search

w3c-ccg / universal-wallet-interop-spec

A data model and abstract interfaces for digital wallets
http://w3id.org/wallet
Other
56 stars 13 forks source link

key ID in Key Data model #83

Closed sudeshrshetty closed 3 years ago

sudeshrshetty commented 3 years ago

Key data model may need to have key ID field to map it with a DID document, then It will be easy to import any DID Document into wallet along with its keys for signing.

Alternative solution is to use DID key ID as controller of the Key data model.

DID key ID as controller example: 

{
  "@context": ["https://w3id.org/wallet/v1"],
  "id": "urn:uuid:53d846c8-9525-11ea-bb37-0242ac130002",
  "name": "My Test Key 1",
  "image": "https://via.placeholder.com/150",
  "description" : "For testing only, totally compromised.",
  "tags": ["professional", "organization", "compromised"],
  "correlation": ["4058a72a-9523-11ea-bb37-0242ac130002"],
  "controller": "did:example:1234#key-1",
  "type": "Ed25519VerificationKey2018",
  "publicKeyJwk": {
    "crv": "Ed25519",
    "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
    "kty": "OKP",
    "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
  },
  "privateKeyJwk": {
    "crv": "Ed25519",
    "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
    "d": "tP7VWE16yMQWUO2G250yvoevfbfxY25GjHglTP3ZOyU",
    "kty": "OKP",
    "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
  }
}

Once saved, importing any DID Document into wallet for signing will be very simple like in example below,

wallet.add(exampleDID) // save DID Resolution response in a wallet contents
wallet.add(exampleKey) // save or import example DID private key
wallet.issue(vc, {controller: "did:example:1234", verificationMethod:"did:example:1234#key-1"})
sudeshrshetty commented 3 years ago

@OR13 please let me know your opinion about this.

OR13 commented 3 years ago

"controller": "did:example:1234#key-1", this will conflict with the DID Document concept of controller.

I think controller MUST be a DID or URL without Fragment.

I am fine with kid embedded in the publicKeyJwk... that can be very useful.

we have generally stuck to id being a DID URL or a URL with fragment.

for example, in our did web plugin, we use controller and id to automatically generate a did web document from wallet content....

https://github.com/transmute-industries/verifiable-data/blob/main/packages/universal-wallet-did-web-plugin/src/generate.ts

https://github.com/transmute-industries/verifiable-data/blob/main/packages/universal-wallet-did-web-plugin/src/keysToDidDocument.ts

sudeshrshetty commented 3 years ago

@OR13 What about private keys in base58 format, we may need an additional field in data model for kid. or we can assume id of the key data model will be DID URL with fragment.

OR13 commented 3 years ago

@sudeshrshetty yes, I suspect base58 encoded keys will have to use the id field... and with did key for example... the fragment tends to carry the key type, so for other did methods you will see things like

did:example:123#zUc... where the fragment is multiformat. telling you this is a BLS12381 G2 key.... even though that gets repeated in the type field.

sudeshrshetty commented 3 years ago

thanks @OR13 , we can use id field for base58 encoded keys. Closing this issue.