swcurran
commented
4 months ago ~Do we use a Data Integrity proof?~. A DI does not include the canonicalization. Suggestions are:
Closed swcurran closed 3 months ago
swcurran
commented
4 months ago ~Do we use a Data Integrity proof?~. A DI does not include the canonicalization. Suggestions are:
swcurran
commented
3 months ago Plan defined to do that and put the proof into the history of the DIDDoc. That leaves it out of the DIDDoc (no JSON-LD context change needed) and simplifies the processing needed to produce the proof.
andrewwhitehead
commented
3 months ago At the moment the prototypes use a detached DI proof, but there's an issue there with the @context not being defined. We might want to look at cutting the serialized proof down to just the cryptosuite and proof value, or for version one, always using eddsa-jcs-2022 (for instance). Doing RDF normalization of the DID document is also a step we might want to avoid in the interest of efficiency.
swcurran
commented
3 months ago Is this a DI that needs to be raised with them? It seems like a bad idea from the spec. perspective to limit the functionality because of something like that.
brianorwhatever
commented
3 months ago Plan is to have a DI proof of the new document state added to every log line
swcurran
commented
3 months ago Resolved by #20
proofitem is included in each DIDDoc that contains a DID Controller signature over that entire DIDDoc (minus the proof item), plus the the proof item from the previous DIDDocFundamental to this is #7 — how do we ensure signatures across the JSON data is verifiable?