FabioPinheiro
commented
4 months ago Let's move this issue into the DID prism method specification repository.
https://github.com/input-output-hk/prism-did-method-spec/blob/main/w3c-spec/PRISM-method.md
This is an important feature of the protocol itself. We should have the history of the discussion in the right place
bsandmann
Proposed feature
The current PRISM DID method does not include a reference to the underlying VDR on which the DID was published. This was a reasonable approach in the past but will cause issues going forward when PRISM will be expanded to other chains. The proposal is to publish a new version of the PRISM spec (1.1 or 2.0?) to accommodate this change. The new PRISM DID would then look like this:
did:prism:cardano:preprod:123.Feature description
Why is the current specification an issue? Creating a PRISM DID is independent of the VDR. This means a DID, once created in memory, can be published on multiple networks and later updated independently on each VDR. Currently, this situation is mostly unproblematic, since the Cardano mainnet can be treated as the source of truth in case the same DID does exist on different networks at once. With the outlook to make PRISM agnostic to the VDR, this will cause a problem. As it stands today, we might be facing this challenge earlier than expected as Midnight is already available for testing purposes. An important point to highlight here is that having the same DID on multiple networks is not only an issue of confusion but could also pose a major security concern, since an node-indepentent resolver cannot determine the single source of truth.
Naming Options While most other DID methods handle the network reference with just a single string delimited by a colon, e.g.,
did:prism:preprod, this might not be sufficient for our use-case when expanding to other chains. To keep the DID as simple as possible, one could imagine a naming convention to keep the name short, e.g.,did:prism:cp(for Cardano-preprod) or "mm" (for Midnight mainnet). The more understandable alternative would be to use the full name, e.g.,did:prism:midnight:mainnet. This would also be aligned with what Indy is currently doing, e.g.,did:indy:idunion:test.Implications The change would affect nearly every component (SDKs, agent, node) and therefore requires a coordinated approach. A possibility would be to support both versions of the spec for some time and then remove support for the old spec after all components completed the migrations. While most changes are pretty light, there might be a potential issue with a change required to the protobuf definition and therefore the node. I haven’t looked into that in detail, so this has to be evaluated by someone. One option would be not to do the change in the node itself and work around that for now, which seems to be feasible at first glance. On the other hand, this change might open the chance for a larger rework of the PRISM spec, in light of a potential Midnight implementation and other possible additions (e.g. "controller", "AlsoKnownAs")
Anything else?
The main reason I’m raising this issue/feature request now is that I believe this change should rather be done sooner than later. The current user base is still very small, and the people noticing this change apart from this group can be counted on one hand. This will change rather quickly: At first, through new projects coming from Catalyst, and later with Lace. I would argue that this has to be completed before the first version of Lace with identity features ("Identity Center") will get into the hands of any (test) users. Doing this change to the PRISM spec at a later point in time might cause much greater headaches than doing it now.