Re: Proposed work item: did:key DID Method

On Sun, 24 Nov 2019 at 02:01, Manu Sporny <> wrote:

> On 11/23/19 11:57 AM, Orie Steele wrote:
> >> I had a question before the spec was available, regarding
> >> multibase as the only encoding format for the DID.
> >>
> >> Is it true that there will always only be a single DID per public
> >> key?
> If I understand your question, yes. The way I'm interpreting your
> question is "Will there always be a single public key per did:key
> identifier?"... yes, but it could have more than one representation...
> more below.
> >> I was hoping that this work could be extended to support a DID
> >> Document representation for cryptographic key types, as well as
> >> formats, such as PEM / JWK, secp256k1, RSA, etc... but it would be
> >> the case that the same key encoded in different ways would result
> >> in different documents.
> Well, remember that because of the way we encode keys in the DID
> Document, that you can have multiple key representations per key. This
> is completely valid (by design):
> {
>   "@context": ["",
>   "id": "did:example:123456789abcdefghi",
>   "authorization": [{
>     "id": "did:example:123456789abcdefghi#keys-2",
>     "type": "Ed25519VerificationKey2018",
>     "controller": "did:example:pqrstuvwxyz0987654321",
>     "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV",
>     "publicKeyJwk": {... JWK GOES HERE ...}
>   }],
>   ...
> }

Not to be pedantic, but is there an actual working example of this method?

The above JSON gives syntax errors (even after removing the "..." parts)

I looked at the example in the spec and the above example.  I noticed that
"controller" was defined in the did : core spec [1]

DID controller
The entity, or a group of entities, in control of a DID and/or DID
document. Note that the DID controller might include the DID subject.

When I tried to understand it (and other parts of the example) it pointed
to sec : controller

Which sent me here :

But controller doesnt seem to be explained anywhere in that document.

I'm possibly doing something wrong, but it wasnt all that easy to
understand the details of this method


> ... whether the DID WG decides to allow that is still up in the air. An
> alternative is that you could pass in a flag to a library to give you
> the version of the DID Document that you'd like to see (all keys in JWK
> format, or all keys in native non-JWK format).
> All options are currently open to us, and yes, I do think what you're
> suggesting would be an important consideration for the spec. We should
> figure out a way to enable what I think you are suggesting.
> -- manu
> --
> Manu Sporny (skype: msporny, twitter: manusporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches

Received on Sunday, 24 November 2019 10:54:21 UTC