Add dependency on CID spec. #877
Conversation
msporny
requested review from
ChristopherA,
davidlehn,
jandrieu,
peacekeeper,
iherman,
dmitrizagidulin,
TallTed,
decentralgabe,
KDean-Dolphin and
brentzundel
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | ||
| syntax which are compatible with Section <a href="#did-syntax"></a>. |
There was a problem hiding this comment.
I don't understand what the compatibility is, in order to rephrase to make the sentence say so. Is it each of the strings or the URL syntax that is compatible with Section <a href="#did-syntax">?
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax which are compatible with Section <a href="#did-syntax"></a>. | |
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax which are compatible with Section <a href="#did-syntax"></a>. |
There was a problem hiding this comment.
This still reads oddly to me. It makes me think, controller property conforms to the URL syntax. URLs are compatible with the DID syntax.
Whereas the spec says:
The controller property is OPTIONAL. If present, the value MUST be a string or a set of strings that conform to the rules in 3.1 DID Syntax.
So I would use language similar to the id field.
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | ||
| syntax which are compatible with Section <a href="#did-syntax"></a>. |
There was a problem hiding this comment.
Again, I don't understand what the compatibility is, in order to rephrase to make the sentence say so. Is it each of the strings or the URL syntax that is compatible with Section <a href="#did-syntax">?
| might take many parameters. An example of this is a set of five cryptographic | ||
| keys from which any three are required to contribute to a cryptographic | ||
| threshold signature. | ||
| A <a>DID document</a> can express <a>verification methods</a>, as defined |
There was a problem hiding this comment.
| A <a>DID document</a> can express <a>verification methods</a>, as defined | |
| A <a>DID document</a> can express <a>verification methods</a>, as defined in |
| <a href="#data-model">data model</a>); see <a href="#did-controller"></a>. | ||
| <p> | ||
| A <a>DID document</a> can express <a>verification relationships</a>, as defined | ||
| <a data-cite="CID#verification-relationships">Section 2.3: Verification |
There was a problem hiding this comment.
| <a data-cite="CID#verification-relationships">Section 2.3: Verification | |
| in <a data-cite="CID#verification-relationships">Section 2.3: Verification |
| <code>publicKeyMultibase</code> at the same time is prohibited. | ||
| </p> | ||
| <p> | ||
| A <a>DID document</a> can express <a>services</a>, as defined |
There was a problem hiding this comment.
| A <a>DID document</a> can express <a>services</a>, as defined | |
| A <a>DID document</a> can express <a>services</a>, as defined in |
| made; for example, it was anchored on a blockchain. | ||
| </li> | ||
| <li> | ||
| For the resolved <a>DID document</a> metadata, the `updated` timestamp is |
There was a problem hiding this comment.
| For the resolved <a>DID document</a> metadata, the `updated` timestamp is | |
| In the resolved <a>DID document</a> metadata, the `updated` timestamp is |
| In systems that are willing to admit metadata other than those constituting | ||
| cryptographic input, similar trust may be achieved -- but always on the | ||
| same basis where a careful judgment is made about whether a | ||
| <a>DID document</a>'s content at the moment of a signing event | ||
| contained the expected content. |
There was a problem hiding this comment.
| In systems that are willing to admit metadata other than those constituting | |
| cryptographic input, similar trust may be achieved -- but always on the | |
| same basis where a careful judgment is made about whether a | |
| <a>DID document</a>'s content at the moment of a signing event | |
| contained the expected content. | |
| Similar trust may be achieved in systems that are willing to accept metadata | |
| beyond that which constitutes cryptographic input -- but this always requires | |
| a careful judgment about whether a <a>DID document</a>'s content included the | |
| expected content at the moment of a signing event. |
| Performing recovery proactively on an infrequent but regular basis, can help to | ||
| ensure that control has not been lost. |
There was a problem hiding this comment.
| Performing recovery proactively on an infrequent but regular basis, can help to | |
| ensure that control has not been lost. | |
| Proactively performing recovery, on an infrequent but regular basis, can help to | |
| prevent loss of control. |
| Recovery is advised when a <a>controller</a> or services trusted to act on their | ||
| behalf no longer have the exclusive ability to perform DID operations as | ||
| described in <a href="#method-operations"></a>. |
There was a problem hiding this comment.
| Recovery is advised when a <a>controller</a> or services trusted to act on their | |
| behalf no longer have the exclusive ability to perform DID operations as | |
| described in <a href="#method-operations"></a>. | |
| Recovery is advised when a <a>controller</a> or any service trusted to act on | |
| their behalf no longer has the exclusive ability to perform DID operations as | |
| described in <a href="#method-operations"></a>. |
| not remedial, and is an embedded default. Readers are urged to read the | ||
| <a data-cite="?CID#privacy-considerations">Privacy Considerations</a> section | ||
| in the [[[CID]]] specification before reading this section is it contains | ||
| more general privacy considerations that also apply to <a>DIDs</a>. The rest | ||
| of this section covers privacy considerations that are specific to | ||
| <a>decentralized identifiers</a> beyond the guidance provided in the | ||
| [[[CID]]] specification. |
There was a problem hiding this comment.
| not remedial, and is an embedded default. Readers are urged to read the | |
| <a data-cite="?CID#privacy-considerations">Privacy Considerations</a> section | |
| in the [[[CID]]] specification before reading this section is it contains | |
| more general privacy considerations that also apply to <a>DIDs</a>. The rest | |
| of this section covers privacy considerations that are specific to | |
| <a>decentralized identifiers</a> beyond the guidance provided in the | |
| [[[CID]]] specification. | |
| not remedial, and is an embedded default. Before reading this section, readers | |
| are urged to read the | |
| <a data-cite="?CID#privacy-considerations">Privacy Considerations</a> section | |
| of the [[[CID]]] specification, as it contains | |
| more general privacy considerations that also apply to <a>DIDs</a>. The rest | |
| of this section covers privacy considerations that are specific to | |
| <a>decentralized identifiers</a> and are in addition to the guidance provided | |
| in the [[[CID]]] specification. |
|
This was discussed during the #did meeting on 09 January 2025. View the transcriptw3c/did-core#877wip: Manu has done a lot of work to align this with other spec. manu: The group requested that we do this as a PR. Normally I try to do this as an editorial change, but it's a massive change. ivan: The CID spec is not published in the TR space under that name. It was published under the name of Controller Document, just to be clear. manu: I removed the draft state and it is now ready for review. markus_sabadello: Can you comment what this means for the abstract data model and consumption and production of entries that are set for update? manu: I tried to make those changes in this PR and it became complicated. Some of the sections are still useful, but I'm going to try to do those in a separate PR. |
There was a problem hiding this comment.
This is a PR for a FPWD draft version, so the result will still undergo a multitude of reviews and changes; I did not look at all the details (it is way too complex to review it that way. I have spotted, however, two major and a minor issue; I think the major issues should be taken care of before merging.
-
The PR still uses the "Controlled Identifiers Document" title for the CID specification, but the name has been changed (again) for "Controlled Identifier 1.0" by the VC WG. That should be used overall.
-
In §5.1.1 Did Subject the new text does not make it clear that, in a DID document, the value of
idMUST be a DID. It sounds obvious, but the previous version makes a stronger statement.It may be that this requirement is between the lines in other places of the document; I think re-enforcing here would still make sense
The same comment applies to the DID controller section.
-
Minor knit in §9 Privacy Consideration: "specification before reading this section is it contains more general privacy considerations" should say "specification before reading this section as it contains more general privacy considerations" ("is" -> "as")
I think the new title is |
Yes, correct. |
| @@ -58,7 +58,10 @@ | |||
|
|
|||
| // extend the bibliography entries | |||
| localBiblio: ccg.localBiblio, | |||
| xref: "web-platform", | |||
| xref: ["web-platform", "vc-data-integrity", "controller-document"], | |||
There was a problem hiding this comment.
| xref: ["web-platform", "vc-data-integrity", "controller-document"], | |
| xref: ["web-platform", "vc-data-integrity", "controlled-identifiers"], |
Not sure exactly what xref is doing here, but perhaps this should be updated to the new name?
| <td>no</td> | ||
| <td> | ||
| A <a data-cite="INFRA#ordered-set">set</a> of <a | ||
| data-cite="INFRA#string">strings</a>, each of which conforms to |
There was a problem hiding this comment.
Again, aren't we constraining the values to conform to the DID URL syntax? Not just any URL
The value of the id property for a verification method MUST be a string that conforms to the rules in Section 3.2 DID URL Syntax.
There was a problem hiding this comment.
This applies to all verificationRelationships below aswell
| threshold signature. | ||
| A <a>DID document</a> can express <a>verification methods</a>, as defined | ||
| <a data-cite="CID#verification-methods">Section 2.2: Verification Methods</a> of | ||
| [[[CID]]]. Identifiers used in <a>verification methods</a> can be expressed |
There was a problem hiding this comment.
| [[[CID]]]. Identifiers used in <a>verification methods</a> can be expressed | |
| [[[CID]]]. Identifiers used in <a>verification methods</a> MUST be expressed |
Unless I am misunderstanding this alignment with the CID spec, I believe this is a normative requirement of the DID spec
| <a data-cite="CID#verification-relationships">Section 2.3: Verification | ||
| Relationships</a> of the [[[CID]]] specification. Identifiers used in | ||
| <a>verification relationships</a> | ||
| can be expressed according to <a href="#did-syntax"></a> and |
There was a problem hiding this comment.
| can be expressed according to <a href="#did-syntax"></a> and | |
| MUST be expressed according to <a href="#did-syntax"></a> and |
This PR is an attempt to address issue #854 by normatively referencing the Controlled Identifiers specification.
WARNING: This is a BIG PR -- as was requested by the WG. Please keep discussions and change requests limited to editorial changes and suggestions and raise a separate issue, if needed, to track larger structural change requests.
Preview | Diff