w3c / did-core

W3C Decentralized Identifier Specification v1.0
https://www.w3.org/TR/did-core/
Other
407 stars 96 forks source link

Verification method controller property when working with intermediate DID document representations #866

Open wip-abramson opened 1 week ago

wip-abramson commented 1 week ago

A DID method I am working on (did:btc1) supports a method-id that is an encoding of an intermediate DID document representation. E.g. did:btc:<intermediateDocHash>.

In these cases, what value should I put in the controller property of the intermediate representations verificationMethods?

The controller property is a required field for verificationMethod. I believe this can be a relative URL, but I am not sure what is the appropriate relative URL in this case. Is it just empty quotes? Or is it #id? Or something else.

Alternatively, I could populate the controller properties of the verificationMethods in the intermediate DID document representation after generating the DID just as I do with the id field. But ideally there is a relative URL solution I can use.

peacekeeper commented 6 days ago

It cannot be a relative URL.

See: https://www.w3.org/TR/did-core/#verification-methods

The value of the controller property MUST be a string that conforms to the rules in 3.1 DID Syntax.

So it should be the same DID as in the top-level id field.

wip-abramson commented 6 days ago

Interesting, so the pattern should be.

  1. Construct the intermediate DID document (Without the DID identifier)
  2. Generate the DID identifier
  3. Fill in necessary fields with the DID:
    • didDoc.id = did
    • didDoc.verificationMethods[n].controller = did (for all n verificationMethods)

I guess you probably should also check if a verificationMethod already has a controller before setting it aswell. Since people could create intermediate DID documents with controllers for verificationMethods that are intentionally not the DID of the document.