in the corresponding representation. | |
</p> | |
<figure id="resolve-resolverepresentation"> | |
<img style="margin: auto; display: block;" src="diagrams/diagram-resolve-resolverepresentation.svg" alt=" | |
Diagram illustrating how resolve() returns the DID document data model in | |
its abstract form and resolveRepresenation() returns it in one of the | |
conformant representations; conversion is possible using production and | |
consumption rules." height="595" width="1056"> | |
<figcaption>Figure <bdi class="figno">5</bdi> <span class="fig-title"> | |
Functions resolve() and resolveRepresentation(). | |
See also: <a class="longdesc-link" href="#resolve-resolverepresentation-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="resolve-resolverepresentation-longdesc"> | |
<p> | |
The upper middle part of the diagram contains a rectangle with dashed grey outline, containing two | |
blue-outlined rectangles, one above the other. | |
The upper, larger rectangle is labeled, in blue, "Core Properties", and contains the following | |
<a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation: | |
</p> | |
<pre aria-busy="false"><code class="hljs javascript">«[ | |
<span class="hljs-string">"id"</span> → <span class="hljs-string">"example:123"</span>, | |
<span class="hljs-string">"verificationMethod"</span> → « «[ | |
<span class="hljs-string">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>, | |
<span class="hljs-string">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-string">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>, | |
<span class="hljs-string">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span> | |
]» », | |
<span class="hljs-string">"authentication"</span> → « | |
<span class="hljs-string">"did:example:123#keys-1"</span> | |
» | |
]»</code></pre> | |
<p> | |
The lower, smaller rectangle is labeled, in blue, "Core Representation-specific Entries (JSON-LD)", and | |
contains the following monospaced <a href="https://infra.spec.whatwg.org/#maps">INFRA</a> notation: | |
</p> | |
<pre aria-busy="false"><code class="hljs css">«<span class="hljs-selector-attr">[ <span class="hljs-string">"@context"</span> → <span class="hljs-string">"https://www.w3.org/ns/did/v1"</span> ]</span>»</code></pre> | |
<p> | |
From the grey-outlined rectangle, three pairs of arrows extend to three | |
different black-outlined rectangles, aligned in a horizontal row side-by-side, in the bottom half | |
of the diagram. Each pair of arrows consists of | |
one blue arrow pointing from the grey-outlined rectangle to the respective | |
black-outlined rectangle, labeled "produce", and one red arrow pointing in the | |
reverse direction, labeled "consume". The first black-outlined rectangle in the row | |
is labeled "application/did+ld+json", and contains | |
the following JSON-LD data: | |
</p> | |
<pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"@context"</span>: [<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>], | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: [{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>, | |
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span> | |
}], | |
<span class="hljs-attr">"authentication"</span>: [ | |
<span class="hljs-string">"did:example:123#keys-1"</span> | |
] | |
}</code></pre> | |
<p> | |
The second rectangle in the row is labeled "application/did+json" and contains the following | |
JSON data: | |
</p> | |
<pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: [{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#keys-1"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>, | |
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"H3C2AVvLMv6gmMNam3uVA"</span> | |
}], | |
<span class="hljs-attr">"authentication"</span>: [ | |
<span class="hljs-string">"did:example:123#keys-1"</span> | |
] | |
}</code></pre> | |
<p> | |
The third rectangle in the row is labeled "application/did+cbor", and contains hexadecimal data. | |
</p> | |
<p> | |
In the left part of the diagram, in the middle, there is a box, with black outline and light gray | |
background. This box is labeled "VERIFIABLE DATA REGISTRY" and contains a symbol representing a graph | |
with nodes and arcs. From this box, one arrow, labeled "resolve()", extends upwards and points to the | |
top half of the diagram where the grey-outlined rectangle is located. Another arrow, labeled | |
"resolveRepresentation()", extends downwards and points to the bottom half of the diagram, where the | |
row of three black-outlined rectangles is located. | |
</p> | |
</div> | |
<p> | |
The input variables | |
of the <code>resolve</code> and <code>resolveRepresentation</code> functions are | |
as follows: | |
</p> | |
<dl> | |
<dt> | |
did | |
</dt> | |
<dd> | |
This is the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-73">DID</a> to resolve. This input is <em class="rfc2119">REQUIRED</em> and the value <em class="rfc2119">MUST</em> | |
be a conformant <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-74">DID</a> as defined in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. | |
</dd> | |
<dt> | |
resolutionOptions | |
</dt> | |
<dd> | |
A <a href="#metadata-structure">metadata structure</a> containing properties | |
defined in <a href="#did-resolution-options" class="sec-ref"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</a>. This input is | |
<em class="rfc2119">REQUIRED</em>, but the structure <em class="rfc2119">MAY</em> be empty. | |
</dd> | |
</dl> | |
<p> | |
These functions each return multiple values, and no limitations | |
are placed on how these values are returned together. | |
The return values of <code>resolve</code> are | |
<a href="#dfn-didresolutionmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-didresolutionmetadata-1">didResolutionMetadata</a>, <a href="#dfn-diddocument" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocument-1">didDocument</a>, and | |
<a href="#dfn-diddocumentmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentmetadata-1">didDocumentMetadata</a>. The return values of | |
<code>resolveRepresentation</code> are | |
<a href="#dfn-didresolutionmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-didresolutionmetadata-2">didResolutionMetadata</a>, <a href="#dfn-diddocumentstream" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentstream-1">didDocumentStream</a>, and | |
<a href="#dfn-diddocumentmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentmetadata-2">didDocumentMetadata</a>. These values are described below: | |
</p> | |
<dl> | |
<dt> | |
<dfn id="dfn-didresolutionmetadata" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didResolutionMetadata</dfn> | |
</dt> | |
<dd> | |
A <a href="#metadata-structure">metadata structure</a> consisting of values | |
relating to the results of the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-10">DID resolution</a> process which typically | |
changes between invocations of the <code>resolve</code> and | |
<code>resolveRepresentation</code> functions, as it represents data about the | |
resolution process itself. This structure is <em class="rfc2119">REQUIRED</em>, and in the case of an | |
error in the resolution process, this <em class="rfc2119">MUST NOT</em> be empty. This metadata is | |
defined by <a href="#did-resolution-metadata" class="sec-ref"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</a>. If | |
<code>resolveRepresentation</code> was called, this structure <em class="rfc2119">MUST</em> contain a | |
<code>contentType</code> property containing the Media Type of the | |
representation found in the <code>didDocumentStream</code>. If the resolution is | |
not successful, this structure <em class="rfc2119">MUST</em> contain an <code>error</code> property | |
describing the error. | |
</dd> | |
<dt> | |
<dfn id="dfn-diddocument" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didDocument</dfn> | |
</dt> | |
<dd> | |
If the resolution is successful, and if the <code>resolve</code> function was | |
called, this <em class="rfc2119">MUST</em> be a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-119">DID document</a> abstract data model (a <a href="https://infra.spec.whatwg.org/#maps">map</a>) as described in <a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a> that | |
is capable of being transformed into a <a href="#dfn-conforming-did-document" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-conforming-did-document-3">conforming DID Document</a> | |
(representation), using the production rules specified by the representation. | |
The value of <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-7">id</a></code> in the resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-120">DID document</a> <em class="rfc2119">MUST</em> | |
match the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-75">DID</a> that was resolved. If the resolution is unsuccessful, this | |
value <em class="rfc2119">MUST</em> be empty. | |
</dd> | |
<dt> | |
<dfn id="dfn-diddocumentstream" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didDocumentStream</dfn> | |
</dt> | |
<dd> | |
If the resolution is successful, and if the <code>resolveRepresentation</code> | |
function was called, this <em class="rfc2119">MUST</em> be a byte stream of the resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-121">DID | |
document</a> in one of the conformant | |
<a href="#representations">representations</a>. The byte stream might then be | |
parsed by the caller of the <code>resolveRepresentation</code> function into a | |
<a href="#data-model">data model</a>, which can in turn be validated and | |
processed. If the resolution is unsuccessful, this value <em class="rfc2119">MUST</em> be an empty | |
stream. | |
</dd> | |
<dt> | |
<dfn id="dfn-diddocumentmetadata" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">didDocumentMetadata</dfn> | |
</dt> | |
<dd> | |
If the resolution is successful, this <em class="rfc2119">MUST</em> be a <a href="#metadata-structure">metadata structure</a>. This structure contains | |
metadata about the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-122">DID document</a> contained in the <code>didDocument</code> | |
property. This metadata typically does not change between invocations of the | |
<code>resolve</code> and <code>resolveRepresentation</code> functions unless the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-123">DID document</a> changes, as it represents metadata about the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-124">DID | |
document</a>. If the resolution is unsuccessful, this output <em class="rfc2119">MUST</em> be an empty <a href="#metadata-structure">metadata structure</a>. Properties defined by this | |
specification are in <a href="#did-document-metadata" class="sec-ref"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</a>. | |
</dd> | |
</dl> | |
<p> | |
Conforming <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-9">DID resolver</a> implementations do not alter the signature of | |
these functions in any way. <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-10">DID resolver</a> implementations might map the | |
<code>resolve</code> and <code>resolveRepresentation</code> functions to a | |
method-specific internal function to perform the actual <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-11">DID resolution</a> | |
process. <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-11">DID resolver</a> implementations might implement and expose | |
additional functions with different signatures in addition to the | |
<code>resolve</code> and <code>resolveRepresentation</code> functions specified | |
here. | |
</p> | |
<section id="did-resolution-options"><div class="header-wrapper"><h4 id="x7-1-1-did-resolution-options"><bdi class="secno">7.1.1 </bdi>DID Resolution Options</h4><a class="self-link" href="#did-resolution-options" aria-label="Permalink for Section 7.1.1"></a></div> | |
<p> | |
The possible properties within this structure and their possible values are | |
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This | |
specification defines the following common properties. | |
</p> | |
<dl> | |
<dt> | |
accept | |
</dt> | |
<dd> | |
The Media Type of the caller's preferred <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-64">representation</a> of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-125">DID | |
document</a>. The Media Type <em class="rfc2119">MUST</em> be expressed as an <a data-lt="ascii | |
string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. The <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-12">DID resolver</a> implementation <em class="rfc2119">SHOULD</em> use this | |
value to determine the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-65">representation</a> contained in the returned | |
<code>didDocumentStream</code> if such a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-66">representation</a> is supported and | |
available. This property is <em class="rfc2119">OPTIONAL</em> for the <code>resolveRepresentation</code> | |
function and <em class="rfc2119">MUST NOT</em> be used with the <code>resolve</code> function. | |
</dd> | |
</dl> | |
</section> | |
<section id="did-resolution-metadata"><div class="header-wrapper"><h4 id="x7-1-2-did-resolution-metadata"><bdi class="secno">7.1.2 </bdi>DID Resolution Metadata</h4><a class="self-link" href="#did-resolution-metadata" aria-label="Permalink for Section 7.1.2"></a></div> | |
<p> | |
The possible properties within this structure and their possible values are | |
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This | |
specification defines the following DID resolution metadata properties: | |
</p> | |
<dl> | |
<dt> | |
contentType | |
</dt> | |
<dd> | |
The Media Type of the returned <code>didDocumentStream</code>. This property is | |
<em class="rfc2119">REQUIRED</em> if resolution is successful and if the | |
<code>resolveRepresentation</code> function was called. | |
This property <em class="rfc2119">MUST NOT</em> | |
be present if the <code>resolve</code> function was called. The value of this | |
property <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a> that is the Media | |
Type of the conformant <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-67">representations</a>. The | |
caller of the <code>resolveRepresentation</code> function <em class="rfc2119">MUST</em> use this value | |
when determining how to parse and process the <code>didDocumentStream</code> | |
returned by this function into the <a href="#data-model">data model</a>. | |
</dd> | |
<dt> | |
error | |
</dt> | |
<dd> | |
The error code from the resolution process. This property is <em class="rfc2119">REQUIRED</em> when there | |
is an error in the resolution process. The value of this property <em class="rfc2119">MUST</em> be a | |
single keyword <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. The possible property | |
values of this field <em class="rfc2119">SHOULD</em> be registered in the DID Specification Registries | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This specification defines the following | |
common error values: | |
<dl> | |
<dt> | |
invalidDid | |
</dt> | |
<dd> | |
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-76">DID</a> supplied to the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-12">DID resolution</a> function does not conform | |
to valid syntax. (See <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>.) | |
</dd> | |
<dt> | |
notFound | |
</dt> | |
<dd> | |
The <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-13">DID resolver</a> was unable to find the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-126">DID document</a> | |
resulting from this resolution request. | |
</dd> | |
<dt> | |
representationNotSupported | |
</dt> | |
<dd> | |
This error code is returned if the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-68">representation</a> requested via the | |
<code>accept</code> input metadata property is not supported by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-35">DID | |
method</a> and/or <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-14">DID resolver</a> implementation. | |
</dd> | |
</dl> | |
</dd> | |
</dl> | |
</section> | |
<section id="did-document-metadata"><div class="header-wrapper"><h4 id="x7-1-3-did-document-metadata"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</h4><a class="self-link" href="#did-document-metadata" aria-label="Permalink for Section 7.1.3"></a></div> | |
<p> | |
The possible properties within this structure and their possible values <em class="rfc2119">SHOULD</em> | |
be registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
This specification defines the following common properties. | |
</p> | |
<dl> | |
<dt><dfn class="lint-ignore" id="dfn-created" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">created</dfn></dt> | |
<dd> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-127">DID document</a> metadata <em class="rfc2119">SHOULD</em> include a <code>created</code> property to | |
indicate the timestamp of the <a href="#method-operations">Create operation</a>. | |
The value of the property <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> | |
formatted as an <a href="https://www.w3.org/TR/xmlschema11-2/#dateTime">XML Datetime</a> | |
normalized to UTC 00:00:00 and without sub-second decimal precision. For | |
example: <code>2020-12-20T19:17:47Z</code>. | |
</dd> | |
<dt><dfn class="lint-ignore" id="dfn-updated" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">updated</dfn></dt> | |
<dd> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-128">DID document</a> metadata <em class="rfc2119">SHOULD</em> include an <code>updated</code> property to | |
indicate the timestamp of the last <a href="#method-operations">Update | |
operation</a> for the document version which was resolved. The value of the | |
property <em class="rfc2119">MUST</em> follow the same formatting rules as the <code>created</code> | |
property. The <code>updated</code> property is omitted if an Update operation | |
has never been performed on the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-129">DID document</a>. If an <code>updated</code> | |
property exists, it can be the same value as the <code>created</code> property | |
when the difference between the two timestamps is less than one second. | |
</dd> | |
<dt><dfn class="lint-ignore" id="dfn-deactivated" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">deactivated</dfn></dt> | |
<dd> | |
If a DID has been <a href="#method-operations">deactivated</a>, | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-130">DID document</a> metadata <em class="rfc2119">MUST</em> include this property with the boolean value | |
<code>true</code>. If a DID has not been deactivated, this property is <em class="rfc2119">OPTIONAL</em>, | |
but if included, <em class="rfc2119">MUST</em> have the boolean value <code>false</code>. | |
</dd> | |
<dt><dfn class="lint-ignore" id="dfn-nextupdate" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">nextUpdate</dfn></dt> | |
<dd> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-131">DID document</a> metadata <em class="rfc2119">MAY</em> include a <code>nextUpdate</code> property if | |
the resolved document version is not the latest version of the document. It | |
indicates the timestamp of the next <a href="#method-operations">Update | |
operation</a>. The value of the property <em class="rfc2119">MUST</em> follow the same formatting rules | |
as the <code>created</code> property. | |
</dd> | |
<dt><dfn class="lint-ignore" id="dfn-versionid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">versionId</dfn></dt> | |
<dd> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-132">DID document</a> metadata <em class="rfc2119">SHOULD</em> include a <code>versionId</code> property to | |
indicate the version of the last <a href="#method-operations">Update | |
operation</a> for the document version which was resolved. The value of the | |
property <em class="rfc2119">MUST</em> be an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. | |
</dd> | |
<dt><dfn class="lint-ignore" id="dfn-nextversionid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">nextVersionId</dfn></dt> | |
<dd> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-133">DID document</a> metadata <em class="rfc2119">MAY</em> include a <code>nextVersionId</code> property | |
if the resolved document version is not the latest version of the document. It | |
indicates the version of the next <a href="#method-operations">Update | |
operation</a>. The value of the property <em class="rfc2119">MUST</em> be an <a data-lt="ascii | |
string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. | |
</dd> | |
<dt><dfn id="dfn-equivalentid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">equivalentId</dfn></dt> | |
<dd> | |
<p> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-36">DID method</a> can define different forms of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-77">DID</a> that are | |
logically equivalent. An example is when a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-78">DID</a> takes one form prior to | |
registration in a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-2">verifiable data registry</a> and another form after such | |
registration. In this case, the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-37">DID method</a> specification might need to | |
express one or more <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-79">DIDs</a> that are logically equivalent to the resolved | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-80">DID</a> as a property of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-134">DID document</a>. This is the purpose of the | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-1">equivalentId</a></code> property. | |
</p> | |
<p> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-135">DID document</a> metadata <em class="rfc2119">MAY</em> include an <code>equivalentId</code> property. | |
If present, the value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#ordered-set">set</a> where each item is a | |
<a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in Section <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The relationship is a statement that each | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-2">equivalentId</a></code> value is logically equivalent to the | |
<code>id</code> property value and thus refers to the same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-45">DID subject</a>. | |
Each <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-3">equivalentId</a></code> DID value <em class="rfc2119">MUST</em> be produced by, and a form | |
of, the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-38">DID method</a> as the <code>id</code> property value. (e.g., | |
<code>did:example:abc</code> == <code>did:example:ABC</code>) | |
</p> | |
<p> | |
A conforming <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-39">DID method</a> specification <em class="rfc2119">MUST</em> guarantee that each | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-4">equivalentId</a></code> value is logically equivalent to the | |
<code>id</code> property value. | |
</p> | |
<p> | |
A requesting party is expected to retain the values from the <code>id</code> and | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-5">equivalentId</a></code> properties to ensure any subsequent | |
interactions with any of the values they contain are correctly handled as | |
logically equivalent (e.g., retain all variants in a database so an interaction | |
with any one maps to the same underlying account). | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-10"><div role="heading" class="note-title marker" id="h-note-10" aria-level="5"><span>Note</span><span class="issue-label">: Stronger equivalence</span></div><p class=""> | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-6">equivalentId</a></code> is a much stronger form of equivalence than | |
<code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-6">alsoKnownAs</a></code> because the equivalence <em class="rfc2119">MUST</em> be guaranteed by | |
the governing <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-40">DID method</a>. <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-7">equivalentId</a></code> represents a | |
full graph merge because the same <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-136">DID document</a> describes both the | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-8">equivalentId</a></code> <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-81">DID</a> and the <code>id</code> property | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-82">DID</a>. | |
</p></div> | |
<p> | |
If a requesting party does not retain the values from the <code>id</code> and | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-9">equivalentId</a></code> properties and ensure any subsequent | |
interactions with any of the values they contain are correctly handled as | |
logically equivalent, there might be negative or unexpected issues that | |
arise. Implementers are strongly advised to observe the | |
directives related to this metadata property. | |
</p> | |
</dd> | |
<dt><dfn id="dfn-canonicalid" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">canonicalId</dfn></dt> | |
<dd> | |
<p> | |
The <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-1">canonicalId</a></code> property is identical to the | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-10">equivalentId</a></code> property except: a) it is associated with a | |
single value rather than a set, and b) the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-83">DID</a> is defined to be | |
the canonical ID for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-46">DID subject</a> within the scope of the containing | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-137">DID document</a>. | |
</p> | |
<p> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-138">DID document</a> metadata <em class="rfc2119">MAY</em> include a <code>canonicalId</code> property. | |
If present, the value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a> that conforms to the rules in Section <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. The relationship is a statement that the | |
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-2">canonicalId</a></code> value is logically equivalent to the | |
<code>id</code> property value and that the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-3">canonicalId</a></code> | |
value is defined by the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-41">DID method</a> to be the canonical ID for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-47">DID | |
subject</a> in the scope of the containing <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-139">DID document</a>. A | |
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-4">canonicalId</a></code> value <em class="rfc2119">MUST</em> be produced by, and a form of, the | |
same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-42">DID method</a> as the <code>id</code> property value. (e.g., | |
<code>did:example:abc</code> == <code>did:example:ABC</code>). | |
</p> | |
<p> | |
A conforming <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-43">DID method</a> specification <em class="rfc2119">MUST</em> guarantee that the | |
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-5">canonicalId</a></code> value is logically equivalent to the | |
<code>id</code> property value. | |
</p> | |
<p> | |
A requesting party is expected to use the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-6">canonicalId</a></code> value | |
as its primary ID value for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-48">DID subject</a> and treat all other | |
equivalent values as secondary aliases (e.g., update corresponding primary | |
references in their systems to reflect the new canonical ID directive). | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-11"><div role="heading" class="note-title marker" id="h-note-11" aria-level="5"><span>Note</span><span class="issue-label">: Canonical equivalence</span></div><p class=""> | |
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-7">canonicalId</a></code> is the same statement of equivalence as | |
<code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-11">equivalentId</a></code> except it is constrained to a single value that | |
is defined to be canonical for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-49">DID subject</a> in the scope of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-140">DID | |
document</a>. Like <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-12">equivalentId</a></code>, | |
<code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-8">canonicalId</a></code> represents a full graph merge because the same | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-141">DID document</a> describes both the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-9">canonicalId</a></code> DID and | |
the <code>id</code> property <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-84">DID</a>. | |
</p></div> | |
<p> | |
If a resolving party does not use the <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-10">canonicalId</a></code> value as | |
its primary ID value for the DID subject and treat all other equivalent values | |
as secondary aliases, there might be negative or unexpected issues that arise | |
related to user experience. Implementers are strongly advised to observe the | |
directives related to this metadata property. | |
</p> | |
</dd> | |
</dl> | |
</section> | |
</section> | |
<section id="did-url-dereferencing"><div class="header-wrapper"><h3 id="x7-2-did-url-dereferencing"><bdi class="secno">7.2 </bdi>DID URL Dereferencing</h3><a class="self-link" href="#did-url-dereferencing" aria-label="Permalink for Section 7.2"></a></div> | |
<p> | |
The <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-6">DID URL dereferencing</a> function dereferences a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-27">DID URL</a> into a | |
<a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-14">resource</a> with contents depending on the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-28">DID URL</a>'s components, | |
including the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-44">DID method</a>, method-specific identifier, path, query, and | |
fragment. This process depends on <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-13">DID resolution</a> of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-85">DID</a> | |
contained in the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-29">DID URL</a>. <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-7">DID URL dereferencing</a> might involve | |
multiple steps (e.g., when the DID URL being dereferenced includes a fragment), | |
and the function is defined to return the final resource after all steps are | |
completed. The details of how this process is accomplished are outside the scope | |
of this specification. The following figure depicts the relationship described | |
above. | |
</p> | |
<figure id="did-url-dereference-overview"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/did_url_dereference_overview.svg" alt=" | |
DIDs resolve to DID documents; DID URLs contains a DID; DID URLs dereferenced to DID document fragments or | |
external resources. | |
" height="504" width="1070"> | |
<figcaption>Figure <bdi class="figno">6</bdi> <span class="fig-title"> | |
Overview of DID URL dereference | |
See also: <a class="longdesc-link" href="#did-url-dereference-overview-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="did-url-dereference-overview-longdesc"> | |
<p> | |
The top left part of the diagram contains a rectangle with black outline, labeled "DID". | |
</p> | |
<p> | |
The bottom left part of the diagram contains a rectangle with black outline, labeled "DID URL". | |
This rectangle contains four smaller black-outlined rectangles, aligned in a horizontal row adjacent to | |
each other. These smaller rectangles are labeled, in order, "DID", "path", "query", and "fragment. | |
</p> | |
<p> | |
The top right part of the diagram contains a rectangle with black outline, labeled "DID document". | |
This rectangle contains three smaller black-outlined rectangles. These smaller rectangles are | |
labeled "id", "(property X)", and "(property Y)", and are surrounded by multiple series of three | |
dots (ellipses). A curved black arrow, labeled "DID document - relative fragment dereference", extends | |
from the rectangle labeled "(property X)", and points to the rectangle labeled "(property Y)". | |
</p> | |
<p> | |
The bottom right part of the diagram contains an oval shape with black outline, labeled "Resource". | |
</p> | |
<p> | |
A black arrow, labeled "resolves to a DID document", extends from the rectangle in the top left part of | |
the diagram, labeled "DID", and points to the rectangle in the top right part of diagram, labeled | |
"DID document". | |
</p> | |
<p> | |
A black arrow, labeled "refers to", extends from the rectangle in the top right part of the diagram, | |
labeled "DID document", and points to the oval shape in the bottom right part of diagram, labeled | |
"Resource". | |
</p> | |
<p> | |
A black arrow, labeled "contains", extends from the small rectangle labeled "DID" inside the | |
rectangle in the bottom left part of the diagram, labeled "DID URL", and points to the rectangle | |
in the top left part of diagram, labeled "DID". | |
</p> | |
<p> | |
A black arrow, labeled "dereferences to a DID document", extends from the rectangle in the bottom left | |
part of the diagram, labeled "DID URL", and points to the rectangle in the top right part of diagram, | |
labeled "DID document". | |
</p> | |
<p> | |
A black arrow, labeled "dereferences to a resource", extends from the rectangle in the bottom left | |
part of the diagram, labeled "DID URL", and points to the oval shape in the bottom right part of diagram, | |
labeled "Resource". | |
</p> | |
</div> | |
<p> | |
All conforming <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-15">DID resolvers</a> implement | |
the following function which has the following abstract form: | |
</p> | |
<pre title="Abstract functions for DID URL Dereferencing" aria-busy="false"><code class="hljs">dereference(didUrl, dereferenceOptions) → | |
« dereferencingMetadata, contentStream, contentMetadata »</code></pre> | |
<p> | |
The input variables of the <code>dereference</code> function are as follows: | |
</p> | |
<dl> | |
<dt> | |
didUrl | |
</dt> | |
<dd> | |
A conformant <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-30">DID URL</a> as a single <a href="https://infra.spec.whatwg.org/#string">string</a>. | |
This is the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-31">DID URL</a> to dereference. To dereference a <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-7">DID fragment</a>, | |
the complete <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-32">DID URL</a> including the <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-8">DID fragment</a> <em class="rfc2119">MUST</em> be used. This | |
input is <em class="rfc2119">REQUIRED</em>. | |
<div class="note" role="note" id="issue-container-generatedID-12"><div role="heading" class="note-title marker" id="h-note-12" aria-level="4"><span>Note</span><span class="issue-label">: DID URL dereferencer patterns</span></div><p class=""> | |
While it is valid for any <code>didUrl</code> to be passed to a DID URL | |
dereferencer, implementers are expected to refer to [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-resolution" title="Decentralized Identifier Resolution">DID-RESOLUTION</a></cite>] to | |
further understand common patterns for how a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-33">DID URL</a> is expected | |
to be dereferenced. | |
</p></div> | |
</dd> | |
<dt> | |
dereferencingOptions | |
</dt> | |
<dd> | |
A <a href="#metadata-structure">metadata structure</a> consisting of input | |
options to the <code>dereference</code> function in addition to the | |
<code>didUrl</code> itself. Properties defined by this specification are in <a href="#did-url-dereferencing-options" class="sec-ref"><bdi class="secno">7.2.1 </bdi>DID URL Dereferencing Options</a>. This input is <em class="rfc2119">REQUIRED</em>, but the | |
structure <em class="rfc2119">MAY</em> be empty. | |
</dd> | |
</dl> | |
<p> | |
This function returns multiple values, and no limitations | |
are placed on how these values are returned together. | |
The return values of the <code>dereference</code> include | |
<code>dereferencingMetadata</code>, <code>contentStream</code>, | |
and <code>contentMetadata</code>: | |
</p> | |
<dl> | |
<dt> | |
dereferencingMetadata | |
</dt> | |
<dd> | |
A <a href="#metadata-structure">metadata structure</a> consisting of values | |
relating to the results of the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-8">DID URL dereferencing</a> process. This | |
structure is <em class="rfc2119">REQUIRED</em>, and in the case of an error in the dereferencing process, | |
this <em class="rfc2119">MUST NOT</em> be empty. Properties defined by this specification are in <a href="#did-url-dereferencing-metadata" class="sec-ref"><bdi class="secno">7.2.2 </bdi>DID URL Dereferencing Metadata</a>. If the dereferencing is not | |
successful, this structure <em class="rfc2119">MUST</em> contain an <code>error</code> property | |
describing the error. | |
</dd> | |
<dt> | |
contentStream | |
</dt> | |
<dd> | |
If the <code>dereferencing</code> function was called and successful, this <em class="rfc2119">MUST</em> | |
contain a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-15">resource</a> corresponding to the <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-34">DID URL</a>. The | |
<code>contentStream</code> <em class="rfc2119">MAY</em> be a <a href="#dfn-resources" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-resources-16">resource</a> such as a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-142">DID | |
document</a> that is serializable in one of the conformant | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-69">representations</a>, a <a href="#verification-methods">Verification | |
Method</a>, a <a href="#services">service</a>, or any other resource format that | |
can be identified via a Media Type and obtained through the resolution process. | |
If the dereferencing is unsuccessful, this value <em class="rfc2119">MUST</em> be empty. | |
</dd> | |
<dt> | |
contentMetadata | |
</dt> | |
<dd> | |
If the dereferencing is successful, this <em class="rfc2119">MUST</em> be a <a href="#metadata-structure"> | |
metadata structure</a>, but the structure <em class="rfc2119">MAY</em> be empty. This structure contains | |
metadata about the <code>contentStream</code>. If the <code>contentStream</code> | |
is a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-143">DID document</a>, this <em class="rfc2119">MUST</em> be a <a href="#dfn-diddocumentmetadata" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-diddocumentmetadata-3">didDocumentMetadata</a> structure as | |
described in <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-14">DID Resolution</a>. If the dereferencing is unsuccessful, this | |
output <em class="rfc2119">MUST</em> be an empty <a href="#metadata-structure">metadata structure</a>. | |
</dd> | |
</dl> | |
<p> | |
Conforming <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-9">DID URL dereferencing</a> implementations do not alter the | |
signature of these functions in any way. <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-10">DID URL dereferencing</a> | |
implementations might map the <code>dereference</code> function to a | |
method-specific internal function to perform the actual <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-11">DID URL | |
dereferencing</a> process. <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-12">DID URL dereferencing</a> implementations might | |
implement and expose additional functions with different signatures in addition | |
to the <code>dereference</code> function specified here. | |
</p> | |
<section id="did-url-dereferencing-options"><div class="header-wrapper"><h4 id="x7-2-1-did-url-dereferencing-options"><bdi class="secno">7.2.1 </bdi>DID URL Dereferencing Options</h4><a class="self-link" href="#did-url-dereferencing-options" aria-label="Permalink for Section 7.2.1"></a></div> | |
<p> | |
The possible properties within this structure and their possible values <em class="rfc2119">SHOULD</em> | |
be registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
This specification defines the following common properties for | |
dereferencing options: | |
</p> | |
<dl> | |
<dt> | |
accept | |
</dt> | |
<dd> | |
The Media Type that the caller prefers for <code>contentStream</code>. The Media | |
Type <em class="rfc2119">MUST</em> be expressed as an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. The | |
<a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-13">DID URL dereferencing</a> implementation <em class="rfc2119">SHOULD</em> use this value to determine | |
the <code>contentType</code> of the <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-70">representation</a> contained in the | |
returned value if such a <a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-71">representation</a> is supported and available. | |
</dd> | |
</dl> | |
</section> | |
<section id="did-url-dereferencing-metadata"><div class="header-wrapper"><h4 id="x7-2-2-did-url-dereferencing-metadata"><bdi class="secno">7.2.2 </bdi>DID URL Dereferencing Metadata</h4><a class="self-link" href="#did-url-dereferencing-metadata" aria-label="Permalink for Section 7.2.2"></a></div> | |
<p> | |
The possible properties within this structure and their possible values are | |
registered in the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This | |
specification defines the following common properties. | |
</p> | |
<dl> | |
<dt> | |
contentType | |
</dt> | |
<dd> | |
The Media Type of the returned <code>contentStream</code> <em class="rfc2119">SHOULD</em> be expressed | |
using this property if dereferencing is successful. The Media | |
Type value <em class="rfc2119">MUST</em> be expressed as an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII string</a>. | |
</dd> | |
<dt> | |
error | |
</dt> | |
<dd> | |
The error code from the dereferencing process. This property is <em class="rfc2119">REQUIRED</em> when | |
there is an error in the dereferencing process. The value of this property | |
<em class="rfc2119">MUST</em> be a single keyword expressed as an <a data-lt="ascii string" data-type="dfn" href="https://infra.spec.whatwg.org/#ascii-string">ASCII | |
string</a>. The possible property values of this field <em class="rfc2119">SHOULD</em> be registered in | |
the DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. This specification | |
defines the following common error values: | |
<dl> | |
<dt> | |
invalidDidUrl | |
</dt> | |
<dd> | |
The <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-35">DID URL</a> supplied to the <a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-14">DID URL dereferencing</a> function does | |
not conform to valid syntax. (See <a href="#did-url-syntax" class="sec-ref"><bdi class="secno">3.2 </bdi>DID URL Syntax</a>.) | |
</dd> | |
<dt> | |
notFound | |
</dt> | |
<dd> | |
The <a href="#dfn-did-url-dereferencers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencers-3">DID URL dereferencer</a> was unable to find the | |
<code>contentStream</code> resulting from this dereferencing request. | |
</dd> | |
</dl> | |
</dd> | |
</dl> | |
</section> | |
</section> | |
<section id="metadata-structure"><div class="header-wrapper"><h3 id="x7-3-metadata-structure"><bdi class="secno">7.3 </bdi>Metadata Structure</h3><a class="self-link" href="#metadata-structure" aria-label="Permalink for Section 7.3"></a></div> | |
<p> | |
Input and output metadata is often involved during the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-15">DID Resolution</a>, | |
<a href="#dfn-did-url-dereferencing" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-url-dereferencing-15">DID URL dereferencing</a>, and other DID-related processes. The structure | |
used to communicate this metadata <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#maps">map</a> | |
of properties. Each property name <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a>. Each property value <em class="rfc2119">MUST</em> be a <a href="https://infra.spec.whatwg.org/#string">string</a>, <a href="https://infra.spec.whatwg.org/#maps">map</a>, <a href="https://infra.spec.whatwg.org/#list">list</a>, <a href="https://infra.spec.whatwg.org/#ordered-set">set</a>, | |
<a href="https://infra.spec.whatwg.org/#boolean">boolean</a>, or | |
<a href="https://infra.spec.whatwg.org/#nulls">null</a>. The values within any complex data | |
structures such as maps and lists <em class="rfc2119">MUST</em> be one of these data types as well. | |
All metadata property definitions registered in the DID Specification | |
Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] <em class="rfc2119">MUST</em> define the value type, including any | |
additional formats or restrictions to that value (for example, a string | |
formatted as a date or as a decimal integer). It is <em class="rfc2119">RECOMMENDED</em> that property | |
definitions use strings for values. The entire metadata structure <em class="rfc2119">MUST</em> be | |
serializable according to the <a href="https://infra.spec.whatwg.org/#serialize-an-infra-value-to-json-bytes">JSON | |
serialization rules</a> in the [<cite><a class="bibref" data-link-type="biblio" href="#bib-infra" title="Infra Standard">INFRA</a></cite>] specification. Implementations <em class="rfc2119">MAY</em> | |
serialize the metadata structure to other data formats. | |
</p> | |
<p> | |
All implementations of functions that use metadata structures as either input or | |
output are able to fully represent all data types described here in a | |
deterministic fashion. As inputs and outputs using metadata structures are | |
defined in terms of data types and not their serialization, the method for | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-72">representation</a> is internal to the implementation of the function and is | |
out of scope of this specification. | |
</p> | |
<p> | |
The following example demonstrates a JSON-encoded metadata structure that | |
might be used as <a href="#did-resolution-options">DID | |
resolution input metadata</a>. | |
</p> | |
<div class="example" id="example-json-encoded-did-resolution-input-metadata-example"> | |
<div class="marker"> | |
<a class="self-link" href="#example-json-encoded-did-resolution-input-metadata-example">Example<bdi> 24</bdi></a><span class="example-title">: JSON-encoded DID resolution input metadata example</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"accept"</span>: <span class="hljs-string">"application/did+ld+json"</span> | |
}</code></pre> | |
</div> | |
<p> | |
This example corresponds to a metadata structure of the following format: | |
</p> | |
<div class="example" id="example-did-resolution-input-metadata-example"> | |
<div class="marker"> | |
<a class="self-link" href="#example-did-resolution-input-metadata-example">Example<bdi> 25</bdi></a><span class="example-title">: DID resolution input metadata example</span> | |
</div> <pre aria-busy="false"><code class="hljs abnf">«[ | |
<span class="hljs-string">"accept"</span> → <span class="hljs-string">"application/did+ld+json"</span> | |
]»</code></pre> | |
</div> | |
<p> | |
The next example demonstrates a JSON-encoded metadata structure that might be | |
used as <a href="#did-resolution-options">DID resolution | |
metadata</a> if a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-86">DID</a> was not found. | |
</p> | |
<div class="example" id="example-json-encoded-did-resolution-metadata-example"> | |
<div class="marker"> | |
<a class="self-link" href="#example-json-encoded-did-resolution-metadata-example">Example<bdi> 26</bdi></a><span class="example-title">: JSON-encoded DID resolution metadata example</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"error"</span>: <span class="hljs-string">"notFound"</span> | |
}</code></pre> | |
</div> | |
<p> | |
This example corresponds to a metadata structure of the following format: | |
</p> | |
<div class="example" id="example-did-resolution-metadata-example"> | |
<div class="marker"> | |
<a class="self-link" href="#example-did-resolution-metadata-example">Example<bdi> 27</bdi></a><span class="example-title">: DID resolution metadata example</span> | |
</div> <pre aria-busy="false"><code class="hljs abnf">«[ | |
<span class="hljs-string">"error"</span> → <span class="hljs-string">"notFound"</span> | |
]»</code></pre> | |
</div> | |
<p> | |
The next example demonstrates a JSON-encoded metadata structure that might be | |
used as <a href="#did-document-metadata">DID document metadata</a> | |
to describe timestamps associated with the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-144">DID document</a>. | |
</p> | |
<div class="example" id="example-json-encoded-did-document-metadata-example"> | |
<div class="marker"> | |
<a class="self-link" href="#example-json-encoded-did-document-metadata-example">Example<bdi> 28</bdi></a><span class="example-title">: JSON-encoded DID document metadata example</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2019-03-23T06:35:22Z"</span>, | |
<span class="hljs-attr">"updated"</span>: <span class="hljs-string">"2023-08-10T13:40:06Z"</span> | |
}</code></pre> | |
</div> | |
<p> | |
This example corresponds to a metadata structure of the following format: | |
</p> | |
<div class="example" id="example-did-document-metadata-example"> | |
<div class="marker"> | |
<a class="self-link" href="#example-did-document-metadata-example">Example<bdi> 29</bdi></a><span class="example-title">: DID document metadata example</span> | |
</div> <pre aria-busy="false"><code class="hljs javascript">«[ | |
<span class="hljs-string">"created"</span> → <span class="hljs-string">"2019-03-23T06:35:22Z"</span>, | |
<span class="hljs-string">"updated"</span> → <span class="hljs-string">"2023-08-10T13:40:06Z"</span> | |
]»</code></pre> | |
</div> | |
</section> | |
</section> | |
<section id="methods"><div class="header-wrapper"><h2 id="x8-methods"><bdi class="secno">8. </bdi>Methods</h2><a class="self-link" href="#methods" aria-label="Permalink for Section 8."></a></div> | |
<p> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-45">DID method</a> defines how implementers can realize the features | |
described by this specification. <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-46">DID methods</a> are often associated with a | |
particular <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-3">verifiable data registry</a>. New <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-47">DID methods</a> are defined | |
in their own specifications to enable interoperability between different | |
implementations of the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-48">DID method</a>. | |
</p> | |
<p> | |
Conceptually, the relationship between this specification and a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-49">DID | |
method</a> specification is similar to the relationship between the IETF generic | |
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-20">URI</a> specification [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>] and a specific <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-21">URI</a> scheme | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-iana-uri-schemes" title="Uniform Resource Identifier (URI) Schemes">IANA-URI-SCHEMES</a></cite>], such as the <code>http</code> scheme [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7230" title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">RFC7230</a></cite>]. In | |
addition to defining a specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-4">DID scheme</a>, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-50">DID method</a> | |
specification also defines the mechanisms for creating, resolving, updating, and | |
deactivating <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-87">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-145">DID documents</a> using a specific type of | |
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-4">verifiable data registry</a>. It also documents all implementation | |
considerations related to <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-88">DIDs</a> as well as Security and Privacy | |
Considerations. | |
</p> | |
<p> | |
This section specifies the requirements for authoring <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-51">DID method</a> | |
specifications. | |
</p> | |
<section class="normative" id="method-syntax"><div class="header-wrapper"><h3 id="x8-1-method-syntax"><bdi class="secno">8.1 </bdi>Method Syntax</h3><a class="self-link" href="#method-syntax" aria-label="Permalink for Section 8.1"></a></div> | |
<p> | |
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-52">DID method</a> specifications when defining the | |
method-specific DID Syntax are as follows: | |
</p> | |
<ol> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-53">DID method</a> specification <em class="rfc2119">MUST</em> define exactly one method-specific <a href="#dfn-did-schemes" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-schemes-5">DID | |
scheme</a> that is identified by exactly one method name as specified by the | |
<code>method-name</code> rule in <a href="#did-syntax" class="sec-ref"><bdi class="secno">3.1 </bdi>DID Syntax</a>. | |
</li> | |
<li> | |
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-54">DID method</a> specification <em class="rfc2119">MUST</em> specify how to generate the | |
<code>method-specific-id</code> component of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-89">DID</a>. | |
</li> | |
<li> | |
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-55">DID method</a> specification <em class="rfc2119">MUST</em> define sensitivity and normalization of | |
the value of the <code>method-specific-id</code>. | |
</li> | |
<li> | |
The <code>method-specific-id</code> value <em class="rfc2119">MUST</em> be unique within a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-56">DID | |
method</a>. The <code>method-specific-id</code> value itself might be globally | |
unique. | |
</li> | |
<li> | |
Any <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-90">DID</a> generated by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-57">DID method</a> <em class="rfc2119">MUST</em> be globally unique. | |
</li> | |
<li> | |
To reduce the chances of <code>method-name</code> conflicts, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-58">DID method</a> | |
specification <em class="rfc2119">SHOULD</em> be registered in the DID Specification Registries | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>]. | |
</li> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-59">DID method</a> <em class="rfc2119">MAY</em> define multiple <code>method-specific-id</code> formats. | |
</li> | |
<li> | |
The <code>method-specific-id</code> format <em class="rfc2119">MAY</em> include colons. The use of | |
colons <em class="rfc2119">MUST</em> comply syntactically with the <code>method-specific-id</code> ABNF | |
rule. | |
</li> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-60">DID method</a> specification <em class="rfc2119">MAY</em> specify ABNF rules for <a href="#dfn-did-paths" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-paths-3">DID paths</a> | |
that are more restrictive than the generic rules in <a href="#path" class="sec-ref">Path</a>. | |
</li> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-61">DID method</a> specification <em class="rfc2119">MAY</em> specify ABNF rules for <a href="#dfn-did-queries" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-queries-3">DID queries</a> | |
that are more restrictive than the generic rules in this section. | |
</li> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-62">DID method</a> specification <em class="rfc2119">MAY</em> specify ABNF rules for <a href="#dfn-did-fragments" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-fragments-9">DID | |
fragments</a> that are more restrictive than the generic rules in this section. | |
</li> | |
</ol> | |
<div class="note" role="note" id="issue-container-generatedID-13"><div role="heading" class="note-title marker" id="h-note-13" aria-level="4"><span>Note</span><span class="issue-label">: Colons in method-specific-id</span></div><p class=""> | |
The meaning of colons in the <code>method-specific-id</code> is entirely | |
method-specific. Colons might be used by <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-63">DID methods</a> for establishing | |
hierarchically partitioned namespaces, for identifying specific instances or | |
parts of the <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-5">verifiable data registry</a>, or for other purposes. | |
Implementers are advised to avoid assuming any meanings or | |
behaviors associated with a colon that are generically applicable to all | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-64">DID methods</a>. | |
</p></div> | |
</section> | |
<section id="method-operations"><div class="header-wrapper"><h3 id="x8-2-method-operations"><bdi class="secno">8.2 </bdi>Method Operations</h3><a class="self-link" href="#method-operations" aria-label="Permalink for Section 8.2"></a></div> | |
<p> | |
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-65">DID method</a> specifications when defining the | |
method operations are as follows: | |
</p> | |
<ol> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-66">DID method</a> specification <em class="rfc2119">MUST</em> define how authorization is performed to | |
execute all operations, including any necessary cryptographic processes. | |
</li> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-67">DID method</a> specification <em class="rfc2119">MUST</em> specify how a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-17">DID controller</a> | |
creates a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-91">DID</a> and its associated <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-146">DID document</a>. | |
</li> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-68">DID method</a> specification <em class="rfc2119">MUST</em> specify how a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-16">DID resolver</a> uses a | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-92">DID</a> to resolve a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-147">DID document</a>, including how the <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-17">DID | |
resolver</a> can verify the authenticity of the response. | |
</li> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-69">DID method</a> specification <em class="rfc2119">MUST</em> specify what constitutes an update to a | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-148">DID document</a> and how a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-18">DID controller</a> can update a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-149">DID | |
document</a> <em>or</em> state that updates are not possible. | |
</li> | |
<li> | |
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-70">DID method</a> specification <em class="rfc2119">MUST</em> specify how a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-19">DID controller</a> can | |
deactivate a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-93">DID</a> <em>or</em> state that deactivation is not possible. | |
</li> | |
</ol> | |
<p> | |
The authority of a party that is performing authorization to carry out the | |
operations is specific to a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-71">DID method</a>. For example, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-72">DID method</a> | |
might — | |
</p> | |
<ul> | |
<li> | |
make use of the <code><a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-6">controller</a></code> property. | |
</li> | |
<li> | |
use the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-64">verification methods</a> listed under | |
<code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-6">authentication</a></code>. | |
</li> | |
<li> | |
use other constructs in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-150">DID Document</a> such as the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-65">verification | |
method</a> specified via the <code><a href="#dfn-capabilityinvocation" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-capabilityinvocation-3">capabilityInvocation</a></code> | |
<a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-20">verification relationship</a>. | |
</li> | |
<li> | |
not use the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-151">DID document</a> for this decision at all, and depend on an | |
out-of-band mechanism, instead. | |
</li> | |
</ul> | |
</section> | |
<section id="security-requirements"><div class="header-wrapper"><h3 id="x8-3-security-requirements"><bdi class="secno">8.3 </bdi>Security Requirements</h3><a class="self-link" href="#security-requirements" aria-label="Permalink for Section 8.3"></a></div> | |
<p> | |
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-73">DID method</a> specifications when authoring the | |
<em>Security Considerations</em> section are as follows: | |
</p> | |
<ol> | |
<li> | |
A <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-74">DID method</a> specifications <em class="rfc2119">MUST</em> follow all guidelines and normative | |
language provided in <a href="https://www.rfc-editor.org/rfc/rfc3552#section-5">RFC3552: Writing Security | |
Considerations Sections</a> for the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-94">DID</a> operations defined in the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-75">DID | |
method</a> specification. | |
</li> | |
<li> | |
The Security Considerations section <em class="rfc2119">MUST</em> document the following forms of attack | |
for the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-95">DID</a> operations defined in the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-76">DID method</a> specification: | |
eavesdropping, replay, message insertion, deletion, modification, denial of | |
service, <a href="#dfn-amplification" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-amplification-1">amplification</a>, and man-in-the-middle. Other known | |
forms of attack <em class="rfc2119">SHOULD</em> also be documented. | |
</li> | |
<li> | |
The Security Considerations section <em class="rfc2119">MUST</em> discuss residual risks, such as the | |
risks from compromise in a related protocol, incorrect implementation, or cipher | |
after threat mitigation was deployed. | |
</li> | |
<li> | |
The Security Considerations section <em class="rfc2119">MUST</em> provide integrity protection and update | |
authentication for all operations required by Section <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a>. | |
</li> | |
<li> | |
If authentication is involved, particularly user-host authentication, the | |
security characteristics of the authentication method <em class="rfc2119">MUST</em> be clearly | |
documented. | |
</li> | |
<li> | |
The Security Considerations section <em class="rfc2119">MUST</em> discuss the policy mechanism by which | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-96">DIDs</a> are proven to be uniquely assigned. | |
</li> | |
<li> | |
Method-specific endpoint authentication <em class="rfc2119">MUST</em> be discussed. Where <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-77">DID | |
methods</a> make use of <a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-3">DLTs</a> with varying network topology, sometimes | |
offered as <em>light node</em> or <em> | |
<a href="https://en.bitcoin.it/wiki/Thin_Client_Security">thin client</a></em> | |
implementations to reduce required computing resources, the security assumptions | |
of the topology available to implementations of the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-78">DID method</a> <em class="rfc2119">MUST</em> be | |
discussed. | |
</li> | |
<li> | |
If a protocol incorporates cryptographic protection mechanisms, the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-79">DID | |
method</a> specification <em class="rfc2119">MUST</em> clearly indicate which portions of the data are | |
protected and by what protections, and it <em class="rfc2119">SHOULD</em> give an indication of the | |
sorts of attacks to which the cryptographic protection is susceptible. Some | |
examples are integrity only, confidentiality, and endpoint authentication. | |
</li> | |
<li> | |
Data which is to be held secret (keying material, random seeds, and so on) | |
<em class="rfc2119">SHOULD</em> be clearly labeled. | |
</li> | |
<li> | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-80">DID method</a> specifications <em class="rfc2119">SHOULD</em> explain and specify the implementation | |
of signatures on <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-152">DID documents</a>, if applicable. | |
</li> | |
<li> | |
Where <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-81">DID methods</a> use peer-to-peer computing resources, such as with all | |
known <a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-4">DLTs</a>, the expected burdens of those resources <em class="rfc2119">SHOULD</em> be discussed | |
in relation to denial of service. | |
</li> | |
<li> | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-82">DID methods</a> that introduce new authentication <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-20">service</a> | |
types, as described in <a href="#services" class="sec-ref"><bdi class="secno">5.4 </bdi>Services</a>, <em class="rfc2119">SHOULD</em> consider the | |
security requirements of the supported authentication protocol. | |
</li> | |
</ol> | |
</section> | |
<section class="normative" id="privacy-requirements"><div class="header-wrapper"><h3 id="x8-4-privacy-requirements"><bdi class="secno">8.4 </bdi>Privacy Requirements</h3><a class="self-link" href="#privacy-requirements" aria-label="Permalink for Section 8.4"></a></div> | |
<p> | |
The requirements for all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-83">DID method</a> specifications when authoring the | |
<em>Privacy Considerations</em> section are: | |
</p> | |
<ol> | |
<li> | |
The <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-84">DID method</a> specification's Privacy Considerations section <em class="rfc2119">MUST</em> | |
discuss any subsection of Section 5 of [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>] that could apply in a | |
method-specific manner. The subsections to consider are: surveillance, stored | |
data compromise, unsolicited traffic, misattribution, correlation, | |
identification, secondary use, disclosure, and exclusion. | |
</li> | |
</ol> | |
</section> | |
</section> | |
<section class="informative" id="security-considerations"><div class="header-wrapper"><h2 id="x9-security-considerations"><bdi class="secno">9. </bdi>Security Considerations</h2><a class="self-link" href="#security-considerations" aria-label="Permalink for Section 9."></a></div><p><em>This section is non-normative.</em></p> | |
<p> | |
This section contains a variety of security considerations that people using | |
Decentralized Identifiers are advised to consider before deploying this | |
technology in a production setting. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-97">DIDs</a> are designed to operate under | |
the threat model used by many IETF standards and documented | |
in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3552" title="Guidelines for Writing RFC Text on Security Considerations">RFC3552</a></cite>]. This section elaborates upon a number of the considerations | |
in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3552" title="Guidelines for Writing RFC Text on Security Considerations">RFC3552</a></cite>], as well as other considerations that are unique to <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-98">DID</a> | |
architecture. | |
</p> | |
<section id="choosing-did-resolvers"><div class="header-wrapper"><h3 id="x9-1-choosing-did-resolvers"><bdi class="secno">9.1 </bdi>Choosing DID Resolvers</h3><a class="self-link" href="#choosing-did-resolvers" aria-label="Permalink for Section 9.1"></a></div> | |
<p> | |
The DID Specification Registries [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] contains an | |
informative list of <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-85">DID method</a> names and their corresponding <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-86">DID | |
method</a> specifications. Implementers need to bear in mind that there is no | |
central authority to mandate which <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-87">DID method</a> specification is to be used | |
with any specific <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-88">DID method</a> name. If there is doubt on whether or not a | |
specific <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-18">DID resolver</a> implements a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-89">DID method</a> correctly, the DID | |
Specification Registries can be used to look up the registered specification | |
and make an informed decision regarding which <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-19">DID resolver</a> | |
implementation to use. | |
</p> | |
</section> | |
<section id="proving-control-and-binding"><div class="header-wrapper"><h3 id="x9-2-proving-control-and-binding"><bdi class="secno">9.2 </bdi>Proving Control and Binding</h3><a class="self-link" href="#proving-control-and-binding" aria-label="Permalink for Section 9.2"></a></div> | |
<p> | |
Binding an entity in the digital world or the physical world to a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-99">DID</a>, to | |
a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-153">DID document</a>, or to cryptographic material requires, the use of | |
security protocols contemplated by this specification. The following sections | |
describe some possible scenarios and how an entity therein might prove control | |
over a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-100">DID</a> or a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-154">DID document</a> for the purposes of authentication or | |
authorization. | |
</p> | |
<section class="notoc"><div class="header-wrapper"><h4 id="proving-control-of-a-did-and-or-did-document">Proving Control of a DID and/or DID Document</h4><a class="self-link" href="#proving-control-of-a-did-and-or-did-document" aria-label="Permalink for this Section"></a></div> | |
<p> | |
Proving control over a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-101">DID</a> and/or a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-155">DID Document</a> is useful when | |
updating either in a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-6">verifiable data registry</a> or authenticating with | |
remote systems. Cryptographic digital signatures and <a href="#dfn-verifiable-timestamp" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-timestamp-1">verifiable | |
timestamps</a> enable certain security protocols related to <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-156">DID documents</a> | |
to be cryptographically verifiable. For these purposes, this specification | |
defines useful <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-21">verification relationships</a> in <a href="#authentication" class="sec-ref"><bdi class="secno">5.3.1 </bdi>Authentication</a> and <a href="#capability-invocation" class="sec-ref"><bdi class="secno">5.3.4 </bdi>Capability Invocation</a>. The | |
secret cryptographic material associated with the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-66">verification methods</a> | |
can be used to generate a cryptographic digital signature as a part of an | |
authentication or authorization security protocol. | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-14"><div role="heading" class="note-title marker" id="h-note-14" aria-level="5"><span>Note</span><span class="issue-label">: Signed DID documents</span></div><p class=""> | |
Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-90">DID methods</a> allow digital signatures and other proofs to be | |
included in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-157">DID document</a> or a <a href="#metadata-structure" class="sec-ref"><bdi class="secno">7.3 </bdi>Metadata Structure</a>. | |
However, such proofs by themselves do not necessarily prove control over a | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-102">DID</a>, or guarantee that the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-158">DID document</a> is the correct one for | |
the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-103">DID</a>. In order to obtain | |
the correct <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-159">DID document</a> and verify control over a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-104">DID</a>, it is | |
necessary to perform the <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-16">DID resolution</a> process as defined by the | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-91">DID method</a>. | |
</p></div> | |
</section> | |
<section class="notoc"><div class="header-wrapper"><h4 id="binding-to-physical-identity">Binding to Physical Identity</h4><a class="self-link" href="#binding-to-physical-identity" aria-label="Permalink for this Section"></a></div> | |
<p> | |
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-105">DID</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-160">DID document</a> do not inherently carry any | |
<a href="https://en.wikipedia.org/wiki/Personal_data">personal data</a> and | |
it is strongly advised that non-public entities do not publish personal data in | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-161">DID documents</a>. | |
</p> | |
<p> | |
It can be useful to express a binding of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-106">DID</a> to a person's or | |
organization's physical identity in a way that is provably asserted by a | |
trusted authority, such as a government. This specification provides | |
the <a href="#assertion" class="sec-ref"><bdi class="secno">5.3.2 </bdi>Assertion</a> <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-22">verification relationship</a> for these | |
purposes. This feature can enable interactions that are private and can be | |
considered legally enforceable under one or more jurisdictions; establishing | |
such bindings has to be carefully balanced against privacy considerations (see | |
<a href="#privacy-considerations" class="sec-ref"><bdi class="secno">10. </bdi>Privacy Considerations</a>). | |
</p> | |
<p> | |
The process of binding a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-107">DID</a> to something in the physical world, such as | |
a person or an organization — for example, by using <a href="#dfn-verifiable-credentials" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-credentials-4">verifiable | |
credentials</a> with the same subject as that <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-108">DID</a> — is contemplated | |
by this specification and further defined in the Verifiable Credentials Data | |
Model [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>]. | |
</p> | |
</section> | |
</section> | |
<section id="authentication-service-endpoints"><div class="header-wrapper"><h3 id="x9-3-authentication-service-endpoints"><bdi class="secno">9.3 </bdi>Authentication Service Endpoints</h3><a class="self-link" href="#authentication-service-endpoints" aria-label="Permalink for Section 9.3"></a></div> | |
<p> | |
If a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-162">DID document</a> publishes a <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-21">service</a> intended for | |
authentication or authorization of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-50">DID subject</a> (see Section <a href="#services" class="sec-ref"><bdi class="secno">5.4 </bdi>Services</a>), it is the responsibility of the <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-4">service | |
endpoint</a> provider, subject, or requesting party to comply with the | |
requirements of the authentication protocols supported at that <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-5">service | |
endpoint</a>. | |
</p> | |
</section> | |
<section id="non-repudiation"><div class="header-wrapper"><h3 id="x9-4-non-repudiation"><bdi class="secno">9.4 </bdi>Non-Repudiation</h3><a class="self-link" href="#non-repudiation" aria-label="Permalink for Section 9.4"></a></div> | |
<p> | |
Non-repudiation of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-109">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-163">DID document</a> updates is supported if: | |
</p> | |
<ul> | |
<li> | |
The <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-7">verifiable data registry</a> supports | |
<a href="#dfn-verifiable-timestamp" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-timestamp-2">verifiable timestamps</a>. See <a href="#did-document-metadata" class="sec-ref"><bdi class="secno">7.1.3 </bdi>DID Document Metadata</a> | |
for further information on useful timestamps that can be used during the | |
<a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-17">DID resolution</a> process. | |
</li> | |
<li> | |
The subject is monitoring for unauthorized updates as elaborated upon in | |
<a href="#notification-of-did-document-changes" class="sec-ref"><bdi class="secno">9.5 </bdi>Notification of DID Document Changes</a>. | |
</li> | |
<li> | |
The subject has had adequate opportunity to revert malicious updates according | |
to the authorization mechanism for the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-92">DID method</a>. | |
</li> | |
</ul> | |
</section> | |
<section id="notification-of-did-document-changes"><div class="header-wrapper"><h3 id="x9-5-notification-of-did-document-changes"><bdi class="secno">9.5 </bdi>Notification of DID Document Changes</h3><a class="self-link" href="#notification-of-did-document-changes" aria-label="Permalink for Section 9.5"></a></div> | |
<p> | |
One mitigation against unauthorized changes to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-164">DID document</a> is | |
monitoring and actively notifying the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-51">DID subject</a> when there are changes. | |
This is analogous to helping prevent account takeover on conventional | |
username/password accounts by sending password reset notifications to the email | |
addresses on file. | |
</p> | |
<p> | |
In the case of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-110">DID</a>, there is no intermediary registrar or account | |
provider to generate such notifications. However, if the <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-8">verifiable data | |
registry</a> on which the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-111">DID</a> is registered directly supports change | |
notifications, a subscription service can be offered to <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-20">DID controllers</a>. | |
Notifications could be sent directly to the relevant <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-6">service endpoints</a> | |
listed in an existing <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-112">DID</a>. | |
</p> | |
<p> | |
If a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-21">DID controller</a> chooses to rely on a third-party monitoring service | |
(other than the <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-9">verifiable data registry</a> itself), this introduces another | |
vector of attack. | |
</p> | |
</section> | |
<section id="key-and-signature-expiration"><div class="header-wrapper"><h3 id="x9-6-key-and-signature-expiration"><bdi class="secno">9.6 </bdi>Key and Signature Expiration</h3><a class="self-link" href="#key-and-signature-expiration" aria-label="Permalink for Section 9.6"></a></div> | |
<p> | |
In a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-113">decentralized identifier</a> architecture, there might not be | |
centralized authorities to enforce cryptographic material or cryptographic | |
digital signature expiration policies. Therefore, it is with supporting software | |
such as <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-20">DID resolvers</a> and verification libraries that requesting parties | |
validate that cryptographic material were not expired at the time they were | |
used. Requesting parties might employ their own expiration policies in addition | |
to inputs into their verification processes. For example, some requesting | |
parties might accept authentications from five minutes in the past, while others | |
with access to high precision time sources might require authentications to be | |
time stamped within the last 500 milliseconds. | |
</p> | |
<p> | |
There are some requesting parties that have legitimate needs to extend the use | |
of already-expired cryptographic material, such as verifying legacy | |
cryptographic digital signatures. In these scenarios, a requesting party might | |
instruct their verification software to ignore cryptographic key material | |
expiration or determine if the cryptographic key material was expired at the | |
time it was used. | |
</p> | |
</section> | |
<section id="verification-method-rotation"><div class="header-wrapper"><h3 id="x9-7-verification-method-rotation"><bdi class="secno">9.7 </bdi>Verification Method Rotation</h3><a class="self-link" href="#verification-method-rotation" aria-label="Permalink for Section 9.7"></a></div> | |
<p> | |
Rotation is a management process that enables the secret cryptographic material | |
associated with an existing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-67">verification method</a> to be deactivated or | |
destroyed once a new <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-68">verification method</a> has been added to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-165">DID | |
document</a>. Going forward, any new proofs that a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-7">controller</a> would have | |
generated using the old secret cryptographic material can now instead be | |
generated using the new cryptographic material and can be verified using the | |
new <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-69">verification method</a>. | |
</p> | |
<p> | |
Rotation is a useful mechanism for protecting against verification method | |
compromise, since frequent rotation of a verification method by the controller | |
reduces the value of a single compromised verification method to an attacker. | |
Performing revocation immediately after rotation is useful for verification | |
methods that a controller designates for short-lived verifications, such as | |
those involved in encrypting messages and authentication. | |
</p> | |
<p> | |
The following considerations might be of use when contemplating the use of | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-70">verification method</a> rotation: | |
</p> | |
<ul> | |
<li> | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-71">Verification method</a> rotation is a proactive security measure. | |
</li> | |
<li> | |
It is generally considered a best practice to perform <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-72">verification method</a> | |
rotation on a regular basis. | |
</li> | |
<li> | |
Higher security environments tend to employ more frequent verification method | |
rotation. | |
</li> | |
<li> | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-73">Verification method</a> rotation manifests only as changes to the current or | |
latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-166">DID document</a>. | |
</li> | |
<li> | |
When a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-74">verification method</a> has been active for a long time, or used for | |
many operations, a controller might wish to perform a rotation. | |
</li> | |
<li> | |
Frequent rotation of a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-75">verification method</a> might be frustrating for | |
parties that are forced to continuously renew or refresh associated credentials. | |
</li> | |
<li> | |
Proofs or signatures that rely on <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-76">verification methods</a> that are not | |
present in the latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-167">DID document</a> are not impacted by | |
rotation. In these cases, verification software might require additional | |
information, such as when a particular <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-77">verification method</a> was | |
expected to be valid as well as access to a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-10">verifiable data registry</a> | |
containing a historical record, to determine the validity of the proof or | |
signature. This option might not be available in all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-93">DID methods</a>. | |
</li> | |
<li> | |
The section on <a href="#method-operations">DID method operations</a> specifies | |
the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-114">DID</a> operations to be supported by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-94">DID method</a> specification, | |
including <a href="#method-operations">update</a> which is expected to be used | |
to perform a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-78">verification method</a> rotation. | |
</li> | |
<li> | |
A <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-8">controller</a> performs a rotation when they add a new <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-79">verification | |
method</a> that is meant to replace an existing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-80">verification method</a> after | |
some time. | |
</li> | |
<li> | |
Not all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-95">DID methods</a> support <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-81">verification method</a> rotation. | |
</li> | |
</ul> | |
</section> | |
<section id="verification-method-revocation"><div class="header-wrapper"><h3 id="x9-8-verification-method-revocation"><bdi class="secno">9.8 </bdi>Verification Method Revocation</h3><a class="self-link" href="#verification-method-revocation" aria-label="Permalink for Section 9.8"></a></div> | |
<p> | |
Revocation is a management process that enables the secret cryptographic | |
material associated with an existing <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-82">verification method</a> to be | |
deactivated such that it ceases to be a valid form of creating new | |
proofs of digital signatures. | |
</p> | |
<p> | |
Revocation is a useful mechanism for reacting to a verification method | |
compromise. Performing revocation immediately after rotation is useful for | |
verification methods that a controller designates for short-lived verifications, | |
such as those involved in encrypting messages and authentication. | |
</p> | |
<p> | |
Compromise of the secrets associated with a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-83">verification method</a> allows | |
the attacker to use them according to the <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-23">verification relationship</a> | |
expressed by <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-9">controller</a> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-168">DID document</a>, for example, for | |
authentication. The attacker's use of the secrets might be indistinguishable | |
from the legitimate <a href="#did-controller">controller's</a> use starting from | |
the time the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-84">verification method</a> was registered, to the time it was | |
revoked. | |
</p> | |
<p> | |
The following considerations might be of use when contemplating the use of | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-85">verification method</a> revocation: | |
</p> | |
<ul> | |
<li> | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-86">Verification method</a> revocation is a reactive security measure. | |
</li> | |
<li> | |
It is considered a best practice to support key revocation. | |
</li> | |
<li> | |
A <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-10">controller</a> is expected to immediately revoke any <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-87">verification | |
method</a> that is known to be compromised. | |
</li> | |
<li> | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-88">Verification method</a> revocation can only be embodied in changes to | |
the latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-169">DID Document</a>; it cannot retroactively adjust | |
previous versions. | |
</li> | |
<li> | |
As described in <a href="#verification-material" class="sec-ref"><bdi class="secno">5.2.1 </bdi>Verification Material</a>, absence of a verification | |
method is the only form of revocation that applies to all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-96">DID Methods</a> | |
that support revocation. | |
</li> | |
<li> | |
If a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-89">verification method</a> is no longer exclusively accessible to the | |
<a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-11">controller</a> or parties trusted to act on behalf of the <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-12">controller</a>, | |
it is expected to be revoked immediately to reduce the risk of | |
compromises such as masquerading, theft, and fraud. | |
</li> | |
<li> | |
Revocation is expected to be understood as a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-13">controller</a> expressing that | |
proofs or signatures associated with a revoked <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-90">verification method</a> | |
created after its revocation should be treated as invalid. It could also imply a | |
concern that existing proofs or signatures might have been created by an | |
attacker, but this is not necessarily the case. Verifiers, however, might still | |
choose to accept or reject any such proofs or signatures at their own | |
discretion. | |
</li> | |
<li> | |
The section on <a href="#method-operations">DID method operations</a> specifies | |
the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-115">DID</a> operations to be supported by a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-97">DID method</a> specification, | |
including <a href="#method-operations">update</a> and <a href="#method-operations">deactivate</a>, which might be used to remove | |
a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-91">verification method</a> from a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-170">DID document</a>. | |
</li> | |
<li> | |
Not all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-98">DID methods</a> support <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-92">verification method</a> revocation. | |
</li> | |
<li> | |
Even if a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-93">verification method</a> is present in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-171">DID document</a>, | |
additional information, such as a public key revocation certificate, or an | |
external allow or deny list, could be used to determine whether a | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-94">verification method</a> has been revoked. | |
</li> | |
<li> | |
The day-to-day operation of any software relying on a compromised | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-95">verification method</a>, such as an individual's operating system, antivirus, | |
or endpoint protection software, could be impacted when the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-96">verification | |
method</a> is publicly revoked. | |
</li> | |
</ul> | |
<section class="notoc"><div class="header-wrapper"><h4 id="revocation-semantics">Revocation Semantics</h4><a class="self-link" href="#revocation-semantics" aria-label="Permalink for this Section"></a></div> | |
<p> | |
Although verifiers might choose not to accept proofs or signatures from a | |
revoked verification method, knowing whether a verification was made with a | |
revoked <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-97">verification method</a> is trickier than it might seem. Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-99">DID | |
methods</a> provide the ability to look back at the state of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-116">DID</a> at a | |
point in time, or at a particular version of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-172">DID document</a>. When such | |
a feature is combined with a reliable way to determine the time or <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-117">DID</a> | |
version that existed when a cryptographically verifiable statement was made, | |
then revocation does not undo that statement. This can be the basis for using | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-118">DIDs</a> to make binding commitments; for example, to sign a mortgage. | |
</p> | |
<p> | |
If these conditions are met, revocation is not retroactive; it only nullifies | |
future use of the method. | |
</p> | |
<p> | |
However, in order for such semantics to be safe, the second condition — an | |
ability to know what the state of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-173">DID document</a> was at the time the | |
assertion was made — is expected to apply. Without that guarantee, someone | |
could discover a revoked key and use it to make cryptographically verifiable | |
statements with a simulated date in the past. | |
</p> | |
<p> | |
Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-100">DID methods</a> only allow the retrieval of the current state of a | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-119">DID</a>. When this is true, or when the state of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-120">DID</a> at the time of | |
a cryptographically verifiable statement cannot be reliably determined, then the | |
only safe course is to disallow any consideration of DID state with respect to | |
time, except the present moment. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-121">DID</a> ecosystems that take this approach | |
essentially provide cryptographically verifiable statements as ephemeral tokens | |
that can be invalidated at any time by the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-22">DID controller</a>. | |
</p> | |
</section> | |
<section class="notoc"><div class="header-wrapper"><h4 id="revocation-in-trustless-systems">Revocation in Trustless Systems</h4><a class="self-link" href="#revocation-in-trustless-systems" aria-label="Permalink for this Section"></a></div> | |
<p> | |
Trustless systems are those where all trust is derived from cryptographically | |
provable assertions, and more specifically, where no metadata outside of the | |
cryptographic system is factored into the determination of trust in the system. | |
To verify a signature of proof for a <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-98">verification method</a> which has been | |
revoked in a trustless system, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-101">DID method</a> needs to support either or | |
both of the <code>versionId</code> or <code>versionTime</code>, as well as both the <code>updated</code> and | |
<code>nextUpdate</code>, <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-174">DID document</a> metadata properties. A verifier can validate a | |
signature or proof of a revoked key if and only if all of the following are | |
true: | |
</p> | |
<ul> | |
<li> | |
The proof or signature includes the <code>versionId</code> or <code>versionTime</code> of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-175">DID | |
document</a> that was used at the point the signature or proof was created. | |
</li> | |
<li> | |
The verifier can determine the point in time at which the signature or proof was | |
made; for example, it was anchored on a blockchain. | |
</li> | |
<li> | |
For the resolved <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-176">DID document</a> metadata, the <code>updated</code> timestamp is | |
before, and the <code>nextUpdate</code> timestamp is after, the point in time at which the | |
signature or proof was made. | |
</li> | |
</ul> | |
<p> | |
In systems that are willing to admit metadata other than those constituting | |
cryptographic input, similar trust may be achieved -- but always on the | |
same basis where a careful judgment is made about whether a | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-177">DID document</a>'s content at the moment of a signing event | |
contained the expected content. | |
</p> | |
</section> | |
</section> | |
<section id="did-recovery"><div class="header-wrapper"><h3 id="x9-9-did-recovery"><bdi class="secno">9.9 </bdi>DID Recovery</h3><a class="self-link" href="#did-recovery" aria-label="Permalink for Section 9.9"></a></div> | |
<p> | |
Recovery is a reactive security measure whereby a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-14">controller</a> that has | |
lost the ability to perform DID operations, such as through the loss of a | |
device, is able to regain the ability to perform DID operations. | |
</p> | |
<p> | |
The following considerations might be of use when contemplating the use of | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-122">DID</a> recovery: | |
</p> | |
<ul> | |
<li> | |
Performing recovery proactively on an infrequent but regular basis, can help to | |
ensure that control has not been lost. | |
</li> | |
<li> | |
It is considered a best practice to never reuse cryptographic material | |
associated with recovery for any other purposes. | |
</li> | |
<li> | |
Recovery is commonly performed in conjunction with <a href="#verification-method-rotation">verification method rotation</a> and <a href="#verification-method-revocation">verification method revocation</a>. | |
</li> | |
<li> | |
Recovery is advised when a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-15">controller</a> or services trusted to act on their | |
behalf no longer have the exclusive ability to perform DID operations as | |
described in <a href="#method-operations" class="sec-ref"><bdi class="secno">8.2 </bdi>Method Operations</a>. | |
</li> | |
<li> | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-102">DID method</a> specifications might choose to enable support for a quorum of | |
trusted parties to facilitate recovery. Some of the facilities to do so are | |
suggested in <a href="#did-controller" class="sec-ref"><bdi class="secno">5.1.2 </bdi>DID Controller</a>. | |
</li> | |
<li> | |
Not all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-103">DID method</a> specifications will recognize control from <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-123">DIDs</a> | |
registered using other <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-104">DID methods</a> and they might restrict third-party | |
control to <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-124">DIDs</a> that use the same method. | |
</li> | |
<li> | |
Access control and recovery in a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-105">DID method</a> specification can also | |
include a time lock feature to protect against key compromise by maintaining a | |
second track of control for recovery. | |
</li> | |
<li> | |
There are currently no common recovery mechanisms that apply to all | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-106">DID methods</a>. | |
</li> | |
</ul> | |
</section> | |
<section id="the-role-of-human-friendly-identifiers"><div class="header-wrapper"><h3 id="x9-10-the-role-of-human-friendly-identifiers"><bdi class="secno">9.10 </bdi>The Role of Human-Friendly Identifiers</h3><a class="self-link" href="#the-role-of-human-friendly-identifiers" aria-label="Permalink for Section 9.10"></a></div> | |
<p> | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-125">DIDs</a> achieve global uniqueness without the need for a central | |
registration authority. This comes at the cost of human memorability. | |
Algorithms capable of generating globally unambiguous identifiers | |
produce random strings of characters that have no human meaning. This | |
trade-off is often referred to as | |
<a href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's | |
Triangle</a>. | |
</p> | |
<p> | |
There are use cases where it is desirable to discover a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-126">DID</a> when | |
starting from a human-friendly identifier. For example, a natural language | |
name, a domain name, or a conventional address for a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-23">DID controller</a>, | |
such as a mobile telephone number, email address, social media username, or | |
blog URL. However, the problem of mapping human-friendly identifiers to | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-127">DIDs</a>, and doing so in a way that can be verified and trusted, is | |
outside the scope of this specification. | |
</p> | |
<p> | |
Solutions to this problem are defined in separate specifications, such as | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-dns-did" title="The Decentralized Identifier (DID) in the DNS">DNS-DID</a></cite>], that reference this specification. It is strongly recommended that | |
such specifications carefully consider the: | |
</p> | |
<ul> | |
<li> | |
Numerous security attacks based on deceiving users about the true human-friendly | |
identifier for a target entity. | |
</li> | |
<li> | |
Privacy consequences of using human-friendly identifiers that are inherently | |
correlatable, especially if they are globally unique. | |
</li> | |
</ul> | |
</section> | |
<section id="dids-as-enhanced-urns"><div class="header-wrapper"><h3 id="x9-11-dids-as-enhanced-urns"><bdi class="secno">9.11 </bdi>DIDs as Enhanced URNs</h3><a class="self-link" href="#dids-as-enhanced-urns" aria-label="Permalink for Section 9.11"></a></div> | |
<p> | |
If desired by a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-24">DID controller</a>, a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-128">DID</a> or a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-36">DID URL</a> is | |
capable of acting as persistent, location-independent resource identifier. | |
These sorts of identifiers | |
are classified as Uniform Resource Names (URNs) and are defined in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8141" title="Uniform Resource Names (URNs)">RFC8141</a></cite>]. | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-129">DIDs</a> are an enhanced form of URN that provide a | |
cryptographically secure, location-independent identifier for a digital | |
resource, while also providing metadata that enables retrieval. Due to the | |
indirection between the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-178">DID document</a> and the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-130">DID</a> itself, the | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-25">DID controller</a> can adjust the actual location of the resource — or | |
even provide the resource directly — without adjusting the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-131">DID</a>. | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-132">DIDs</a> of this type can definitively verify that the resource retrieved is, | |
in fact, the resource identified. | |
</p> | |
<p> | |
A <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-26">DID controller</a> who intends to use a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-133">DID</a> for this purpose is | |
advised to follow the security considerations in [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8141" title="Uniform Resource Names (URNs)">RFC8141</a></cite>]. In particular: | |
</p> | |
<ul> | |
<li> | |
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-27">DID controller</a> is expected to choose a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-107">DID method</a> that | |
supports the controller's requirements for persistence. The Decentralized | |
Characteristics Rubric [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-rubric" title="Decentralized Characteristics Rubric v1.0">DID-RUBRIC</a></cite>] is one tool available to help | |
implementers decide upon the most suitable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-108">DID method</a>. | |
</li> | |
<li> | |
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-28">DID controller</a> is expected to publish its operational policies so | |
requesting parties can determine the degree to which they can rely on the | |
persistence of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-134">DID</a> controlled by that <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-29">DID controller</a>. In the | |
absence of such policies, requesting parties are not expected to make any | |
assumption about whether a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-135">DID</a> is a persistent identifier for the same | |
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-52">DID subject</a>. | |
</li> | |
</ul> | |
</section> | |
<section id="immutability"><div class="header-wrapper"><h3 id="x9-12-immutability"><bdi class="secno">9.12 </bdi>Immutability</h3><a class="self-link" href="#immutability" aria-label="Permalink for Section 9.12"></a></div> | |
<p> | |
Many cybersecurity abuses hinge on exploiting gaps between reality and the | |
assumptions of rational, good-faith actors. Immutability of <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-179">DID documents</a> | |
can provide some security benefits. Individual <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-109">DID methods</a> ought to | |
consider constraints that would eliminate behaviors or semantics they do not | |
need. The more <em>locked down</em> a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-110">DID method</a> is, while providing the | |
same set of features, the less it can be manipulated by malicious actors. | |
</p> | |
<p> | |
As an example, consider that a single edit to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-180">DID document</a> can change | |
anything except the root <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-8">id</a></code> property of the document. But | |
is it actually desirable for a <a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-22">service</a> to change its | |
<code>type</code> after it is defined? Or for a key to change its value? Or | |
would it be better to require a new <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-9">id</a></code> when certain | |
fundamental properties of an object change? Malicious takeovers of a website | |
often aim for an outcome where the site keeps its host name identifier, | |
but is subtly changed underneath. If certain properties of the site, such | |
as the <a target="_blank" href="https://en.wikipedia.org/wiki/Autonomous_system_(Internet)">ASN</a> | |
associated with its IP address, were required by the specification to be | |
immutable, anomaly detection would be easier, and attacks would be much | |
harder and more expensive to carry out. | |
</p> | |
<p> | |
For <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-111">DID methods</a> tied to a global source of truth, a direct, | |
just-in-time lookup of the latest version of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-181">DID document</a> is always | |
possible. However, it seems likely that layers of cache might eventually sit | |
between a <a href="#dfn-did-resolvers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolvers-21">DID resolver</a> and that source of truth. If they do, believing | |
the attributes of an object in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-182">DID document</a> to have a given state | |
when they are actually subtly different might invite exploits. This is | |
particularly true if some lookups are of a full <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-183">DID document</a>, and | |
others are of partial data where the larger context is assumed. | |
</p> | |
</section> | |
<section id="encrypted-data-in-did-documents"><div class="header-wrapper"><h3 id="x9-13-encrypted-data-in-did-documents"><bdi class="secno">9.13 </bdi>Encrypted Data in DID Documents</h3><a class="self-link" href="#encrypted-data-in-did-documents" aria-label="Permalink for Section 9.13"></a></div> | |
<p> | |
Encryption algorithms have been known to fail due to advances in cryptography | |
and computing power. Implementers are advised to assume that any encrypted data | |
placed in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-184">DID document</a> might eventually be made available in clear text | |
to the same audience to which the encrypted data is available. This is | |
particularly pertinent if the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-185">DID document</a> is public. | |
</p> | |
<p> | |
Encrypting all or parts of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-186">DID document</a> is <em>not</em> an appropriate | |
means to protect data in the long term. Similarly, placing encrypted data in | |
a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-187">DID document</a> is not an appropriate means to protect personal data. | |
</p> | |
<p> | |
Given the caveats above, if encrypted data is included in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-188">DID document</a>, | |
implementers are advised to not associate any correlatable information | |
that could be used to infer a relationship between the encrypted data | |
and an associated party. Examples of correlatable information include | |
public keys of a receiving party, identifiers to digital assets known to be | |
under the control of a receiving party, or human readable descriptions of a | |
receiving party. | |
</p> | |
</section> | |
<section id="equivalence-properties"><div class="header-wrapper"><h3 id="x9-14-equivalence-properties"><bdi class="secno">9.14 </bdi>Equivalence Properties</h3><a class="self-link" href="#equivalence-properties" aria-label="Permalink for Section 9.14"></a></div> | |
<p> | |
Given the <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-13">equivalentId</a></code> and <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-11">canonicalId</a></code> | |
properties are generated by <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-112">DID methods</a> themselves, the same security and | |
accuracy guarantees that apply to the resolved <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-136">DID</a> present in the | |
<code>id</code> field of a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-189">DID document</a> also apply to these properties. | |
The <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-7">alsoKnownAs</a></code> property is not guaranteed to be an accurate | |
statement of equivalence, and should not be relied upon without performing | |
validation steps beyond the resolution of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-190">DID document</a>. | |
</p> | |
<p> | |
The <code><a href="#dfn-equivalentid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-equivalentid-14">equivalentId</a></code> and <code><a href="#dfn-canonicalid" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-canonicalid-12">canonicalId</a></code> | |
properties express equivalence assertions to variants of a single <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-137">DID</a> | |
produced by the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-113">DID method</a> and can be trusted to the extent the | |
requesting party trusts the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-114">DID method</a> and a conforming producer and | |
resolver. | |
</p> | |
<p> | |
The <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-8">alsoKnownAs</a></code> property permits an equivalence assertion to | |
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-22">URIs</a> that are not governed by the same <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-115">DID method</a> and cannot be | |
trusted without performing verification steps outside of the governing <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-116">DID | |
method</a>. See additional guidance in <a href="#also-known-as" class="sec-ref"><bdi class="secno">5.1.3 </bdi>Also Known As</a>. | |
</p> | |
<p> | |
As with any other security-related properties in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-191">DID document</a>, | |
parties relying on any equivalence statement in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-192">DID document</a> should | |
guard against the values of these properties being substituted by an attacker | |
after the proper verification has been performed. Any write access to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-193">DID | |
document</a> stored in memory or disk after verification has been performed is | |
an attack vector that might circumvent verification unless the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-194">DID | |
document</a> is re-verified. | |
</p> | |
</section> | |
<section id="content-integrity-protection"><div class="header-wrapper"><h3 id="x9-15-content-integrity-protection"><bdi class="secno">9.15 </bdi>Content Integrity Protection</h3><a class="self-link" href="#content-integrity-protection" aria-label="Permalink for Section 9.15"></a></div> | |
<p> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-195">DID documents</a> which include links to external machine-readable content | |
such as images, web pages, or schemas are vulnerable to tampering. It is | |
strongly advised that external links are integrity protected using solutions | |
such as a hashlink [<cite><a class="bibref" data-link-type="biblio" href="#bib-hashlink" title="Cryptographic Hyperlinks">HASHLINK</a></cite>]. External links are to be avoided if they | |
cannot be integrity protected and the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-196">DID document</a>'s integrity is | |
dependent on the external link. | |
</p> | |
<p> | |
One example of an external link where the integrity of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-197">DID document</a> | |
itself could be affected is the JSON-LD Context [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>]. To protect | |
against compromise, <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-198">DID document</a> consumers are advised to cache local | |
static copies of JSON-LD contexts and/or verify the integrity of external | |
contexts against a cryptographic hash that is known to be associated with a safe | |
version of the external JSON-LD Context. | |
</p> | |
</section> | |
<section id="persistence"><div class="header-wrapper"><h3 id="x9-16-persistence"><bdi class="secno">9.16 </bdi>Persistence</h3><a class="self-link" href="#persistence" aria-label="Permalink for Section 9.16"></a></div> | |
<p> | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-138">DIDs</a> are designed to be persistent such that a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-16">controller</a> need not | |
rely upon a single trusted third party or administrator to maintain their | |
identifiers. In an ideal case, no administrator can take control away from the | |
<a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-17">controller</a>, nor can an administrator prevent their identifiers' use for | |
any particular purpose such as authentication, authorization, and attestation. | |
No third party can act on behalf of a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-18">controller</a> to remove or render | |
inoperable an entity's identifier without the <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-19">controller</a>'s consent. | |
</p> | |
<p> | |
However, it is important to note that in all <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-117">DID methods</a> that enable | |
cryptographic proof-of-control, the means of proving control can always be | |
transferred to another party by transferring the secret cryptographic material. | |
Therefore, it is vital that systems relying on the persistence of an identifier | |
over time regularly check to ensure that the identifier is, in fact, still under | |
the control of the intended party. | |
</p> | |
<p> | |
Unfortunately, it is impossible to determine from the cryptography alone whether | |
or not the secret cryptographic material associated with a given | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-99">verification method</a> has been compromised. It might well be that the | |
expected <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-20">controller</a> still has access to the secret cryptographic material | |
— and as such can execute a proof-of-control as part of a verification | |
process — while at the same time, a bad actor also has access to those | |
same keys, or to a copy thereof. | |
</p> | |
<p> | |
As such, cryptographic proof-of-control is expected to only be used as one | |
factor in evaluating the level of identity assurance required for high-stakes | |
scenarios. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-139">DID</a>-based authentication provides much greater assurance than | |
a username and password, thanks to the ability to determine control over a | |
cryptographic secret without transmitting that secret between systems. However, | |
it is not infallible. Scenarios that involve sensitive, high value, or | |
life-critical operations are expected to use additional factors as appropriate. | |
</p> | |
<p> | |
In addition to potential ambiguity from use by different <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-21">controllers</a>, it | |
is impossible to guarantee, in general, that a given <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-140">DID</a> is being used in | |
reference to the same subject at any given point in time. It is technically | |
possible for the controller to reuse a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-141">DID</a> for different subjects and, | |
more subtly, for the precise definition of the subject to either change over | |
time or be misunderstood. | |
</p> | |
<p> | |
For example, consider a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-142">DID</a> used for a sole proprietorship, receiving | |
various credentials used for financial transactions. To the <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-22">controller</a>, | |
that identifier referred to the business. As the business grows, it eventually | |
gets incorporated as a Limited Liability Company. The <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-23">controller</a> | |
continues using that same <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-143">DID</a>, because to <strong>them</strong> the | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-144">DID</a> refers to the business. However, to the state, the tax authority, and | |
the local municipality, the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-145">DID</a> no longer refers to the same entity. | |
Whether or not the subtle shift in meaning matters to a credit provider or | |
supplier is necessarily up to them to decide. In many cases, as long as the | |
bills get paid and collections can be enforced, the shift is immaterial. | |
</p> | |
<p> | |
Due to these potential ambiguities, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-146">DIDs</a> are to be considered valid | |
<em>contextually</em> rather than absolutely. Their persistence does not imply | |
that they refer to the exact same subject, nor that they are under the control | |
of the same <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-24">controller</a>. Instead, one needs to understand the context in | |
which the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-147">DID</a> was created, how it is used, and consider the likely shifts | |
in their meaning, and adopt procedures and policies to address both potential | |
and inevitable semantic drift. | |
</p> | |
</section> | |
<section id="level-of-assurance"><div class="header-wrapper"><h3 id="x9-17-level-of-assurance"><bdi class="secno">9.17 </bdi>Level of Assurance</h3><a class="self-link" href="#level-of-assurance" aria-label="Permalink for Section 9.17"></a></div> | |
<p> | |
Additional information about the security context of authentication events is | |
often required for compliance reasons, especially in regulated areas such as the | |
financial and public sectors. This information is often referred to as a Level | |
of Assurance (LOA). Examples include the protection of secret cryptographic | |
material, the identity proofing process, and the form-factor of the | |
authenticator. | |
</p> | |
<p> | |
<a target="_blank" href="https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en"> | |
Payment services (PSD 2)</a> and <a target="_blank" href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG"> | |
eIDAS</a> introduce such requirements to the security context. Level of | |
assurance frameworks are classified and defined by regulations and | |
standards such as <a target="_blank" href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG"> | |
eIDAS</a>, <a target="_blank" href="https://pages.nist.gov/800-63-3/sp800-63-3.html"> NIST 800-63-3</a> and <a target="_blank" href="https://www.iso.org/standard/45138.html"> ISO/IEC | |
29115:2013</a>, including their requirements for the security context, and | |
making recommendations on how to achieve them. This might include strong user | |
authentication where <a target="_blank" href="https://fidoalliance.org/fido2/">FIDO2</a>/<a target="_blank" href="https://www.w3.org/TR/webauthn-2/">WebAuthn</a> can fulfill the | |
requirement. | |
</p> | |
<p> | |
Some regulated scenarios require the implementation of a specific level of | |
assurance. Since <a href="#dfn-verification-relationship" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-relationship-24">verification relationships</a> such as <code> | |
<a href="#dfn-assertionmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-assertionmethod-3">assertionMethod</a></code> and <code><a href="#dfn-authentication" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authentication-7">authentication</a></code> might be | |
used in some of these situations, information about the applied security context | |
might need to be expressed and provided to a <em>verifier</em>. Whether and how | |
to encode this information in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-199">DID document</a> data model is out of scope | |
for this specification. Interested readers might note that 1) the information | |
could be transmitted using Verifiable Credentials [<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>], and 2) the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-200">DID document</a> data model can be extended to incorporate this information | |
as described in <a href="#extensibility" class="sec-ref"><bdi class="secno">4.1 </bdi>Extensibility</a>, and where <a href="#privacy-considerations" class="sec-ref"><bdi class="secno">10. </bdi>Privacy Considerations</a> is applicable for such extensions. | |
</p> | |
</section> | |
</section> | |
<section class="informative" id="privacy-considerations"><div class="header-wrapper"><h2 id="x10-privacy-considerations"><bdi class="secno">10. </bdi>Privacy Considerations</h2><a class="self-link" href="#privacy-considerations" aria-label="Permalink for Section 10."></a></div><p><em>This section is non-normative.</em></p> | |
<p> | |
Since <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-148">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-201">DID documents</a> are designed to be administered | |
directly by the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-30">DID controller(s)</a>, it is critically important to apply | |
the principles of Privacy by Design [<cite><a class="bibref" data-link-type="biblio" href="#bib-privacy-by-design" title="Privacy by Design">PRIVACY-BY-DESIGN</a></cite>] to all aspects of the | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-149">decentralized identifier</a> architecture. All seven of these principles | |
have been applied throughout the development of this specification. The design | |
used in this specification does not assume that there is a registrar, hosting | |
company, nor other intermediate service provider to recommend or apply | |
additional privacy safeguards. Privacy in this specification is preventive, | |
not remedial, and is an embedded default. The following sections cover privacy | |
considerations that implementers might find useful when building systems that | |
utilize <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-150">decentralized identifiers</a>. | |
</p> | |
<section id="keep-personal-data-private"><div class="header-wrapper"><h3 id="x10-1-keep-personal-data-private"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</h3><a class="self-link" href="#keep-personal-data-private" aria-label="Permalink for Section 10.1"></a></div> | |
<p> | |
If a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-118">DID method</a> specification is written for a public-facing | |
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-11">verifiable data registry</a> where corresponding <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-151">DIDs</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-202">DID | |
documents</a> might be made publicly available, it is <em>critical</em> that | |
those <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-203">DID documents</a> contain no personal data. Personal data can instead | |
be transmitted through other means such as 1) Verifiable Credentials | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-vc-data-model" title="Verifiable Credentials Data Model v1.1">VC-DATA-MODEL</a></cite>], or 2) <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-7">service endpoints</a> under control of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-53">DID | |
subject</a> or <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-31">DID controller</a>. | |
</p> | |
<p> | |
Due diligence is expected to be taken around the use of URLs in <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-8">service | |
endpoints</a> to prevent leakage of personal data or correlation within a URL of | |
a <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-9">service endpoint</a>. For example, a URL that contains a username is | |
dangerous to include in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-204">DID Document</a> because the username is likely to | |
be human-meaningful in a way that can reveal information that the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-54">DID | |
subject</a> did not consent to sharing. With the privacy architecture suggested | |
by this specification, personal data can be exchanged on a private, peer-to-peer | |
basis using communication channels identified and secured by <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-100">verification | |
methods</a> in <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-205">DID documents</a>. This also enables <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-55">DID subjects</a> and | |
requesting parties to implement the <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a> | |
<a href="https://en.wikipedia.org/wiki/Right_to_be_forgotten">right to be | |
forgotten</a>, because no personal data is written to an immutable | |
<a href="#dfn-distributed-ledger-technology" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-distributed-ledger-technology-5">distributed ledger</a>. | |
</p> | |
</section> | |
<section id="did-correlation-risks"><div class="header-wrapper"><h3 id="x10-2-did-correlation-risks"><bdi class="secno">10.2 </bdi>DID Correlation Risks</h3><a class="self-link" href="#did-correlation-risks" aria-label="Permalink for Section 10.2"></a></div> | |
<p> | |
Like any type of globally unambiguous identifier, <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-152">DIDs</a> might be used for | |
correlation. <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-32">DID controllers</a> can mitigate this privacy risk by using | |
pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-153">DIDs</a> that are unique to each relationship; in effect, each | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-154">DID</a> acts as a pseudonym. A pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-155">DID</a> need only be shared with | |
more than one party when correlation is explicitly desired. If pairwise | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-156">DIDs</a> are the default, then the only need to publish a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-157">DID</a> openly, | |
or to share it with multiple parties, is when the <a href="#dfn-did-controllers" id="ref-for-dfn-did-controllers-33">DID controller(s)</a> and/or <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-56">DID subject</a> | |
explicitly desires public identification and correlation. | |
</p> | |
</section> | |
<section id="did-document-correlation-risks"><div class="header-wrapper"><h3 id="x10-3-did-document-correlation-risks"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</h3><a class="self-link" href="#did-document-correlation-risks" aria-label="Permalink for Section 10.3"></a></div> | |
<p> | |
The anti-correlation protections of pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-158">DIDs</a> are easily defeated if | |
the data in the corresponding <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-206">DID documents</a> can be correlated. For | |
example, using identical <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-101">verification methods</a> or bespoke <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-10">service | |
endpoints</a> in multiple <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-207">DID documents</a> can provide as much correlation | |
information as using the same <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-159">DID</a>. Therefore, the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-208">DID document</a> for | |
a pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-160">DID</a> also needs to use pairwise unique information, such as | |
ensuring that <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-102">verification methods</a> are unique to the pairwise | |
relationship. | |
</p> | |
<p> | |
It might seem natural to also use pairwise unique <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-11">service endpoints</a> in | |
the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-209">DID document</a> for a pairwise <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-161">DID</a>. However, unique endpoints | |
allow all traffic between two <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-162">DIDs</a> to be isolated perfectly into unique | |
buckets, where timing correlation and similar analysis is easy. Therefore, a | |
better strategy for endpoint privacy might be to share an endpoint among a large | |
number of <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-163">DIDs</a> controlled by many different subjects (see <a href="#herd-privacy" class="sec-ref"><bdi class="secno">10.5 </bdi>Herd Privacy</a>). | |
</p> | |
</section> | |
<section id="did-subject-classification"><div class="header-wrapper"><h3 id="x10-4-did-subject-classification"><bdi class="secno">10.4 </bdi>DID Subject Classification</h3><a class="self-link" href="#did-subject-classification" aria-label="Permalink for Section 10.4"></a></div> | |
<p> | |
It is dangerous to add properties to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-210">DID document</a> that can be used | |
to indicate, explicitly or through inference, what <em>type</em> or nature of | |
thing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-57">DID subject</a> is, particularly if the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-58">DID subject</a> is a | |
person. | |
</p> | |
<p> | |
Not only do such properties potentially result in personal data (see | |
<a href="#keep-personal-data-private" class="sec-ref"><bdi class="secno">10.1 </bdi>Keep Personal Data Private</a>) or | |
correlatable data (see <a href="#did-correlation-risks" class="sec-ref"> | |
<bdi class="secno">10.2 </bdi>DID Correlation Risks</a> and <a href="#did-document-correlation-risks" class="sec-ref"><bdi class="secno">10.3 </bdi>DID Document Correlation Risks</a>) being present in the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-211">DID document</a>, but they can be used for grouping particular <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-164">DIDs</a> | |
in such a way that they are included in or excluded from certain operations or | |
functionalities. | |
</p> | |
<p> | |
Including <em>type</em> information in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-212">DID Document</a> can | |
result in personal privacy harms even for <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-59">DID Subjects</a> that are | |
non-person entities, such as IoT devices. The aggregation of such | |
information around a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-34">DID Controller</a> could serve as a form of | |
digital fingerprint and this is best avoided. | |
</p> | |
<p> | |
To minimize these risks, all properties in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-213">DID document</a> ought to be | |
for expressing cryptographic material, endpoints, or <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-103">verification methods</a> | |
related to using the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-165">DID</a>. | |
</p> | |
</section> | |
<section id="herd-privacy"><div class="header-wrapper"><h3 id="x10-5-herd-privacy"><bdi class="secno">10.5 </bdi>Herd Privacy</h3><a class="self-link" href="#herd-privacy" aria-label="Permalink for Section 10.5"></a></div> | |
<p> | |
When a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-60">DID subject</a> is indistinguishable from others in the herd, | |
privacy is available. When the act of engaging privately with another party is | |
by itself a recognizable flag, privacy is greatly diminished. | |
</p> | |
<p> | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-166">DIDs</a> and <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-119">DID | |
methods</a> need to work to improve herd privacy, particularly for those who | |
legitimately need it most. Choose technologies and human interfaces that | |
default to preserving anonymity and pseudonymity. To reduce <a href="https://en.wikipedia.org/wiki/Device_fingerprint">digital | |
fingerprints</a>, share common settings across requesting party | |
implementations, keep negotiated options to a minimum on wire protocols, use | |
encrypted transport layers, and pad messages to standard lengths. | |
</p> | |
</section> | |
<section id="service-privacy"><div class="header-wrapper"><h3 id="x10-6-service-privacy"><bdi class="secno">10.6 </bdi>Service Privacy</h3><a class="self-link" href="#service-privacy" aria-label="Permalink for Section 10.6"></a></div> | |
<p> | |
The ability for a <a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-25">controller</a> to optionally express at least one | |
<a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-12">service endpoint</a> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-214">DID document</a> increases their control and | |
agency. Each additional endpoint in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-215">DID document</a> adds privacy risk | |
either due to correlation, such as across endpoint descriptions, or because the | |
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-23">services</a> are not protected by an authorization mechanism, or both. | |
</p> | |
<p> | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-216">DID documents</a> are often public and, since they are standardized, will be | |
stored and indexed efficiently by their very standards-based nature. This risk | |
is worse if <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-217">DID documents</a> are published to immutable <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-12">verifiable data | |
registries</a>. Access to a history of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-218">DID documents</a> referenced by a | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-167">DID</a> represents a form of traffic analysis made more efficient through the | |
use of standards. | |
</p> | |
<p> | |
The degree of additional privacy risk caused by using multiple <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-13">service | |
endpoints</a> in one <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-219">DID document</a> can be difficult to estimate. Privacy | |
harms are typically unintended consequences. <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-168">DIDs</a> can refer to documents, | |
<a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-24">services</a>, schemas, and other things that might be associated with | |
individual people, households, clubs, and employers — and correlation of | |
their <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-14">service endpoints</a> could become a powerful surveillance and | |
inference tool. An example of this potential harm can be seen when multiple | |
common country-level top level domains such as | |
<code>https://example.co.uk</code> might be used to infer the approximate | |
location of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-61">DID subject</a> with a greater degree of probability. | |
</p> | |
<section class="notoc"><div class="header-wrapper"><h4 id="maintaining-herd-privacy">Maintaining Herd Privacy</h4><a class="self-link" href="#maintaining-herd-privacy" aria-label="Permalink for this Section"></a></div> | |
<p> | |
The variety of possible endpoints makes it particularly challenging to maintain | |
herd privacy, in which no information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-62">DID subject</a> is leaked | |
(see <a href="#herd-privacy" class="sec-ref"><bdi class="secno">10.5 </bdi>Herd Privacy</a>). | |
</p> | |
<p> | |
First, because service endpoints might be specified as <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-23">URIs</a>, they could | |
unintentionally leak personal information because of the architecture of the | |
service. For example, a service endpoint of | |
<code>http://example.com/MyFirstName</code> is leaking the term | |
<code>MyFirstName</code> to everyone who can access the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-220">DID document</a>. | |
When linking to legacy systems, this is an unavoidable risk, and care is | |
expected to be taken in such cases. This specification encourages new, | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-169">DID</a>-aware endpoints to use nothing more than the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-170">DID</a> itself for | |
any identification necessary. For example, if a service description were to | |
include <code>http://example.com/did%3Aexample%3Aabc123</code>, no harm would be | |
done because <code>did:example:abc123</code> is already exposed in the DID | |
Document; it leaks no additional information. | |
</p> | |
<p> | |
Second, because a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-221">DID document</a> can list multiple service endpoints, it is | |
possible to irreversibly associate services that are not associated in any other | |
context. This correlation on its own may lead to privacy harms by revealing | |
information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-63">DID subject</a>, even if the <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-24">URIs</a> used did not | |
contain any sensitive information. | |
</p> | |
<p> | |
Third, because some types of <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-64">DID subjects</a> might be more or less likely to | |
list specific endpoints, the listing of a given service could, by itself, leak | |
information that can be used to infer something about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-65">DID subject</a>. | |
For example, a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-171">DID</a> for an automobile might include a pointer to a public | |
title record at the Department of Motor Vehicles, while a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-172">DID</a> for an | |
individual would not include that information. | |
</p> | |
<p> | |
It is the goal of herd privacy to ensure that the nature of specific <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-66">DID | |
subjects</a> is obscured by the population of the whole. To maximize herd | |
privacy, implementers need to rely on one — and only one — service | |
endpoint, with that endpoint providing a proxy or mediator service that the | |
controller is willing to depend on, to protect such associations and to blind | |
requests to the ultimate service. | |
</p> | |
</section> | |
<section class="notoc"><div class="header-wrapper"><h4 id="service-endpoint-alternatives">Service Endpoint Alternatives</h4><a class="self-link" href="#service-endpoint-alternatives" aria-label="Permalink for this Section"></a></div> | |
<p> | |
Given the concerns in the previous section, implementers are urged to | |
consider any of the following service endpoint approaches: | |
</p> | |
<ul> | |
<li> | |
<strong>Negotiator Endpoint</strong> — Service for negotiating mutually | |
agreeable communications channels, preferably using private set intersection. | |
The output of negotiation is a communication channel and whatever credentials | |
might be needed to access it. | |
</li> | |
<li> | |
<strong>Tor Endpoint</strong> (<a href="https://www.torproject.org/about/history/">Tor Onion Router</a>) — | |
Provide a privacy-respecting address for reaching service endpoints. Any service | |
that can be provided online can be provided through TOR for additional | |
privacy. | |
</li> | |
<li> | |
<strong>Mediator Endpoint</strong> — <a href="https://github.com/hyperledger/aries-rfcs/blob/720bdab50e2d0437fda03028c1b17c69781bdd69/concepts/0046-mediators-and-relays/README.md">Mediators</a> | |
provide a generic endpoint, for multiple parties, receive encrypted messages on | |
behalf of those parties, and forward them to the intended recipient. This avoids | |
the need to have a specific endpoint per subject, which could create a | |
correlation risk. This approach is also called a proxy. | |
</li> | |
<li> | |
<strong>Confidential Storage</strong> — Proprietary or confidential | |
personal information might need to be kept off of a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-13">verifiable data | |
registry</a> to provide additional privacy and/or security guarantees, | |
especially for those <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-120">DID methods</a> where <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-222">DID documents</a> are published | |
on a public ledger. Pointing to external resource services provides a means for | |
authorization checks and deletion. | |
</li> | |
<li> | |
<strong>Polymorphic Proxy</strong> — A proxy endpoint that can act as any | |
number of services, depending on how it is called. For example, the same URL | |
could be used for both negotiator and mediator functions, depending on a | |
mechanism for re-routing. | |
</li> | |
</ul> | |
<p> | |
These service endpoint types continue to be an area of innovation and | |
exploration. | |
</p> | |
</section> | |
</section> | |
</section> | |
<section class="appendix" id="examples"><div class="header-wrapper"><h2 id="a-examples"><bdi class="secno">A. </bdi>Examples</h2><a class="self-link" href="#examples" aria-label="Permalink for Appendix A."></a></div> | |
<section class="informative" id="did-documents"><div class="header-wrapper"><h3 id="a-1-did-documents"><bdi class="secno">A.1 </bdi>DID Documents</h3><a class="self-link" href="#did-documents" aria-label="Permalink for Appendix A.1"></a></div><p><em>This section is non-normative.</em></p> | |
<p> | |
See <a href="https://www.w3.org/TR/did-spec-registries/#verification-method-types"> | |
Verification Method Types</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-did-spec-registries" title="DID Specification Registries">DID-SPEC-REGISTRIES</a></cite>] for optional extensions | |
and other verification method types. | |
</p> | |
<div class="note" role="note" id="issue-container-generatedID-15"><div role="heading" class="note-title marker" id="h-note-15" aria-level="4"><span>Note</span></div><p class=""> | |
These examples are for information purposes only, it is considered a best | |
practice to avoid using the same <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-104">verification method</a> for multiple | |
purposes. | |
</p></div> | |
<div class="example" id="example-did-document-with-1-verification-method-type"> | |
<div class="marker"> | |
<a class="self-link" href="#example-did-document-with-1-verification-method-type">Example<bdi> 30</bdi></a><span class="example-title">: DID Document with 1 verification method type</span> | |
</div> <pre aria-busy="false"><code class="hljs json"> { | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/suites/ed25519-2020/v1"</span> | |
], | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"authentication"</span>: [ | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6MkecaLyHuYWkayBDLw5ihndj3T1m6zKTGqau3A51G7RBf3"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span> | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"zAKJP3f7BD6W4iWEQ9jwndVTCBq8ua2Utt8EEjJ6Vxsf"</span> | |
} | |
], | |
<span class="hljs-attr">"capabilityInvocation"</span>: [ | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6MkhdmzFu659ZJ4XKj31vtEDmjvsi5yDZG5L7Caz63oP39k"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span> | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"z4BWwfeqdp1obQptLLMvPNgBw48p7og1ie6Hf9p5nTpNN"</span> | |
} | |
], | |
<span class="hljs-attr">"capabilityDelegation"</span>: [ | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6Mkw94ByR26zMSkNdCUi6FNRsWnc2DFEeDXyBGJ5KTzSWyi"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span> | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"zHgo9PAmfeoxHG8Mn2XHXamxnnSwPpkyBHAMNF3VyXJCL"</span> | |
} | |
], | |
<span class="hljs-attr">"assertionMethod"</span>: [ | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#z6MkiukuAuQAE8ozxvmahnQGzApvtW7KT5XXKfojjwbdEomY"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2020"</span>, <span class="hljs-comment">// external (property value)</span> | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyMultibase"</span>: <span class="hljs-string">"z5TVraf9itbKXrRvt2DSS95Gw4vqU3CHAdetoufdcKazA"</span> | |
} | |
] | |
}</code></pre> | |
</div> | |
<div class="example" id="example-did-document-with-many-different-key-types"> | |
<div class="marker"> | |
<a class="self-link" href="#example-did-document-with-many-different-key-types">Example<bdi> 31</bdi></a><span class="example-title">: DID Document with many different key types</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/suites/jws-2020/v1"</span> | |
], | |
<span class="hljs-attr">"verificationMethod"</span>: [ | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-0"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"OKP"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"Ed25519"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-1"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"OKP"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"X25519"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"pE_mG098rdQjY3MKK2D5SUQ6ZOEW3a6Z6T7Z4SgnzCE"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-2"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"secp256k1"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Z4Y3NNOxv0J6tCgqOBFnHnaZhJF6LdulT7z8A-2D5_8"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"i5a2NtJoUKXkLm6q8nOEu9WOkso1Ag6FTUT6k_LMnGk"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-3"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"secp256k1"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"U1V4TVZVMUpUa0ZVU1NBcU9CRm5IbmFaaEpGNkxkdWx"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"i5a2NtJoUKXkLm6q8nOEu9WOkso1Ag6FTUT6k_LMnGk"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-4"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-256"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Ums5WVgwRkRTVVFnU3k5c2xvZllMbEcwM3NPRW91ZzN"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-5"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-384"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"VUZKSlUwMGdpSXplekRwODhzX2N4U1BYdHVYWUZsaXVDR25kZ1U0UXA4bDkxeHpE"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"jq4QoAHKiIzezDp88s_cxSPXtuXYFliuCGndgU4Qp8l91xzD1spCmFIzQgVjqvcP"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-6"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-521"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"VTI5c1lYSmZWMmx1WkhNZ0dQTXhaYkhtSnBEU3UtSXZwdUtpZ0VOMnB6Z1d0U28tLVJ3ZC1uNzhuclduWnplRGMx"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"UW5WNVgwSnBkR052YVc0Z1VqY1B6LVpoZWNaRnliT3FMSUpqVk9sTEVUSDd1UGx5RzBnRW9NV25JWlhoUVZ5cFB5"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-7"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"RSA"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"e"</span>: <span class="hljs-string">"AQAB"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"n"</span>: <span class="hljs-string">"UkhWaGJGOUZRMTlFVWtKSElBdENGV2hlU1F2djFNRXh1NVJMQ01UNGpWazlraEpLdjhKZU1YV2UzYldIYXRqUHNrZGYyZGxhR2tXNVFqdE9uVUtMNzQybXZyNHRDbGRLUzNVTElhVDFoSkluTUhIeGoyZ2N1Yk82ZUVlZ0FDUTRRU3U5TE8wSC1MTV9MM0RzUkFCQjdRamE4SGVjcHl1c3BXMVR1X0RicXhjU253ZW5kYW13TDUyVjE3ZUtobE80dVh3djJIRmx4dWZGSE0wS21DSnVqSUt5QXhqRF9tM3FfX0lpSFVWSEQxdERJRXZMUGhHOUF6c24zajk1ZC1zYU"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
} | |
] | |
}</code></pre> | |
</div> | |
<div class="example" id="example-did-document-with-different-verification-method-types"> | |
<div class="marker"> | |
<a class="self-link" href="#example-did-document-with-different-verification-method-types">Example<bdi> 32</bdi></a><span class="example-title">: DID Document with different verification method types</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/ns/did/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/suites/ed25519-2018/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/suites/x25519-2019/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/suites/secp256k1-2019/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/suites/jws-2020/v1"</span> | |
], | |
<span class="hljs-attr">"verificationMethod"</span>: [ | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-0"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519VerificationKey2018"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"3M5RCDjPTWPkKSN3sxUmmMqHbmRPegYP1tjcKyrDbt9J"</span> <span class="hljs-comment">// external (property name)</span> | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-1"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"X25519KeyAgreementKey2019"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"FbQWLPRhTH95MCkQUeFYdiSoQt8zMwetqfWoxqPgaq7x"</span> <span class="hljs-comment">// external (property name)</span> | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-2"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"EcdsaSecp256k1VerificationKey2019"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyBase58"</span>: <span class="hljs-string">"ns2aFDq25fEV1NUd3wZ65sgj5QjFW8JCAHdUJfLwfodt"</span> <span class="hljs-comment">// external (property name)</span> | |
}, | |
{ | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123#key-3"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebKey2020"</span>, | |
<span class="hljs-attr">"controller"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"publicKeyJwk"</span>: { | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"EC"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"P-256"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Er6KSSnAjI70ObRWhlaMgqyIOQYrDJTE94ej5hybQ2M"</span>, <span class="hljs-comment">// external (property name)</span> | |
<span class="hljs-attr">"y"</span>: <span class="hljs-string">"pPVzCOTJwgikPjuUE6UebfZySqEJ0ZtsWFpj7YSPGEk"</span> <span class="hljs-comment">// external (property name)</span> | |
} | |
} | |
] | |
}</code></pre> | |
</div> | |
</section> | |
<section class="informative" id="proving"><div class="header-wrapper"><h3 id="a-2-proving"><bdi class="secno">A.2 </bdi>Proving</h3><a class="self-link" href="#proving" aria-label="Permalink for Appendix A.2"></a></div><p><em>This section is non-normative.</em></p> | |
<div class="note" role="note" id="issue-container-generatedID-16"><div role="heading" class="note-title marker" id="h-note-16" aria-level="4"><span>Note</span></div><p class=""> | |
These examples are for information purposes only. See | |
<a href="https://www.w3.org/TR/vc-data-model/"><abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials Data | |
Model</a> for additional examples. | |
</p></div> | |
<div class="example" id="example-verifiable-credential-linked-to-a-verification-method-of-type-ed25519verificationkey2020"> | |
<div class="marker"> | |
<a class="self-link" href="#example-verifiable-credential-linked-to-a-verification-method-of-type-ed25519verificationkey2020">Example<bdi> 33</bdi></a><span class="example-title">: Verifiable Credential linked to a verification method of type Ed25519VerificationKey2020</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span> | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/citizenship/v1"</span> | |
], | |
<span class="hljs-attr">"type"</span>: [ | |
<span class="hljs-string">"VerifiableCredential"</span>, | |
<span class="hljs-string">"PermanentResidentCard"</span> | |
], | |
<span class="hljs-attr">"credentialSubject"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"type"</span>: [ | |
<span class="hljs-string">"PermanentResident"</span>, | |
<span class="hljs-string">"Person"</span> | |
], | |
<span class="hljs-attr">"givenName"</span>: <span class="hljs-string">"JOHN"</span>, | |
<span class="hljs-attr">"familyName"</span>: <span class="hljs-string">"SMITH"</span>, | |
<span class="hljs-attr">"gender"</span>: <span class="hljs-string">"Male"</span>, | |
<span class="hljs-attr">"image"</span>: <span class="hljs-string">"data:image/png;base64,iVBORw0KGgo...kJggg=="</span>, | |
<span class="hljs-attr">"residentSince"</span>: <span class="hljs-string">"2015-01-01"</span>, | |
<span class="hljs-attr">"lprCategory"</span>: <span class="hljs-string">"C09"</span>, | |
<span class="hljs-attr">"lprNumber"</span>: <span class="hljs-string">"000-000-204"</span>, | |
<span class="hljs-attr">"commuterClassification"</span>: <span class="hljs-string">"C1"</span>, | |
<span class="hljs-attr">"birthCountry"</span>: <span class="hljs-string">"Bahamas"</span>, | |
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"1958-08-17"</span> | |
}, | |
<span class="hljs-attr">"issuer"</span>: <span class="hljs-string">"did:example:456"</span>, | |
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2020-04-22T10:37:22Z"</span>, | |
<span class="hljs-attr">"identifier"</span>: <span class="hljs-string">"83627465"</span>, | |
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"Permanent Resident Card"</span>, | |
<span class="hljs-attr">"description"</span>: <span class="hljs-string">"Government of Example Permanent Resident Card."</span>, | |
<span class="hljs-attr">"proof"</span>: { | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"Ed25519Signature2018"</span>, | |
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2020-04-22T10:37:22Z"</span>, | |
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:456#key-1"</span>, | |
<span class="hljs-attr">"jws"</span>: <span class="hljs-string">"eyJjcml0IjpbImI2NCJdLCJiNjQiOmZhbHNlLCJhbGciOiJFZERTQSJ9..BhWew0x-txcroGjgdtK-yBCqoetg9DD9SgV4245TmXJi-PmqFzux6Cwaph0r-mbqzlE17yLebjfqbRT275U1AA"</span> | |
} | |
}</code></pre> | |
</div> | |
<div class="example" id="example-verifiable-credential-linked-to-a-verification-method-of-type-jsonwebkey2020"> | |
<div class="marker"> | |
<a class="self-link" href="#example-verifiable-credential-linked-to-a-verification-method-of-type-jsonwebkey2020">Example<bdi> 34</bdi></a><span class="example-title">: Verifiable Credential linked to a verification method of type JsonWebKey2020</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span> | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>, | |
<span class="hljs-string">"https://www.w3.org/2018/credentials/examples/v1"</span> | |
], | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"http://example.gov/credentials/3732"</span>, | |
<span class="hljs-attr">"type"</span>: [<span class="hljs-string">"VerifiableCredential"</span>, <span class="hljs-string">"UniversityDegreeCredential"</span>], | |
<span class="hljs-attr">"issuer"</span>: { <span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span> }, | |
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2020-03-10T04:24:12.164Z"</span>, | |
<span class="hljs-attr">"credentialSubject"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>, | |
<span class="hljs-attr">"degree"</span>: { | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BachelorDegree"</span>, | |
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"Bachelor of Science and Arts"</span> | |
} | |
}, | |
<span class="hljs-attr">"proof"</span>: { | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"JsonWebSignature2020"</span>, | |
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2020-02-15T17:13:18Z"</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"</span>, | |
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>, | |
<span class="hljs-attr">"jws"</span>: <span class="hljs-string">"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..Y0KqovWCPAeeFhkJxfQ22pbVl43Z7UI-X-1JX32CA9MkFHkmNprcNj9Da4Q4QOl0cY3obF8cdDRdnKr0IwNrAw"</span> | |
} | |
}</code></pre> | |
</div> | |
<div class="example" id="example-verifiable-credential-linked-to-a-bls12381-verification-method"> | |
<div class="marker"> | |
<a class="self-link" href="#example-verifiable-credential-linked-to-a-bls12381-verification-method">Example<bdi> 35</bdi></a><span class="example-title">: Verifiable Credential linked to a bls12381 verification method</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span> | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/bbs/v1"</span>, | |
{ | |
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"https://schema.org/name"</span>, | |
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"https://schema.org/birthDate"</span> | |
} | |
], | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"urn:uuid:c499e122-3ba9-4e95-8d4d-c0ebfcf8c51a"</span>, | |
<span class="hljs-attr">"type"</span>: [<span class="hljs-string">"VerifiableCredential"</span>], | |
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2021-02-07T16:02:08.571Z"</span>, | |
<span class="hljs-attr">"issuer"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span> | |
}, | |
<span class="hljs-attr">"credentialSubject"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>, | |
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"John Smith"</span>, | |
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"2021-02-07"</span> | |
}, | |
<span class="hljs-attr">"proof"</span>: { | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BbsBlsSignature2020"</span>, | |
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2021-02-07T16:02:10Z"</span>, | |
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>, | |
<span class="hljs-attr">"proofValue"</span>: <span class="hljs-string">"o7zD2eNTp657YzkJLub+IO4Zqy/R3Lv/AWmtSA/kUlEAOa73BNyP1vOeoow35jkABolx4kYMKkp/ZsFDweuKwe/p9vxv9wrMJ9GpiOZjHcpjelDRRJLBiccg9Yv7608mHgH0N1Qrj14PZ2saUlfhpQ=="</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:123#bls12381-g2-key"</span> | |
} | |
}</code></pre> | |
</div> | |
<div class="example" id="example-verifiable-credential-selective-disclosure-zero-knowledge-proof-linked-to-a-bls12381-verification-method"> | |
<div class="marker"> | |
<a class="self-link" href="#example-verifiable-credential-selective-disclosure-zero-knowledge-proof-linked-to-a-bls12381-verification-method">Example<bdi> 36</bdi></a><span class="example-title">: Verifiable Credential selective disclosure zero knowledge proof linked to a bls12381 verification method</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span> | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>, | |
<span class="hljs-string">"https://w3id.org/security/bbs/v1"</span>, | |
{ | |
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"https://schema.org/name"</span>, | |
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"https://schema.org/birthDate"</span> | |
} | |
], | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"urn:uuid:c499e122-3ba9-4e95-8d4d-c0ebfcf8c51a"</span>, | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"VerifiableCredential"</span>, | |
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2021-02-07T16:02:08.571Z"</span>, | |
<span class="hljs-attr">"issuer"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span> | |
}, | |
<span class="hljs-attr">"credentialSubject"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>, | |
<span class="hljs-attr">"birthDate"</span>: <span class="hljs-string">"2021-02-07"</span> | |
}, | |
<span class="hljs-attr">"proof"</span>: { | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BbsBlsSignatureProof2020"</span>, | |
<span class="hljs-attr">"created"</span>: <span class="hljs-string">"2021-02-07T16:02:10Z"</span>, | |
<span class="hljs-attr">"nonce"</span>: <span class="hljs-string">"OqZHsV/aunS34BhLaSoxiHWK+SUaG4iozM3V+1jO06zRRNcDWID+I0uwtPJJ767Yo8Q="</span>, | |
<span class="hljs-attr">"proofPurpose"</span>: <span class="hljs-string">"assertionMethod"</span>, | |
<span class="hljs-attr">"proofValue"</span>: <span class="hljs-string">"AAsH34lcKsqaqPaLQWcnLMe3mDM+K7fZM0t4Iesfj7BhD//HBtuWCmZE946BqW7OHYU106MP8mLntutqB8FyGwS7AOyK+5/7iW6JwLNVCvh4Nt3IaF3AN47fqVs2VikD9DiCsaFAUU6ISj5pbad8O+6jiT9Yw6ug8t8vJn3XHvMUhCPnDZJeBEdKD1qo4Z0LOq3L8QAAAHSEgtC9BoZL2MLjz4QuPxpwbhTTRC08MIUjdJnP4JUtz6163Lsl3rpadGu2d3Te7loAAAACZBD4YWOgV0xpPoYZ5vywNA5/NTeDHDbX36gvoV5RDJtY1SLU2LN/IDPZGrfhEiASbD1/QXqj8dod6FbjBs9m/LchBcy7z4yDBv/8DnBzDJ9dEaM4bDjpwmqtgJqha2kwtlyNog67xG9tNjnp5rrbIgAAAANMVanwWmlkg5I/f1M2QJ5GRvQiBL4lyL5sttxwIOalbTZP8VqWtFJI54xMNjTiK71aFWWN8SlNEwfVIX34HO5zBIb6fvc+Or21ubYllT9eXv1epl2o2CojuieCZyxE8/Q="</span>, | |
<span class="hljs-attr">"verificationMethod"</span>: <span class="hljs-string">"did:example:123#bls12381-g2-key"</span> | |
} | |
}</code></pre> | |
</div> | |
<div class="example" id="example-verifiable-credential-as-decoded-jwt"> | |
<div class="marker"> | |
<a class="self-link" href="#example-verifiable-credential-as-decoded-jwt">Example<bdi> 37</bdi></a><span class="example-title">: Verifiable Credential as Decoded JWT</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span> | |
<span class="hljs-attr">"protected"</span>: { | |
<span class="hljs-attr">"kid"</span>: <span class="hljs-string">"did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"</span>, | |
<span class="hljs-attr">"alg"</span>: <span class="hljs-string">"EdDSA"</span> | |
}, | |
<span class="hljs-attr">"payload"</span>: { | |
<span class="hljs-attr">"iss"</span>: <span class="hljs-string">"did:example:123"</span>, | |
<span class="hljs-attr">"sub"</span>: <span class="hljs-string">"did:example:456"</span>, | |
<span class="hljs-attr">"vc"</span>: { | |
<span class="hljs-attr">"@context"</span>: [ | |
<span class="hljs-string">"https://www.w3.org/2018/credentials/v1"</span>, | |
<span class="hljs-string">"https://www.w3.org/2018/credentials/examples/v1"</span> | |
], | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"http://example.gov/credentials/3732"</span>, | |
<span class="hljs-attr">"type"</span>: [ | |
<span class="hljs-string">"VerifiableCredential"</span>, | |
<span class="hljs-string">"UniversityDegreeCredential"</span> | |
], | |
<span class="hljs-attr">"issuer"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:123"</span> | |
}, | |
<span class="hljs-attr">"issuanceDate"</span>: <span class="hljs-string">"2020-03-10T04:24:12.164Z"</span>, | |
<span class="hljs-attr">"credentialSubject"</span>: { | |
<span class="hljs-attr">"id"</span>: <span class="hljs-string">"did:example:456"</span>, | |
<span class="hljs-attr">"degree"</span>: { | |
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"BachelorDegree"</span>, | |
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"Bachelor of Science and Arts"</span> | |
} | |
} | |
}, | |
<span class="hljs-attr">"jti"</span>: <span class="hljs-string">"http://example.gov/credentials/3732"</span>, | |
<span class="hljs-attr">"nbf"</span>: <span class="hljs-number">1583814252</span> | |
}, | |
<span class="hljs-attr">"signature"</span>: <span class="hljs-string">"qSv6dpZJGFybtcifLwGf4ujzlEu-fam_M7HPxinCbVhz9iIJCg70UMeQbPa1ex6BmQ2tnSS7F11FHnMB2bJRAw"</span> | |
}</code></pre> | |
</div> | |
</section> | |
<section class="informative" id="encrypting"><div class="header-wrapper"><h3 id="a-3-encrypting"><bdi class="secno">A.3 </bdi>Encrypting</h3><a class="self-link" href="#encrypting" aria-label="Permalink for Appendix A.3"></a></div><p><em>This section is non-normative.</em></p> | |
<div class="note" role="note" id="issue-container-generatedID-17"><div role="heading" class="note-title marker" id="h-note-17" aria-level="4"><span>Note</span></div><p class=""> | |
These examples are for information purposes only, it is considered a best | |
practice to avoid dislosing unnecessary information in JWE headers. | |
</p></div> | |
<div class="example" id="example-jwe-linked-to-a-verification-method-via-kid"> | |
<div class="marker"> | |
<a class="self-link" href="#example-jwe-linked-to-a-verification-method-via-kid">Example<bdi> 38</bdi></a><span class="example-title">: JWE linked to a verification method via kid</span> | |
</div> <pre aria-busy="false"><code class="hljs json">{ <span class="hljs-comment">// external (all terms in this example)</span> | |
<span class="hljs-attr">"ciphertext"</span>: <span class="hljs-string">"3SHQQJajNH6q0fyAHmw..."</span>, | |
<span class="hljs-attr">"iv"</span>: <span class="hljs-string">"QldSPLVnFf2-VXcNLza6mbylYwphW57Q"</span>, | |
<span class="hljs-attr">"protected"</span>: <span class="hljs-string">"eyJlbmMiOiJYQzIwUCJ9"</span>, | |
<span class="hljs-attr">"recipients"</span>: [ | |
{ | |
<span class="hljs-attr">"encrypted_key"</span>: <span class="hljs-string">"BMJ19zK12YHftJ4sr6Pz1rX1HtYni_L9DZvO1cEZfRWDN2vXeOYlwA"</span>, | |
<span class="hljs-attr">"header"</span>: { | |
<span class="hljs-attr">"alg"</span>: <span class="hljs-string">"ECDH-ES+A256KW"</span>, | |
<span class="hljs-attr">"apu"</span>: <span class="hljs-string">"Tx9qG69ZfodhRos-8qfhTPc6ZFnNUcgNDVdHqX1UR3s"</span>, | |
<span class="hljs-attr">"apv"</span>: <span class="hljs-string">"ZGlkOmVsZW06cm9wc3RlbjpFa..."</span>, | |
<span class="hljs-attr">"epk"</span>: { | |
<span class="hljs-attr">"crv"</span>: <span class="hljs-string">"X25519"</span>, | |
<span class="hljs-attr">"kty"</span>: <span class="hljs-string">"OKP"</span>, | |
<span class="hljs-attr">"x"</span>: <span class="hljs-string">"Tx9qG69ZfodhRos-8qfhTPc6ZFnNUcgNDVdHqX1UR3s"</span> | |
}, | |
<span class="hljs-attr">"kid"</span>: <span class="hljs-string">"did:example:123#zC1Rnuvw9rVa6E5TKF4uQVRuQuaCpVgB81Um2u17Fu7UK"</span> | |
} | |
} | |
], | |
<span class="hljs-attr">"tag"</span>: <span class="hljs-string">"xbfwwDkzOAJfSVem0jr1bA"</span> | |
}</code></pre> | |
</div> | |
</section> | |
</section> | |
<section class="appendix" id="architectural-considerations"><div class="header-wrapper"><h2 id="b-architectural-considerations"><bdi class="secno">B. </bdi>Architectural Considerations</h2><a class="self-link" href="#architectural-considerations" aria-label="Permalink for Appendix B."></a></div> | |
<section id="detailed-architecture-diagram"><div class="header-wrapper"><h3 id="b-1-detailed-architecture-diagram"><bdi class="secno">B.1 </bdi>Detailed Architecture Diagram</h3><a class="self-link" href="#detailed-architecture-diagram" aria-label="Permalink for Appendix B.1"></a></div> | |
<p> | |
Following is a diagram showing the relationships among | |
<a href="#data-model" class="sec-ref"><bdi class="secno">4. </bdi>Data Model</a>, <a href="#core-properties" class="sec-ref"><bdi class="secno">5. </bdi>Core Properties</a>, and | |
<a href="#methods" class="sec-ref"><bdi class="secno">8. </bdi>Methods</a>, and <a href="#resolution" class="sec-ref"><bdi class="secno">7. </bdi>Resolution</a>. | |
</p> | |
<figure id="detailed-architecture-overview"> | |
<img style="margin: auto; display: block; width: 90%;" src="diagrams/did_detailed_architecture_overview.svg" alt=" | |
DIDs and DID documents are recorded on a Verifiable Data Registry; DIDs resolve | |
to DID documents; DIDs refer to DID subjects; a DID controller controls a DID | |
document; DID URLs contains a DID; DID URLs dereferenced to DID document | |
fragments or external resources; DID resolver implements resolve function; DID | |
URL dereferencer implements dereferencing function; DID method operates a | |
Verfiable Data Registry; DID resolver and DID URL dereferencer instruct a DID | |
method. | |
" height="778" width="1121"> | |
<figcaption>Figure <bdi class="figno">7</bdi> <span class="fig-title"> | |
Detailed overview of DID architecture and the relationship of the basic components. | |
</span></figcaption> | |
</figure> | |
</section> | |
<section id="creation-of-a-did"><div class="header-wrapper"><h3 id="b-2-creation-of-a-did"><bdi class="secno">B.2 </bdi>Creation of a DID</h3><a class="self-link" href="#creation-of-a-did" aria-label="Permalink for Appendix B.2"></a></div> | |
<p> | |
The creation of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-173">DID</a> is a process that is defined by each <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-121">DID | |
Method</a>. Some <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-122">DID Methods</a>, such as <code>did:key</code>, are purely | |
generative, such that a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-174">DID</a> and a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-223">DID document</a> are generated by | |
transforming a single piece of cryptographic material into a conformant | |
<a href="#dfn-representations" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-representations-73">representation</a>. Other <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-123">DID methods</a> might require the use of a | |
<a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-14">verifiable data registry</a>, where the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-175">DID</a> and <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-224">DID document</a> | |
are recognized to exist by third parties only when the registration has been | |
completed, as defined by the respective <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-124">DID method</a>. Other processes | |
might be defined by the respective <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-125">DID method</a>. | |
</p> | |
</section> | |
<section id="determining-the-did-subject"><div class="header-wrapper"><h3 id="b-3-determining-the-did-subject"><bdi class="secno">B.3 </bdi>Determining the DID subject</h3><a class="self-link" href="#determining-the-did-subject" aria-label="Permalink for Appendix B.3"></a></div> | |
<p> | |
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-176">DID</a> is a specific type of URI (Uniform Resource Identifier), so a | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-177">DID</a> can refer to any resource. Per [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc3986" title="Uniform Resource Identifier (URI): Generic Syntax">RFC3986</a></cite>]: | |
</p> | |
<blockquote> | |
the term "resource" is used in a general sense for whatever might be | |
identified by a URI. [...] A resource is not necessarily | |
accessible via the Internet. | |
</blockquote> | |
<p> | |
Resources can be digital or physical, abstract or concrete. Any resource that | |
can be assigned a URI can be assigned a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-178">DID</a>. The resource referred to | |
by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-179">DID</a> is the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-67">DID subject</a>. | |
</p> | |
<p> | |
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-35">DID controller</a> determines the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-68">DID subject</a>. | |
It is not expected to be possible to determine the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-69">DID subject</a> | |
from looking at the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-180">DID</a> itself, as <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-181">DIDs</a> are generally | |
only meaningful to machines, not human. A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-182">DID</a> is unlikely to contain | |
any information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-70">DID subject</a>, so further information | |
about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-71">DID subject</a> is only discoverable by resolving the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-183">DID</a> | |
to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-225">DID document</a>, obtaining a verifiable credential about the | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-184">DID</a>, or via some other description of the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-185">DID</a>. | |
</p> | |
<p> | |
While the value of the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-10">id</a></code> property in the retrieved | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-226">DID document</a> must always match the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-186">DID</a> being resolved, whether | |
or not the actual resource to which the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-187">DID</a> refers can change over time | |
is dependent upon the <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-126">DID method</a>. For example, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-127">DID method</a> | |
that permits the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-72">DID subject</a> to change could be used to generate a | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-188">DID</a> for the current occupant of a particular role—such as the CEO | |
of a company—where the actual person occupying the role can be different | |
depending on when the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-189">DID</a> is resolved. | |
</p> | |
</section> | |
<section id="referring-to-the-did-document"><div class="header-wrapper"><h3 id="b-4-referring-to-the-did-document"><bdi class="secno">B.4 </bdi>Referring to the DID document</h3><a class="self-link" href="#referring-to-the-did-document" aria-label="Permalink for Appendix B.4"></a></div> | |
<p> | |
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-190">DID</a> refers to the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-73">DID subject</a> and <em>resolves to</em> the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-227">DID document</a> (by following the protocol specified by the | |
<a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-128">DID method</a>). The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-228">DID document</a> is not a separate resource from | |
the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-74">DID subject</a> and does not have a <a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-25">URI</a> separate from the | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-191">DID</a>. Rather the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-229">DID document</a> is an artifact of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-18">DID | |
resolution</a> controlled by the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-36">DID controller</a> for the purpose of | |
describing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-75">DID subject</a>. | |
</p> | |
<p> | |
This distinction is illustrated by the graph model shown below. | |
</p> | |
<figure id="did-and-did-document-graph"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-a.1-did-and-did-document-graph.svg" alt=" | |
Diagram showing a graph model for how DID controllers assign DIDs to refer to | |
DID subjects and resolve to DID documents that describe the DID subjects. | |
" height="495" width="667"> | |
<figcaption>Figure <bdi class="figno">8</bdi> <span class="fig-title"> | |
A <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-192">DID</a> is an identifier assigned by a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-37">DID controller</a> to refer to | |
a <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-76">DID subject</a> and resolve to a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-230">DID document</a> that describes the | |
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-77">DID subject</a>. The <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-231">DID document</a> is an artifact of <a href="#dfn-did-resolution" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-resolution-19">DID | |
resolution</a> and not a separate resource distinct from the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-78">DID subject</a>. | |
See also: <a class="longdesc-link" href="#did-and-did-document-graph-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="did-and-did-document-graph-longdesc"> | |
Two filled black circles appear at the top of the diagram, one on the left, | |
labeled "DID Controller", and one on the right, labeled "DID Subject". A | |
rectangle, with lower right corner bent inwards to form a small triangle, | |
appears below, containing the label "DID Document". Arrows extend between these | |
three items, as follows. A solid red arrow points directly from the DID | |
Controller circle, rightwards to the DID Subject circle, labeled "DID" above it | |
in large font, and "Identifies" below it in small italic font. The other arrow | |
labels are also in small italic font. A dotted red arrow, labeled "Resolves | |
to", extends from DID Controller, starting in the same line as the first arrow, | |
then curving downward to point to the DID Document rectangle. A green arrow, | |
labeled "Controls", points directly from DID Controller to DID Document. A | |
green arrow labeled "Controller" points in the opposite direction, from DID | |
Document to DID Controller, making an arc outward to the left of the diagram. A | |
blue arrow, labeled, "Describes" points directly from DID Document to DID | |
Subject. | |
</div> | |
</section> | |
<section id="statements-in-the-did-document"><div class="header-wrapper"><h3 id="b-5-statements-in-the-did-document"><bdi class="secno">B.5 </bdi>Statements in the DID document</h3><a class="self-link" href="#statements-in-the-did-document" aria-label="Permalink for Appendix B.5"></a></div> | |
<p> | |
Each property in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-232">DID document</a> is a statement by the | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-38">DID controller</a> that describes: | |
</p> | |
<ul> | |
<li> | |
The string of characters defining identifiers for the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-79">DID subject</a> | |
(e.g., the <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-11">id</a></code> and <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-9">alsoKnownAs</a></code> | |
properties) | |
</li> | |
<li> | |
How to interact with the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-80">DID subject</a> (e.g., the | |
<code><a href="#dfn-verificationmethod" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verificationmethod-2">verificationMethod</a></code> and <code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-25">service</a></code> | |
properties). | |
</li> | |
<li> | |
How to interpret the specific representation of the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-233">DID document</a> | |
(e.g., the <code>@context</code> property for a JSON-LD representation). | |
</li> | |
</ul> | |
<p> | |
The only required property in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-234">DID document</a> is <code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-12">id</a></code>, | |
so that is the only statement guaranteed to be in a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-235">DID document</a>. | |
That statement is illustrated in <a href="#did-and-did-document-graph" class="fig-ref" title="A DID is an identifier assigned by a DID controller to refer to a DID subject and resolve to a DID document that describes the DID subject. The DID document is an artifact of DID resolution and not a separate resource distinct from the DID subject. See also: narrative description.">Figure <bdi class="figno">8</bdi></a> | |
with a direct link between the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-193">DID</a> and the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-81">DID subject</a>. | |
</p> | |
</section> | |
<section id="discovering-more-information-about-the-did-subject"><div class="header-wrapper"><h3 id="b-6-discovering-more-information-about-the-did-subject"><bdi class="secno">B.6 </bdi>Discovering more information about the DID subject</h3><a class="self-link" href="#discovering-more-information-about-the-did-subject" aria-label="Permalink for Appendix B.6"></a></div> | |
<p> | |
Options for discovering more information about the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-82">DID subject</a> depend | |
on the properties present in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-236">DID document</a>. If the | |
<code><a href="#dfn-service" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-26">service</a></code> property is present, more information can be | |
requested from a <a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-15">service endpoint</a>. For example, by querying a | |
<a href="#dfn-service-endpoints" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-service-endpoints-16">service endpoint</a> that supports verifiable credentials for one or more | |
claims (attributes) describing the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-83">DID subject</a>. | |
</p> | |
<p> | |
Another option is to use the <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-10">alsoKnownAs</a></code> property if it | |
is present in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-237">DID document</a>. The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-39">DID controller</a> can use it | |
to provide a list of other URIs (including other <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-194">DIDs</a>) that refer to | |
the same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-84">DID subject</a>. Resolving or dereferencing these URIs might yield | |
other descriptions or representations of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-85">DID subject</a> as | |
illustrated in the figure below. | |
</p> | |
<figure id="alsoKnownAs-graph"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-a.2-also-known-as-graph.svg" alt=" | |
Diagram showing a graph model, with an | |
alsoKnownAs property with an arc to another node representing a | |
different resource that dereferences to another description of the | |
DID subject. | |
" height="586" width="722"> | |
<figcaption>Figure <bdi class="figno">9</bdi> <span class="fig-title"> | |
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-238">DID document</a> can use the alsoKnownAs property to assert that another | |
<a href="#dfn-uri" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-uri-26">URI</a> (including, but not necessarily, another <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-195">DID</a>) refers to the | |
same <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-86">DID subject</a>. See also: <a class="longdesc-link" href="#alsoKnownAs-graph-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="alsoKnownAs-graph-longdesc"> | |
The diagram contains three small black filled circles, two rectangles with bent | |
corners, arrows between them, and labels, as follows. On the upper left is a | |
circle labeled "DID Controller". On the upper right is a circle labeled "DID | |
Subject". On the lower-middle right is a circle without a label. On the lower | |
right is a rectangle labeled "Description". In the center of the diagram is a | |
rectangle labeled "DID Document". Inside the DID Document rectangle, beneath | |
its label, is two lines of code: "alsoKnownAs: [", and "URI]". A black arrow | |
extends from the second line, to the right, crossing the rectangle border, | |
pointing to the unlabeled circle at the right of the diagram. This arrow is | |
labeled above it in large font, "URI", and below it in italic, "Identifies". A | |
black arrow points from the unlabeled circle downwards to the Description | |
rectangle, labeled "Dereferences to". A blue arrow, labeled "Describes", | |
extends from Description, arcing on the right, pointing up to DID Subject. A | |
blue arrow, also labeled "Describes", points directly from the rectangle, | |
labeled "DID Document", in the center of the diagram, up and to the right to the | |
DID Subject circle. A red arrow, labeled "alsoKnownAs", points from DID Subject | |
down to the unlabeled circle. A red arrow, labeled "DID" above it in large font, | |
and "Identifies" below it in italic font, lies at the top of the image, pointing | |
from DID Controller to DID Subject. A dotted red line starts in the same place | |
but branches off and curves downward to point to the DID Document rectangle at | |
the center of the image. A green arrow, labeled "Controls", points directly | |
from DID Controller to DID Document. Another green arrow points in the opposite | |
direction, labeled "Controller", curving outwards on the left of the image, | |
from DID Document to DID Controller. | |
</div> | |
</section> | |
<section id="serving-a-representation-of-the-did-subject"><div class="header-wrapper"><h3 id="b-7-serving-a-representation-of-the-did-subject"><bdi class="secno">B.7 </bdi>Serving a representation of the DID subject</h3><a class="self-link" href="#serving-a-representation-of-the-did-subject" aria-label="Permalink for Appendix B.7"></a></div> | |
<p> | |
If the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-87">DID subject</a> is a digital resource that can be retrieved | |
from the internet, a <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-129">DID method</a> can choose to construct a <a href="#dfn-did-urls" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-urls-37">DID URL</a> | |
which returns a representation of the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-88">DID subject</a> itself. For example, | |
a data schema that needs a persistent, cryptographically verifiable identifier | |
could be assigned a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-196">DID</a>, and passing a specified DID parameter (see | |
<a href="#did-parameters" class="sec-ref"><bdi class="secno">3.2.1 </bdi>DID Parameters</a>) could be used as a standard way to retrieve a | |
representation of that schema. | |
</p> | |
<p> | |
Similarly, a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-197">DID</a> can be used to refer to a digital resource (such as | |
an image) that can be returned directly from a <a href="#dfn-verifiable-data-registry" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verifiable-data-registry-15">verifiable data registry</a> | |
if that functionality is supported by the applicable <a href="#dfn-did-methods" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-methods-130">DID method</a>. | |
</p> | |
</section> | |
<section id="assigning-dids-to-existing-web-resources"><div class="header-wrapper"><h3 id="b-8-assigning-dids-to-existing-web-resources"><bdi class="secno">B.8 </bdi>Assigning DIDs to existing web resources</h3><a class="self-link" href="#assigning-dids-to-existing-web-resources" aria-label="Permalink for Appendix B.8"></a></div> | |
<p> | |
If the controller of a web page or any other web resource wants to | |
assign it a persistent, cryptographically verifiable identifier, the | |
controller can give it a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-198">DID</a>. For example, the author of a blog | |
hosted by a blog hosting company (under that hosting company's domain) | |
could create a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-199">DID</a> for the blog. In the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-239">DID document</a>, the | |
author can include the <code><a href="#dfn-alsoknownas" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-alsoknownas-11">alsoKnownAs</a></code> property pointing to | |
the current URL of the blog, e.g.: | |
</p> | |
<code> | |
"alsoKnownAs": ["https://myblog.blogging-host.example/home"] | |
</code> | |
<p> | |
If the author subsequently moves the blog to a different hosting company | |
(or to the author's own domain), the author can update the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-240">DID document</a> | |
to point to the new URL for the blog, e.g.: | |
</p> | |
<code> | |
"alsoKnownAs": ["https://myblog.example/"] | |
</code> | |
<p> | |
The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-200">DID</a> effectively adds a layer of indirection for the blog URL. This | |
layer of indirection is under the control of the author instead of under the | |
control of an external administrative authority such as the blog hosting | |
company. This is how a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-201">DID</a> can effectively function as an enhanced <a href="https://tools.ietf.org/html/rfc8141">URN (Uniform Resource | |
Name)</a>—a persistent identifier for an information resource whose | |
network location might change over time. | |
</p> | |
</section> | |
<section id="the-relationship-between-did-controllers-and-did-subjects"><div class="header-wrapper"><h3 id="b-9-the-relationship-between-did-controllers-and-did-subjects"><bdi class="secno">B.9 </bdi>The relationship between DID controllers and DID subjects</h3><a class="self-link" href="#the-relationship-between-did-controllers-and-did-subjects" aria-label="Permalink for Appendix B.9"></a></div> | |
<p> | |
To avoid confusion, it is helpful to classify | |
<a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-89">DID subject</a>s into two disjoint sets based on their relationship to | |
the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-40">DID controller</a>. | |
</p> | |
<section id="set-1-the-did-subject-is-the-did-controller"><div class="header-wrapper"><h4 id="b-9-1-set-1-the-did-subject-is-the-did-controller"><bdi class="secno">B.9.1 </bdi>Set #1: The DID subject <em>is</em> the DID controller</h4><a class="self-link" href="#set-1-the-did-subject-is-the-did-controller" aria-label="Permalink for Appendix B.9.1"></a></div> | |
<p> | |
The first case, shown in <a href="#controller-subject-equivalence" class="fig-ref" title="The DID subject is the same entity as the DID controller. See also: narrative description.">Figure <bdi class="figno">10</bdi></a>, is | |
the common scenario where the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-90">DID subject</a> is also the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-41">DID | |
controller</a>. This is the case when an individual or organization creates a | |
<a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-202">DID</a> to self-identify. | |
</p> | |
<figure id="controller-subject-equivalence"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-b.1-controller-and-subject-equivalence.svg" alt=" | |
Diagram showing a graph model with an equivalence arc from the DID | |
subject to the DID controller. | |
" height="516" width="667"> | |
<figcaption>Figure <bdi class="figno">10</bdi> <span class="fig-title"> | |
The <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-91">DID subject</a> is the same entity as the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-42">DID controller</a>. See | |
also: <a class="longdesc-link" href="#controller-subject-equivalence-longdesc">narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="controller-subject-equivalence-longdesc"> | |
Two small black circles appear in the diagram, one on the upper left, labeled, | |
"DID Controller", and one on the upper right, labeled "DID Subject". A solid red | |
arrow extends from the DID Controller circle to the DID Subject circle, labeled | |
"DID" in large bold text above the arrow, and "Identifies" in small italic text | |
beneath the arrow. A dotted red double-ended arrow, labeled "Equivalence", | |
extends between the two circles, forming an arc in the space between and above | |
them. In the lower part of the diagram is a rectangle with bent corner, outlined | |
in black, containing the label "DID Document". Arrows point between this DID | |
Document rectangle and the small black circles for DID Controller and DID | |
Subject, with italic labels, as follows. A blue arrow points from the DID | |
Document to the DID Subject, labeled, "Describes". A green arrow points from the | |
DID Controller to the DID Document, labeled "Controls". A green arrow points | |
from the DID Document to the DID Controller, in an outward arc, labeled, | |
"Controller". A dotted red arrow, labeled "Resolves to", extends from the DID | |
controller starting to the right, branching off from the arrow to the DID | |
Subject, then curving downward to point to the DID Document. | |
</div> | |
<p> | |
From a graph model perspective, even though the nodes identified as the | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-43">DID controller</a> and <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-92">DID subject</a> in | |
<a href="#controller-subject-equivalence" class="fig-ref" title="The DID subject is the same entity as the DID controller. See also: narrative description.">Figure <bdi class="figno">10</bdi></a> are distinct, there is a | |
logical arc connecting them to express a semantic equivalence relationship. | |
</p> | |
</section> | |
<section id="set-2-the-did-subject-is-not-the-did-controller"><div class="header-wrapper"><h4 id="b-9-2-set-2-the-did-subject-is-not-the-did-controller"><bdi class="secno">B.9.2 </bdi>Set #2: The DID subject is <em>not</em> the DID controller</h4><a class="self-link" href="#set-2-the-did-subject-is-not-the-did-controller" aria-label="Permalink for Appendix B.9.2"></a></div> | |
<p> | |
The second case is when the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-93">DID subject</a> is a separate entity from the | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-44">DID controller</a>. This is the case when, for example, a parent creates | |
and maintains control of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-203">DID</a> for a child; a corporation creates and | |
maintains control of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-204">DID</a> for a subsidiary; or a manufacturer | |
creates and maintains control of a <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-205">DID</a> for a product, an IoT device, | |
or a digital file. | |
</p> | |
<p> | |
From a graph model perspective, the only difference from Set 1 that there is | |
no equivalence arc relationship between the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-94">DID subject</a> and | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-45">DID controller</a> nodes. | |
</p> | |
</section> | |
</section> | |
<section id="multiple-did-controllers"><div class="header-wrapper"><h3 id="b-10-multiple-did-controllers"><bdi class="secno">B.10 </bdi>Multiple DID controllers</h3><a class="self-link" href="#multiple-did-controllers" aria-label="Permalink for Appendix B.10"></a></div> | |
<p> | |
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-241">DID document</a> might have more than one <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-46">DID controller</a>. This can | |
happen in one of two ways. | |
</p> | |
<section id="independent-control"><div class="header-wrapper"><h4 id="b-10-1-independent-control"><bdi class="secno">B.10.1 </bdi>Independent Control</h4><a class="self-link" href="#independent-control" aria-label="Permalink for Appendix B.10.1"></a></div> | |
<p> | |
In this case, each of the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-47">DID controllers</a> might act on its own, i.e., | |
each one has full power to update the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-242">DID document</a> independently. From | |
a graph model perspective, in this configuration: | |
</p> | |
<ul> | |
<li> | |
Each additional <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-48">DID controller</a> is another distinct graph node | |
(which might be identified by its own <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-206">DID</a>). | |
</li> | |
<li> | |
The same arcs ("controls" and "controller") exist between each | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-49">DID controller</a> and the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-243">DID document</a>. | |
</li> | |
</ul> | |
<figure id="independent-did-controllers"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-c.1-independent-did-controllers.svg" alt=" | |
Diagram showing three DID controllers each with an independent | |
control relationship with the DID document | |
" height="504" width="824"> | |
<figcaption>Figure <bdi class="figno">11</bdi> <span class="fig-title"> | |
Multiple independent <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-50">DID controllers</a> that can each act independently. See | |
also: <a href="#independent-did-controllers-longdesc" class="longdesc-link">Text | |
Description</a> | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="independent-did-controllers-longdesc"> | |
Three black circles appear on the left, vertically, each labeled "DID | |
Controller". From each of these circles, a pair of green arrows extends towards | |
the center of the diagram, to a single rectangle, labeled "DID Document". The | |
rectangle has the lower right corner cut and bent inward to form a small | |
triangle, as if to represent a physical piece of paper with curled corner. Each | |
pair of green arrows consists of one arrow pointing from the black circle to the | |
rectangle, labeled "Controls", and one pointing in the opposite direction, from | |
the rectangle to the black circle, labeled "Controller". From the right of the | |
rectangle extends a blue arrow, labeled, "Describes", pointing to a black circle | |
labeled, "DID Subject". | |
</div> | |
</section> | |
<section id="group-control"><div class="header-wrapper"><h4 id="b-10-2-group-control"><bdi class="secno">B.10.2 </bdi>Group Control</h4><a class="self-link" href="#group-control" aria-label="Permalink for Appendix B.10.2"></a></div> | |
<p> | |
In the case of group control, the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-51">DID controllers</a> are expected to act | |
together in some fashion, such as when using a cryptographic algorithm that | |
requires multiple digital signatures ("multi-sig") or a threshold number of | |
digital signatures ("m-of-n"). From a functional standpoint, this option is | |
similar to a single <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-52">DID controller</a> because, although each of the | |
<a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-53">DID controllers</a> in the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-54">DID controller</a> group has its own graph | |
node, the actual control collapses into a single logical graph node | |
representing the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-55">DID controller</a> group as shown in | |
<a href="#group-did-controllers" class="fig-ref" title="Multiple DID controllers who are expected to act together as a DID controller group. See also: narrative description.">Figure <bdi class="figno">12</bdi></a>. | |
</p> | |
<figure id="group-did-controllers"> | |
<img style="margin: auto; display: block; width: 75%;" src="diagrams/figure-c.2-group-did-controllers.svg" alt=" | |
Diagram showing three DID controllers together as a single | |
DID controller group to control a DID document | |
" height="297" width="888"> | |
<figcaption>Figure <bdi class="figno">12</bdi> <span class="fig-title"> | |
Multiple <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-56">DID controllers</a> who are expected to act together as a <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-57">DID | |
controller</a> group. See also: <a class="longdesc-link" href="#group-did-controllers-longdesc"> narrative description</a>. | |
</span></figcaption> | |
</figure> | |
<div class="longdesc" id="group-did-controllers-longdesc"> | |
On the left are three black filled circles, labeled "DID Controller Group" by a | |
brace on the left. From each of these three circles, a green arrow extends to | |
the center right. These three arrows converge towards a single filled white | |
circle. A pair of horizontal green arrows connects this white circle on its | |
right to a rectangle shaped like a page with a curled corner, labeled "DID | |
Document". The upper arrow points right, from the white circle to the | |
rectangle, and is labeled "Controls". The lower arrow points left, from the | |
rectangle to the white circle, and is labeled "Controller". From the right of | |
the rectangle extends a blue arrow, labeled "Describes", pointing to a black | |
circle, labeled "DID Subject". | |
</div> | |
<p> | |
This configuration will often apply when the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-95">DID subject</a> is an | |
organization, corporation, government agency, community, or other group | |
that is not controlled by a single individual. | |
</p> | |
</section> | |
</section> | |
<section id="changing-the-did-subject"><div class="header-wrapper"><h3 id="b-11-changing-the-did-subject"><bdi class="secno">B.11 </bdi>Changing the DID subject</h3><a class="self-link" href="#changing-the-did-subject" aria-label="Permalink for Appendix B.11"></a></div> | |
<p> | |
A <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-244">DID document</a> has exactly one <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-207">DID</a> which refers to | |
the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-96">DID subject</a>. The <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-208">DID</a> is expressed as the value of the | |
<code><a href="#dfn-id" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-id-13">id</a></code> property. This property value is immutable for | |
the lifetime of the | |
<a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-245">DID document</a>. | |
</p> | |
<p> | |
However, it is possible that the resource <em>identified</em> by the <a href="#dfn-decentralized-identifiers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-decentralized-identifiers-209">DID</a>, | |
the <a href="#dfn-did-subjects" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-subjects-97">DID subject</a>, may change over time. This is under the exclusive | |
authority of the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-58">DID controller</a>. For more details, see section <a href="#persistence" class="sec-ref"><bdi class="secno">9.16 </bdi>Persistence</a>. | |
</p> | |
</section> | |
<section id="changing-the-did-controller"><div class="header-wrapper"><h3 id="b-12-changing-the-did-controller"><bdi class="secno">B.12 </bdi>Changing the DID controller</h3><a class="self-link" href="#changing-the-did-controller" aria-label="Permalink for Appendix B.12"></a></div> | |
<p> | |
The <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-59">DID controller</a> for a <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-246">DID document</a> might change over time. | |
However, depending on how it is implemented, a change in the <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-60">DID | |
controller</a> might not be made apparent by changes to the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-247">DID document</a> | |
itself. For example, if the change is implemented through a shift in ownership | |
of the underlying cryptographic keys or other controls used for one or more of | |
the <a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-105">verification methods</a> in the <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-248">DID document</a>, it might be | |
indistinguishable from a standard key rotation. | |
</p> | |
<p> | |
On the other hand, if the change is implemented by changing the value of the | |
<a href="#dfn-controller" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-controller-26"><code>controller</code></a> property, it will be transparent. | |
</p> | |
<p> | |
If it is important to verify a change of <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-61">DID controller</a>, implementers are | |
advised to <a href="#dfn-authenticated" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-authenticated-12">authenticate</a> the new <a href="#dfn-did-controllers" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-controllers-62">DID controller</a> against the | |
<a href="#dfn-verification-method" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-verification-method-106">verification methods</a> in the revised <a href="#dfn-did-documents" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-did-documents-249">DID document</a>. | |
</p> | |
</section> | |
</section> | |
<section class="appendix" id="revision-history"><div class="header-wrapper"><h2 id="c-revision-history"><bdi class="secno">C. </bdi>Revision History</h2><a class="self-link" href="#revision-history" aria-label="Permalink for Appendix C."></a></div> | |
<p> | |
This section contains the changes that have been made since the publication of | |
this specification as a <abbr title="World Wide Web Consortium">W3C</abbr> First Public Working Draft. | |
</p> | |
<p> | |
Changes since the <a href="https://www.w3.org/TR/2021/CR-did-core-20210615/">Second Candidate | |
Recommendation</a> include: | |
</p> | |
<ul> | |
<li> | |
Non-normatively refer to the DID Resolution specification to guide implementers | |
toward common DID URL implementation patterns. | |
</li> | |
<li> | |
Elaborate upon when DID Documents are understood to start existing. | |
</li> | |
<li> | |
Convert PNG diagrams to SVG diagrams. | |
</li> | |
<li> | |
Rearrange order of Appendices to improve readability. | |
</li> | |
<li> | |
Update the IANA guidance as a result of the IETF Media Type Maintenance | |
Working Group efforts. | |
</li> | |
<li> | |
Add links to use cases document. | |
</li> | |
<li> | |
Add warning related to [<cite><a class="bibref" data-link-type="biblio" href="#bib-multibase" title="The Multibase Encoding Scheme">MULTIBASE</a></cite>] and <code>publicKeyMultibase</code>. | |
</li> | |
<li> | |
Remove at risk issue markers for features that gained enough implementation | |
experience. | |
</li> | |
<li> | |
Finalize the Editors, Authors, and Acknowledgements information. | |
</li> | |
</ul> | |
<p> | |
Changes since the <a href="https://www.w3.org/TR/2021/CR-did-core-20210318/">First Candidate | |
Recommendation</a> include: | |
</p> | |
<ul> | |
<li> | |
Addition of at risk markers to most of the DID Parameters, the data model | |
datatypes that are expected to not be implemented, and the | |
application/did+ld+json media type. This change resulted in the DID WG's | |
decision to perform a second Candidate Recommendation phase. All other | |
changes were either editorial or predicted in "at risk" issue markers. | |
</li> | |
<li> | |
Removal of the at risk issue marker for the <code>method-specific-id</code> ABNF rule | |
and for <code>nextUpdate</code> and <code>nextVersionId</code>. | |
</li> | |
<li> | |
Clarification that <code>equivalentId</code> and <code>canonicalId</code> are optional. | |
</li> | |
<li> | |
Addition of a definitions for "amplification attack" and "cryptographic suite". | |
</li> | |
<li> | |
Replacement of <code>publicKeyBase58</code> with <code>publicKeyMultibase</code>. | |
</li> | |
<li> | |
Updates to the DID Document examples section. | |
</li> | |
<li> | |
A large number of editorial clean ups to the Security Considerations section. | |
</li> | |
</ul> | |
<p> | |
Changes since the <a href="https://www.w3.org/TR/2019/WD-did-core-20191107/">First Public Working | |
Draft</a> include: | |
</p> | |
<ul> | |
<li> | |
The introduction of an abstract data model that can be serialized to multiple | |
representations including JSON and JSON-LD. | |
</li> | |
<li> | |
The introduction of a DID Specifications Registry for the purposes of | |
registering extension properties, representations, DID Resolution input | |
metadata and output metadata, DID Document metadata, DID parameters, and DID | |
Methods. | |
</li> | |
<li> | |
Separation of DID Document metadata, such as created and updated values, | |
from DID Document properties. | |
</li> | |
<li> | |
The removal of embedded proofs in the DID Document. | |
</li> | |
<li> | |
The addition of verification relationships for the purposes of authentication, | |
assertion, key agreement, capability invocation and capability delegation. | |
</li> | |
<li> | |
The ability to support relating multiple identifiers with the DID Document, | |
such as the DID controller, also known as, equivalent IDs, and canonical IDs. | |
</li> | |
<li> | |
Enhancing privacy by reducing information that could contain personally | |
identifiable information in the DID Document. | |
</li> | |
<li> | |
The addition of a large section on security considerations and privacy | |
considerations. | |
</li> | |
<li> | |
A Representations section that details how the abstract data model can be | |
produced and consumed in a variety of different formats along with general | |
rules for all representations, producers, and consumers. | |
</li> | |
<li> | |
A section detailing the DID Resolution and DID URL Dereferencing interface | |
definition that all DID resolvers are expected to expose as well as inputs | |
and outputs to those processes. | |
</li> | |
<li> | |
DID Document examples in an appendix that provide more complex examples of | |
DID Document serializations. | |
</li> | |
<li> | |
IANA Considerations for multiple representations specified in DID Core. | |
</li> | |
<li> | |
Removal of the Future Work section as much of the work has now been | |
accomplished. | |
</li> | |
<li> | |
An acknowledgements section. | |
</li> | |
</ul> | |
</section> | |
<section class="appendix" id="acknowledgements"><div class="header-wrapper"><h2 id="d-acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</h2><a class="self-link" href="#acknowledgements" aria-label="Permalink for Appendix D."></a></div> | |
<p> | |
The Working Group extends deep appreciation and heartfelt thanks to our Chairs | |
Brent Zundel and Dan Burnett, as well as our <abbr title="World Wide Web Consortium">W3C</abbr> Staff Contact, Ivan Herman, for | |
their tireless work in keeping the Working Group headed in a productive | |
direction and navigating the deep and dangerous waters of the standards process. | |
</p> | |
<p> | |
The Working Group gratefully acknowledges the work that led to the creation of | |
this specification, and extends sincere appreciation to those individuals that | |
worked on technologies and specifications that deeply influenced our work. In | |
particular, this includes the work of Phil Zimmerman, Jon Callas, Lutz | |
Donnerhacke, Hal Finney, David Shaw, and Rodney Thayer on <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy"> Pretty Good Privacy | |
(PGP)</a> in the 1990s and 2000s. | |
</p> | |
<p> | |
In the mid-2010s, preliminary implementations of what would become Decentralized | |
Identifiers were <a href="https://web-payments.org/minutes/2014-05-07/#topic-1"> | |
built</a> in collaboration with Jeremie Miller's Telehash project and the <abbr title="World Wide Web Consortium">W3C</abbr> | |
Web Payments Community Group's work led by Dave Longley and Manu Sporny. Around | |
a year later, the XDI.org Registry Working Group | |
<a href="https://docs.google.com/document/d/1EP-KhH60y-nl4xkEzoeSf3DjmjLomfboF4p2umF51FA/"> | |
began exploring</a> decentralized technologies for replacing its existing | |
identifier registry. Some of the first | |
<a href="https://github.com/WebOfTrustInfo/rwot1-sf/blob/master/final-documents/dpki.pdf">written</a> | |
<a href="https://github.com/WebOfTrustInfo/rwot2-id2020/blob/master/final-documents/requirements-for-dids.pdf">papers</a> | |
exploring the concept of Decentralized Identifiers can be traced back to the | |
first several Rebooting the Web of Trust workshops convened by Christopher | |
Allen. That work led to a key collaboration between Christopher Allen, Drummond | |
Reed, Les Chasen, Manu Sporny, and Anil John. Anil saw promise in the technology | |
and allocated the initial set of government funding to explore the space. | |
Without the support of Anil John and his guidance through the years, it is | |
unlikely that Decentralized Identifiers would be where they are today. Further | |
refinement at the Rebooting the Web of Trust workshops led to the <a href="https://github.com/WebOfTrustInfo/rwot3-sf/blob/master/final-documents/did-implementer-draft-10.pdf">first | |
implementers documentation</a>, edited by Drummond Reed, Les Chasen, Christopher | |
Allen, and Ryan Grant. Contributors included Manu Sporny, Dave Longley, Jason | |
Law, Daniel Hardman, Markus Sabadello, Christian Lundkvist, and Jonathan | |
Endersby. This initial work was then merged into the <abbr title="World Wide Web Consortium">W3C</abbr> Credentials Community | |
Group, incubated further, and then transitioned to the <abbr title="World Wide Web Consortium">W3C</abbr> Decentralized | |
Identifiers Working Group for global standardization. | |
</p> | |
<p> | |
Portions of the work on this specification have been funded by the United States | |
Department of Homeland Security's (US DHS) Science and Technology Directorate | |
under contracts HSHQDC-16-R00012-H-SB2016-1-002, and HSHQDC-17-C-00019, as well | |
as the US DHS Silicon Valley Innovation Program under contracts | |
70RSAT20T00000010, 70RSAT20T00000029, 70RSAT20T00000030, 70RSAT20T00000045, | |
70RSAT20T00000003, and 70RSAT20T00000033. The content of this specification does | |
not necessarily reflect the position or the policy of the U.S. Government and no | |
official endorsement should be inferred. | |
</p> | |
<p> | |
Portions of the work on this specification have also been funded by the European | |
Union's StandICT.eu program under sub-grantee contract number CALL05/19. The | |
content of this specification does not necessarily reflect the position or the | |
policy of the European Union and no official endorsement should be inferred. | |
</p> | |
<p> | |
Work on this specification has also been supported by the <a href="https://www.weboftrust.info/">Rebooting the Web of Trust</a> community | |
facilitated by Christopher Allen, Shannon Appelcline, Kiara Robles, Brian | |
Weller, Betty Dhamers, Kaliya Young, Kim Hamilton Duffy, Manu Sporny, Drummond | |
Reed, Joe Andrieu, and Heather Vescent. Development of this specification has | |
also been supported by the <a href="https://w3c-ccg.github.io/"><abbr title="World Wide Web Consortium">W3C</abbr> Credentials | |
Community Group</a>, which has been Chaired by Kim Hamilton Duffy, Joe Andrieu, | |
Christopher Allen, Heather Vescent, and Wayne Chang. The participants in the | |
Internet Identity Workshop, facilitated by Phil Windley, Kaliya Young, Doc | |
Searls, and Heidi Nobantu Saul, also supported this work through numerous | |
working sessions designed to debate, improve, and educate participants about | |
this specification. | |
</p> | |
<p> | |
The Working Group thanks the following individuals for their contributions to | |
this specification (in alphabetical order, Github handles start with <code>@</code> and | |
are sorted as last names): Denis Ah-Kang, Nacho Alamillo, Christopher Allen, Joe | |
Andrieu, Antonio, Phil Archer, George Aristy, Baha, Juan Benet, BigBlueHat, Dan | |
Bolser, Chris Boscolo, Pelle Braendgaard, Daniel Buchner, Daniel Burnett, Juan | |
Caballero, @cabo, Tim Cappalli, Melvin Carvalho, David Chadwick, Wayne Chang, | |
Sam Curren, Hai Dang, Tim Daubenschütz, Oskar van Deventer, Kim Hamilton Duffy, | |
Arnaud Durand, Ken Ebert, Veikko Eeva, @ewagner70, Carson Farmer, Nikos Fotiou, | |
Gabe, Gayan, @gimly-jack, @gjgd, Ryan Grant, Peter Grassberger, Adrian Gropper, | |
Amy Guy, Daniel Hardman, Kyle Den Hartog, Philippe Le Hegaret, Ivan Herman, | |
Michael Herman, Alen Horvat, Dave Huseby, Marcel Jackisch, Mike Jones, Andrew | |
Jones, Tom Jones, jonnycrunch, Gregg Kellogg, Michael Klein, @kdenhartog-sybil1, | |
Paul Knowles, @ktobich, David I. Lehn, Charles E. Lehner, Michael Lodder, | |
@mooreT1881, Dave Longley, Tobias Looker, Wolf McNally, Robert Mitwicki, Mircea | |
Nistor, Grant Noble, Mark Nottingham, @oare, Darrell O'Donnell, Vinod Panicker, | |
Dirk Porsche, Praveen, Mike Prorock, @pukkamustard, Drummond Reed, Julian | |
Reschke, Yancy Ribbens, Justin Richer, Rieks, @rknobloch, Mikeal Rogers, | |
Evstifeev Roman, Troy Ronda, Leonard Rosenthol, Michael Ruminer, Markus | |
Sabadello, Cihan Saglam, Samu, Rob Sanderson, Wendy Seltzer, Mehran Shakeri, | |
Jaehoon (Ace) Shim, Samuel Smith, James M Snell, SondreB, Manu Sporny, @ssstolk, | |
Orie Steele, Shigeya Suzuki, Sammotic Switchyarn, @tahpot, Oliver Terbu, Ted | |
Thibodeau Jr., Joel Thorstensson, Tralcan, Henry Tsai, Rod Vagg, Mike Varley, | |
Kaliya "Identity Woman" Young, Eric Welton, Fuqiao Xue, @Yue, Dmitri Zagidulin, | |
@zhanb, and Brent Zundel. | |
</p> | |
</section> | |
<section class="appendix" id="iana-considerations"><div class="header-wrapper"><h2 id="e-iana-considerations"><bdi class="secno">E. </bdi>IANA Considerations</h2><a class="self-link" href="#iana-considerations" aria-label="Permalink for Appendix E."></a></div> | |
<p> | |
This section will be submitted to the Internet Engineering Steering Group | |
(IESG) for review, approval, and registration with IANA when this specification | |
becomes a <abbr title="World Wide Web Consortium">W3C</abbr> Proposed Recommendation. | |
</p> | |
<section id="application-did-json"><div class="header-wrapper"><h3 id="e-1-application-did-json"><bdi class="secno">E.1 </bdi>application/did+json</h3><a class="self-link" href="#application-did-json" aria-label="Permalink for Appendix E.1"></a></div> | |
<dl> | |
<dt>Type name:</dt> | |
<dd>application</dd> | |
<dt>Subtype name:</dt> | |
<dd>did+json</dd> | |
<dt>Required parameters:</dt> | |
<dd>None</dd> | |
<dt>Optional parameters:</dt> | |
<dd>None</dd> | |
<dt>Encoding considerations:</dt> | |
<dd> | |
See <a href="https://www.rfc-editor.org/rfc/rfc8259#section-11">RFC 8259, section 11</a>. | |
</dd> | |
<dt>Security considerations:</dt> | |
<dd> | |
See <a href="https://www.rfc-editor.org/rfc/rfc8259#section-12">RFC 8259, section 12</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc8259" title="The JavaScript Object Notation (JSON) Data Interchange Format">RFC8259</a></cite>]. | |
</dd> | |
<dt>Interoperability considerations:</dt> | |
<dd>Not Applicable</dd> | |
<dt>Published specification:</dt> | |
<dd>https://www.w3.org/TR/did-core/</dd> | |
<dt>Applications that use this media type:</dt> | |
<dd> | |
Any application that requires an identifier that is decentralized, persistent, | |
cryptographically verifiable, and resolvable. Applications typically consist of | |
cryptographic identity systems, decentralized networks of devices, and | |
websites that issue or verify <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials. | |
</dd> | |
<dt>Additional information:</dt> | |
<dd> | |
<dl> | |
<dt>Magic number(s):</dt> | |
<dd>Not Applicable</dd> | |
<dt>File extension(s):</dt> | |
<dd>.didjson</dd> | |
<dt>Macintosh file type code(s):</dt> | |
<dd>TEXT</dd> | |
</dl> | |
</dd> | |
<dt>Person & email address to contact for further information:</dt> | |
<dd>Ivan Herman <ivan@w3.org></dd> | |
<dt>Intended usage:</dt> | |
<dd>Common</dd> | |
<dt>Restrictions on usage:</dt> | |
<dd>None</dd> | |
<dt>Author(s):</dt> | |
<dd> | |
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen | |
</dd> | |
<dt>Change controller:</dt> | |
<dd><abbr title="World Wide Web Consortium">W3C</abbr></dd> | |
</dl> | |
<p> | |
Fragment identifiers used with <a href="#application-did-json">application/did+json</a> are treated according to | |
the rules defined in <a href="#fragment" class="sec-ref">Fragment</a>. | |
</p> | |
</section> | |
<section id="application-did-ld-json"><div class="header-wrapper"><h3 id="e-2-application-did-ld-json"><bdi class="secno">E.2 </bdi>application/did+ld+json</h3><a class="self-link" href="#application-did-ld-json" aria-label="Permalink for Appendix E.2"></a></div> | |
<div class="note" role="note" id="issue-container-generatedID-18"><div role="heading" class="note-title marker" id="h-note-18" aria-level="4"><span>Note</span><span class="issue-label">: IETF Structured Media Types</span></div><p class=""> | |
The Candidate Recommendation phase for this specification received a significant | |
number of implementations for the <code>application/did+ld+json</code> media | |
type. Registration of the media type <code>application/did+ld+json</code> at | |
IANA is pending resolution of the <a href="https://datatracker.ietf.org/doc/html/draft-w3cdidwg-media-types-with-multiple-suffixes"> | |
Media Types with Multiple Suffixes</a> issue. Work is expected to continue in | |
the <a href="https://datatracker.ietf.org/wg/mediaman/about/">IETF Media Type | |
Maintenance Working Group</a> with a registration of the | |
<code>application/did+ld+json</code> media type by <abbr title="World Wide Web Consortium">W3C</abbr> following shortly after | |
the publication of the <a href="https://datatracker.ietf.org/doc/html/draft-w3cdidwg-media-types-with-multiple-suffixes"> | |
Media Types with Multiple Suffixes</a> RFC. | |
</p></div> | |
<dl> | |
<dt>Type name:</dt> | |
<dd>application</dd> | |
<dt>Subtype name:</dt> | |
<dd>did+ld+json</dd> | |
<dt>Required parameters:</dt> | |
<dd>None</dd> | |
<dt>Optional parameters:</dt> | |
<dd>None</dd> | |
<dt>Encoding considerations:</dt> | |
<dd> | |
See <a href="https://www.rfc-editor.org/rfc/rfc8259#section-11">RFC 8259, section 11</a>. | |
</dd> | |
<dt>Security considerations:</dt> | |
<dd> | |
See <a href="https://www.w3.org/TR/json-ld11/#security">JSON-LD 1.1, Security Considerations</a> | |
[<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>]. | |
</dd> | |
<dt>Interoperability considerations:</dt> | |
<dd>Not Applicable</dd> | |
<dt>Published specification:</dt> | |
<dd>https://www.w3.org/TR/did-core/</dd> | |
<dt>Applications that use this media type:</dt> | |
<dd> | |
Any application that requires an identifier that is decentralized, persistent, | |
cryptographically verifiable, and resolvable. Applications typically consist of | |
cryptographic identity systems, decentralized networks of devices, and | |
websites that issue or verify <abbr title="World Wide Web Consortium">W3C</abbr> Verifiable Credentials. | |
</dd> | |
<dt>Additional information:</dt> | |
<dd> | |
<dl> | |
<dt>Magic number(s):</dt> | |
<dd>Not Applicable</dd> | |
<dt>File extension(s):</dt> | |
<dd>.didjsonld</dd> | |
<dt>Macintosh file type code(s):</dt> | |
<dd>TEXT</dd> | |
</dl> | |
</dd> | |
<dt>Person & email address to contact for further information:</dt> | |
<dd>Ivan Herman <ivan@w3.org></dd> | |
<dt>Intended usage:</dt> | |
<dd>Common</dd> | |
<dt>Restrictions on usage:</dt> | |
<dd>None</dd> | |
<dt>Author(s):</dt> | |
<dd> | |
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen | |
</dd> | |
<dt>Change controller:</dt> | |
<dd><abbr title="World Wide Web Consortium">W3C</abbr></dd> | |
</dl> | |
<p> | |
Fragment identifiers used with | |
<a href="#application-did-ld-json">application/did+ld+json</a> are treated | |
according to the rules associated with the | |
<a href="https://www.w3.org/TR/json-ld11/#iana-considerations">JSON-LD 1.1: application/ld+json | |
media type</a> [<cite><a class="bibref" data-link-type="biblio" href="#bib-json-ld11" title="JSON-LD 1.1">JSON-LD11</a></cite>]. | |
</p> | |
</section> | |
</section> | |
<section id="references" class="appendix"><div class="header-wrapper"><h2 id="f-references"><bdi class="secno">F. </bdi>References</h2><a class="self-link" href="#references" aria-label="Permalink for Appendix F."></a></div><section id="normative-references"><div class="header-wrapper"><h3 id="f-1-normative-references"><bdi class="secno">F.1 </bdi>Normative references</h3><a class="self-link" href="#normative-references" aria-label="Permalink for Appendix F.1"></a></div> | |
<dl class="bibliography"><dt id="bib-infra">[INFRA]</dt><dd> | |
<a href="https://infra.spec.whatwg.org/"><cite>Infra Standard</cite></a>. Anne van Kesteren; Domenic Denicola. WHATWG. Living Standard. URL: <a href="https://infra.spec.whatwg.org/">https://infra.spec.whatwg.org/</a> | |
</dd><dt id="bib-json-ld11">[JSON-LD11]</dt><dd> | |
<a href="https://www.w3.org/TR/json-ld11/"><cite>JSON-LD 1.1</cite></a>. Gregg Kellogg; Pierre-Antoine Champin; Dave Longley. W3C. 16 July 2020. W3C Recommendation. URL: <a href="https://www.w3.org/TR/json-ld11/">https://www.w3.org/TR/json-ld11/</a> | |
</dd><dt id="bib-rfc2119">[RFC2119]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc2119"><cite>Key words for use in RFCs to Indicate Requirement Levels</cite></a>. S. Bradner. IETF. March 1997. Best Current Practice. URL: <a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a> | |
</dd><dt id="bib-rfc3552">[RFC3552]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc3552"><cite>Guidelines for Writing RFC Text on Security Considerations</cite></a>. E. Rescorla; B. Korver. IETF. July 2003. Best Current Practice. URL: <a href="https://www.rfc-editor.org/rfc/rfc3552">https://www.rfc-editor.org/rfc/rfc3552</a> | |
</dd><dt id="bib-rfc3986">[RFC3986]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc3986"><cite>Uniform Resource Identifier (URI): Generic Syntax</cite></a>. T. Berners-Lee; R. Fielding; L. Masinter. IETF. January 2005. Internet Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc3986">https://www.rfc-editor.org/rfc/rfc3986</a> | |
</dd><dt id="bib-rfc5234">[RFC5234]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc5234"><cite>Augmented BNF for Syntax Specifications: ABNF</cite></a>. D. Crocker, Ed.; P. Overell. IETF. January 2008. Internet Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc5234">https://www.rfc-editor.org/rfc/rfc5234</a> | |
</dd><dt id="bib-rfc7517">[RFC7517]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc7517"><cite>JSON Web Key (JWK)</cite></a>. M. Jones. IETF. May 2015. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc7517">https://www.rfc-editor.org/rfc/rfc7517</a> | |
</dd><dt id="bib-rfc7638">[RFC7638]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc7638"><cite>JSON Web Key (JWK) Thumbprint</cite></a>. M. Jones; N. Sakimura. IETF. September 2015. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc7638">https://www.rfc-editor.org/rfc/rfc7638</a> | |
</dd><dt id="bib-rfc8174">[RFC8174]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc8174"><cite>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</cite></a>. B. Leiba. IETF. May 2017. Best Current Practice. URL: <a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a> | |
</dd><dt id="bib-rfc8259">[RFC8259]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc8259"><cite>The JavaScript Object Notation (JSON) Data Interchange Format</cite></a>. T. Bray, Ed.. IETF. December 2017. Internet Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc8259">https://www.rfc-editor.org/rfc/rfc8259</a> | |
</dd><dt id="bib-url">[url]</dt><dd> | |
<a href="https://url.spec.whatwg.org/"><cite>URL Standard</cite></a>. Anne van Kesteren. WHATWG. Living Standard. URL: <a href="https://url.spec.whatwg.org/">https://url.spec.whatwg.org/</a> | |
</dd><dt id="bib-xmlschema11-2">[XMLSCHEMA11-2]</dt><dd> | |
<a href="https://www.w3.org/TR/xmlschema11-2/"><cite>W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes</cite></a>. David Peterson; Sandy Gao; Ashok Malhotra; Michael Sperberg-McQueen; Henry Thompson; Paul V. Biron et al. W3C. 5 April 2012. W3C Recommendation. URL: <a href="https://www.w3.org/TR/xmlschema11-2/">https://www.w3.org/TR/xmlschema11-2/</a> | |
</dd></dl> | |
</section><section id="informative-references"><div class="header-wrapper"><h3 id="f-2-informative-references"><bdi class="secno">F.2 </bdi>Informative references</h3><a class="self-link" href="#informative-references" aria-label="Permalink for Appendix F.2"></a></div> | |
<dl class="bibliography"><dt id="bib-did-resolution">[DID-RESOLUTION]</dt><dd> | |
<a href="https://w3c-ccg.github.io/did-resolution/"><cite>Decentralized Identifier Resolution</cite></a>. Markus Sabadello; Dmitri Zagidulin. Credentials Community Group. Draft Community Group Report. URL: <a href="https://w3c-ccg.github.io/did-resolution/">https://w3c-ccg.github.io/did-resolution/</a> | |
</dd><dt id="bib-did-rubric">[DID-RUBRIC]</dt><dd> | |
<a href="https://w3c.github.io/did-rubric/"><cite>Decentralized Characteristics Rubric v1.0</cite></a>. Joe Andrieu. Credentials Community Group. Draft Community Group Report. URL: <a href="https://w3c.github.io/did-rubric/">https://w3c.github.io/did-rubric/</a> | |
</dd><dt id="bib-did-spec-registries">[DID-SPEC-REGISTRIES]</dt><dd> | |
<a href="https://www.w3.org/TR/did-spec-registries/"><cite>DID Specification Registries</cite></a>. Orie Steele; Manu Sporny; Michael Prorock. W3C. 28 June 2022. W3C Working Group Note. URL: <a href="https://www.w3.org/TR/did-spec-registries/">https://www.w3.org/TR/did-spec-registries/</a> | |
</dd><dt id="bib-did-use-cases">[DID-USE-CASES]</dt><dd> | |
<a href="https://www.w3.org/TR/did-use-cases/"><cite>Use Cases and Requirements for Decentralized Identifiers</cite></a>. Joe Andrieu; Phil Archer; Kim Duffy; Ryan Grant; Adrian Gropper. W3C. 17 March 2021. W3C Working Group Note. URL: <a href="https://www.w3.org/TR/did-use-cases/">https://www.w3.org/TR/did-use-cases/</a> | |
</dd><dt id="bib-dns-did">[DNS-DID]</dt><dd> | |
<a href="https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/"><cite>The Decentralized Identifier (DID) in the DNS</cite></a>. Alexander Mayrhofer; Dimitrij Klesev; Markus Sabadello. February 2019. Internet-Draft. URL: <a href="https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/">https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/</a> | |
</dd><dt id="bib-hashlink">[HASHLINK]</dt><dd> | |
<a href="https://tools.ietf.org/html/draft-sporny-hashlink-05"><cite>Cryptographic Hyperlinks</cite></a>. Manu Sporny. IETF. December 2018. Internet-Draft. URL: <a href="https://tools.ietf.org/html/draft-sporny-hashlink-05">https://tools.ietf.org/html/draft-sporny-hashlink-05</a> | |
</dd><dt id="bib-iana-uri-schemes">[IANA-URI-SCHEMES]</dt><dd> | |
<a href="https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml"><cite>Uniform Resource Identifier (URI) Schemes</cite></a>. IANA. URL: <a href="https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml">https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml</a> | |
</dd><dt id="bib-matrix-uris">[MATRIX-URIS]</dt><dd> | |
<a href="https://www.w3.org/DesignIssues/MatrixURIs.html"><cite>Matrix URIs - Ideas about Web Architecture</cite></a>. Tim Berners-Lee. December 1996. Personal View. URL: <a href="https://www.w3.org/DesignIssues/MatrixURIs.html">https://www.w3.org/DesignIssues/MatrixURIs.html</a> | |
</dd><dt id="bib-multibase">[MULTIBASE]</dt><dd> | |
<a href="https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03"><cite>The Multibase Encoding Scheme</cite></a>. Juan Benet; Manu Sporny. IETF. February 2021. Internet-Draft. URL: <a href="https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03">https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03</a> | |
</dd><dt id="bib-privacy-by-design">[PRIVACY-BY-DESIGN]</dt><dd> | |
<a href="https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf"><cite>Privacy by Design</cite></a>. Ann Cavoukian. Information and Privacy Commissioner. 2011. URL: <a href="https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf">https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf</a> | |
</dd><dt id="bib-rfc4122">[RFC4122]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc4122"><cite>A Universally Unique IDentifier (UUID) URN Namespace</cite></a>. P. Leach; M. Mealling; R. Salz. IETF. July 2005. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc4122">https://www.rfc-editor.org/rfc/rfc4122</a> | |
</dd><dt id="bib-rfc6901">[RFC6901]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc6901"><cite>JavaScript Object Notation (JSON) Pointer</cite></a>. P. Bryan, Ed.; K. Zyp; M. Nottingham, Ed.. IETF. April 2013. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc6901">https://www.rfc-editor.org/rfc/rfc6901</a> | |
</dd><dt id="bib-rfc6973">[RFC6973]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc6973"><cite>Privacy Considerations for Internet Protocols</cite></a>. A. Cooper; H. Tschofenig; B. Aboba; J. Peterson; J. Morris; M. Hansen; R. Smith. IETF. July 2013. Informational. URL: <a href="https://www.rfc-editor.org/rfc/rfc6973">https://www.rfc-editor.org/rfc/rfc6973</a> | |
</dd><dt id="bib-rfc7230">[RFC7230]</dt><dd> | |
<a href="https://httpwg.org/specs/rfc7230.html"><cite>Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing</cite></a>. R. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed Standard. URL: <a href="https://httpwg.org/specs/rfc7230.html">https://httpwg.org/specs/rfc7230.html</a> | |
</dd><dt id="bib-rfc7231">[RFC7231]</dt><dd> | |
<a href="https://httpwg.org/specs/rfc7231.html"><cite>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</cite></a>. R. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed Standard. URL: <a href="https://httpwg.org/specs/rfc7231.html">https://httpwg.org/specs/rfc7231.html</a> | |
</dd><dt id="bib-rfc8141">[RFC8141]</dt><dd> | |
<a href="https://www.rfc-editor.org/rfc/rfc8141"><cite>Uniform Resource Names (URNs)</cite></a>. P. Saint-Andre; J. Klensin. IETF. April 2017. Proposed Standard. URL: <a href="https://www.rfc-editor.org/rfc/rfc8141">https://www.rfc-editor.org/rfc/rfc8141</a> | |
</dd><dt id="bib-vc-data-model">[VC-DATA-MODEL]</dt><dd> | |
<a href="https://www.w3.org/TR/vc-data-model/"><cite>Verifiable Credentials Data Model v1.1</cite></a>. Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel; Kyle Den Hartog. W3C. 3 March 2022. W3C Recommendation. URL: <a href="https://www.w3.org/TR/vc-data-model/">https://www.w3.org/TR/vc-data-model/</a> | |
</dd></dl> | |
</section></section><p role="navigation" id="back-to-top"> | |
<a href="#title"><abbr title="Back to Top">↑</abbr></a> | |
</p><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-did" aria-label="Links in this document to definition: conforming DID"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-conforming-did" aria-label="Permalink for definition: conforming DID. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-conforming-did-1" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-conforming-did-2" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-did-document" aria-label="Links in this document to definition: conforming DID document"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-conforming-did-document" aria-label="Permalink for definition: conforming DID document. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-conforming-did-document-1" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-conforming-did-document-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-did-document-3" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-producer" aria-label="Links in this document to definition: conforming producer"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-conforming-producer" aria-label="Permalink for definition: conforming producer. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-conforming-producer-1" title="§ 5.4 Services">§ 5.4 Services</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-producer-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-conforming-producer-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-producer-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-conforming-producer-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-conforming-producer-6" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-producer-7" title="§ 6.2.1 Production">§ 6.2.1 Production</a> <a href="#ref-for-dfn-conforming-producer-8" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-producer-9" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-conforming-producer-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-producer-11" title="Reference 3">(3)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-conforming-consumer" aria-label="Links in this document to definition: conforming consumer"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-conforming-consumer" aria-label="Permalink for definition: conforming consumer. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-conforming-consumer-1" title="§ 5.4 Services">§ 5.4 Services</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-consumer-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-conforming-consumer-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-consumer-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-conforming-consumer-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-conforming-consumer-6" title="Reference 5">(5)</a> <a href="#ref-for-dfn-conforming-consumer-7" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-consumer-8" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-conforming-consumer-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-conforming-consumer-10" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-consumer-11" title="§ 6.3.1 Production">§ 6.3.1 Production</a> | |
</li><li> | |
<a href="#ref-for-dfn-conforming-consumer-12" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a> <a href="#ref-for-dfn-conforming-consumer-13" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-amplification" aria-label="Links in this document to definition: amplification attack"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-amplification" aria-label="Permalink for definition: amplification attack. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-amplification-1" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-authenticated" aria-label="Links in this document to definition: authenticate"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-authenticated" aria-label="Permalink for definition: authenticate. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-authenticated-1" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a> | |
</li><li> | |
<a href="#ref-for-dfn-authenticated-2" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-authenticated-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-authenticated-4" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-authenticated-5" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> | |
</li><li> | |
<a href="#ref-for-dfn-authenticated-6" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-authenticated-7" title="Reference 2">(2)</a> <a href="#ref-for-dfn-authenticated-8" title="Reference 3">(3)</a> <a href="#ref-for-dfn-authenticated-9" title="Reference 4">(4)</a> <a href="#ref-for-dfn-authenticated-10" title="Reference 5">(5)</a> <a href="#ref-for-dfn-authenticated-11" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-authenticated-12" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-cryptosuite" aria-label="Links in this document to definition: cryptographic suite"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-cryptosuite" aria-label="Permalink for definition: cryptographic suite. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-cryptosuite-1" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-decentralized-identifiers" aria-label="Links in this document to definition: decentralized identifier"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-decentralized-identifiers" aria-label="Permalink for definition: decentralized identifier. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-decentralized-identifiers-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-decentralized-identifiers-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-5" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-6" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-7" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-8" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-9" title="Reference 9">(9)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-10" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a> <a href="#ref-for-dfn-decentralized-identifiers-11" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-12" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-13" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a> <a href="#ref-for-dfn-decentralized-identifiers-14" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-15" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-16" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-17" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-decentralized-identifiers-18" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-19" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-20" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-21" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-22" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-23" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-24" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-25" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-26" title="Reference 10">(10)</a> <a href="#ref-for-dfn-decentralized-identifiers-27" title="Reference 11">(11)</a> <a href="#ref-for-dfn-decentralized-identifiers-28" title="Reference 12">(12)</a> <a href="#ref-for-dfn-decentralized-identifiers-29" title="Reference 13">(13)</a> <a href="#ref-for-dfn-decentralized-identifiers-30" title="Reference 14">(14)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-31" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-decentralized-identifiers-32" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-33" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-34" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-35" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-36" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-decentralized-identifiers-37" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-38" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-40" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-41" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-42" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-43" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-44" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-45" title="Reference 10">(10)</a> <a href="#ref-for-dfn-decentralized-identifiers-46" title="Reference 11">(11)</a> <a href="#ref-for-dfn-decentralized-identifiers-47" title="Reference 12">(12)</a> <a href="#ref-for-dfn-decentralized-identifiers-48" title="Reference 13">(13)</a> <a href="#ref-for-dfn-decentralized-identifiers-49" title="Reference 14">(14)</a> <a href="#ref-for-dfn-decentralized-identifiers-50" title="Reference 15">(15)</a> <a href="#ref-for-dfn-decentralized-identifiers-51" title="Reference 16">(16)</a> <a href="#ref-for-dfn-decentralized-identifiers-52" title="Reference 17">(17)</a> <a href="#ref-for-dfn-decentralized-identifiers-53" title="Reference 18">(18)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-54" title="§ 3. Identifier">§ 3. Identifier</a> <a href="#ref-for-dfn-decentralized-identifiers-55" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-56" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a> <a href="#ref-for-dfn-decentralized-identifiers-57" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-58" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-decentralized-identifiers-59" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-60" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-61" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-62" title="§ 5. Core Properties">§ 5. Core Properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-63" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-decentralized-identifiers-64" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-65" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-decentralized-identifiers-66" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-67" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-68" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-69" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-70" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-decentralized-identifiers-71" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-72" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-decentralized-identifiers-73" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-74" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-75" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-76" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-77" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-decentralized-identifiers-78" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-79" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-80" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-81" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-82" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-83" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-84" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-85" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-86" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-87" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-decentralized-identifiers-88" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-89" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> <a href="#ref-for-dfn-decentralized-identifiers-90" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-91" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-decentralized-identifiers-92" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-93" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-94" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> <a href="#ref-for-dfn-decentralized-identifiers-95" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-96" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-97" title="§ 9. Security Considerations">§ 9. Security Considerations</a> <a href="#ref-for-dfn-decentralized-identifiers-98" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-99" title="§ 9.2 Proving Control and Binding">§ 9.2 Proving Control and Binding</a> <a href="#ref-for-dfn-decentralized-identifiers-100" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-101" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> <a href="#ref-for-dfn-decentralized-identifiers-102" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-103" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-104" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-105" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a> <a href="#ref-for-dfn-decentralized-identifiers-106" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-107" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-108" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-109" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-110" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> <a href="#ref-for-dfn-decentralized-identifiers-111" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-112" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-113" title="§ 9.6 Key and Signature Expiration">§ 9.6 Key and Signature Expiration</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-114" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-115" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-116" title="§ Revocation Semantics">§ Revocation Semantics</a> <a href="#ref-for-dfn-decentralized-identifiers-117" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-118" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-119" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-120" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-121" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-122" title="§ 9.9 DID Recovery">§ 9.9 DID Recovery</a> <a href="#ref-for-dfn-decentralized-identifiers-123" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-124" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-125" title="§ 9.10 The Role of Human-Friendly Identifiers">§ 9.10 The Role of Human-Friendly Identifiers</a> <a href="#ref-for-dfn-decentralized-identifiers-126" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-127" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-128" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> <a href="#ref-for-dfn-decentralized-identifiers-129" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-130" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-131" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-132" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-133" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-134" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-135" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-136" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-decentralized-identifiers-137" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-138" title="§ 9.16 Persistence">§ 9.16 Persistence</a> <a href="#ref-for-dfn-decentralized-identifiers-139" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-140" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-141" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-142" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-143" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-144" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-145" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-146" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-147" title="Reference 10">(10)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-148" title="§ 10. Privacy Considerations">§ 10. Privacy Considerations</a> <a href="#ref-for-dfn-decentralized-identifiers-149" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-150" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-151" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-152" title="§ 10.2 DID Correlation Risks">§ 10.2 DID Correlation Risks</a> <a href="#ref-for-dfn-decentralized-identifiers-153" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-154" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-155" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-156" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-157" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-158" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-decentralized-identifiers-159" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-160" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-161" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-162" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-163" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-164" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> <a href="#ref-for-dfn-decentralized-identifiers-165" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-166" title="§ 10.5 Herd Privacy">§ 10.5 Herd Privacy</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-167" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-decentralized-identifiers-168" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-169" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-decentralized-identifiers-170" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-171" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-172" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-173" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> <a href="#ref-for-dfn-decentralized-identifiers-174" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-175" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-176" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-177" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-178" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-179" title="Reference 4">(4)</a> <a href="#ref-for-dfn-decentralized-identifiers-180" title="Reference 5">(5)</a> <a href="#ref-for-dfn-decentralized-identifiers-181" title="Reference 6">(6)</a> <a href="#ref-for-dfn-decentralized-identifiers-182" title="Reference 7">(7)</a> <a href="#ref-for-dfn-decentralized-identifiers-183" title="Reference 8">(8)</a> <a href="#ref-for-dfn-decentralized-identifiers-184" title="Reference 9">(9)</a> <a href="#ref-for-dfn-decentralized-identifiers-185" title="Reference 10">(10)</a> <a href="#ref-for-dfn-decentralized-identifiers-186" title="Reference 11">(11)</a> <a href="#ref-for-dfn-decentralized-identifiers-187" title="Reference 12">(12)</a> <a href="#ref-for-dfn-decentralized-identifiers-188" title="Reference 13">(13)</a> <a href="#ref-for-dfn-decentralized-identifiers-189" title="Reference 14">(14)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-190" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-decentralized-identifiers-191" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-192" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-193" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-194" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-195" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-196" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-197" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-198" title="§ B.8 Assigning DIDs to existing web resources">§ B.8 Assigning DIDs to existing web resources</a> <a href="#ref-for-dfn-decentralized-identifiers-199" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-200" title="Reference 3">(3)</a> <a href="#ref-for-dfn-decentralized-identifiers-201" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-202" title="§ B.9.1 Set #1: The DID subject is the DID controller">§ B.9.1 Set #1: The DID subject is the DID controller</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-203" title="§ B.9.2 Set #2: The DID subject is not the DID controller">§ B.9.2 Set #2: The DID subject is not the DID controller</a> <a href="#ref-for-dfn-decentralized-identifiers-204" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-205" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-206" title="§ B.10.1 Independent Control">§ B.10.1 Independent Control</a> | |
</li><li> | |
<a href="#ref-for-dfn-decentralized-identifiers-207" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> <a href="#ref-for-dfn-decentralized-identifiers-208" title="Reference 2">(2)</a> <a href="#ref-for-dfn-decentralized-identifiers-209" title="Reference 3">(3)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-decentralized-identity-management" aria-label="Links in this document to definition: decentralized identity management"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-decentralized-identity-management" aria-label="Permalink for definition: decentralized identity management. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-decentralized-identity-management-1" title="§ 5.4 Services">§ 5.4 Services</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-controllers" aria-label="Links in this document to definition: DID controller"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-controllers" aria-label="Permalink for definition: DID controller. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-controllers-1" title="§ Abstract">§ Abstract</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-2" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-3" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-4" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-controllers-5" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-6" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-7" title="§ Path">§ Path</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-8" title="§ 5.1 Identifiers">§ 5.1 Identifiers</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-9" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-did-controllers-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-11" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-12" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> <a href="#ref-for-dfn-did-controllers-13" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-14" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-controllers-15" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-16" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-17" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-controllers-18" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-19" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-20" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> <a href="#ref-for-dfn-did-controllers-21" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-22" title="§ Revocation Semantics">§ Revocation Semantics</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-23" title="§ 9.10 The Role of Human-Friendly Identifiers">§ 9.10 The Role of Human-Friendly Identifiers</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-24" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> <a href="#ref-for-dfn-did-controllers-25" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-26" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-27" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-controllers-28" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-controllers-29" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-30" title="§ 10. Privacy Considerations">§ 10. Privacy Considerations</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-31" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-32" title="§ 10.2 DID Correlation Risks">§ 10.2 DID Correlation Risks</a> <a href="#ref-for-dfn-did-controllers-33" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-34" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-35" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-36" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-controllers-37" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-38" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-39" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-40" title="§ B.9 The relationship between DID controllers and DID subjects">§ B.9 The relationship between DID controllers and DID subjects</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-41" title="§ B.9.1 Set #1: The DID subject is the DID controller">§ B.9.1 Set #1: The DID subject is the DID controller</a> <a href="#ref-for-dfn-did-controllers-42" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-43" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-44" title="§ B.9.2 Set #2: The DID subject is not the DID controller">§ B.9.2 Set #2: The DID subject is not the DID controller</a> <a href="#ref-for-dfn-did-controllers-45" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-46" title="§ B.10 Multiple DID controllers">§ B.10 Multiple DID controllers</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-47" title="§ B.10.1 Independent Control">§ B.10.1 Independent Control</a> <a href="#ref-for-dfn-did-controllers-48" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-49" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-50" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-51" title="§ B.10.2 Group Control">§ B.10.2 Group Control</a> <a href="#ref-for-dfn-did-controllers-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-53" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-54" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-controllers-55" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-controllers-56" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-controllers-57" title="Reference 7">(7)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-58" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-controllers-59" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> <a href="#ref-for-dfn-did-controllers-60" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-controllers-61" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-controllers-62" title="Reference 4">(4)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-delegate" aria-label="Links in this document to definition: DID delegate"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-delegate" aria-label="Permalink for definition: DID delegate. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-delegate-1" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-delegate-2" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-documents" aria-label="Links in this document to definition: DID document"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-documents" aria-label="Permalink for definition: DID document. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-documents-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-did-documents-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-3" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a> <a href="#ref-for-dfn-did-documents-4" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-5" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-6" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-documents-7" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-8" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-9" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-10" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-11" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-12" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-13" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-14" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-documents-15" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-documents-16" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-documents-17" title="Reference 12">(12)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-18" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-did-documents-19" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-20" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-21" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-22" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-23" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-documents-25" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-26" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-27" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-28" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-29" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-30" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-31" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-documents-32" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-documents-33" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-documents-34" title="Reference 12">(12)</a> <a href="#ref-for-dfn-did-documents-35" title="Reference 13">(13)</a> <a href="#ref-for-dfn-did-documents-36" title="Reference 14">(14)</a> <a href="#ref-for-dfn-did-documents-37" title="Reference 15">(15)</a> <a href="#ref-for-dfn-did-documents-38" title="Reference 16">(16)</a> <a href="#ref-for-dfn-did-documents-39" title="Reference 17">(17)</a> <a href="#ref-for-dfn-did-documents-40" title="Reference 18">(18)</a> <a href="#ref-for-dfn-did-documents-41" title="Reference 19">(19)</a> <a href="#ref-for-dfn-did-documents-42" title="Reference 20">(20)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-43" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-44" title="§ Fragment">§ Fragment</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-45" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-documents-46" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-47" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-48" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-49" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-50" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-51" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> <a href="#ref-for-dfn-did-documents-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-53" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-54" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-55" title="§ 4. Data Model">§ 4. Data Model</a> <a href="#ref-for-dfn-did-documents-56" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-57" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-58" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-59" title="§ 5. Core Properties">§ 5. Core Properties</a> <a href="#ref-for-dfn-did-documents-60" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-61" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-62" title="§ 5.1 Identifiers">§ 5.1 Identifiers</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-63" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-did-documents-64" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-65" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-66" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-67" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-68" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-did-documents-69" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-70" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-71" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-72" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-73" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> <a href="#ref-for-dfn-did-documents-74" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-75" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-76" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-77" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> <a href="#ref-for-dfn-did-documents-78" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-79" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a> <a href="#ref-for-dfn-did-documents-80" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-81" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-did-documents-82" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-83" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-84" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-85" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-86" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-documents-87" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-88" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-89" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-90" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-91" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-92" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> <a href="#ref-for-dfn-did-documents-93" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-94" title="§ 5.4 Services">§ 5.4 Services</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-95" title="§ 6. Representations">§ 6. Representations</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-96" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-did-documents-97" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-98" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-99" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-100" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-101" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-102" title="Reference 7">(7)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-103" title="§ 6.2.1 Production">§ 6.2.1 Production</a> <a href="#ref-for-dfn-did-documents-104" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-105" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-106" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-did-documents-107" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-108" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-109" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-110" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-did-documents-111" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-112" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-113" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a> <a href="#ref-for-dfn-did-documents-114" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-115" title="§ 7. Resolution">§ 7. Resolution</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-116" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-did-documents-117" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-118" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-119" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-120" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-121" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-122" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-123" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-124" title="Reference 9">(9)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-125" title="§ 7.1.1 DID Resolution Options">§ 7.1.1 DID Resolution Options</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-126" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-127" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-did-documents-128" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-129" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-130" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-131" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-132" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-documents-133" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-documents-134" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-documents-135" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-documents-136" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-documents-137" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-documents-138" title="Reference 12">(12)</a> <a href="#ref-for-dfn-did-documents-139" title="Reference 13">(13)</a> <a href="#ref-for-dfn-did-documents-140" title="Reference 14">(14)</a> <a href="#ref-for-dfn-did-documents-141" title="Reference 15">(15)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-142" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-documents-143" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-144" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-145" title="§ 8. Methods">§ 8. Methods</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-146" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-documents-147" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-148" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-149" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-150" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-151" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-152" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-153" title="§ 9.2 Proving Control and Binding">§ 9.2 Proving Control and Binding</a> <a href="#ref-for-dfn-did-documents-154" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-155" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> <a href="#ref-for-dfn-did-documents-156" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-157" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-158" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-159" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-160" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a> <a href="#ref-for-dfn-did-documents-161" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-162" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-163" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-164" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-165" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-did-documents-166" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-167" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-168" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-did-documents-169" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-170" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-171" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-172" title="§ Revocation Semantics">§ Revocation Semantics</a> <a href="#ref-for-dfn-did-documents-173" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-174" title="§ Revocation in Trustless Systems">§ Revocation in Trustless Systems</a> <a href="#ref-for-dfn-did-documents-175" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-176" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-177" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-178" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-179" title="§ 9.12 Immutability">§ 9.12 Immutability</a> <a href="#ref-for-dfn-did-documents-180" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-181" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-182" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-183" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-184" title="§ 9.13 Encrypted Data in DID Documents">§ 9.13 Encrypted Data in DID Documents</a> <a href="#ref-for-dfn-did-documents-185" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-186" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-187" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-188" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-189" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-did-documents-190" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-191" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-192" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-193" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-194" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-195" title="§ 9.15 Content Integrity Protection">§ 9.15 Content Integrity Protection</a> <a href="#ref-for-dfn-did-documents-196" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-197" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-198" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-199" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a> <a href="#ref-for-dfn-did-documents-200" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-201" title="§ 10. Privacy Considerations">§ 10. Privacy Considerations</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-202" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> <a href="#ref-for-dfn-did-documents-203" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-204" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-205" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-206" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-did-documents-207" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-208" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-209" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-210" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> <a href="#ref-for-dfn-did-documents-211" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-212" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-213" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-214" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-did-documents-215" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-216" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-217" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-218" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-documents-219" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-220" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-did-documents-221" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-222" title="§ Service Endpoint Alternatives">§ Service Endpoint Alternatives</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-223" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> <a href="#ref-for-dfn-did-documents-224" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-225" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-did-documents-226" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-227" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-documents-228" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-229" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-230" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-documents-231" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-232" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> <a href="#ref-for-dfn-did-documents-233" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-234" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-235" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-236" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-did-documents-237" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-238" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-239" title="§ B.8 Assigning DIDs to existing web resources">§ B.8 Assigning DIDs to existing web resources</a> <a href="#ref-for-dfn-did-documents-240" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-241" title="§ B.10 Multiple DID controllers">§ B.10 Multiple DID controllers</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-242" title="§ B.10.1 Independent Control">§ B.10.1 Independent Control</a> <a href="#ref-for-dfn-did-documents-243" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-244" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> <a href="#ref-for-dfn-did-documents-245" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-documents-246" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> <a href="#ref-for-dfn-did-documents-247" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-documents-248" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-documents-249" title="Reference 4">(4)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-fragments" aria-label="Links in this document to definition: DID fragment"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-fragments" aria-label="Permalink for definition: DID fragment. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-fragments-1" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-fragments-2" title="§ Fragment">§ Fragment</a> <a href="#ref-for-dfn-did-fragments-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-fragments-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-fragments-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-fragments-6" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-fragments-7" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-fragments-8" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-fragments-9" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-methods" aria-label="Links in this document to definition: DID method"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-methods" aria-label="Permalink for definition: DID method. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-methods-1" title="§ 1.1 A Simple Example">§ 1.1 A Simple Example</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-2" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-3" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-methods-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-5" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-6" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-7" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-8" title="§ 1.4 Conformance">§ 1.4 Conformance</a> <a href="#ref-for-dfn-did-methods-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-11" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-12" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-methods-13" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-14" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-15" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-16" title="§ 3. Identifier">§ 3. Identifier</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-17" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-18" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-19" title="§ Path">§ Path</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-20" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-methods-21" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-22" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-23" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-24" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-25" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-26" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-27" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-28" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-29" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-methods-30" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-31" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-32" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-33" title="§ 7. Resolution">§ 7. Resolution</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-34" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-35" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-36" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-did-methods-37" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-38" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-39" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-40" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-41" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-42" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-43" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-44" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-45" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-did-methods-46" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-47" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-48" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-49" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-50" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-51" title="Reference 7">(7)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-52" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> <a href="#ref-for-dfn-did-methods-53" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-54" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-55" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-56" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-57" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-58" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-59" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-methods-60" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-methods-61" title="Reference 10">(10)</a> <a href="#ref-for-dfn-did-methods-62" title="Reference 11">(11)</a> <a href="#ref-for-dfn-did-methods-63" title="Reference 12">(12)</a> <a href="#ref-for-dfn-did-methods-64" title="Reference 13">(13)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-65" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-methods-66" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-67" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-68" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-69" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-70" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-71" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-72" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-73" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> <a href="#ref-for-dfn-did-methods-74" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-75" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-76" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-77" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-methods-78" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-methods-79" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-methods-80" title="Reference 8">(8)</a> <a href="#ref-for-dfn-did-methods-81" title="Reference 9">(9)</a> <a href="#ref-for-dfn-did-methods-82" title="Reference 10">(10)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-83" title="§ 8.4 Privacy Requirements">§ 8.4 Privacy Requirements</a> <a href="#ref-for-dfn-did-methods-84" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-85" title="§ 9.1 Choosing DID Resolvers">§ 9.1 Choosing DID Resolvers</a> <a href="#ref-for-dfn-did-methods-86" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-87" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-88" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-89" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-90" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> <a href="#ref-for-dfn-did-methods-91" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-92" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-93" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-did-methods-94" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-95" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-96" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-did-methods-97" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-98" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-99" title="§ Revocation Semantics">§ Revocation Semantics</a> <a href="#ref-for-dfn-did-methods-100" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-101" title="§ Revocation in Trustless Systems">§ Revocation in Trustless Systems</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-102" title="§ 9.9 DID Recovery">§ 9.9 DID Recovery</a> <a href="#ref-for-dfn-did-methods-103" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-104" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-105" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-106" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-107" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> <a href="#ref-for-dfn-did-methods-108" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-109" title="§ 9.12 Immutability">§ 9.12 Immutability</a> <a href="#ref-for-dfn-did-methods-110" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-111" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-112" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-did-methods-113" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-114" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-115" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-116" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-117" title="§ 9.16 Persistence">§ 9.16 Persistence</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-118" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-119" title="§ 10.5 Herd Privacy">§ 10.5 Herd Privacy</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-120" title="§ Service Endpoint Alternatives">§ Service Endpoint Alternatives</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-121" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> <a href="#ref-for-dfn-did-methods-122" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-methods-123" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-methods-124" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-methods-125" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-126" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-did-methods-127" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-128" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-methods-129" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> <a href="#ref-for-dfn-did-methods-130" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-paths" aria-label="Links in this document to definition: DID path"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-paths" aria-label="Permalink for definition: DID path. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-paths-1" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-paths-2" title="§ Path">§ Path</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-paths-3" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-queries" aria-label="Links in this document to definition: DID query"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-queries" aria-label="Permalink for definition: DID query. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-queries-1" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-queries-2" title="§ Query">§ Query</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-queries-3" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-resolution" aria-label="Links in this document to definition: DID resolution"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-resolution" aria-label="Permalink for definition: DID resolution. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-resolution-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-resolution-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-3" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-resolution-4" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-5" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-6" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-7" title="§ 7. Resolution">§ 7. Resolution</a> <a href="#ref-for-dfn-did-resolution-8" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-9" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-did-resolution-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-resolution-11" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-12" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-13" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-resolution-14" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-15" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-16" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-17" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolution-18" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-resolution-19" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-resolvers" aria-label="Links in this document to definition: DID resolver"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-resolvers" aria-label="Permalink for definition: DID resolver. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-resolvers-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-3" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-4" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-resolvers-5" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-6" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-7" title="§ 7. Resolution">§ 7. Resolution</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-8" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-did-resolvers-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-resolvers-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-resolvers-11" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-12" title="§ 7.1.1 DID Resolution Options">§ 7.1.1 DID Resolution Options</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-13" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> <a href="#ref-for-dfn-did-resolvers-14" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-15" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-16" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-did-resolvers-17" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-18" title="§ 9.1 Choosing DID Resolvers">§ 9.1 Choosing DID Resolvers</a> <a href="#ref-for-dfn-did-resolvers-19" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-20" title="§ 9.6 Key and Signature Expiration">§ 9.6 Key and Signature Expiration</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-resolvers-21" title="§ 9.12 Immutability">§ 9.12 Immutability</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-schemes" aria-label="Links in this document to definition: DID scheme"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-schemes" aria-label="Permalink for definition: DID scheme. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-schemes-1" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-schemes-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-schemes-3" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-schemes-4" title="§ 8. Methods">§ 8. Methods</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-schemes-5" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-subjects" aria-label="Links in this document to definition: DID subject"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-subjects" aria-label="Permalink for definition: DID subject. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-subjects-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-did-subjects-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-4" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-5" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-subjects-6" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-7" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-8" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-subjects-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-11" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-12" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-subjects-13" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-subjects-14" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-subjects-15" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-16" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-17" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-18" title="§ 5. Core Properties">§ 5. Core Properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-19" title="§ 5.1 Identifiers">§ 5.1 Identifiers</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-20" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-did-subjects-21" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-22" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-did-subjects-23" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-24" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> <a href="#ref-for-dfn-did-subjects-25" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-26" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-27" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-28" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-did-subjects-29" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-30" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-31" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-did-subjects-32" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-33" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> <a href="#ref-for-dfn-did-subjects-34" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-35" title="§ 5.3.3 Key Agreement">§ 5.3.3 Key Agreement</a> <a href="#ref-for-dfn-did-subjects-36" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-37" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> <a href="#ref-for-dfn-did-subjects-38" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-39" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-40" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a> <a href="#ref-for-dfn-did-subjects-41" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-42" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-43" title="§ 5.4 Services">§ 5.4 Services</a> <a href="#ref-for-dfn-did-subjects-44" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-45" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-did-subjects-46" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-47" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-48" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-49" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-50" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-51" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-52" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-53" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> <a href="#ref-for-dfn-did-subjects-54" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-55" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-56" title="§ 10.2 DID Correlation Risks">§ 10.2 DID Correlation Risks</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-57" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> <a href="#ref-for-dfn-did-subjects-58" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-59" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-60" title="§ 10.5 Herd Privacy">§ 10.5 Herd Privacy</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-61" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-62" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-did-subjects-63" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-64" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-65" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-66" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-67" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> <a href="#ref-for-dfn-did-subjects-68" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-69" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-70" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-71" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-subjects-72" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-73" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> <a href="#ref-for-dfn-did-subjects-74" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-75" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-76" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-77" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-subjects-78" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-79" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> <a href="#ref-for-dfn-did-subjects-80" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-81" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-82" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-did-subjects-83" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-84" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-subjects-85" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-subjects-86" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-87" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> <a href="#ref-for-dfn-did-subjects-88" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-89" title="§ B.9 The relationship between DID controllers and DID subjects">§ B.9 The relationship between DID controllers and DID subjects</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-90" title="§ B.9.1 Set #1: The DID subject is the DID controller">§ B.9.1 Set #1: The DID subject is the DID controller</a> <a href="#ref-for-dfn-did-subjects-91" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-subjects-92" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-93" title="§ B.9.2 Set #2: The DID subject is not the DID controller">§ B.9.2 Set #2: The DID subject is not the DID controller</a> <a href="#ref-for-dfn-did-subjects-94" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-95" title="§ B.10.2 Group Control">§ B.10.2 Group Control</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-subjects-96" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> <a href="#ref-for-dfn-did-subjects-97" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-urls" aria-label="Links in this document to definition: DID URL"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-urls" aria-label="Permalink for definition: DID URL. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-urls-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-urls-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-3" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-did-urls-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-5" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-6" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-7" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-urls-8" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-urls-9" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-urls-10" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-11" title="§ 3. Identifier">§ 3. Identifier</a> <a href="#ref-for-dfn-did-urls-12" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-13" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> <a href="#ref-for-dfn-did-urls-14" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-15" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-16" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-did-urls-17" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-18" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-19" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-20" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-21" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> <a href="#ref-for-dfn-did-urls-22" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-23" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-24" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-25" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-urls-26" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-27" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-urls-28" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-urls-29" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-urls-30" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-urls-31" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-urls-32" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-urls-33" title="Reference 7">(7)</a> <a href="#ref-for-dfn-did-urls-34" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-35" title="§ 7.2.2 DID URL Dereferencing Metadata">§ 7.2.2 DID URL Dereferencing Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-36" title="§ 9.11 DIDs as Enhanced URNs">§ 9.11 DIDs as Enhanced URNs</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-urls-37" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-url-dereferencing" aria-label="Links in this document to definition: DID URL dereferencing"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-url-dereferencing" aria-label="Permalink for definition: DID URL dereferencing. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-url-dereferencing-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-did-url-dereferencing-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencing-3" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencing-4" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencing-5" title="§ 7. Resolution">§ 7. Resolution</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencing-6" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-did-url-dereferencing-7" title="Reference 2">(2)</a> <a href="#ref-for-dfn-did-url-dereferencing-8" title="Reference 3">(3)</a> <a href="#ref-for-dfn-did-url-dereferencing-9" title="Reference 4">(4)</a> <a href="#ref-for-dfn-did-url-dereferencing-10" title="Reference 5">(5)</a> <a href="#ref-for-dfn-did-url-dereferencing-11" title="Reference 6">(6)</a> <a href="#ref-for-dfn-did-url-dereferencing-12" title="Reference 7">(7)</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencing-13" title="§ 7.2.1 DID URL Dereferencing Options">§ 7.2.1 DID URL Dereferencing Options</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencing-14" title="§ 7.2.2 DID URL Dereferencing Metadata">§ 7.2.2 DID URL Dereferencing Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencing-15" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-did-url-dereferencers" aria-label="Links in this document to definition: DID URL dereferencer"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-did-url-dereferencers" aria-label="Permalink for definition: DID URL dereferencer. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-did-url-dereferencers-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> | |
</li><li> | |
</li><li> | |
<a href="#ref-for-dfn-did-url-dereferencers-3" title="§ 7.2.2 DID URL Dereferencing Metadata">§ 7.2.2 DID URL Dereferencing Metadata</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-distributed-ledger-technology" aria-label="Links in this document to definition: distributed ledger"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-distributed-ledger-technology" aria-label="Permalink for definition: distributed ledger. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-distributed-ledger-technology-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> | |
</li><li> | |
<a href="#ref-for-dfn-distributed-ledger-technology-2" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-distributed-ledger-technology-3" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> <a href="#ref-for-dfn-distributed-ledger-technology-4" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-distributed-ledger-technology-5" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-public-key-description" aria-label="Links in this document to definition: public key description"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-public-key-description" aria-label="Permalink for definition: public key description. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-resources" aria-label="Links in this document to definition: resource"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-resources" aria-label="Permalink for definition: resource. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-resources-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-resources-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-resources-3" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-resources-4" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-resources-5" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-resources-6" title="§ Fragment">§ Fragment</a> | |
</li><li> | |
<a href="#ref-for-dfn-resources-7" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> <a href="#ref-for-dfn-resources-8" title="Reference 2">(2)</a> <a href="#ref-for-dfn-resources-9" title="Reference 3">(3)</a> <a href="#ref-for-dfn-resources-10" title="Reference 4">(4)</a> <a href="#ref-for-dfn-resources-11" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-resources-12" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> | |
</li><li> | |
<a href="#ref-for-dfn-resources-13" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a> | |
</li><li> | |
<a href="#ref-for-dfn-resources-14" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> <a href="#ref-for-dfn-resources-15" title="Reference 2">(2)</a> <a href="#ref-for-dfn-resources-16" title="Reference 3">(3)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-representations" aria-label="Links in this document to definition: representation"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-representations" aria-label="Permalink for definition: representation. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-representations-1" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-representations-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-3" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-4" title="§ Fragment">§ Fragment</a> <a href="#ref-for-dfn-representations-5" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-6" title="§ 4. Data Model">§ 4. Data Model</a> <a href="#ref-for-dfn-representations-7" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-8" title="§ 4.1 Extensibility">§ 4.1 Extensibility</a> <a href="#ref-for-dfn-representations-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-11" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-12" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-13" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-14" title="§ 6. Representations">§ 6. Representations</a> <a href="#ref-for-dfn-representations-15" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-16" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-17" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-18" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-19" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representations-20" title="Reference 7">(7)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-21" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-representations-22" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-23" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-24" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-25" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-26" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representations-27" title="Reference 7">(7)</a> <a href="#ref-for-dfn-representations-28" title="Reference 8">(8)</a> <a href="#ref-for-dfn-representations-29" title="Reference 9">(9)</a> <a href="#ref-for-dfn-representations-30" title="Reference 10">(10)</a> <a href="#ref-for-dfn-representations-31" title="Reference 11">(11)</a> <a href="#ref-for-dfn-representations-32" title="Reference 12">(12)</a> <a href="#ref-for-dfn-representations-33" title="Reference 13">(13)</a> <a href="#ref-for-dfn-representations-34" title="Reference 14">(14)</a> <a href="#ref-for-dfn-representations-35" title="Reference 15">(15)</a> <a href="#ref-for-dfn-representations-36" title="Reference 16">(16)</a> <a href="#ref-for-dfn-representations-37" title="Reference 17">(17)</a> <a href="#ref-for-dfn-representations-38" title="Reference 18">(18)</a> <a href="#ref-for-dfn-representations-39" title="Reference 19">(19)</a> <a href="#ref-for-dfn-representations-40" title="Reference 20">(20)</a> <a href="#ref-for-dfn-representations-41" title="Reference 21">(21)</a> <a href="#ref-for-dfn-representations-42" title="Reference 22">(22)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-43" title="§ 6.2 JSON">§ 6.2 JSON</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-44" title="§ 6.2.1 Production">§ 6.2.1 Production</a> <a href="#ref-for-dfn-representations-45" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-46" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-representations-47" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-48" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-49" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a> <a href="#ref-for-dfn-representations-50" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-51" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-representations-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-53" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-54" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representations-55" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representations-56" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representations-57" title="Reference 7">(7)</a> <a href="#ref-for-dfn-representations-58" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-59" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a> <a href="#ref-for-dfn-representations-60" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-61" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representations-62" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-63" title="§ 7. Resolution">§ 7. Resolution</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-64" title="§ 7.1.1 DID Resolution Options">§ 7.1.1 DID Resolution Options</a> <a href="#ref-for-dfn-representations-65" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representations-66" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-67" title="§ 7.1.2 DID Resolution Metadata">§ 7.1.2 DID Resolution Metadata</a> <a href="#ref-for-dfn-representations-68" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-69" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-70" title="§ 7.2.1 DID URL Dereferencing Options">§ 7.2.1 DID URL Dereferencing Options</a> <a href="#ref-for-dfn-representations-71" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-72" title="§ 7.3 Metadata Structure">§ 7.3 Metadata Structure</a> | |
</li><li> | |
<a href="#ref-for-dfn-representations-73" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-representation-specific-entry" aria-label="Links in this document to definition: representation-specific entries"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-representation-specific-entry" aria-label="Permalink for definition: representation-specific entries. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-representation-specific-entry-1" title="§ 4. Data Model">§ 4. Data Model</a> | |
</li><li> | |
<a href="#ref-for-dfn-representation-specific-entry-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-representation-specific-entry-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-representation-specific-entry-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-representation-specific-entry-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-representation-specific-entry-6" title="Reference 5">(5)</a> <a href="#ref-for-dfn-representation-specific-entry-7" title="Reference 6">(6)</a> <a href="#ref-for-dfn-representation-specific-entry-8" title="Reference 7">(7)</a> <a href="#ref-for-dfn-representation-specific-entry-9" title="Reference 8">(8)</a> | |
</li><li> | |
<a href="#ref-for-dfn-representation-specific-entry-10" title="§ 6.2.1 Production">§ 6.2.1 Production</a> | |
</li><li> | |
<a href="#ref-for-dfn-representation-specific-entry-11" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a> | |
</li><li> | |
<a href="#ref-for-dfn-representation-specific-entry-12" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-representation-specific-entry-13" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-service" aria-label="Links in this document to definition: services"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-service" aria-label="Permalink for definition: services. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-service-1" title="§ Abstract">§ Abstract</a> <a href="#ref-for-dfn-service-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-3" title="§ 1.2 Design Goals">§ 1.2 Design Goals</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-4" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-5" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-6" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-7" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-8" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-9" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-10" title="§ 5.4 Services">§ 5.4 Services</a> <a href="#ref-for-dfn-service-11" title="Reference 2">(2)</a> <a href="#ref-for-dfn-service-12" title="Reference 3">(3)</a> <a href="#ref-for-dfn-service-13" title="Reference 4">(4)</a> <a href="#ref-for-dfn-service-14" title="Reference 5">(5)</a> <a href="#ref-for-dfn-service-15" title="Reference 6">(6)</a> <a href="#ref-for-dfn-service-16" title="Reference 7">(7)</a> <a href="#ref-for-dfn-service-17" title="Reference 8">(8)</a> <a href="#ref-for-dfn-service-18" title="Reference 9">(9)</a> <a href="#ref-for-dfn-service-19" title="Reference 10">(10)</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-20" title="§ 8.3 Security Requirements">§ 8.3 Security Requirements</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-21" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-22" title="§ 9.12 Immutability">§ 9.12 Immutability</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-23" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-service-24" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-25" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-26" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-service-endpoints" aria-label="Links in this document to definition: service endpoint"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-service-endpoints" aria-label="Permalink for definition: service endpoint. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-service-endpoints-1" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-2" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-3" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-4" title="§ 9.3 Authentication Service Endpoints">§ 9.3 Authentication Service Endpoints</a> <a href="#ref-for-dfn-service-endpoints-5" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-6" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-7" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> <a href="#ref-for-dfn-service-endpoints-8" title="Reference 2">(2)</a> <a href="#ref-for-dfn-service-endpoints-9" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-10" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-service-endpoints-11" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-12" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> <a href="#ref-for-dfn-service-endpoints-13" title="Reference 2">(2)</a> <a href="#ref-for-dfn-service-endpoints-14" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-service-endpoints-15" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> <a href="#ref-for-dfn-service-endpoints-16" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-uri" aria-label="Links in this document to definition: Uniform Resource Identifier"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-uri" aria-label="Permalink for definition: Uniform Resource Identifier. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-uri-1" title="§ Abstract">§ Abstract</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-2" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> <a href="#ref-for-dfn-uri-3" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-4" title="§ 1.4 Conformance">§ 1.4 Conformance</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-5" title="§ 3.1 DID Syntax">§ 3.1 DID Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-6" title="§ Path">§ Path</a> <a href="#ref-for-dfn-uri-7" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-8" title="§ Query">§ Query</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-9" title="§ Fragment">§ Fragment</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-10" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-11" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-12" title="§ Service properties">§ Service properties</a> <a href="#ref-for-dfn-uri-13" title="Reference 2">(2)</a> <a href="#ref-for-dfn-uri-14" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-15" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> <a href="#ref-for-dfn-uri-16" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-17" title="§ 5.4 Services">§ 5.4 Services</a> <a href="#ref-for-dfn-uri-18" title="Reference 2">(2)</a> <a href="#ref-for-dfn-uri-19" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-20" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-uri-21" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-22" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-23" title="§ Maintaining Herd Privacy">§ Maintaining Herd Privacy</a> <a href="#ref-for-dfn-uri-24" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-25" title="§ B.4 Referring to the DID document">§ B.4 Referring to the DID document</a> | |
</li><li> | |
<a href="#ref-for-dfn-uri-26" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verifiable-credentials" aria-label="Links in this document to definition: verifiable credential"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-verifiable-credentials" aria-label="Permalink for definition: verifiable credential. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-verifiable-credentials-1" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-credentials-2" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> <a href="#ref-for-dfn-verifiable-credentials-3" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-credentials-4" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verifiable-data-registry" aria-label="Links in this document to definition: verifiable data registry"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-verifiable-data-registry" aria-label="Permalink for definition: verifiable data registry. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-verifiable-data-registry-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-2" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-3" title="§ 8. Methods">§ 8. Methods</a> <a href="#ref-for-dfn-verifiable-data-registry-4" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-5" title="§ 8.1 Method Syntax">§ 8.1 Method Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-6" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-7" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-8" title="§ 9.5 Notification of DID Document Changes">§ 9.5 Notification of DID Document Changes</a> <a href="#ref-for-dfn-verifiable-data-registry-9" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-10" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-11" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-12" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-13" title="§ Service Endpoint Alternatives">§ Service Endpoint Alternatives</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-14" title="§ B.2 Creation of a DID">§ B.2 Creation of a DID</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-data-registry-15" title="§ B.7 Serving a representation of the DID subject">§ B.7 Serving a representation of the DID subject</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verifiable-timestamp" aria-label="Links in this document to definition: verifiable timestamp"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-verifiable-timestamp" aria-label="Permalink for definition: verifiable timestamp. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-verifiable-timestamp-1" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> | |
</li><li> | |
<a href="#ref-for-dfn-verifiable-timestamp-2" title="§ 9.4 Non-Repudiation">§ 9.4 Non-Repudiation</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verification-method" aria-label="Links in this document to definition: verification method"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-verification-method" aria-label="Permalink for definition: verification method. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-verification-method-1" title="§ Abstract">§ Abstract</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-2" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-3" title="§ 2. Terminology">§ 2. Terminology</a> <a href="#ref-for-dfn-verification-method-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-5" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-6" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-7" title="§ 3.2 DID URL Syntax">§ 3.2 DID URL Syntax</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-8" title="§ 3.2.2 Relative DID URLs">§ 3.2.2 Relative DID URLs</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-9" title="§ DID Document properties">§ DID Document properties</a> <a href="#ref-for-dfn-verification-method-10" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-11" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> <a href="#ref-for-dfn-verification-method-12" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-13" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-14" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> <a href="#ref-for-dfn-verification-method-15" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-16" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-17" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-18" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-19" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-20" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-method-21" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-method-22" title="Reference 9">(9)</a> <a href="#ref-for-dfn-verification-method-23" title="Reference 10">(10)</a> <a href="#ref-for-dfn-verification-method-24" title="Reference 11">(11)</a> <a href="#ref-for-dfn-verification-method-25" title="Reference 12">(12)</a> <a href="#ref-for-dfn-verification-method-26" title="Reference 13">(13)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-27" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> <a href="#ref-for-dfn-verification-method-28" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-29" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-30" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-31" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-32" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-33" title="Reference 7">(7)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-34" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a> <a href="#ref-for-dfn-verification-method-35" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-36" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-37" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-38" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-39" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-40" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-verification-method-41" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-42" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-43" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-44" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-45" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-46" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-verification-method-47" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-48" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-49" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-50" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-51" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> <a href="#ref-for-dfn-verification-method-52" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-53" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-54" title="§ 5.3.3 Key Agreement">§ 5.3.3 Key Agreement</a> <a href="#ref-for-dfn-verification-method-55" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-56" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-57" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> <a href="#ref-for-dfn-verification-method-58" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-59" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-60" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-61" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a> <a href="#ref-for-dfn-verification-method-62" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-63" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-64" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> <a href="#ref-for-dfn-verification-method-65" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-66" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-67" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-verification-method-68" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-69" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-70" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-71" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-72" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-73" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-method-74" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-method-75" title="Reference 9">(9)</a> <a href="#ref-for-dfn-verification-method-76" title="Reference 10">(10)</a> <a href="#ref-for-dfn-verification-method-77" title="Reference 11">(11)</a> <a href="#ref-for-dfn-verification-method-78" title="Reference 12">(12)</a> <a href="#ref-for-dfn-verification-method-79" title="Reference 13">(13)</a> <a href="#ref-for-dfn-verification-method-80" title="Reference 14">(14)</a> <a href="#ref-for-dfn-verification-method-81" title="Reference 15">(15)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-82" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-verification-method-83" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-method-84" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-method-85" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-method-86" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-method-87" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-method-88" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-method-89" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-method-90" title="Reference 9">(9)</a> <a href="#ref-for-dfn-verification-method-91" title="Reference 10">(10)</a> <a href="#ref-for-dfn-verification-method-92" title="Reference 11">(11)</a> <a href="#ref-for-dfn-verification-method-93" title="Reference 12">(12)</a> <a href="#ref-for-dfn-verification-method-94" title="Reference 13">(13)</a> <a href="#ref-for-dfn-verification-method-95" title="Reference 14">(14)</a> <a href="#ref-for-dfn-verification-method-96" title="Reference 15">(15)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-97" title="§ Revocation Semantics">§ Revocation Semantics</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-98" title="§ Revocation in Trustless Systems">§ Revocation in Trustless Systems</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-99" title="§ 9.16 Persistence">§ 9.16 Persistence</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-100" title="§ 10.1 Keep Personal Data Private">§ 10.1 Keep Personal Data Private</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-101" title="§ 10.3 DID Document Correlation Risks">§ 10.3 DID Document Correlation Risks</a> <a href="#ref-for-dfn-verification-method-102" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-103" title="§ 10.4 DID Subject Classification">§ 10.4 DID Subject Classification</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-104" title="§ A.1 DID Documents">§ A.1 DID Documents</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-method-105" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> <a href="#ref-for-dfn-verification-method-106" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verification-relationship" aria-label="Links in this document to definition: verification relationship"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-verification-relationship" aria-label="Permalink for definition: verification relationship. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-verification-relationship-1" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-2" title="§ 5.2.2 Referring to Verification Methods">§ 5.2.2 Referring to Verification Methods</a> <a href="#ref-for-dfn-verification-relationship-3" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-4" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> <a href="#ref-for-dfn-verification-relationship-5" title="Reference 2">(2)</a> <a href="#ref-for-dfn-verification-relationship-6" title="Reference 3">(3)</a> <a href="#ref-for-dfn-verification-relationship-7" title="Reference 4">(4)</a> <a href="#ref-for-dfn-verification-relationship-8" title="Reference 5">(5)</a> <a href="#ref-for-dfn-verification-relationship-9" title="Reference 6">(6)</a> <a href="#ref-for-dfn-verification-relationship-10" title="Reference 7">(7)</a> <a href="#ref-for-dfn-verification-relationship-11" title="Reference 8">(8)</a> <a href="#ref-for-dfn-verification-relationship-12" title="Reference 9">(9)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-13" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-verification-relationship-14" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-15" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-16" title="§ 5.3.3 Key Agreement">§ 5.3.3 Key Agreement</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-17" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-18" title="§ 5.3.5 Capability Delegation">§ 5.3.5 Capability Delegation</a> <a href="#ref-for-dfn-verification-relationship-19" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-20" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-21" title="§ Proving Control of a DID and/or DID Document">§ Proving Control of a DID and/or DID Document</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-22" title="§ Binding to Physical Identity">§ Binding to Physical Identity</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-23" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> | |
</li><li> | |
<a href="#ref-for-dfn-verification-relationship-24" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-uuid" aria-label="Links in this document to definition: Universally Unique Identifier"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-uuid" aria-label="Permalink for definition: Universally Unique Identifier. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-uuid-1" title="§ 3.2.1 DID Parameters">§ 3.2.1 DID Parameters</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-datetime" aria-label="Links in this document to definition: datetime"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-datetime" aria-label="Permalink for definition: datetime. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-datetime-1" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-datetime-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-datetime-3" title="§ 6.2.1 Production">§ 6.2.1 Production</a> | |
</li><li> | |
<a href="#ref-for-dfn-datetime-4" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-datetime-5" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-integer" aria-label="Links in this document to definition: integer"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-integer" aria-label="Permalink for definition: integer. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-integer-1" title="§ 6.2.1 Production">§ 6.2.1 Production</a> | |
</li><li> | |
<a href="#ref-for-dfn-integer-2" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-double" aria-label="Links in this document to definition: double"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-double" aria-label="Permalink for definition: double. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-double-1" title="§ 6.2.1 Production">§ 6.2.1 Production</a> | |
</li><li> | |
<a href="#ref-for-dfn-double-2" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> <a href="#ref-for-dfn-double-3" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-id" aria-label="Links in this document to definition: id"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-id" aria-label="Permalink for definition: id. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-id-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-2" title="§ 5.1.1 DID Subject">§ 5.1.1 DID Subject</a> <a href="#ref-for-dfn-id-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-id-4" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-5" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-6" title="§ 5.4 Services">§ 5.4 Services</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-7" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-8" title="§ 9.12 Immutability">§ 9.12 Immutability</a> <a href="#ref-for-dfn-id-9" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-10" title="§ B.3 Determining the DID subject">§ B.3 Determining the DID subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-11" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> <a href="#ref-for-dfn-id-12" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-id-13" title="§ B.11 Changing the DID subject">§ B.11 Changing the DID subject</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-controller" aria-label="Links in this document to definition: controller"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-controller" aria-label="Permalink for definition: controller. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-controller-1" title="§ 1.3 Architecture Overview">§ 1.3 Architecture Overview</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-2" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-3" title="§ Verification Method properties">§ Verification Method properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-4" title="§ 5.1.2 DID Controller">§ 5.1.2 DID Controller</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-5" title="§ 5.2 Verification Methods">§ 5.2 Verification Methods</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-6" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-7" title="§ 9.7 Verification Method Rotation">§ 9.7 Verification Method Rotation</a> <a href="#ref-for-dfn-controller-8" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-9" title="§ 9.8 Verification Method Revocation">§ 9.8 Verification Method Revocation</a> <a href="#ref-for-dfn-controller-10" title="Reference 2">(2)</a> <a href="#ref-for-dfn-controller-11" title="Reference 3">(3)</a> <a href="#ref-for-dfn-controller-12" title="Reference 4">(4)</a> <a href="#ref-for-dfn-controller-13" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-14" title="§ 9.9 DID Recovery">§ 9.9 DID Recovery</a> <a href="#ref-for-dfn-controller-15" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-16" title="§ 9.16 Persistence">§ 9.16 Persistence</a> <a href="#ref-for-dfn-controller-17" title="Reference 2">(2)</a> <a href="#ref-for-dfn-controller-18" title="Reference 3">(3)</a> <a href="#ref-for-dfn-controller-19" title="Reference 4">(4)</a> <a href="#ref-for-dfn-controller-20" title="Reference 5">(5)</a> <a href="#ref-for-dfn-controller-21" title="Reference 6">(6)</a> <a href="#ref-for-dfn-controller-22" title="Reference 7">(7)</a> <a href="#ref-for-dfn-controller-23" title="Reference 8">(8)</a> <a href="#ref-for-dfn-controller-24" title="Reference 9">(9)</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-25" title="§ 10.6 Service Privacy">§ 10.6 Service Privacy</a> | |
</li><li> | |
<a href="#ref-for-dfn-controller-26" title="§ B.12 Changing the DID controller">§ B.12 Changing the DID controller</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-alsoknownas" aria-label="Links in this document to definition: alsoKnownAs"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-alsoknownas" aria-label="Permalink for definition: alsoKnownAs. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-alsoknownas-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-alsoknownas-2" title="§ 5.1.3 Also Known As">§ 5.1.3 Also Known As</a> <a href="#ref-for-dfn-alsoknownas-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-alsoknownas-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-alsoknownas-5" title="Reference 4">(4)</a> | |
</li><li> | |
<a href="#ref-for-dfn-alsoknownas-6" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> | |
</li><li> | |
<a href="#ref-for-dfn-alsoknownas-7" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-alsoknownas-8" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-alsoknownas-9" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> | |
</li><li> | |
<a href="#ref-for-dfn-alsoknownas-10" title="§ B.6 Discovering more information about the DID subject">§ B.6 Discovering more information about the DID subject</a> | |
</li><li> | |
<a href="#ref-for-dfn-alsoknownas-11" title="§ B.8 Assigning DIDs to existing web resources">§ B.8 Assigning DIDs to existing web resources</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-verificationmethod" aria-label="Links in this document to definition: verificationMethod"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-verificationmethod" aria-label="Permalink for definition: verificationMethod. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-verificationmethod-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-verificationmethod-2" title="§ B.5 Statements in the DID document">§ B.5 Statements in the DID document</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-publickeyjwk" aria-label="Links in this document to definition: publicKeyJwk"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-publickeyjwk" aria-label="Permalink for definition: publicKeyJwk. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-publickeyjwk-1" title="§ Verification Method properties">§ Verification Method properties</a> <a href="#ref-for-dfn-publickeyjwk-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-publickeyjwk-3" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-publickeymultibase" aria-label="Links in this document to definition: publicKeyMultibase"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-publickeymultibase" aria-label="Permalink for definition: publicKeyMultibase. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-publickeymultibase-1" title="§ Verification Method properties">§ Verification Method properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-publickeymultibase-2" title="§ 5.2.1 Verification Material">§ 5.2.1 Verification Material</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-authentication" aria-label="Links in this document to definition: authentication"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-authentication" aria-label="Permalink for definition: authentication. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-authentication-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-authentication-2" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> | |
</li><li> | |
<a href="#ref-for-dfn-authentication-3" title="§ 5.3.1 Authentication">§ 5.3.1 Authentication</a> <a href="#ref-for-dfn-authentication-4" title="Reference 2">(2)</a> <a href="#ref-for-dfn-authentication-5" title="Reference 3">(3)</a> | |
</li><li> | |
<a href="#ref-for-dfn-authentication-6" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> | |
</li><li> | |
<a href="#ref-for-dfn-authentication-7" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-assertionmethod" aria-label="Links in this document to definition: assertionMethod"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-assertionmethod" aria-label="Permalink for definition: assertionMethod. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-assertionmethod-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-assertionmethod-2" title="§ 5.3.2 Assertion">§ 5.3.2 Assertion</a> | |
</li><li> | |
<a href="#ref-for-dfn-assertionmethod-3" title="§ 9.17 Level of Assurance">§ 9.17 Level of Assurance</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-keyagreement" aria-label="Links in this document to definition: keyAgreement"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-keyagreement" aria-label="Permalink for definition: keyAgreement. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-keyagreement-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-keyagreement-2" title="§ 5.3 Verification Relationships">§ 5.3 Verification Relationships</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-capabilityinvocation" aria-label="Links in this document to definition: capabilityInvocation"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-capabilityinvocation" aria-label="Permalink for definition: capabilityInvocation. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-capabilityinvocation-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-capabilityinvocation-2" title="§ 5.3.4 Capability Invocation">§ 5.3.4 Capability Invocation</a> | |
</li><li> | |
<a href="#ref-for-dfn-capabilityinvocation-3" title="§ 8.2 Method Operations">§ 8.2 Method Operations</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-capabilitydelegation" aria-label="Links in this document to definition: capabilityDelegation"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-capabilitydelegation" aria-label="Permalink for definition: capabilityDelegation. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-capabilitydelegation-1" title="§ DID Document properties">§ DID Document properties</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-serviceendpoint" aria-label="Links in this document to definition: serviceEndpoint"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-serviceendpoint" aria-label="Permalink for definition: serviceEndpoint. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-serviceendpoint-1" title="§ Service properties">§ Service properties</a> | |
</li><li> | |
<a href="#ref-for-dfn-serviceendpoint-2" title="§ 5.4 Services">§ 5.4 Services</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-production" aria-label="Links in this document to definition: production"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-production" aria-label="Permalink for definition: production. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-production-1" title="§ 6. Representations">§ 6. Representations</a> | |
</li><li> | |
<a href="#ref-for-dfn-production-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-production-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-production-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-production-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-production-6" title="Reference 5">(5)</a> | |
</li><li> | |
<a href="#ref-for-dfn-production-7" title="§ 6.2 JSON">§ 6.2 JSON</a> | |
</li><li> | |
<a href="#ref-for-dfn-production-8" title="§ 6.2.1 Production">§ 6.2.1 Production</a> | |
</li><li> | |
<a href="#ref-for-dfn-production-9" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a> | |
</li><li> | |
<a href="#ref-for-dfn-production-10" title="§ 6.3.1 Production">§ 6.3.1 Production</a> <a href="#ref-for-dfn-production-11" title="Reference 2">(2)</a> <a href="#ref-for-dfn-production-12" title="Reference 3">(3)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-consumption" aria-label="Links in this document to definition: consumption"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-consumption" aria-label="Permalink for definition: consumption. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-consumption-1" title="§ 6. Representations">§ 6. Representations</a> | |
</li><li> | |
<a href="#ref-for-dfn-consumption-2" title="§ 6.1 Production and Consumption">§ 6.1 Production and Consumption</a> <a href="#ref-for-dfn-consumption-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-consumption-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-consumption-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-consumption-6" title="Reference 5">(5)</a> <a href="#ref-for-dfn-consumption-7" title="Reference 6">(6)</a> | |
</li><li> | |
<a href="#ref-for-dfn-consumption-8" title="§ 6.2 JSON">§ 6.2 JSON</a> | |
</li><li> | |
<a href="#ref-for-dfn-consumption-9" title="§ 6.2.2 Consumption">§ 6.2.2 Consumption</a> | |
</li><li> | |
<a href="#ref-for-dfn-consumption-10" title="§ 6.3 JSON-LD">§ 6.3 JSON-LD</a> | |
</li><li> | |
<a href="#ref-for-dfn-consumption-11" title="§ 6.3.2 Consumption">§ 6.3.2 Consumption</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-context" aria-label="Links in this document to definition: @context"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-context" aria-label="Permalink for definition: @context. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-context-1" title="§ 2. Terminology">§ 2. Terminology</a> | |
</li><li> | |
<a href="#ref-for-dfn-context-2" title="§ 6.3.1 Production">§ 6.3.1 Production</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-didresolutionmetadata" aria-label="Links in this document to definition: didResolutionMetadata"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-didresolutionmetadata" aria-label="Permalink for definition: didResolutionMetadata. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-didresolutionmetadata-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-didresolutionmetadata-2" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-diddocument" aria-label="Links in this document to definition: didDocument"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-diddocument" aria-label="Permalink for definition: didDocument. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-diddocument-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-diddocumentstream" aria-label="Links in this document to definition: didDocumentStream"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-diddocumentstream" aria-label="Permalink for definition: didDocumentStream. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-diddocumentstream-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-diddocumentmetadata" aria-label="Links in this document to definition: didDocumentMetadata"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-diddocumentmetadata" aria-label="Permalink for definition: didDocumentMetadata. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-diddocumentmetadata-1" title="§ 7.1 DID Resolution">§ 7.1 DID Resolution</a> <a href="#ref-for-dfn-diddocumentmetadata-2" title="Reference 2">(2)</a> | |
</li><li> | |
<a href="#ref-for-dfn-diddocumentmetadata-3" title="§ 7.2 DID URL Dereferencing">§ 7.2 DID URL Dereferencing</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-equivalentid" aria-label="Links in this document to definition: equivalentId"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-equivalentid" aria-label="Permalink for definition: equivalentId. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-equivalentid-1" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-equivalentid-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-equivalentid-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-equivalentid-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-equivalentid-5" title="Reference 5">(5)</a> <a href="#ref-for-dfn-equivalentid-6" title="Reference 6">(6)</a> <a href="#ref-for-dfn-equivalentid-7" title="Reference 7">(7)</a> <a href="#ref-for-dfn-equivalentid-8" title="Reference 8">(8)</a> <a href="#ref-for-dfn-equivalentid-9" title="Reference 9">(9)</a> <a href="#ref-for-dfn-equivalentid-10" title="Reference 10">(10)</a> <a href="#ref-for-dfn-equivalentid-11" title="Reference 11">(11)</a> <a href="#ref-for-dfn-equivalentid-12" title="Reference 12">(12)</a> | |
</li><li> | |
<a href="#ref-for-dfn-equivalentid-13" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-equivalentid-14" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-canonicalid" aria-label="Links in this document to definition: canonicalId"> | |
<span class="caret"></span> | |
<div> | |
<a class="self-link" href="#dfn-canonicalid" aria-label="Permalink for definition: canonicalId. Activate to close this dialog.">Permalink</a> | |
</div> | |
<p><b>Referenced in:</b></p> | |
<ul> | |
<li> | |
<a href="#ref-for-dfn-canonicalid-1" title="§ 7.1.3 DID Document Metadata">§ 7.1.3 DID Document Metadata</a> <a href="#ref-for-dfn-canonicalid-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-canonicalid-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-canonicalid-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-canonicalid-5" title="Reference 5">(5)</a> <a href="#ref-for-dfn-canonicalid-6" title="Reference 6">(6)</a> <a href="#ref-for-dfn-canonicalid-7" title="Reference 7">(7)</a> <a href="#ref-for-dfn-canonicalid-8" title="Reference 8">(8)</a> <a href="#ref-for-dfn-canonicalid-9" title="Reference 9">(9)</a> <a href="#ref-for-dfn-canonicalid-10" title="Reference 10">(10)</a> | |
</li><li> | |
<a href="#ref-for-dfn-canonicalid-11" title="§ 9.14 Equivalence Properties">§ 9.14 Equivalence Properties</a> <a href="#ref-for-dfn-canonicalid-12" title="Reference 2">(2)</a> | |
</li> | |
</ul> | |
</div><script id="respec-dfn-panel">(() => { | |
// @ts-check | |
if (document.respec) { | |
document.respec.ready.then(setupPanel); | |
} else { | |
setupPanel(); | |
} | |
function setupPanel() { | |
const listener = panelListener(); | |
document.body.addEventListener("keydown", listener); | |
document.body.addEventListener("click", listener); | |
} | |
function panelListener() { | |
/** @type {HTMLElement} */ | |
let panel = null; | |
return event => { | |
const { target, type } = event; | |
if (!(target instanceof HTMLElement)) return; | |
// For keys, we only care about Enter key to activate the panel | |
// otherwise it's activated via a click. | |
if (type === "keydown" && event.key !== "Enter") return; | |
const action = deriveAction(event); | |
switch (action) { | |
case "show": { | |
hidePanel(panel); | |
/** @type {HTMLElement} */ | |
const dfn = target.closest("dfn, .index-term"); | |
panel = document.getElementById(`dfn-panel-for-${dfn.id}`); | |
const coords = deriveCoordinates(event); | |
displayPanel(dfn, panel, coords); | |
break; | |
} | |
case "dock": { | |
panel.style.left = null; | |
panel.style.top = null; | |
panel.classList.add("docked"); | |
break; | |
} | |
case "hide": { | |
hidePanel(panel); | |
panel = null; | |
break; | |
} | |
} | |
}; | |
} | |
/** | |
* @param {MouseEvent|KeyboardEvent} event | |
*/ | |
function deriveCoordinates(event) { | |
const target = /** @type HTMLElement */ (event.target); | |
// We prevent synthetic AT clicks from putting | |
// the dialog in a weird place. The AT events sometimes | |
// lack coordinates, so they have clientX/Y = 0 | |
const rect = target.getBoundingClientRect(); | |
if ( | |
event instanceof MouseEvent && | |
event.clientX >= rect.left && | |
event.clientY >= rect.top | |
) { | |
// The event probably happened inside the bounding rect... | |
return { x: event.clientX, y: event.clientY }; | |
} | |
// Offset to the middle of the element | |
const x = rect.x + rect.width / 2; | |
// Placed at the bottom of the element | |
const y = rect.y + rect.height; | |
return { x, y }; | |
} | |
/** | |
* @param {Event} event | |
*/ | |
function deriveAction(event) { | |
const target = /** @type {HTMLElement} */ (event.target); | |
const hitALink = !!target.closest("a"); | |
if (target.closest("dfn:not([data-cite]), .index-term")) { | |
return hitALink ? "none" : "show"; | |
} | |
if (target.closest(".dfn-panel")) { | |
if (hitALink) { | |
return target.classList.contains("self-link") ? "hide" : "dock"; | |
} | |
const panel = target.closest(".dfn-panel"); | |
return panel.classList.contains("docked") ? "hide" : "none"; | |
} | |
if (document.querySelector(".dfn-panel:not([hidden])")) { | |
return "hide"; | |
} | |
return "none"; | |
} | |
/** | |
* @param {HTMLElement} dfn | |
* @param {HTMLElement} panel | |
* @param {{ x: number, y: number }} clickPosition | |
*/ | |
function displayPanel(dfn, panel, { x, y }) { | |
panel.hidden = false; | |
// distance (px) between edge of panel and the pointing triangle (caret) | |
const MARGIN = 20; | |
const dfnRects = dfn.getClientRects(); | |
// Find the `top` offset when the `dfn` can be spread across multiple lines | |
let closestTop = 0; | |
let minDiff = Infinity; | |
for (const rect of dfnRects) { | |
const { top, bottom } = rect; | |
const diffFromClickY = Math.abs((top + bottom) / 2 - y); | |
if (diffFromClickY < minDiff) { | |
minDiff = diffFromClickY; | |
closestTop = top; | |
} | |
} | |
const top = window.scrollY + closestTop + dfnRects[0].height; | |
const left = x - MARGIN; | |
panel.style.left = `${left}px`; | |
panel.style.top = `${top}px`; | |
// Find if the panel is flowing out of the window | |
const panelRect = panel.getBoundingClientRect(); | |
const SCREEN_WIDTH = Math.min(window.innerWidth, window.screen.width); | |
if (panelRect.right > SCREEN_WIDTH) { | |
const newLeft = Math.max(MARGIN, x + MARGIN - panelRect.width); | |
const newCaretOffset = left - newLeft; | |
panel.style.left = `${newLeft}px`; | |
/** @type {HTMLElement} */ | |
const caret = panel.querySelector(".caret"); | |
caret.style.left = `${newCaretOffset}px`; | |
} | |
// As it's a dialog, we trap focus. | |
// TODO: when <dialog> becomes a implemented, we should really | |
// use that. | |
trapFocus(panel, dfn); | |
} | |
/** | |
* @param {HTMLElement} panel | |
* @param {HTMLElement} dfn | |
* @returns | |
*/ | |
function trapFocus(panel, dfn) { | |
/** @type NodeListOf<HTMLAnchorElement> elements */ | |
const anchors = panel.querySelectorAll("a[href]"); | |
// No need to trap focus | |
if (!anchors.length) return; | |
// Move focus to first anchor element | |
const first = anchors.item(0); | |
first.focus(); | |
const trapListener = createTrapListener(anchors, panel, dfn); | |
panel.addEventListener("keydown", trapListener); | |
// Hiding the panel releases the trap | |
const mo = new MutationObserver(records => { | |
const [record] = records; | |
const target = /** @type HTMLElement */ (record.target); | |
if (target.hidden) { | |
panel.removeEventListener("keydown", trapListener); | |
mo.disconnect(); | |
} | |
}); | |
mo.observe(panel, { attributes: true, attributeFilter: ["hidden"] }); | |
} | |
/** | |
* | |
* @param {NodeListOf<HTMLAnchorElement>} anchors | |
* @param {HTMLElement} panel | |
* @param {HTMLElement} dfn | |
* @returns | |
*/ | |
function createTrapListener(anchors, panel, dfn) { | |
const lastIndex = anchors.length - 1; | |
let currentIndex = 0; | |
return event => { | |
switch (event.key) { | |
// Hitting "Tab" traps us in a nice loop around elements. | |
case "Tab": { | |
event.preventDefault(); | |
currentIndex += event.shiftKey ? -1 : +1; | |
if (currentIndex < 0) { | |
currentIndex = lastIndex; | |
} else if (currentIndex > lastIndex) { | |
currentIndex = 0; | |
} | |
anchors.item(currentIndex).focus(); | |
break; | |
} | |
// Hitting "Enter" on an anchor releases the trap. | |
case "Enter": | |
hidePanel(panel); | |
break; | |
// Hitting "Escape" returns focus to dfn. | |
case "Escape": | |
hidePanel(panel); | |
dfn.focus(); | |
return; | |
} | |
}; | |
} | |
/** @param {HTMLElement} panel */ | |
function hidePanel(panel) { | |
if (!panel) return; | |
panel.hidden = true; | |
panel.classList.remove("docked"); | |
} | |
})()</script><script src="https://www.w3.org/scripts/TR/2021/fixup.js"></script></body></html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment