W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: How to verify the did:key document is authorized by the private key holder ... JWS?

From: Stefan More <stefan.more@iaik.tugraz.at>
Date: Fri, 19 Mar 2021 01:24:07 +0100
To: Credentials Community Group <public-credentials@w3.org>
Message-ID: <AA617940-4832-4EF2-A7E1-F0C0399CA8CD@iaik.tugraz.at>
Hi all,

according to the linked specs the DID document of a DID:key is derived/expanded directly from the DID, in contrast to other DID methods which generated the DID document separately and might store it, e.g. on a DL.

Thus, there is no need to sign the DID doc by design. Or am I missing something?


Cheers, 
 Stefan

Am 18. März 2021 22:46:11 MEZ schrieb Brent Shambaugh <brent.shambaugh@gmail.com>:
>Dear all,
>
>Even though I haven't seen this in entirety written down, here is what
>I
>think:
>
>A public key may be converted to a did:key. The did:key expands to a
>did
>document [1]. Presumably,this did document needs to be signed by a
>private
>key (corresponding to the public key) producing a JSON Web Signature.
>This
>ensures that the did:key and document are authorized to be created by
>the
>holder of the key pair.
>
>Here are a few JWS instances I found or turned up in discussion [2]
>
>Thanks for your time.
>
>
>[1] https://w3c-ccg.github.io/did-method-key/
>
>[2]
>https://github.com/transmute-industries/did-key.js/blob/master/packages/did-key-common/src/Jws/index.ts#L4
>https://github.com/decentralized-identity/did-jwt/blob/master/src/JWT.ts#L175
>
>-Brent Shambaugh
>
>GitHub: https://github.com/bshambaugh
>Website: http://bshambaugh.org/
>LinkedIN: https://www.linkedin.com/in/brent-shambaugh-9b91259
>Skype: brent.shambaugh
>Twitter: https://twitter.com/Brent_Shambaugh
>WebID: http://bshambaugh.org/foaf.rdf#me

-- 
Sent from my mobile. Please excuse the brevity, spelling and punctuation.
Received on Friday, 19 March 2021 00:25:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 19 March 2021 00:25:53 UTC