Re: Regarding DID Authentication from Daniel Hardman on 2019-09-16 (public-digital-verification@w3.org from September 2019)

From: Daniel Hardman <daniel.hardman@evernym.com>
Date: Mon, 16 Sep 2019 09:56:09 -0600
To: sethi shivam <sethishivam27@gmail.com>
Cc: "W3C Digital Verification CG (Public List)" <public-digital-verification@w3.org>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAFBYrUpTYTfDJM-k3XGj4qUxjFqA4WT53+iEaXwxoZ=VFogvTA@mail.gmail.com>

Sethi:

All keys listed in the authentication section of a DID doc are controllers
of the DID for that doc. So if a DID doc is about did:example:12345, and if
the authentication section of its DID doc lists 5 keys, then
did:example:12345 has 5 controlling keys.

Where this may confuse people is that the keys listed in that
authentication block *could* belong to other DIDs. For example, the DID for
Acme Corp could list the keys of 5 executives that each are capable of
controlling the corporate DID. In such a case, you might see something like
this, in the DID Doc for Acme Corp's did:example:12345 DID:

authentication: [
     {"id": "did:abc:98765#key2", ....} // the key for exec #1 -- listed as
key2 in that exec's DID doc
     {"id": "did:def:65423#key1", ...} // the key for exec #2 -- listed as
key1 in that exec's DID doc
     ...and 3 more keys for the other 3 execs...
]

These 5 keys may or may not be controllers in their source context--the DID
docs belonging to the execs. But they *are* controllers of the Acme DID,
which is why they're listed in Acme's DID doc.

Does that help?

On Mon, Sep 16, 2019 at 5:36 AM sethi shivam <sethishivam27@gmail.com>
wrote:

> Hi Team ,
>
> I have a question .
>
> "authentication":
>
>     {
>       "id": "did:example:123456789abcdefghi#keys-2",
>       "type": "Ed25519VerificationKey2018",
>       "controller": "did:example:123456789abcdefghi",
>       "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
>     }
>   ]
>
> Here in authentication  controller of
>
> "id": "did:example:123456789abcdefghi#keys-2",  is
> "controller": "did:example:123456789abcdefghi",
>
> and public key of controller is
> "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
>
> Am  i right ?
>
> and
>
> now the value of key-2 is
>
> {
>     "id": "did:example:123456789abcdefghi#keys-2",
>     "type": "Ed25519VerificationKey2018",
>     "controller": "did:example:pqrstuvwxyz0987654321",
>     "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
>   }
>
>
>
> which means "controller": "did:example:123456789abcdefghi" controls DID "id": "did:example:123456789abcdefghi#keys-2",
>
> and public key of "id": "did:example:123456789abcdefghi#keys-2",  is
>
> {
>     "id": "did:example:123456789abcdefghi#keys-2",
>     "type": "Ed25519VerificationKey2018",
>     "controller": "did:example:pqrstuvwxyz0987654321",
>     "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
>
>  }
>
>
> now i am confused ,the public key mentioned under #key-2 is of controller or the DID
>
> and if the public key is of controller then do we need to add another attribute to mention the public key of actual owner?
>
>
> I am a bit confused .Please help
>
>
> Regards
>
> Sethi Shivam
>
>

Received on Monday, 16 September 2019 15:56:46 UTC