openid / SIOPv2

8 stars 2 forks source link

Decentralized Identifier in `subject_syntax_types_supported` may be too restrictive #22

Open nanderstabel opened 5 months ago

nanderstabel commented 5 months ago

Currently for the SIOP metadata's subject_syntax_types_supported parameter it is described that:

When Subject Syntax Type is Decentralized Identifier, valid values MUST be a did: prefix followed by a supported DID method without a : suffix. For example, support for the DID method with a method-name "example" would be represented by did:example.

This means that did:example is valid, but did:example:123 is not, because only the actual DID method name may be included, but not the DID Method-Specific Identifier part of a DID.

This makes sense of course, however, some DID Methods may have some method specific 'namespace' logic embedded in the DID Method-Specific Identifier part of the DID:

Note: Colons in method-specific-id

The meaning of colons in the method-specific-id is entirely method-specific. Colons might be used by DID methods for establishing hierarchically partitioned namespaces, for identifying specific instances or parts of the verifiable data registry, or for other purposes. Implementers are advised to avoid assuming any meanings or behaviors associated with a colon that are generically applicable to all DID methods.

An example of this is the IOTA DID method, which makes use of namespaces (but calls them networks). Depending on the network that is used, DID's may be prefixed by either:

All of them fall under the IOTA DID Method, but if a SIOPv2 Provider only supports the SMR network (did:iota:smr), it is currently not possible to communicate that with the SIOP metadata's subject_syntax_types_supported parameter due to the "a did: prefix followed by a supported DID method without a : suffix" restriction.

So my suggestion is to loosing this restriction so that it is also possible to add did methods with a namespace as a valid Subject Syntax Type.