Skip to content

Commit

Permalink
Merge branch 'main' into verify-interopt
Browse files Browse the repository at this point in the history
  • Loading branch information
nitro-neal authored Mar 14, 2024
2 parents 2a30f68 + 42e4842 commit 9159cd1
Show file tree
Hide file tree
Showing 10 changed files with 303 additions and 164 deletions.
278 changes: 121 additions & 157 deletions README.md

Large diffs are not rendered by default.

Empty file added spec/did-metadata.json
Empty file.
Empty file added spec/did-resolution.json
Empty file.
Empty file added spec/did.json
Empty file.
92 changes: 92 additions & 0 deletions spec/did.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
# W3C Decentralized Identifiers v1.0

The [DID Core data model](https://www.w3.org/TR/did-core) provides optionality for many of its properties, as it is designed as an [abstract data model](https://www.w3.org/TR/did-core/#representations). This means that many properties can be represented in different ways while still being spec conformant, properties can take on multiple concrete types (i.e. sometimes a string, sometimes an array), and documents can be extended to include additional properties either through the [DID Specification Registry](https://www.w3.org/TR/did-spec-registries/) or via usage of [JSON-LD](https://www.w3.org/TR/json-ld11/).

This optionality can be difficult to implement consistently across languages. As a consequence, this specification defines a strict subset of the DID Core v1.0 data model represented by the following table. As a utility JSON Schemas for [DID Documents](did-document.json), [DID Resolution Metadata](did-resolution.json), and [DID Document Metadata](did-metadata.json) are provided to aid in the validation of conformant documents.

## DID Document Data Model

Following from [this data model](https://www.w3.org/TR/did-core/#core-properties).

| Property | JSON Representation | Required | Notes |
| ------------- | ------------------- | -------- | -------------- |
| `id` | String | Yes | Must be a URI. |
| `@context` | Array of strings | No | Depends on the DID method. |
| `controller` | Array of strings | No | Depends on the DID method. Strings must be URIs. |
| `alsoKnownAs` | Array of strings | No | Depends on the DID method. Strings must be URIs. |
| `verificationMethod` | Array of [Verification Methods](#verification-method-data-model) | Yes | There must be at least one Verification Method in each DID Document. |
| `authentication` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). |
| `assertionMethod` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). |
| `keyAgreement` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). |
| `capabilityInvocation` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). |
| `capabilityDelegation` | Array of strings | No | String values must be fully qualified DID URIs (e.g. `did:example:abcd#key-1` over `#key-1`). |
| `service` | Array of [Services](#service-data-model) | No | - |

**Additional Notes:**
- No [JSON-LD processing](https://www.w3.org/TR/did-core/#consumption-0) is performed.
- Each [Verification Method](https://www.w3.org/TR/did-core/#verification-methods) must have at least one [Verification Relationship](https://www.w3.org/TR/did-core/#verification-relationships).

### Verification Method Data Model

Following form [this data model](https://www.w3.org/TR/did-core/#verification-methods).

| Property | JSON Representation | Required | Notes |
| ------------- | ------------------- | -------- | -------------- |
| `id` | String | Yes | Must be a fully qualified DID URI (e.g. `did:example:abcd#key-1`). |
| `type` | String | Yes | Must be a URI. |
| `controller` | String | Yes | Must be a URI. |
| `publicKeyJwk` | Object | Yes | Represents a [JWK](https://www.w3.org/TR/did-core/#bib-rfc7517). |

### Service Data Model

Following from [this data model](https://www.w3.org/TR/did-core/#services).

| Property | JSON Representation | Required | Notes |
| ----------------- | ------------------- | -------- | -------------- |
| `id` | String | Yes | Must be a fully qualified DID URI (e.g. `did:example:abcd#service-1`). |
| `type` | String | Yes | Must be a type defined in the [service registry](https://www.w3.org/TR/did-spec-registries/#service-types). |
| `serviceEndpoint` | Array of Strings | Yes | String values must be URIs. |
| `sig` | Array of Strings | No | - |
| `enc` | Array of Strings | No | - |

## DID Resolution Metadata Data Model

DID Resolution Metadata is _always optional_. This means that conformant implementations need not support the metadata, though it may be returned when interacting with DID resolvers.

Following from [this data model](https://www.w3.org/TR/did-core/#did-resolution-metadata).

| Property | JSON Representation | Required | Notes |
| ------------- | ------------------- | -------- | -------------- |
| `error` | String | No | Required if there was an error during resolution. One of the defined [error types](#did-resolution-metadata-error-types). |

### DID Resolution Metadata Error Types

Error types supported following from [this data model](https://www.w3.org/TR/did-core/#did-resolution-metadata).

| Type | Description |
| ------------- | ------------------- |
| `invalidDid` | The requested DID was not valid and resolution could not proceed. |
| `notFound` | The requested DID was not found. |
| `representationNotSupported` | The requested representation of the DID payload is not supported by the resolver. |
| `methodNotSupported` | The requested DID method is not supported by the resolver. |
| `invalidDidDocument` | The DID Document was found but did not represent a conformant document. |
| `invalidDidDocumentLength` | The size of the DID Document was not within the method's acceptable limit. |
| `internalError` | Something went wrong during DID resolution. |


## DID Document Metadata Data Model

DID Document Metadata is _always optional_. This means that conformant implementations need not support the metadata, though it may be returned when interacting with DID resolvers.

Following from [this data model](https://www.w3.org/TR/did-core/#did-document-metadata).

| Property | JSON Representation | Required | Notes |
| ---------- | -------------------- | -------- | -------------- |
| `created` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the DID was created. |
| `updated` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the DID was last updated. |
| `deactivated` | Boolean | No | Required to be `true` if the DID is deactivated. |
| `nextUpdate` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the next update of the DID. |
| `versionId` | String | No | Represents the version of the last update operation. |
| `nextversionId`| String | No | Represents the version of the next update operation. |
| `equivalentId` | Array of Strings | No | A stronger form of the `alsoKnownAs` property, guaranteed by the DID method. See [this spec text](https://www.w3.org/TR/did-core/#h-note-10) for more information. |
| `canonicalId` | String | No | Similar to `equivalentId`, though always a single value, never a set. See [this spec text](https://www.w3.org/TR/did-core/#dfn-canonicalid) for more information. |
Empty file added spec/vc-11.json
Empty file.
83 changes: 83 additions & 0 deletions spec/vc.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# W3C Verifiable Credentials v1.1

The VC Data Model provides optionality for many of its properties. This means they can take on multiple concrete types, for example an [`issuer` property](https://www.w3.org/TR/vc-data-model/#issuer) can either be repreesnted as a JSON string representing a URI or a JSON object that must contain an `id` property. Additionally, the data model follows an [open world](https://www.w3.org/TR/vc-data-model/#extensibility) model for extensibility via the usage of [JSON-LD](https://www.w3.org/TR/json-ld11/). As a consequence, conformant Verifiable Credentials may contain properties that are not defined by the specification itself, but by [JSON-LD Contexts](https://www.w3.org/TR/json-ld11/#the-context).

This optionality can be difficult to implement consistently across languages. As a consequence, this specification defines a strict subset of the VC Data Model v1.1 that supports the [plain JSON syntax](https://www.w3.org/TR/vc-data-model/#json), represented by the following table. As a utility JSON Schemas for [Verifiable Credentials](vc-11.json) and [Verifiable Presentations](vp-11.json) are provided to aid in the validation of conformant documents.

## Verifiable Credential Data Model

Following from [this data model](https://www.w3.org/TR/vc-data-model/#basic-concepts).

| Property | JSON Representation | Required | Notes |
| ------------- | ------------------- | -------- | -------------- |
| `@context` | Array of strings | Yes | Contexts defining the meaning of terms within the credential. Must include at least `"https://www.w3.org/2018/credentials/v1"`. |
| `id` | String | Yes | A URI representing a unique identifier for the credential. Recommended to be of form `urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5`. |
| `type` | Array of strings | Yes | Type(s) of the credential. Must include `VerifiableCredential`. |
| `issuer` | String OR Object | Yes | Recommended to be a string; a DID representing a unique identifier for the entity that issued the credential. We also need to support the case where `issuer` is a JSON Object with an `id` propertery (following prior guidance) and a `name` property representing the Issuer's name. |
| `issuanceDate`| String | Yes | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the credential was issued. |
| `expirationDate` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value after which the credential is no longer valid. |
| `credentialSubject` | Object | Yes | Data about the subject of the credential. Can be any JSON object. |
| `credentialSubject.id` | String | Yes | A DID representing a unique identifier for whom the credential's claims are made. |
| `credentialStatus` | Object defined by [Credential Status](#credential-status) | No | Only to be used with [Status List 2021](https://www.w3.org/community/reports/credentials/CG-FINAL-vc-status-list-2021-20230102/). |
| `credentialSchema` | Object defined by [Credential Schema](#credential-schema) | No | Recommended. Only to be used with the type [`JsonSchema`](https://w3c.github.io/vc-json-schema/#jsonschema). |
| `evidence` | Array of objects | No | An array of JSON objects as per [Evidence](https://www.w3.org/TR/vc-data-model/#evidence). |

**Additional Notes:**
- The `credentialSubject` property can be any JSON object. It is recommended that this object is defined by an associated `credentialSchema`.
- No [JSON-LD processing](https://www.w3.org/TR/vc-data-model/#json-ld) is performed.
- Embedded proofs, using the `proof` property must not be present. JWTs with the `proof` property present must not be processed.
- The `type` property must always contain `VerifiableCredential` but may also contain the URI(s) of a JSON Schema, if one is used for the credential.
- We do not support multiple credential subjects.
- Verifiable Credentials must be secured as JWTs according to the [rules laid out in the specification](https://www.w3.org/TR/vc-data-model/#json-web-token).
- XML Datetime values may be represented by conforming to [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) or [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339) formats, as they are subsets of XML Datetime.
- For the `evidence` property no further implementation is needed until we are able to specify an evidence [type](https://www.w3.org/TR/vc-data-model/#dfn-type), such as those provided by [this registry](https://w3c.github.io/vc-specs-dir/#evidence).

### Credential Status Data Model

Following from [this data model](https://www.w3.org/community/reports/credentials/CG-FINAL-vc-status-list-2021-20230102/).

**StatusList2021Entry**

| Property | JSON Representation | Required | Notes |
| --------------- | ------------------- | -------- | -------------- |
| `id` | String | Yes | A URL which uniquely identifies the status of the associated verifiable credential. |
| `type` | String | Yes | Must be set to `StatusList2021Entry`. |
| `statusPurpose` | String | Yes | Describes the type of status the object represents (e.g. `revocation` or `suspension`). |
| `statusListIndex` | String | Yes | An integer >= 0 expressed as a string that identifies the bit position of the status of the associated verifiable credential. |
| `statusListCredential` | String | Yes | A URL which uniquely identifies a verifiable credential whose type is `StatusList2021Credential`. |

**Additional Notes:**
- When representing Status List Credentials, as opposed to including a status in another VC, the Status List Credential must [follow the guidance here](https://www.w3.org/community/reports/credentials/CG-FINAL-vc-status-list-2021-20230102/#statuslist2021credential).

### Credential Schema Data Model

Following from [this data model](https://w3c.github.io/vc-json-schema/#jsonschema).

| Property | JSON Representation | Required | Notes |
| --------------- | ------------------- | -------- | -------------- |
| `id` | String | Yes | A URL which uniquely identifies the JSON Schema for the associated Verifiable Credential. |
| `type` | String | Yes | Must be set to `JsonSchema`. |

**Additional Notes:**
- Although [the referenced spec](https://w3c.github.io/vc-json-schema/) is designed for v2 of the VC Data Model, we apply it to v1.1 as a standard means to implement the `credentialSchema`.

## Verifiable Presentation Data Model

Following from [this guidance](https://www.w3.org/TR/vc-data-model/#presentations-0), which extends on the data model above.

| Property | JSON Representation | Required | Notes |
| ------------- | ------------------- | -------- | -------------- |
| `@context` | Array of strings | Yes | Contexts defining the meaning of terms within the presentation. Must include at least `"https://www.w3.org/2018/credentials/v1"`. |
| `id` | String | Yes | A URI representing a unique identifier for the presentation. Recommended to be of form `urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5`. |
| `type` | Array of strings | Yes | Type(s) of the presentation. Must include `VerifiablePresentation`. |
| `holder` | String | Yes | A DID representing a unique identifier for the entity that created the presentation. |
| `issuanceDate`| String | Yes | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value for when the presentation was created. |
| `expirationDate` | String | No | [XML Datetime](https://www.w3.org/TR/xmlschema11-2/#dateTime) value after which the presentation is no longer valid. |
| `verifiableCredential` | Array of strings | Yes | An array with at least one value, containing the JWT representation of [Verifiable Credential](#verifiable-credential-data-model) objects. |

**Additional Notes:**
- No [JSON-LD processing](https://www.w3.org/TR/vc-data-model/#json-ld) is performed.
- Embedded proofs, using the `proof` property must not be present.
- The `type` property must always contain `VerifiablePresentation` but may also contain the URI(s) of a JSON Schema, if one is used for the presentation.
- Verifiable Presentations must be secured as JWTs according to the [rules laid out in the specification](https://www.w3.org/TR/vc-data-model/#json-web-token).
- XML Datetime values may be represented by conforming to [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) or [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339) formats, as they are subsets of XML Datetime.
Empty file added spec/vp-11.json
Empty file.
4 changes: 3 additions & 1 deletion test-vectors/did_dht/create.json
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,9 @@
},
"output": {
"id": "did:dht:cyuoqaf7itop8ohww4yn5ojg13qaq83r9zihgqntc5i9zwrfdfoo",
"controller": "did:example:abcd",
"controller": [
"did:example:abcd"
],
"alsoKnownAs": [
"did:example:efgh",
"did:example:ijkl"
Expand Down
10 changes: 4 additions & 6 deletions test-vectors/did_jwk/resolve.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,12 @@
"@context": "https://w3id.org/did-resolution/v1",
"didDocument": {
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/jws-2020/v1"
"https://www.w3.org/ns/did/v1"
],
"id": "did:jwk:eyJrdHkiOiJFQyIsInVzZSI6InNpZyIsImNydiI6InNlY3AyNTZrMSIsImtpZCI6ImkzU1BSQnRKS292SEZzQmFxTTkydGk2eFFDSkxYM0U3WUNld2lIVjJDU2ciLCJ4IjoidmRyYnoyRU96dmJMRFZfLWtMNGVKdDdWSS04VEZaTm1BOVlnV3p2aGg3VSIsInkiOiJWTEZxUU1aUF9Bc3B1Y1hvV1gyLWJHWHBBTzFmUTVMbjE5VjVSQXhyZ3ZVIiwiYWxnIjoiRVMyNTZLIn0",
"verificationMethod": [
{
"type": "JsonWebKey2020",
"type": "JsonWebKey",
"id": "did:jwk:eyJrdHkiOiJFQyIsInVzZSI6InNpZyIsImNydiI6InNlY3AyNTZrMSIsImtpZCI6ImkzU1BSQnRKS292SEZzQmFxTTkydGk2eFFDSkxYM0U3WUNld2lIVjJDU2ciLCJ4IjoidmRyYnoyRU96dmJMRFZfLWtMNGVKdDdWSS04VEZaTm1BOVlnV3p2aGg3VSIsInkiOiJWTEZxUU1aUF9Bc3B1Y1hvV1gyLWJHWHBBTzFmUTVMbjE5VjVSQXhyZ3ZVIiwiYWxnIjoiRVMyNTZLIn0#0",
"controller": "did:jwk:eyJrdHkiOiJFQyIsInVzZSI6InNpZyIsImNydiI6InNlY3AyNTZrMSIsImtpZCI6ImkzU1BSQnRKS292SEZzQmFxTTkydGk2eFFDSkxYM0U3WUNld2lIVjJDU2ciLCJ4IjoidmRyYnoyRU96dmJMRFZfLWtMNGVKdDdWSS04VEZaTm1BOVlnV3p2aGg3VSIsInkiOiJWTEZxUU1aUF9Bc3B1Y1hvV1gyLWJHWHBBTzFmUTVMbjE5VjVSQXhyZ3ZVIiwiYWxnIjoiRVMyNTZLIn0",
"publicKeyJwk": {
Expand Down Expand Up @@ -53,13 +52,12 @@
"@context": "https://w3id.org/did-resolution/v1",
"didDocument": {
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/jws-2020/v1"
"https://www.w3.org/ns/did/v1"
],
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJ1c2UiOiJzaWciLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiVnRTSFhQbEtEdzFFRW9PajVYTjNYV2hqU1BZVk52WC1lNHZqUk8weVlKQSIsIngiOiJpejcwc3ZTTHhOWmhzRHhlSlFfam5PVmJYM0tGTmtjQmNNaldqWm1YRXNBIiwiYWxnIjoiRWREU0EifQ",
"verificationMethod": [
{
"type": "JsonWebKey2020",
"type": "JsonWebKey",
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJ1c2UiOiJzaWciLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiVnRTSFhQbEtEdzFFRW9PajVYTjNYV2hqU1BZVk52WC1lNHZqUk8weVlKQSIsIngiOiJpejcwc3ZTTHhOWmhzRHhlSlFfam5PVmJYM0tGTmtjQmNNaldqWm1YRXNBIiwiYWxnIjoiRWREU0EifQ#0",
"controller": "did:jwk:eyJrdHkiOiJPS1AiLCJ1c2UiOiJzaWciLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiVnRTSFhQbEtEdzFFRW9PajVYTjNYV2hqU1BZVk52WC1lNHZqUk8weVlKQSIsIngiOiJpejcwc3ZTTHhOWmhzRHhlSlFfam5PVmJYM0tGTmtjQmNNaldqWm1YRXNBIiwiYWxnIjoiRWREU0EifQ",
"publicKeyJwk": {
Expand Down

0 comments on commit 9159cd1

Please sign in to comment.