Long form resolution returns id in did document with initial state #782
Comments
|
This is a dupe of #777 though your code examples are better. |
|
See also w3c/did-core#337 @tplooker can you maybe provide these examples on did core, and lets get the WG position on this issue? |
|
This is intentional, because if you are using an unachored DID and only include the short-form suffix of the ID in your resulting DID Document, there is a good chance a counter party could end up including the ID in a credential or other form of data that would subsequently be unresolvable, given it doesn't contain the long-form data. The Sidetree reference and ION return a DID Doc with the short-form ID when it detects an ID is anchored. |
|
@csuwildcat I understand that there should be an explicit indication that the did document is not anchored but I dont think that this should manifest as the long form id in the did document, how about instead return the initial state in the method specific metadata and a flag indicating whether or not the did is anchored? |
|
E.g the the request Would return |
|
And if the same query was made where the did was anchored, the result would instead be |
|
I agree that the resolved DID Doc should contain the long-form ID when the resolver knows that it's not anchored. If the initial state is in some metadata returned by the resolver then it's up to the caller to append that initial state to the DID otherwise like Daniel said it could be unresolvable by the next party who gets the DID. |
|
@JaceHensley as the subject of a DID if created a DID and I want someone to be able to resolve it prior to successful anchoring I am going to have to be responsible for that anyway in how I communicate my DID (i.e I will need to append the initial-state param), I don't see how it being appended to the id element in the did document facilitates this? Put another way, as a client performing resolution I had to have the initial state to construct the resolution request in first place, so what utility does it serve sending it back to me in all areas of the did document where the id is quoted. Following that logic then the create operation response for a sidetree node should then also return a full didDocument including the initial state appended in the id element (just to be clear I'm not proposing this as a solution just using it to highlight the inconsistency in behaviour) Just to clarify the behaviour in case there is confusion, if I launched the following request at a sidetree node Even if the node has a pending registration request (i.e its waiting to close the batch and anchor the DID To further the point as to why it would be cleaner to shift this information into the method metadata, how am I as a resolver client able to quickly discern if a did has now been registered? Currently if I had launched a resolution request that featured the initial-state to guarantee some form of resolution, the only way I would know the did is now anchored is by inspecting the id of the did document and parsing to determine whether the initial-state param is present? Would it not be cleaner for a client to just check |
|
@tplooker @peacekeeper @csuwildcat as discussed on id&d call today.... the did document |
|
So I hit an issue with this and using https://github.com/digitalbazaar/jsonld-signatures. The problem comes from this framing. So But this would also have been a problem if the |
|
Can someone please explain to me how you would handle the following use cases without having to have special method-specific code?
Please clarify how we can do this without requiring some sort of additional standard on how to relay long-form IDs in these scenarios, across all the various situations where someone would need to have the long-form in hand to proceed. |
|
@csuwildcat similar to how you must handle fragment ids like You MUST write some JSON-LD tests to confirm that your proposed solutions will work and be interoperable for both LD / ZKP and JWT VCs, otherwise... you are just asking to implement things that are compatibility breaking. Sounds like @JaceHensley may have written some tests that do this already, would you be willing to explain them to daniel? |
|
Does the holder DID on a VC need to be resolvable? But in either case I agree that it's the DID holder's responsibility to provide a DID for the issuer to use. So it's their responsibility to provide a valid one. Which DID is the verifier trying to resolve here? If it's the issuer's DID then IMO the issuer would be responsible for making sure the DID they put in the VC is resolvable. If it's the holder's DID I'm not sure that's VC.holder needs to be resolvable but if so then my answer would be the same as But the holder DID on the VP should be resolvable the same way an issuer is responsible for providing a resolvable DID when they issue VCs. But to make sure that the issuer of the VP is the same as the holder of the VC I do: And then to make sure that the VP.holder has the As far as tests I do have some but they don't focus on this exactly. For now we aren't anchoring our Element DIDs so the const signed = await jsigs.sign(
vc,
suite: new Suite({
controller: 'did:elem:EiBOH3jRdJZmRE4ew_lKc0RgSDsZphs3ddXmz2MHfKHXcQ;elem:initial-state=...',
keyId: 'did:elem:EiBOH3jRdJZmRE4ew_lKc0RgSDsZphs3ddXmz2MHfKHXcQ#primary',
privateKey: ...,
}),
documentLoader: testDocumentLoader,
purpose: new AssertionProofPurpose(),
compactProof: false,
)
const controllerDIDDoc = resolveDID(signed.issuer)
const result = await jsigs.verify(
signed,
suite: new Suite({
controller: signed.issuer,
keyId: signed.proof.verificationMethod,
// Get the public key for the provided verificationMethod
publicKey: findPublicKey(controllerDIDDoc, signed.proof.verificationMethod),
}),
documentLoader: testDocumentLoader,
// This by passes jsonld-signatures' framing that wouldn't match because DIDDoc.id doesn't match Suite.controller.
// This would be needed in any case where the resolvable DID URL is not equal to to the DID id in the DID Doc
purpose: new AssertionProofPurpose({controller: controllerDIDDoc}),
compactProof: false,
) |
|
@JaceHensley you might want to use did key, the structure of the sidetree spec has changed a lot since we released the element testnet... I'm sorry in advance for the breaking changes we are gonna give you with element spec v0.1.0 conformance release. |
|
With the move to a fully qualified DID URI for long-form, this is no longer applicable, and inherently resolved. |
The example request of
is returning
When I would expect to see the result as
Also can we get clarity of when sidetree will support the general query parameter of
initial-state?The text was updated successfully, but these errors were encountered: