Fix definition of controller and add verification method binding section #126
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -555,11 +555,11 @@ <h3>Terminology</h3> | |||||||||||
| <!-- [[[#cryptographic-suites]]] for further detail. --> | ||||||||||||
| </dd> | ||||||||||||
|
|
||||||||||||
| <dt><dfn class="export">controller</dfn></dt> | ||||||||||||
| <dd> | ||||||||||||
| An entity that is [=authorized=] to perform an action associated with a specific | ||||||||||||
| resource such as updating a [=controller document=] or generating a digital | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. I'm not sure I agree with @David-Chadwick's suggestion, but if it is accepted, it should include the markup and full-stop below --
Suggested change
There was a problem hiding this comment. This edit continues the error of the previous suggestion. Verification Method controllers CANNOT update the associated verification method. Only CID document controllers can update the method. |
||||||||||||
| signature that can be verified using a [=verification method=]. | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| </dd> | ||||||||||||
|
|
||||||||||||
| <dt><dfn class="export">controller document</dfn></dt> | ||||||||||||
|
|
@@ -2909,6 +2909,19 @@ <h2>Key and Signature Expiration</h2> | |||||||||||
| </p> | ||||||||||||
| </section> | ||||||||||||
|
|
||||||||||||
| <section> | ||||||||||||
| <h3>Verification Method Binding</h3> | ||||||||||||
|
|
||||||||||||
| <p> | ||||||||||||
| Implementers ensure that a [=verification method=] is bound to a particular | ||||||||||||
| [=controller=] by going from the expression of the [=verification method=] to | ||||||||||||
| the [=controller document=], and then ensuring that the [=controller document=] | ||||||||||||
| also contains a reference to the [=verification method=]. This process is | ||||||||||||
| described in the algorithm for <a href="#retrieve-verification-method"> | ||||||||||||
| retrieving a verification method</a>. | ||||||||||||
|
Comment on lines
+2915
to
+2921
There was a problem hiding this comment. Thanks for having copied the section from the DI spec. However... I still have a problem. This section refers to the algorithmic section for the details on how to find the controller document. That section says:
The only way I can interpret this sentence is that the URL of a VM is a URL with a fragment, and the controller document's URL is retrieved by removing the fragment. Is this restriction intentional? If so, the specification of the verification method in §2.2. must make this restriction clear for the If it is not intentional, then... I am not sure. Would we have to say that the exact approach taken to get from the VM to a CD is implementation dependent? Application dependent? I.e., should we have to say that, in a VC setting, the VM MUST be part of the same JSON-LD document as its CD, hence the usage of a fragment ID, otherwise this is up to the implementation? There was a problem hiding this comment. Just syncing up with the similar discussion in another thread:
(see #119 (comment)). |
||||||||||||
| </p> | ||||||||||||
| </section> | ||||||||||||
|
|
||||||||||||
| <section> | ||||||||||||
| <h2>Verification Method Rotation</h2> | ||||||||||||
|
|
||||||||||||
|
|
||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An entity may be authorized to perform SOME actions but not necessarily ANY actions. This suggestion should not be incorporated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agreed. the action is, in fact, limited by the context. For example, the verification method controller can't update the verification method as listed in the CID, but can create proofs that satisfy the method. "Any" action is too broad.