generated from TBD54566975/tbd-project-template
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update README; add clarifying language around DIDs and VCs (#122)
* pr feedback * fix headings * one more * more language * did language * Update spec/did.md Co-authored-by: Frank Hinek <[email protected]> * pr feedback * Update README.md Co-authored-by: Jiyoon Koo <[email protected]> * add vc guidance * add vc text * Update spec/vc.md Co-authored-by: Kendall Weihe <[email protected]> * Update spec/vc.md Co-authored-by: Kendall Weihe <[email protected]> * Update spec/vc.md Co-authored-by: nitro-neal <[email protected]> * Update README.md Co-authored-by: Kendall Weihe <[email protected]> * Update spec/vc.md Co-authored-by: Kendall Weihe <[email protected]> * pr feedback (#125) * additional comments --------- Co-authored-by: Frank Hinek <[email protected]> Co-authored-by: Jiyoon Koo <[email protected]> Co-authored-by: Kendall Weihe <[email protected]> Co-authored-by: nitro-neal <[email protected]>
- Loading branch information
1 parent
2cd6e80
commit 42e4842
Showing
8 changed files
with
296 additions
and
157 deletions.
There are no files selected for viewing
Empty file.
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
# W3C Decentralized Identifiers v1.0 | ||
|
||
The [DID Core data model](https://www.w3.org/TR/did-core) provides optionality for many of its properties, as it is designed as an [abstract data model](https://www.w3.org/TR/did-core/#representations). This means that many properties can be represented in different ways while still being spec conformant, properties can take on multiple concrete types (i.e. sometimes a string, sometimes an array), and documents can be extended to include additional properties either through the [DID Specification Registry](https://www.w3.org/TR/did-spec-registries/) or via usage of [JSON-LD](https://www.w3.org/TR/json-ld11/). | ||
|
||
This optionality can be difficult to implement consistently across languages. As a consequence, this specification defines a strict subset of the DID Core v1.0 data model represented by the following table. As a utility JSON Schemas for [DID Documents](did-document.json), [DID Resolution Metadata](did-resolution.json), and [DID Document Metadata](did-metadata.json) are provided to aid in the validation of conformant documents. | ||
|
||
## DID Document Data Model | ||
|
||
Following from [this data model](https://www.w3.org/TR/did-core/#core-properties). | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| ------------- | ------------------- | -------- | -------------- | | ||
| `id` | String | Yes | Must be a URI. | | ||
| `@context` | Array of strings | No | Depends on the DID method. | | ||
| `controller` | Array of strings | No | Depends on the DID method. Strings must be URIs. | | ||
| `alsoKnownAs` | Array of strings | No | Depends on the DID method. Strings must be URIs. | | ||
| `verificationMethod` | Array of [Verification Methods](#verification-method-data-model) | Yes | There must be at least one Verification Method in each DID Document. | | ||
| `authentication` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). | | ||
| `assertionMethod` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). | | ||
| `keyAgreement` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). | | ||
| `capabilityInvocation` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). | | ||
| `capabilityDelegation` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). | | ||
| `service` | Array of [Services](#service-data-model) | No | - | | ||
|
||
**Additional Notes:** | ||
- No [JSON-LD processing](https://www.w3.org/TR/did-core/#consumption-0) is performed. | ||
- Each [Verification Method](https://www.w3.org/TR/did-core/#verification-methods) must have at least one [Verification Relationship](https://www.w3.org/TR/did-core/#verification-relationships). | ||
|
||
### Verification Method Data Model | ||
|
||
Following form [this data model](https://www.w3.org/TR/did-core/#verification-methods). | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| ------------- | ------------------- | -------- | -------------- | | ||
| `id` | String | Yes | Must be a fully qualified DID URI (e.g. `did:example:abcd#key-1`). | | ||
| `type` | String | Yes | Must be a URI. | | ||
| `controller` | String | Yes | Must be a URI. | | ||
| `publicKeyJwk` | Object | Yes | Represents a [JWK](https://www.w3.org/TR/did-core/#bib-rfc7517). | | ||
|
||
### Service Data Model | ||
|
||
Following from [this data model](https://www.w3.org/TR/did-core/#services). | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| ----------------- | ------------------- | -------- | -------------- | | ||
| `id` | String | Yes | Must be a fully qualified DID URI (e.g. `did:example:abcd#service-1`). | | ||
| `type` | String | Yes | Must be a type defined in the [service registry](https://www.w3.org/TR/did-spec-registries/#service-types). | | ||
| `serviceEndpoint` | Array of Strings | Yes | String values must be URIs. | | ||
| `sig` | Array of Strings | No | - | | ||
| `enc` | Array of Strings | No | - | | ||
|
||
## DID Resolution Metadata Data Model | ||
|
||
DID Resolution Metadata is _always optional_. This means that conformant implementations need not support the metadata, though it may be returned when interacting with DID resolvers. | ||
|
||
Following from [this data model](https://www.w3.org/TR/did-core/#did-resolution-metadata). | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| ------------- | ------------------- | -------- | -------------- | | ||
| `error` | String | No | Required if there was an error during resolution. One of the defined [error types](#did-resolution-metadata-error-types). | | ||
|
||
### DID Resolution Metadata Error Types | ||
|
||
Error types supported following from [this data model](https://www.w3.org/TR/did-core/#did-resolution-metadata). | ||
|
||
| Type | Description | | ||
| ------------- | ------------------- | | ||
| `invalidDid` | The requested DID was not valid and resolution could not proceed. | | ||
| `notFound` | The requested DID was not found. | | ||
| `representationNotSupported` | The requested representation of the DID payload is not supported by the resolver. | | ||
| `methodNotSupported` | The requested DID method is not supported by the resolver. | | ||
| `invalidDidDocument` | The DID Document was found but did not represent a conformant document. | | ||
| `invalidDidDocumentLength` | The size of the DID Document was not within the method's acceptable limit. | | ||
| `internalError` | Something went wrong during DID resolution. | | ||
|
||
|
||
## DID Document Metadata Data Model | ||
|
||
DID Document Metadata is _always optional_. This means that conformant implementations need not support the metadata, though it may be returned when interacting with DID resolvers. | ||
|
||
Following from [this data model](https://www.w3.org/TR/did-core/#did-document-metadata). | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| ---------- | -------------------- | -------- | -------------- | | ||
| `created` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the DID was created. | | ||
| `updated` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the DID was last updated. | | ||
| `deactivated` | Boolean | No | Required to be `true` if the DID is deactivated. | | ||
| `nextUpdate` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the next update of the DID. | | ||
| `versionId` | String | No | Represents the version of the last update operation. | | ||
| `nextversionId`| String | No | Represents the version of the next update operation. | | ||
| `equivalentId` | Array of Strings | No | A stronger form of the `alsoKnownAs` property, guaranteed by the DID method. See [this spec text](https://www.w3.org/TR/did-core/#h-note-10) for more information. | | ||
| `canonicalId` | String | No | Similar to `equivalentId`, though always a single value, never a set. See [this spec text](https://www.w3.org/TR/did-core/#dfn-canonicalid) for more information. | |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
# W3C Verifiable Credentials v1.1 | ||
|
||
The VC Data Model provides optionality for many of its properties. This means they can take on multiple concrete types, for example an [`issuer` property](https://www.w3.org/TR/vc-data-model/#issuer) can either be repreesnted as a JSON string representing a URI or a JSON object that must contain an `id` property. Additionally, the data model follows an [open world](https://www.w3.org/TR/vc-data-model/#extensibility) model for extensibility via the usage of [JSON-LD](https://www.w3.org/TR/json-ld11/). As a consequence, conformant Verifiable Credentials may contain properties that are not defined by the specification itself, but by [JSON-LD Contexts](https://www.w3.org/TR/json-ld11/#the-context). | ||
|
||
This optionality can be difficult to implement consistently across languages. As a consequence, this specification defines a strict subset of the VC Data Model v1.1 that supports the [plain JSON syntax](https://www.w3.org/TR/vc-data-model/#json), represented by the following table. As a utility JSON Schemas for [Verifiable Credentials](vc-11.json) and [Verifiable Presentations](vp-11.json) are provided to aid in the validation of conformant documents. | ||
|
||
## Verifiable Credential Data Model | ||
|
||
Following from [this data model](https://www.w3.org/TR/vc-data-model/#basic-concepts). | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| ------------- | ------------------- | -------- | -------------- | | ||
| `@context` | Array of strings | Yes | Contexts defining the meaning of terms within the credential. Must include at least `"https://www.w3.org/2018/credentials/v1"`. | | ||
| `id` | String | Yes | A URI representing a unique identifier for the credential. Recommended to be of form `urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5`. | | ||
| `type` | Array of strings | Yes | Type(s) of the credential. Must include `VerifiableCredential`. | | ||
| `issuer` | String OR Object | Yes | Recommended to be a string; a DID representing a unique identifier for the entity that issued the credential. We also need to support the case where `issuer` is a JSON Object with an `id` propertery (following prior guidance) and a `name` property representing the Issuer's name. | | ||
| `issuanceDate`| String | Yes | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the credential was issued. | | ||
| `expirationDate` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value after which the credential is no longer valid. | | ||
| `credentialSubject` | Object | Yes | Data about the subject of the credential. Can be any JSON object. | | ||
| `credentialSubject.id` | String | Yes | A DID representing a unique identifier for whom the credential's claims are made. | | ||
| `credentialStatus` | Object defined by [Credential Status](#credential-status) | No | Only to be used with [Status List 2021](https://www.w3.org/community/reports/credentials/CG-FINAL-vc-status-list-2021-20230102/). | | ||
| `credentialSchema` | Object defined by [Credential Schema](#credential-schema) | No | Recommended. Only to be used with the type [`JsonSchema`](https://w3c.github.io/vc-json-schema/#jsonschema). | | ||
| `evidence` | Array of objects | No | An array of JSON objects as per [Evidence](https://www.w3.org/TR/vc-data-model/#evidence). | | ||
|
||
**Additional Notes:** | ||
- The `credentialSubject` property can be any JSON object. It is recommended that this object is defined by an associated `credentialSchema`. | ||
- No [JSON-LD processing](https://www.w3.org/TR/vc-data-model/#json-ld) is performed. | ||
- Embedded proofs, using the `proof` property must not be present. JWTs with the `proof` property present must not be processed. | ||
- The `type` property must always contain `VerifiableCredential` but may also contain the URI(s) of a JSON Schema, if one is used for the credential. | ||
- We do not support multiple credential subjects. | ||
- Verifiable Credentials must be secured as JWTs according to the [rules laid out in the specification](https://www.w3.org/TR/vc-data-model/#json-web-token). | ||
- XML Datetime values may be represented by conforming to [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) or [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339) formats, as they are subsets of XML Datetime. | ||
- For the `evidence` property no further implementation is needed until we are able to specify an evidence [type](https://www.w3.org/TR/vc-data-model/#dfn-type), such as those provided by [this registry](https://w3c.github.io/vc-specs-dir/#evidence). | ||
|
||
### Credential Status Data Model | ||
|
||
Following from [this data model](https://www.w3.org/community/reports/credentials/CG-FINAL-vc-status-list-2021-20230102/). | ||
|
||
**StatusList2021Entry** | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| --------------- | ------------------- | -------- | -------------- | | ||
| `id` | String | Yes | A URL which uniquely identifies the status of the associated verifiable credential. | | ||
| `type` | String | Yes | Must be set to `StatusList2021Entry`. | | ||
| `statusPurpose` | String | Yes | Describes the type of status the object represents (e.g. `revocation` or `suspension`). | | ||
| `statusListIndex` | String | Yes | An integer >= 0 expressed as a string that identifies the bit position of the status of the associated verifiable credential. | | ||
| `statusListCredential` | String | Yes | A URL which uniquely identifies a verifiable credential whose type is `StatusList2021Credential`. | | ||
|
||
**Additional Notes:** | ||
- When representing Status List Credentials, as opposed to including a status in another VC, the Status List Credential must [follow the guidance here](https://www.w3.org/community/reports/credentials/CG-FINAL-vc-status-list-2021-20230102/#statuslist2021credential). | ||
|
||
### Credential Schema Data Model | ||
|
||
Following from [this data model](https://w3c.github.io/vc-json-schema/#jsonschema). | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| --------------- | ------------------- | -------- | -------------- | | ||
| `id` | String | Yes | A URL which uniquely identifies the JSON Schema for the associated Verifiable Credential. | | ||
| `type` | String | Yes | Must be set to `JsonSchema`. | | ||
|
||
**Additional Notes:** | ||
- Although [the referenced spec](https://w3c.github.io/vc-json-schema/) is designed for v2 of the VC Data Model, we apply it to v1.1 as a standard means to implement the `credentialSchema`. | ||
|
||
## Verifiable Presentation Data Model | ||
|
||
Following from [this guidance](https://www.w3.org/TR/vc-data-model/#presentations-0), which extends on the data model above. | ||
|
||
| Property | JSON Representation | Required | Notes | | ||
| ------------- | ------------------- | -------- | -------------- | | ||
| `@context` | Array of strings | Yes | Contexts defining the meaning of terms within the presentation. Must include at least `"https://www.w3.org/2018/credentials/v1"`. | | ||
| `id` | String | Yes | A URI representing a unique identifier for the presentation. Recommended to be of form `urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5`. | | ||
| `type` | Array of strings | Yes | Type(s) of the presentation. Must include `VerifiablePresentation`. | | ||
| `holder` | String | Yes | A DID representing a unique identifier for the entity that created the presentation. | | ||
| `issuanceDate`| String | Yes | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the presentation was created. | | ||
| `expirationDate` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value after which the presentation is no longer valid. | | ||
| `verifiableCredential` | Array of strings | Yes | An array with at least one value, containing the JWT representation of [Verifiable Credential](#verifiable-credential-data-model) objects. | | ||
|
||
**Additional Notes:** | ||
- No [JSON-LD processing](https://www.w3.org/TR/vc-data-model/#json-ld) is performed. | ||
- Embedded proofs, using the `proof` property must not be present. | ||
- The `type` property must always contain `VerifiablePresentation` but may also contain the URI(s) of a JSON Schema, if one is used for the presentation. | ||
- Verifiable Presentations must be secured as JWTs according to the [rules laid out in the specification](https://www.w3.org/TR/vc-data-model/#json-web-token). | ||
- XML Datetime values may be represented by conforming to [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) or [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339) formats, as they are subsets of XML Datetime. |
Empty file.