- From: Stephen Curran <swcurran@cloudcompass.ca>
- Date: Tue, 23 Apr 2024 18:35:16 -0700
- To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAFLTOV7nAQqS0_D7Fxim+O+iNApfpz=Uzsi_4cE635+S5x9LMw@mail.gmail.com>
At IIW last week, our team from BC Gov proposed a new web-based DID method (with a spec and two implementations!) that provides a verifiable history of authorized DIDDoc updates, portability, and (optional) key pre-rotation support in a small, simple package with minimal dependencies. "did:tdw" (Trust DID Web -- or Trusted Web if you say it fast) has what we think are the important features of an easy to use DID Method, and its TypeScript implementation (with most of the features) is less than 750 lines of code for both generating/rotating DIDs and resolving them. DID Controllers (owners) can easily publish the same DIDDoc content as a did:web and did:tdw together to enable an easy transition -- the "did:tdw" JSON Lines log file "did.jsonl" resides beside the did:web "did.json" file. The team feels that "did:tdw", with its adequate "ledger-type" features (without a ledger), combined with the publishing simplicity of "did:web," has the potential to be the ultimate DID Method. Portability is based on the inclusion of a self-certifying identifier (SCID) -- a GUID that is a required component of the DID string that is derived from the DID's initial DIDDoc. A DID with the same SCID can be moved -- history and all -- to a new web location. did:tdw includes two DID Core-compliant services for handling DID URL paths in the "expected" way for a web-based DID Method -- techniques that could be used with other DID Methods. Notably: - By default, any <did>/path/to/file maps to an HTTPS GET of <https did path>/path/to/file - "<did>/whois" uses the "Linked-VP" specification from DIF and returns a Verifiable Presentation (if published) where the embedded Verifiable Credentials have the DID as the subject, and is signed by the DID. The DID Method implementation dependencies are minimal, with the most "complex" being the use of JSON Canonicalization Scheme (JCS) and JCS EDDSA Data Integrity proofs. We think we have a lot of solid ideas in the specification and its implementations (Typescript and Python), but the next step is to evolve the specification in a working group to welcome new ideas, and to cover open questions, such whether the log basis of "did:tdw" can be used with other DID Methods, can/should a did:tdw be published to a ledger where there can be long term availability, and so on. We expect to do that incubation at the Trust over IP Foundation and will follow up with an announcement. And of course, preparation for use in the wild. Feedback on the core ideas, the capabilities, and next steps are welcome. Links: did:tdw Specification (rendered): https://bcgov.github.io/trustdidweb/ did:tdw Specification (repository): https://github.com/bcgov/trustdidweb Presentation at IIW -- the details start at slide 11: https://docs.google.com/presentation/d/1PHo16asyceRiNKN7UkV8BSmtWtN6Wp3A6_9MV0IQ2jg/edit?usp=sharing Typescript Implementation: https://github.com/bcgov/trustdidweb-ts Python Implementation: https://github.com/bcgov/trustdidweb-py Linked-VP Specification: https://identity.foundation/linked-vp/ JSON Canonicalization Scheme: https://datatracker.ietf.org/doc/html/rfc8785 eddsa-jcs-2022: https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022 BC Gov Team: John Jordan, Brian Richter, Andrew Whitehead, Stephen Curran -- Stephen Curran Principal, Cloud Compass Computing, Inc. (C3I) Chair - Sovrin Foundation (sovrin.org)
Received on Wednesday, 24 April 2024 01:35:33 UTC