Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Portable DID Doc's potentially out-of-date with networked Doc #156

Open
KendallWeihe opened this issue May 15, 2024 · 3 comments
Open

Portable DID Doc's potentially out-of-date with networked Doc #156

KendallWeihe opened this issue May 15, 2024 · 3 comments
Labels
did related to decentralized identifiers discuss enhancement New feature or request

Comments

@KendallWeihe
Copy link
Contributor

Originally raised here decentralized-identity/web5-rs#211 (comment) but creating a dedicated ticket here as this'll concern all SDKs. Copy pasting relevant comments:

What happens in the following case:

  1. Create a did:dht
  2. Export it as a portable DID (which includes the DID Document)
  3. Update the did:dht (as in, update the DID Document in the network)
  4. At this point, what's in the portable DID's Document is different than the Document persisted in the network
  5. Instantiate a bearer DID from the portable DID
  6. At this point the developer has an out-of-date DID Document in their bearer DID instance

I think we should consider removing the DID Document from the portable DID type and instead resolve upon each instantiation (upon each "import from a portable DID"). As I see it, if we want to create a dedicated type for portable DID's then that type should merely consist of:

{
    "uri": "did:dht...",
    "privateKeyJwks": [...]
}

And then from @mistermoe

aye we definitely chatted about this during the design phase of portable did. @frankhinek do you remember our rationale for choosing to include the did document as part of portable did?

ah i think i remember. w.r.t. did:dht specifically, it may be the case that a did was created but not published. if so, without including the did document in the portable did itself, fidelity is lost (e.g. on creation, n services were provided to create)

This definitely doesn't negate the issue you've raised @KendallWeihe. The scenario you describe is entirely possible. At the time we decided that it was unlikely and felt that the furthest we should probably go (but didn't in any of the sdks) for the time being would be, on import, attempt to resolve. if resolution is successful, diff the portable did doc and the published did doc. if there's a difference, throw exception
@KendallWeihe KendallWeihe mentioned this issue May 15, 2024
Open
@decentralgabe
Copy link
Member

I remain opposed to the idea that we should promote a serialization format for private key materials outside test vectors as it opens the door to bad practices and risk associated with moving private keys (interception, etc).

I made a longer comment here #142 (comment)

@decentralgabe
Copy link
Member

also related #124

@KendallWeihe
Copy link
Contributor Author

I agree @decentralgabe & added a relevant comment decentralized-identity/web5-rs#211 (comment)

TL;DR the only concrete use case (as you state) is test vectors, for which we can generate & serialize one-off (or better yet, could be a web5 CLI feature)

@decentralgabe decentralgabe added enhancement New feature or request discuss did related to decentralized identifiers labels Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
did related to decentralized identifiers discuss enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KendallWeihe @decentralgabe