Re: some thought after using did:web from Brian Richter on 2022-01-06 (public-credentials@w3.org from January 2022)

From: Brian Richter <brian@aviary.tech>
Date: Wed, 5 Jan 2022 16:06:47 -0800
To: Nikos Fotiou <fotiou@aueb.gr>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAPUZd8vH=2jL=FzsyaUeY-1ut5a2LnN16wgB7WEaksvkJPNLrg@mail.gmail.com>

Yeah, there are quite a few different linked data suites that can represent
keys in DID documents. Here is the one you are using now
https://w3c-ccg.github.io/lds-jws2020/. The suite is actually a concern at
the VC level so enforcing representations on DID methods doesn't really
make sense imo.

I'm also interested in the use of the universal resolver for did:web. It is
one of very few did methods that doesn't take any setup or special
infrastructure. you can simply take the domain from the did and send an
http request to {domain}/.well-known/did.json. Using the universal resolver
for this adds latency, another point of failure and adds the possibility of
surveillance.

Brian

On Wed, Jan 5, 2022 at 3:36 PM Nikos Fotiou <fotiou@aueb.gr> wrote:

> Hi,
>
> We are developing a project demo where a user generates JSON Web
> Signatures and these signatures can be verified using information
> associated with a “did:web” DID. In theory, the verification process is
> straightforward: the “verifier” retrieves the corresponding DID document
> (we are using universal resolver for that) and it extracts the appropriate
> “verificationMethod”, indicated by the “authentication” claim.
>
>
>
> However, when it comes to the actual implementation, it turns out that
> there are many ways to represent a key in a DID document, but our crypto
> library (used for verifying signatures) accepts only a couple of them. So
> initially, we started by creating a big “if” that converted  various
> “verificationMethod” types to the appropriate representation. Soon we
> abandoned this approach and we enforced project  members to use only
> “publicKeyJwk” in DID documents, which is OK for a demo but not for a real
> world product.
>
>
>
> IMHO it will be great if each DID method enforces particular
> representations. It makes development and integration much more easier.
>
>
>
> Best,
>
> Nikos
>
>
>
> Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
>
> Researcher - Mobile Multimedia Laboratory
>
> Athens University of Economics and Business
>
> https://mm.aueb.gr
>
>
>

Received on Thursday, 6 January 2022 00:07:12 UTC