Add dependency on CID spec. #877
Conversation
msporny
requested review from
ChristopherA,
davidlehn,
jandrieu,
peacekeeper,
iherman,
dmitrizagidulin,
TallTed,
decentralgabe,
KDean-Dolphin and
brentzundel
index.html
Outdated
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | ||
| syntax which are compatible with Section <a href="#did-syntax"></a>. |
There was a problem hiding this comment.
I don't understand what the compatibility is, in order to rephrase to make the sentence say so. Is it each of the strings or the URL syntax that is compatible with Section <a href="#did-syntax">?
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax which are compatible with Section <a href="#did-syntax"></a>. | |
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax which are compatible with Section <a href="#did-syntax"></a>. |
There was a problem hiding this comment.
This still reads oddly to me. It makes me think, controller property conforms to the URL syntax. URLs are compatible with the DID syntax.
Whereas the spec says:
The controller property is OPTIONAL. If present, the value MUST be a string or a set of strings that conform to the rules in 3.1 DID Syntax.
So I would use language similar to the id field.
There was a problem hiding this comment.
This is my best guess at what these lines are trying to say —
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax which are compatible with Section <a href="#did-syntax"></a>. | |
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax defined in Section <a href="#did-syntax"></a>. |
index.html
Outdated
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | ||
| syntax which are compatible with Section <a href="#did-syntax"></a>. |
There was a problem hiding this comment.
As with lines 1268–1269, I don't understand what the compatibility is, in order to rephrase to make the sentence say so. Is it each of the strings or the URL syntax that is compatible with Section <a href="#did-syntax">? Here's my best guess at what these lines are trying to say —
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax which are compatible with Section <a href="#did-syntax"></a>. | |
| <a data-cite="INFRA#string">strings</a>, each of which conforms to the URL | |
| syntax defined in Section <a href="#did-syntax"></a>. |
|
This was discussed during the #did meeting on 09 January 2025. View the transcriptw3c/did-core#877wip: Manu has done a lot of work to align this with other spec. manu: The group requested that we do this as a PR. Normally I try to do this as an editorial change, but it's a massive change. ivan: The CID spec is not published in the TR space under that name. It was published under the name of Controller Document, just to be clear. manu: I removed the draft state and it is now ready for review. markus_sabadello: Can you comment what this means for the abstract data model and consumption and production of entries that are set for update? manu: I tried to make those changes in this PR and it became complicated. Some of the sections are still useful, but I'm going to try to do those in a separate PR. |
There was a problem hiding this comment.
This is a PR for a FPWD draft version, so the result will still undergo a multitude of reviews and changes; I did not look at all the details (it is way too complex to review it that way. I have spotted, however, two major and a minor issue; I think the major issues should be taken care of before merging.
-
The PR still uses the "Controlled Identifiers Document" title for the CID specification, but the name has been changed (again) for "Controlled Identifier 1.0" by the VC WG. That should be used overall.
-
In §5.1.1 Did Subject the new text does not make it clear that, in a DID document, the value of
idMUST be a DID. It sounds obvious, but the previous version makes a stronger statement.It may be that this requirement is between the lines in other places of the document; I think re-enforcing here would still make sense
The same comment applies to the DID controller section.
-
Minor knit in §9 Privacy Consideration: "specification before reading this section is it contains more general privacy considerations" should say "specification before reading this section as it contains more general privacy considerations" ("is" -> "as")
I think the new title is |
Yes, correct. |
index.html
Outdated
| <td>no</td> | ||
| <td> | ||
| A <a data-cite="INFRA#ordered-set">set</a> of <a | ||
| data-cite="INFRA#string">strings</a>, each of which conforms to |
There was a problem hiding this comment.
Again, aren't we constraining the values to conform to the DID URL syntax? Not just any URL
The value of the id property for a verification method MUST be a string that conforms to the rules in Section 3.2 DID URL Syntax.
There was a problem hiding this comment.
This applies to all verificationRelationships below aswell
index.html
Outdated
| threshold signature. | ||
| A <a>DID document</a> can express <a>verification methods</a>, as defined | ||
| <a data-cite="CID#verification-methods">Section 2.2: Verification Methods</a> of | ||
| [[[CID]]]. Identifiers used in <a>verification methods</a> can be expressed |
There was a problem hiding this comment.
| [[[CID]]]. Identifiers used in <a>verification methods</a> can be expressed | |
| [[[CID]]]. Identifiers used in <a>verification methods</a> MUST be expressed |
Unless I am misunderstanding this alignment with the CID spec, I believe this is a normative requirement of the DID spec
index.html
Outdated
| <a data-cite="CID#verification-relationships">Section 2.3: Verification | ||
| Relationships</a> of the [[[CID]]] specification. Identifiers used in | ||
| <a>verification relationships</a> | ||
| can be expressed according to <a href="#did-syntax"></a> and |
There was a problem hiding this comment.
| can be expressed according to <a href="#did-syntax"></a> and | |
| MUST be expressed according to <a href="#did-syntax"></a> and |
|
In noticed that the table "Verification Method properties" does not contain all the properties from the CID spec. Specifically, "expires" and "revoked" are missing. |
|
Regarding hashlinks to secure URL identifiers for verification methods... I don't believe that works with dynamic documents. |
As long as the canonicalized content in the dynamic document matches, it should work. I guess it depends on what you mean by "dynamic". That said, I don't think we provide any guidance for hashlinks, but I'll try to make sure we don't do that since it's under-defined right now. |
|
This was discussed during the did meeting on 23 January 2025. View the transcriptw3c/did-core#877manu: Not a lot has changed -- the big PR that rationalizes DID Core to depend on the CID spec. Wip: In some places there seems to be normative changes. Notably around "id"s. Changing to URL. manu: There is the use case that a DID Method points to a URL. Only change was made to the top most id (root). For all other IDs, noted that DID syntax is allowed -- although CID allows URLs. Wip: This is a change. Is it a concern for others? smccown: Not a problem. Does come back to a concern with LinkedData, as you can't verify it. You can't sign it and verify it and so it could change. We have accepted that in the past but its on ongoing concern. JoeAndrieu: There has not been a use for URLs verificationMethods. There is no definition of how the VM is secured when it is a URL, unlike for a DID. <Zakim> JoeAndrieu, you wanted to say it is not EVERYTHING must be a DID manu: Could make it that it has to be a DID. If we say it has to be a DID, and they use did:web, we have the same issue. Entirely dependent on the DID Method. There is no protection in the base version of DID Web. <dmitriz> +1 joe JoeAndrieu: The difference is that did:web is a published method and it is available for discussion, weaknesses etc. If you just put a URL, you have not of that. Maybe SHOULD be a DID, and talk about the issues. <dmitriz> (re SHOULD, and mentioning the issues in the spec) <Zakim> manu, you wanted to suggest I just keep it at MUST be a DID. and to suggest SHOULD :P markus_sabadello: Missed the comment. manu: Reviewing the spec...its in the table about IDs and notably that a VM is a DID or a map. <Wip> https://github.com/w3c/did-core/pull/877/files#r1920318242 manu: trying to decide on SHOULD or MUST. Since did:web could be used, then URL is the same. Maybe put it back to MUST, and then a separate discussion on backing off that. PDL-ASU: Specs often talk about the securing and the issues. If the URL was a hashlink doesn't that give the security. manu: Will open an issue to deal with this point separately. Re: PDL-ASU point -- there is not a way to make the hashlink of a fragment (as this is likely to be). So hard to handle via an HL. Could be ways to do that, but hard to do. <PDL-ASU> Agreed that's the point Joe was raising. Sounds like we should write that down. :-) |
msporny
force-pushed
the
msporny-cid-alignment
branch
from
664def6 to
6edb213
Compare
Co-authored-by: Will Abramson <[email protected]> Co-authored-by: Ted Thibodeau Jr <[email protected]>
|
Substantive but editorial, multiple reviews, changes requested and made, no objections, merging. |
This PR is an attempt to address issue #854 by normatively referencing the Controlled Identifiers specification.
WARNING: This is a BIG PR -- as was requested by the WG. Please keep discussions and change requests limited to editorial changes and suggestions and raise a separate issue, if needed, to track larger structural change requests.
Preview | Diff