Open OR13 opened 3 years ago
@dlongley @msporny I would like to formalize the "root" / "default" capability that ends in a did document:
{
"@context": [
"https://www.w3.org/ns/did/v1",
{
"@base": "did:key:z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK"
}
],
"id": "did:key:z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK",
"verificationMethod": [
{
"id": "#z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK",
"type": "JsonWebKey2020",
"controller": "did:key:z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK",
"publicKeyJwk": {
"crv": "Ed25519",
"x": "PBxdXNPcGKPhXwSj6lLId97-9c1_dgYjDLC0sLCRLVI",
"kty": "OKP"
}
},
{
"id": "#z6LSscWjDj3WhzBk23JXTYm4Vmh2kAZ69GKXDVhvzpUm4ghz",
"type": "JsonWebKey2020",
"controller": "did:key:z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK",
"publicKeyJwk": {
"kty": "OKP",
"crv": "X25519",
"x": "7MrJ0voGrqpEhvFDZZILphipoIrUA3D-2nc8gGLscB0"
}
}
],
"authentication": [
"#z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK"
],
"assertionMethod": [
"#z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK"
],
"capabilityInvocation": [
"#z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK"
],
"capabilityDelegation": [
"#z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK"
],
"keyAgreement": [
"#z6LSscWjDj3WhzBk23JXTYm4Vmh2kAZ69GKXDVhvzpUm4ghz"
]
}
Yields something like:
{
"@context": "https://w3id.org/security/v2",
"id": "https://example.com/edvs",
"invocationTarget": "https://example.com/edvs",
"controller": "did:key:z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK",
"invoker": "did:key:z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK#z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK",
"delegator": "did:key:z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK#z6MkiVubMsUd4FxeApa1yd8YEigVvE5dmr2KWgUaR6CP5kKK"
}
I think we need to add type
to this, so that it can be requested using GNAP, and also establish a convention for generating the id
.
This first capability should IMO be invoked by folks who are trying to create a new vault.
Per our conversations in the WG, we are aware that GNAP supports JSON representations for scopes, and that the only requirement is that they contain a
type
attribute. We are also aware that zcap-ld makes use of JSON can can include a suitabletype
attribute.This proposal is to adopt support for both for the data model associated with authorizations, as separate from the invocation / proof of possession mechanism.
We are currently considering HTTP Signatures as one such mechanism.