Universal Resolver driver

[clehner]

We could add a driver for Universal Resolver, like this: https://github.com/decentralized-identity/universal-resolver/pull/100/files It looks like there is already a Universal Resolver driver using ghcr.io, so I think we could use our existing Docker image ghcr.io/spruceid/didkit-http. DIDKit's HTTP interface already supports the DID Resolution HTTP(S) binding which is what Universal Resolver uses for the interface to drivers.

Universal Resolver already has drivers for did:key, did:web, and did:ethr. DID Methods that we could add in our driver are did:tz, did:pkh, did:sol, and did:onion. Additional work may be needed to enable did:onion since it depends on an external network, Tor: #137

[peacekeeper]

I think this sounds great. BTW there is also nothing wrong with having multiple drivers that implement the same DID method. Maybe DIDKit's support for did:key and did:web is better than the existing UR drivers for those methods; in that case people can configure their UR instance to use whichever driver they prefer for any given DID method!

[clehner]

@peacekeeper great. It appears that DIDKit's support for did:key:zQ3s (Secp256k1) and did:key:zru (P-256) would be novel. But these are not currently enabled in our Docker image... I am opening another issue about that. Edit: fixed in #140

[clehner]

Adding the driver, for did:tz and some did:key prefixes, is happening here: https://github.com/decentralized-identity/universal-resolver/pull/222.

Enabling more DID resolvers from DIDKit can be done by updating the regex for the didkit driver's entry in config.json.

Example resolution result

``` $ curl -s http://localhost:8080/1.0/identifiers/did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x | jq { "didResolutionMetadata": { "pattern": "^did:(?:tz:|web:|key:(?:z6Mk|zQ3s|zDna)).+$", "driverUrl": "http://driver-didkit:8080/identifiers/$1", "duration": 396, "contentType": "application/did+ld+json", "did": { "methodSpecificId": "tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x", "method": "tz" } }, "didDocumentMetadata": {}, "didDocument": { "@context": [ "https://www.w3.org/ns/did/v1", { "Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021": "https://w3id.org/security#Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021", "blockchainAccountId": "https://w3id.org/security#blockchainAccountId" } ], "id": "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x", "verificationMethod": [ { "id": "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x#blockchainAccountId", "type": "Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021", "controller": "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x", "blockchainAccountId": "tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x@tezos:mainnet" } ], "authentication": [ "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x#blockchainAccountId" ], "assertionMethod": [ "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x#blockchainAccountId" ] } } ```

For development purposes, the other drivers can be disabled, to reduce resource use, by removing them from docker-compose.yml. To update config.json without having to rebuild the uni-resolver-web image each time, a volumes entry can be added to use the local config.json. The resulting docker-compose.yml is as follows:

docker-compose.yml for developing/testing DIDKit's Universal Resolver Driver

``` version: "3.5" networks: default: name: universal-resolver services: uni-resolver-web: image: universalresolver/uni-resolver-web:latest ports: - "8080:8080" volumes: - ./config.json:/var/lib/jetty/config.json driver-didkit: image: ghcr.io/spruceid/didkit-http:latest environment: PORT: 8080 HOST: 0.0.0.0 ports: - "8121:8080" ```

Thanks @sbihel for helping with Docker/docker-compose.

[clehner]

Universal Resolver driver using DIDKit (didkit-http), enabling did:tz and some did:key prefixes, is merged in https://github.com/decentralized-identity/universal-resolver/pull/224. Keeping this issue open though, to track enabling more of DIDKit's DID methods in the Universal Resolver config. i.e. did:onion (may blocked by https://github.com/spruceid/didkit/issues/137), did:pkh and did:webkey (I think UR prefers methods be added to the DID Specification Registries first)

[clehner]

did:pkh using DIDKit in Universal Resolver was added in https://github.com/decentralized-identity/universal-resolver/pull/231;

did:key RSA in https://github.com/decentralized-identity/universal-resolver/pull/277.

did:ion was added to DIDKit in #255, but Universal Resolver already has a did:ion driver.

DIDKit's regex in Universal Resolver is currently this: ^did:(?:tz:|pkh:|web:|key:(?:z6Mk|zQ3s|zDna|z.{200,})).+$ https://github.com/decentralized-identity/universal-resolver/blob/6425f8b3b1d2523bf14c922ca575a2253920e62c/config.json#L180

webkey remains a DID method that could be added. It needs a specification: https://github.com/spruceid/ssi/issues/205.

onion could also be added if we figure out where to put Tor and how to access it from DIDKit container (#137).

[peacekeeper]

@clehner thanks for the update. I think adding support for onion would be great. You could make the address of the Tor node configurable with an environment variable, and leave it up to a particular deployment to configure it correctly so that the container can reach Tor.