Re: [EXTERNAL] Re: did:webs vs did:tdw

Hi John,

I think your answer covers the questions I had left about context for did:tdw. Thanks for that.

A few more questions:


  *   The TS repo lists pre-rotation, whois and DID URL as TODO. Is it actively being worked on at the moment and do you have an estimate as to their release? In simpler terms my question is can I plan on implementing did:tdw starting in the next few weeks or should I wait 6 more months or more before doing so?
  *   I understand the spec is somewhat in a Beta stage and that the ToIP task force could potentially bring some changes, but what is the expected time frame before a proper v1 (6 months, 1 year, 2 years, forever)?

I ask those questions because I have a legitimate interest in a secure did:web implementation and I both methods hold interesting promises.

Thank you

From: Jordan, John CITZ:EX <John.Jordan@gov.bc.ca>
Date: Tuesday, 25 June 2024 at 21:45
To: public-did-wg@w3.org <public-did-wg@w3.org>
Subject: [EXTERNAL] Re: [EXTERNAL] Re: did:webs vs did:tdw
CAUTION: This email originated from outside of Hyland. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Julian,
Thanks for the questions.  I thought I would offer thoughts from our team as the business sponsor for this proposed did method.
did:webs and did:tdw have different design intents. While they both aim to be “a better web-based DID method than did:web” they have independent implementations. What we can offer, to the best of our abilities,  is a description of the design intent and key features of did:tdw. It will be up to individual adopters to make their own determination as to the appropriateness of the did method they choose for their services.
A key design intent of did:tdw is full compliance with the DID Core specification, allowing a DID Controller to include any desired information directly into their DIDDoc, treating the DIDDoc as the primary data model for the DID Method.

Additionally, we aimed for the DID method to be significantly more useful and secure than did:web, without increasing the complexity of deployment. The following list, largely sourced from the spec introduction, provides more details (currently available here – https://bcgov.github.io/trustdidweb/ [bcgov.github.io]<https://urldefense.com/v3/__https:/bcgov.github.io/trustdidweb/__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH2ZYtG_vA$>):


  *   Ongoing publishing of all DID Document (DIDDoc) versions for a DID instead of, or alongside a current did:web DID/DIDDoc.
  *   The same DID-to-HTTPS transformation as did:web.
  *   Capable of using the same High Assurance DID-to-DNS mechanism (https://datatracker.ietf.org/doc/draft-carter-high-assurance-dids-with-dns/ [datatracker.ietf.org]<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-carter-high-assurance-dids-with-dns/__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH3yV-Em_w$>).
  *   The ability to resolve the full history of the DID using a verifiable chain of updates to the DIDDoc from genesis to deactivation.
  *   A self-certifying identifier (SCID) for the DID that is globally unique, embedded in the DID, and derived from the initial DIDDoc. The SCID enables DID portability, such as moving the DID’s web location (and so changing the DID string itself) while retaining a connection to the predecessor DID(s) and the DID’s verifiable history.
  *   DIDDoc updates contain a proof signed by the controller(s) authorized to update the DID.
  *   An optional mechanism for publishing “pre-rotation” keys to prevent the loss of control of a DID in cases where an active private key is compromised.
  *   DID URL path handling that defaults (but can be overridden) to automatically resolving <did>/path/to/file by using a comparable DID-to-HTTPS translation as for the DIDDoc.
  *   A DID URL path <did>/whois that defaults to automatically returning (if published by the DID controller) a Verifiable Presentation containing Verifiable Credentials with the DID as the credentialSubject, signed by the DID.
  *   A mechanism for supporting the concept of witnesses -- collaborating parties that approve DIDDoc versions before publication (planned, but not yet in the spec or implementations).
Combined, the additional features enable greater trust and security without (we think) compromising the simplicity of did:web.

In parallel with developing the spec, we created two implementations, one in TypeScript, one in Python, and the implementation learnings contributed substantially to the specification. Both implementations have most of the features listed above and are less than 1500 lines of code each. After our presenting the DID Method at IIW in April, we understand a Rust implementation has been developed that will be open sourced Real Soon Now.  An implementer's guide (currently in the spec, but to be separated) provides guidance on deploying did:tdw.

The spec and implementations were created in the Government of British Columbia GitHub repos, and there is an approved Trust Over IP task force that has been formed, with meetings to begin shortly. To be determined is where to take the spec. further, and what, if any relationship it has with the did:web specification.
Thanks again for your question, and we hope this offers some information for your contemplation.

Links:

  *   Presentation at DICE 2024: Trust DID Web - A New Web-Based DID Method

     *   https://docs.google.com/presentation/d/1WvE3w_7C_umR_aDX87Mje-qcRU8o2PNMs4eRAOssHR0/edit?usp=sharing [docs.google.com]<https://urldefense.com/v3/__https:/docs.google.com/presentation/d/1WvE3w_7C_umR_aDX87Mje-qcRU8o2PNMs4eRAOssHR0/edit?usp=sharing__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH3jTEc_rg$>

  *   Specification: https://bcgov.github.io/trustdidweb [bcgov.github.io]<https://urldefense.com/v3/__https:/bcgov.github.io/trustdidweb__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH0SuKFA9A$>
  *   Trust over IP Task Force Page: https://wiki.trustoverip.org/display/HOME/Trust+DID+Web+%28did%3Atdw%29+DID+Method+Task+Force [wiki.trustoverip.org]<https://urldefense.com/v3/__https:/wiki.trustoverip.org/display/HOME/Trust*DID*Web**A28did*3Atdw*29*DID*Method*Task*Force__;KysrJSUlKysrKw!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH0hNKIUfQ$>
  *   Typescript Implementation: https://github.com/bcgov/trustdidweb-ts/ [github.com]<https://urldefense.com/v3/__https:/github.com/bcgov/trustdidweb-ts/__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH34vNF87A$>
  *   Python Implementation: https://github.com/bcgov/trustdidweb-py [github.com]<https://urldefense.com/v3/__https:/github.com/bcgov/trustdidweb-py__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH3j1e6hbQ$>

John Jordan
Executive Director, Digital Trust
Cybersecurity and Digital Trust
Government of British Columbia

-----------------------------------------  Please consider the environment before printing this e-mail -----------------------------------------  

CONFIDENTIALITY NOTICE: This message and any attached documents may contain confidential information from Hyland Software, Inc. The information is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for the delivery of this message to the intended recipient, the reader is hereby notified that any dissemination, distribution or copying of this message or of any attached documents, or the taking of any action or omission to take any action in reliance on the contents of this message or of any attached documents, is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail or telephone, at +1 (440) 788-5000, and delete the original message immediately. Thank you.