Some questions regarding DID verification relationships

I've been reading up a bit on the current DID spec<>, and I’ve trouble understanding the ideas behind the verification relationships. The spec says that a verification relationship links the DID subject and a verification method (which consists amongst other of a controller property (to be specified as a DID)). Section 5.3<> adds to this that verification relationships enable the associated verification methods to be used for different purposes, and its subsections specify properties, such as `authentication`, `assertionMethod` etc., that seem to be associated with a specific purpose, the actual workings of which is only hinted at.

Here are some questions I have:

  *   What’s the purpose of having a ‘controller’ in a verification method?
  *   What’s the role of the controller (how would verification work, given that the controller is represented by a DID that also has key material)?
  *   How does `assertionMethod` work to express claims, e.g. for issuing VCs (is that simply VC signing as an issuer)?
  *   Is there any text that is readable for non-implementers that documents these kinds of verification relationships, and explains how to extend the set of their types?

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.

Received on Thursday, 2 December 2021 15:26:12 UTC