Closed swcurran closed 3 months ago
~Do we use a Data Integrity proof?~. A DI does not include the canonicalization. Suggestions are:
Plan defined to do that and put the proof
into the history of the DIDDoc. That leaves it out of the DIDDoc (no JSON-LD context change needed) and simplifies the processing needed to produce the proof.
At the moment the prototypes use a detached DI proof, but there's an issue there with the @context
not being defined. We might want to look at cutting the serialized proof down to just the cryptosuite and proof value, or for version one, always using eddsa-jcs-2022 (for instance). Doing RDF normalization of the DID document is also a step we might want to avoid in the interest of efficiency.
Is this a DI that needs to be raised with them? It seems like a bad idea from the spec. perspective to limit the functionality because of something like that.
Plan is to have a DI proof of the new document state added to every log line
Resolved by #20
proof
item is included in each DIDDoc that contains a DID Controller signature over that entire DIDDoc (minus the proof item), plus the the proof item from the previous DIDDocFundamental to this is #7 — how do we ensure signatures across the JSON data is verifiable?