New DID Method — “Trust DID Web” — like did:web but with history and authorized updates

At IIW last week, our team from BC Gov proposed a new web-based DID method
(with a spec and two implementations!) that provides a verifiable history
of authorized DIDDoc updates, portability, and (optional) key pre-rotation
support in a small, simple package with minimal dependencies. "did:tdw"
(Trust DID Web -- or Trusted Web if you say it fast) has what we think are
the important features of an easy to use DID Method, and its TypeScript
implementation (with most of the features) is less than 750 lines of code
for both generating/rotating DIDs and resolving them. DID Controllers
(owners) can easily publish the same DIDDoc content as a did:web and
did:tdw together to enable an easy transition -- the "did:tdw" JSON Lines
log file "did.jsonl" resides beside the did:web "did.json" file. The team
feels that "did:tdw", with its adequate "ledger-type" features (without a
ledger), combined with the publishing simplicity of "did:web," has the
potential to be the ultimate DID Method.

Portability is based on the inclusion of a self-certifying identifier
(SCID) -- a GUID that is a required component of the DID string that is
derived from the DID's initial DIDDoc. A DID with the same SCID can be
moved -- history and all -- to a new web location.

did:tdw includes two DID Core-compliant services for handling DID URL paths
in the "expected" way for a web-based DID Method -- techniques that could
be used with other DID Methods. Notably:

   - By default, any <did>/path/to/file maps to an HTTPS GET of <https did
   path>/path/to/file
   - "<did>/whois" uses the "Linked-VP" specification from DIF and returns
   a Verifiable Presentation (if published) where the embedded Verifiable
   Credentials have the DID as the subject, and is signed by the DID.

The DID Method implementation dependencies are minimal, with the most
"complex" being the use of JSON Canonicalization Scheme (JCS) and JCS EDDSA
Data Integrity proofs.

We think we have a lot of solid ideas in the specification and its
implementations (Typescript and Python), but the next step is to evolve the
specification in a working group to welcome new ideas, and to
cover open questions, such whether the log basis of "did:tdw" can be used
with other DID Methods, can/should a did:tdw be published to a ledger where
there can be long term availability, and so on. We expect to do that
incubation at the Trust over IP Foundation and will follow up with an
announcement. And of course, preparation for use in the wild.

Feedback on the core ideas, the capabilities, and next steps are welcome.

Links:

did:tdw Specification (rendered): https://bcgov.github.io/trustdidweb/
did:tdw Specification (repository): https://github.com/bcgov/trustdidweb
Presentation at IIW -- the details start at slide 11:
https://docs.google.com/presentation/d/1PHo16asyceRiNKN7UkV8BSmtWtN6Wp3A6_9MV0IQ2jg/edit?usp=sharing
Typescript Implementation: https://github.com/bcgov/trustdidweb-ts
Python Implementation: https://github.com/bcgov/trustdidweb-py
Linked-VP Specification: https://identity.foundation/linked-vp/
JSON Canonicalization Scheme: https://datatracker.ietf.org/doc/html/rfc8785
eddsa-jcs-2022: https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022

BC Gov Team: John Jordan, Brian Richter, Andrew Whitehead, Stephen Curran

-- 

Stephen Curran
Principal, Cloud Compass Computing, Inc. (C3I)
Chair - Sovrin Foundation (sovrin.org)

Received on Wednesday, 24 April 2024 01:35:33 UTC