Decentralized Identifiers (DIDs) v1.0

Core architecture, data model, and representations

W3C Working Draft

This version:
https://www.w3.org/TR/2020/WD-did-core-20200608/
Latest published version:
https://www.w3.org/TR/did-core/
Latest editor's draft:
https://w3c.github.io/did-core/
Previous version:
https://www.w3.org/TR/2020/WD-did-core-20200421/
Editors:
Drummond Reed (Evernym)
Manu Sporny (Digital Bazaar)
Markus Sabadello (Danube Tech)
Authors:
Drummond Reed (Evernym)
Manu Sporny (Digital Bazaar)
Dave Longley (Digital Bazaar)
Christopher Allen (Blockchain Commons)
Ryan Grant
Markus Sabadello (Danube Tech)
Participate:
GitHub w3c/did-core
File a bug
Commit history
Pull requests

Abstract

Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies. These new identifiers are designed to enable the controller of a DID to prove control over it and to be implemented independently of any centralized registry, identity provider, or certificate authority. DIDs are URLs that associate a DID subject with a DID document allowing trustable interactions associated with that subject. Each DID document can express cryptographic material, verification methods, or service endpoints, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Service endpoints enable trusted interactions associated with the DID subject. A DID document might contain semantics about the subject that it identifies. A DID document might contain the DID subject itself (e.g. a data model).

This document specifies a common data model, a URL format, and a set of operations for DIDs, DID documents, and DID methods.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

This specification is under active development and implementers are advised against implementing the specification unless they are directly involved with the W3C DID Working Group. There are use cases [DID-USE-CASES] in active development that establish requirements for this document.

At present, there exist 40 experimental implementations and a preliminary test suite that will eventually determine whether or not implementations are conformant. Readers are advised that Appendix § C. Current Issues contains a list of concerns and proposed changes that will most likely result in alterations to this specification.

Comments regarding this document are welcome. Please file issues directly on GitHub, or send them to public-did-wg@w3.org ( subscribe, archives).

Portions of the work on this specification have been funded by the United States Department of Homeland Security's Science and Technology Directorate under contracts HSHQDC-16-R00012-H-SB2016-1-002 and HSHQDC-17-C-00019. The content of this specification does not necessarily reflect the position or the policy of the U.S. Government and no official endorsement should be inferred.

Work on this specification has also been supported by the Rebooting the Web of Trust community facilitated by Christopher Allen, Shannon Appelcline, Kiara Robles, Brian Weller, Betty Dhamers, Kaliya Young, Kim Hamilton Duffy, Manu Sporny, Drummond Reed, Joe Andrieu, and Heather Vescent.

This document was published by the Decentralized Identifier Working Group as a Working Draft. This document is intended to become a W3C Recommendation.

GitHub Issues are preferred for discussion of this specification. Alternatively, you can send comments to our mailing list. Please send them to public-did-wg@w3.org (archives).

Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 1 March 2019 W3C Process Document.

1. Introduction

This section is non-normative.

As individuals and organizations, many of us use globally unique identifiers in a wide variety of contexts. They serve as communications addresses (telephone numbers, email addresses, usernames on social media), ID numbers (for passports, drivers licenses, tax IDs, health insurance), and product identifiers (serial numbers, barcodes, RFIDs). Resources on the Internet are identified by globally unique identifiers in the form of MAC addresses; URIs (Uniform Resource Identifiers) are used for resources on the Web and each web page you view in a browser has a globally unique URL (Uniform Resource Locator).

The vast majority of these globally unique identifiers are not under our control. They are issued by external authorities that decide who or what they identify and when they can be revoked. They are useful only in certain contexts and recognized only by certain bodies (not of our choosing). They may disappear or cease to be valid with the failure of an organization. They may unnecessarily reveal personal information. And in many cases they can be fraudulently replicated and asserted by a malicious third-party ("identity theft").

The Decentralized Identifiers (DIDs) defined in this specification are a new type of globally unique identifier designed to enable individuals and organizations to generate our own identifiers using systems we trust, and to prove control of those identifiers (authenticate) using cryptographic proofs (for example, digital signatures, privacy-preserving biometric protocols, and so on).

Because we control the generation and assertion of these identifiers, each of us can have as many DIDs as we need to respect our desired separation of identities, personas, and contexts (in the everyday sense of these words). We can scope the use of these identifiers to the most appropriate contexts. We can interact with other people, institutions or systems that require us to identify ourselves (or things we control) while maintaining control over how much personal or private data should be revealed, and without depending on a central authority to guarantee the continued existence of the identifier.

This specification does not require any particular technology or cryptography to underpin the generation, persistence, resolution or interpretation of DIDs. Rather, it defines: a) the generic syntax for all DIDs, and b) the generic requirements for performing the four basic CRUD operations (create, read, update, deactivate) on the metadata associated with a DID (called the DID document).

This enables implementers to design specific types of DIDs to work with the computing infrastructure they trust (e.g., blockchain, distributed ledger, decentralized file system, distributed database, peer-to-peer network). The specification for a specific type of DID is called a DID method. Implementers of applications or systems using DIDs can choose to support the DID methods most appropriate for their particular use cases.

This specification is for:

Note: Diversity of DID systems

DID methods can also be developed for identifiers registered in federated or centralized identity management systems. Indeed, almost all types of identifier systems can add support for DIDs. This creates an interoperability bridge between the worlds of centralized, federated, and decentralized identifiers.

1.1 A Simple Example

This section is non-normative.

A DID is a simple text string consisting of three parts, the:

Example 1: A simple example of a decentralized identifier (DID)
did:example:123456789abcdefghi

The example DID above resolves to a DID document. A DID document contains information associated with the DID, such as ways to cryptographically authenticate the DID controller, as well as services that can be used to interact with the DID subject.

Example 2: Minimal self-managed DID document
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    // used to authenticate as did:...fghi
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }],
  "service": [{
    // used to retrieve Verifiable Credentials associated with the DID
    "id":"did:example:123456789abcdefghi#vcs",
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}

1.2 Design Goals

This section is non-normative.

Decentralized Identifiers are a component of larger systems, such as the Verifiable Credentials ecosystem [VC-DATA-MODEL], which drove the design goals for this specification. This section summarizes the primary design goals for this specification.

Goal Description
Decentralization Eliminate the requirement for centralized authorities or single point failure in identifier management, including the registration of globally unique identifiers, public verification keys, service endpoints, and other metadata.
Control Give entities, both human and non-human, the power to directly control their digital identifiers without the need to rely on external authorities.
Privacy Enable entities to control the privacy of their information, including minimal, selective, and progressive disclosure of attributes or other data.
Security Enable sufficient security for relying parties to depend on DID documents for their required level of assurance.
Proof-based Enable DID controllers to provide cryptographic proof when interacting with other entities.
Discoverability Make it possible for entities to discover DIDs for other entities, to learn more about or interact with those entities.
Interoperability Use interoperable standards so DID infrastructure can make use of existing tools and software libraries designed for interoperability.
Portability Be system- and network-independent and enable entities to use their digital identifiers with any system that supports DIDs and DID methods.
Simplicity Favor a reduced set of simple features to make the technology easier to understand, implement, and deploy.
Extensibility Where possible, enable extensibility provided it does not greatly hinder interoperability, portability, or simplicity.

1.3 Architecture Overview

This section provides a basic understanding of the major elements of DID architecture. Formal definitions of terms are provided in § 2. Terminology .


Diagram showing that DIDs are recorded on a Verifiable Data Registry; DIDs
resolve to DID documents; DIDs identify DID subjects; a DID controller can
modify a DID document; a DID method generates a DID; a DID method instructs a
DID resolver.
Figure 1 The basic components of DID architecture.
DIDs and DID URLs
A DID, or Decentralized Identifier, is a URI composed of three parts: the scheme "did:", a method identifier, and a unique, method-specific identifier generated by the DID method. DIDs are resolvable to DID documents. A DID URL extends the syntax of a basic DID to incorporate other standard URI components (path, query, fragment) in order to locate a particular resource—for example, a public key inside a DID document, or a resource available external to the DID document.
DID Subjects
The subject of a DID is, by definition, the entity identified by the DID. The DID subject may also be the DID controller. Anything can be the subject of a DID: person, group, organization, physical thing, logical thing, etc.
DID Controllers
The controller of a DID is the entity (person, organization, or autonomous software) that has the capability—as defined by a DID method—to make changes to a DID document. This capability is typically asserted by the control of a set of cryptographic keys used by software acting on behalf of the controller, though it may also be asserted via other mechanisms. Note that a DID may have more than one controller, and the controller(s) may include the DID subject.
Verifiable Data Registries
In order to be resolvable to DID documents, DIDs are typically recorded on an underlying system or network of some kind. Regardless of the specific technology used, any such system that supports recording DIDs and returning data necessary to produce DID documents is called a verifiable data registry. Examples include distributed ledgers, decentralized file systems, databases of any kind, peer-to-peer networks, and other forms of trusted data storage.
DID documents
DID documents contain metadata associated with a DID. They typically express verification methods (such as public keys) and services relevant to interactions with the DID subject. A DID document is serialized according to a particular syntax (see § 6. Core Representations). The DID itself is the value of the id property. The generic properties supported in a DID document are specified in § 5. Core Properties. The properties present in a DID document may be updated according to the applicable operations outlined in § 7. Methods.
DID Methods
DID methods are the mechanism by which a particular type of DID and its associated DID document are created, resolved, updated, and deactivated using a particular verifiable data registry. DID methods are defined using separate DID method specifications (see § 7. Methods).
Note

Conceptually, the relationship between this specification and a DID method specification is similar to the relationship between the IETF generic URI specification ([RFC3986]) and a specific URI scheme ([IANA-URI-SCHEMES] (such as the http: and https: schemes specified in [RFC7230]). It is also similar to the relationship between the IETF generic URN specification ([RFC8141]) and a specific URN namespace definition, (such as the UUID URN namespace defined in [RFC4122]). The difference is that a DID method specification, as well as defining a specific DID scheme, also specifies the methods creating, resolving, updating, and deactivating DIDs and DID documents using a specific type of verifiable data registry.

DID resolvers and DID resolution
A DID resolver is a software and/or hardware component that takes a DID (and associated options) as input and produces a conforming DID document (and associated metadata) as output. This process is called DID resolution. The inputs and outputs of the DID resolution process are defined in § 8. Resolution . The specific steps for resolving a specific type of DID are defined by the relevant DID method specification. Additional considerations for implementing a DID resolver are discussed in [DID-RESOLUTION].
DID URL dereferencers and DID URL dereferencing
A DID URL dereferencer is a software and/or hardware component that takes a DID URL (and associated options) as input and produces a resource (and associated metadata) as output. This process is called DID URL dereferencing. The inputs and outputs of the DID URL dereferencing process are defined in § 8.2 DID URL Dereferencing . Additional considerations for implementing a DID URL dereferencer are discussed in [DID-RESOLUTION].

1.4 Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY, MUST, MUST NOT, RECOMMENDED, SHOULD, and SHOULD NOT in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

This document contains examples that contain JSON, CBOR, and JSON-LD content. Some of these examples contain characters that are invalid, such as inline comments (//) and the use of ellipsis (...) to denote information that adds little value to the example. Implementers are cautioned to remove this content if they desire to use the information as valid JSON, CBOR, or JSON-LD.

Interoperability of implementations for DIDs and DID documents will be tested by evaluating an implementation's ability to create and parse DIDs and DID documents that conform to the specification. Interoperability for producers and consumers of DIDs and DID documents is provided by ensuring the DIDs and DID documents conform. Interoperability for DID method specifications is provided by the details in each DID method specification. It is understood that, in the same way that a web browser is not required to implement all known URI schemes, conformant software that works with DIDs is not required to implement all known DID methods (however, all implementations of a given DID method must be interoperable for that method).

A conforming DID is any concrete expression of the rules specified in Section § 3. Identifier and MUST comply with relevant normative statements in that section.

A conforming DID Document is any concrete expression of the data model described in this specification and MUST comply with the relevant normative statements in Sections § 4. Data Model and § 5. Core Properties. A serialization format for the conforming document MUST be deterministic, bi-directional, and lossless as described in Section § 6. Core Representations. The conforming DID document MAY be transmitted or stored in any such serialization format.

A conforming DID Method is any specification that complies with the relevant normative statements in Section § 7. Methods.

A producer is any algorithm realized as software and/or hardware and conforms to this specification if it generates conforming DIDs or conforming DID Documents. A producer that is conformant with this specification MUST NOT produce non-conforming DIDs or DID Documents.

A consumer is any algorithm realized as software and/or hardware and conforms to this specification if it consumes conforming DIDs or conforming DID Documents. A consumer that is conformant with this specification MUST produce errors when consuming non-conforming DIDs or DID Documents.

2. Terminology

This section is non-normative.

This document attempts to communicate the concepts outlined in the decentralized identifier space by using specialized terms to discuss specific concepts. This terminology is included below and linked to throughout the document to aid the reader:

decentralized identifier (DID)
A globally unique identifier that does not require a centralized registration authority because it is registered with distributed ledger technology (DLT) or other form of decentralized network. The generic format of a DID is defined in this specification. A specific DID scheme is defined in a DID method specification.
decentralized identity management
Identity management based on decentralized identifiers. Decentralized identity management extends the identifier creation authority beyond the traditional roots of trust required by X.500 directory services, the Domain Name System, and most national identification systems.
DID controller
The entity that has the ability to make changes to a DID document. A DID can have more than one controller. The DID controller(s) are denoted by the controller property on the top level of the DID document. Note that the DID controller(s) might include the DID subject.
DID document
A set of data describing the DID subject, including mechanisms, such as public keys and pseudonymous biometrics, that the DID subject can use to authenticate itself and prove their association with the DID. A DID document might also contain other attributes or claims describing the subject. These documents are graph-based data structures that are typically expressed using [JSON-LD], but can be expressed using other compatible graph-based data formats.
DID fragment
The portion of a DID URL that follows the first hash sign character (#). DID fragment syntax is identical to the URI fragment syntax.
DID method
A definition of how a specific DID scheme can be implemented on a specific distributed ledger or network, including the precise methods by which DIDs are resolved and deactivated and DID documents are written and updated.
DID path
The portion of a DID URL that begins with and includes the first forward slash character (/). DID path syntax is identical to the URI path syntax.
DID query
The portion of a DID URL that follows the first question mark character (?). DID query syntax is identical to the URI query syntax.
Verifiable data registry
A role a system performs to mediate the creation, verification, updating, and deactivation of decentralized identifiers. For more information, see [VC-DATA-MODEL].
DID resolution
The function that takes as its input a DID and a set of input metadata and returns a DID document in a conforming representation plus additional metadata. This function relies on the "Read" operation of the applicable DID method. The inputs and outputs of this function are defined in § 8.1 DID Resolution .
DID resolver
A DID resolver is a software and/or hardware component that takes a DID as input and produces a conforming DID document as output by performing DID resolution.
DID scheme
The formal syntax of a decentralized identifier. The generic DID scheme is defined in this specification. Separate DID method specifications define a specific DID scheme that works with that specific DID method.
DID subject
The entity the DID document is about. That is, the entity identified by the DID and described by the DID document.
DID URL
A DID plus an optional DID path, optional ? character followed by a DID query, and optional # character followed by a DID fragment.
DID URL dereferencing
The function that takes as its input a DID URL, a DID document, and a set of dereferencing options and returns a resource, which might be a DID document, plus additional metadata. This function can use the DID resolution function to fetch a DID document indicated by the DID within the DID URL. The dereferencing function then can perform additional processing on the DID document to return the dereferenced resource indicated by the DID URL. The inputs and outputs of this process are defined in § 8.2 DID URL Dereferencing .
distributed ledger (DLT)
A distributed database in which the various nodes use a consensus protocol to maintain a shared ledger in which each transaction is cryptographically signed and chained to the previous transaction.
extensible data interchange (XDI)
A semantic graph format and semantic data interchange protocol defined by the OASIS XDI Technical Committee.
public key description
A JSON object contained inside a DID document that contains all the metadata necessary to use a public key or verification key.
resource
The term resource is used in the same way as defined for HTTP in [RFC7231]; that is, a resource is the target of a request and is identified by a URI. This specification does not limit the nature of a resource, but defines an interface that might be used to interact with resources when identified by a DID.
service endpoint
A network address at which a service operates on behalf of a DID subject. Examples of specific services include discovery services, social networks, file storage services, and verifiable claim repository services. Service endpoints might also be provided by a generalized data interchange protocol, such as extensible data interchange.
Uniform Resource Identifier (URI)
An identifier, as defined by [RFC3986].
verifiable timestamp
A timestamp is verifiable if a third-party can confirm that a piece of data existed at a specific moment in time. Verifying data integrity can be done in such a way that the party verifying the data is highly confident that an authority or malicious party could not have reasonably modified the data as it existed at the attested moment in time. If the data integrity could reasonably be modified or corrupted by a central authority or other party, the timestamp is not verifiable.
verification method

A set of parameters that can be used to independently verify a proof according to a particular method. For example, a public key can be used as a verification method with respect to a digital signature; in such usage, it verifies that the signer possessed the associated private key.

"Verification" and "proof" in this definition are intended to apply broadly. A public key might be used during Diffie-Hellman key exchange to negotiate a shared symmetric key for encryption. This guarantees the integrity of the key agreement process. It is thus another type of verification method, even though descriptions of the process might not use the words "verification" and "proof."

verification relationship

A verification relationship expresses the relationship between the DID subject and a verification method. An example of a verification relationship is § 5.5 Authentication.

Universally Unique Identifier (UUID)
An identifier, as defined by [RFC4122].

3. Identifier

This section describes the formal syntax for DIDs and DID URLs. The term "generic" is used to differentiate the syntax defined here from syntax defined by specific DID methods in their respective specifications.

3.1 DID Syntax

3.1.1 Generic DID Syntax

The generic DID scheme is a URI scheme conformant with [RFC3986].

Note

A DID always identifies the DID subject.

The following is the ABNF definition using the syntax in [RFC5234], which defines ALPHA and DIGIT. All other rule names not defined in this ABNF are defined in [RFC3986].

did                = "did:" method-name ":" method-specific-id
method-name        = 1*method-char
method-char        = %x61-7A / DIGIT
method-specific-id = *( ":" *idchar ) 1*idchar
idchar             = ALPHA / DIGIT / "." / "-" / "_"
Issue 34: Should DID syntax allow an empty "method-specific-id"? PR existsdiscuss

The grammar currently allows an empty method-specific-id, e.g., did:example: would be a valid DID that could identify the DID method itself.

3.1.2 Method-Specific Syntax

A DID method specification MUST further restrict the generic DID syntax by defining its own method-name and its own method-specific-id syntax. For more information, see Section § 7. Methods.

3.1.3 Normalization

For the broadest interoperability, make DID normalization as simple and universal as possible:

3.1.4 Persistence

A DID is expected to be persistent and immutable. That is, a DID is bound exclusively and permanently to its one and only subject. Even after a DID is deactivated, it is intended that it never be repurposed.

Note

Ideally, a DID would be a completely abstract decentralized identifier (like a UUID) that could be bound to multiple underlying verifiable data registries over time, thus maintaining its persistence independent of any particular system. However, registering the same identifier on multiple verifiable data registries introduces extremely hard entityship and start-of-authority (SOA) problems. It also greatly increases implementation complexity for developers.

To avoid these issues, developers should refer to the Decentralized Characteristics Rubric [DID-RUBRIC] to decide which DID method best addresses the needs of the use case.

Note

Although not included in this version, future versions of this specification might support a DID document equivID property to establish verifiable equivalence relations between DIDs representing the same subject on multiple verifiable data registries. Such equivalence relations can produce the practical equivalent of a single persistent abstract DID. For more information, see Section § D. Future Work .

3.2 DID URL Syntax

3.2.1 Generic DID URL Syntax

A DID URL always identifies a resource to be located. It can be used, for example, to identify a specific part of a DID document.

This following is the ABNF definition using the syntax in [RFC5324]. It builds on the did scheme defined in § 3.1.1 Generic DID Syntax. The path-abempty and fragment components are identical to the ABNF rules defined in [RFC3986], and the did-query component is derived from the query ABNF rule.

did-url            = did path-abempty [ "?" did-query ]
                     [ "#" fragment ]
did-query          = param *( "&" param )
param              = param-name "=" param-value
param-name         = 1*pchar
param-value        = *pchar

This specification reserves the semicolon (;) character for possible future use as a sub-delimiter for parameters as described in [MATRIX-URIS].

3.2.2 Generic DID URL Parameters

The DID URL syntax supports a simple, generalized format for parameters based on the query component (See § 3.2.5 Query). The ABNF above specifies the basic syntax (the param rule) but does not specify any concrete parameter names.

Some generic DID parameter names (for example, for service selection) are completely independent of any specific DID method and MUST always function the same way for all DIDs. Other DID parameter names (for example, for versioning) MAY be supported by certain DID methods, but MUST operate uniformly across those DID methods that do support them.

Parameter names that are completely method-specific are described in Section § 3.1.2 Method-Specific Syntax.

The following table defines a set of generic DID parameter names.

Generic DID Parameter Name Description
hl A resource hash of the DID document to add integrity protection, as specified in [HASHLINK].
service Identifies a service from the DID document by service ID.
version-id Identifies a specific version of a DID document to be resolved (the version ID could be sequential, or a UUID, or method-specific). Note that this parameter might not be supported by all DID methods.
version-time Identifies a certain version timestamp of a DID document to be resolved. That is, the DID document that was valid for a DID at a certain time. Note that this parameter might not be supported by all DID methods.

Additional considerations for processing these parameters are discussed in [?DID-RESOLUTION].

Two example DID URLs using the service and version-time generic DID parameters are shown below.

Example 3: A DID URL with a 'service' DID parameter
did:foo:21tDAKCERh95uGgKbJNHYp?service=agent
Example 4: A DID URL with a 'version-time' DID parameter
did:foo:21tDAKCERh95uGgKbJNHYp?version-time=2002-10-10T17:00:00Z

Adding a DID parameter to a DID URL means that the parameter becomes part of an identifier for a resource (the DID document or other). Alternatively, the DID resolution and the DID URL dereferencing functions can also be influenced by passing input metadata to a DID resolver that are not part of the DID URL. (See § 8.3 Metadata Structure ). Such options could for example control caching or the desired encoding of a resolution result. This is comparable to HTTP, where certain parameters could either be included in an HTTP URL, or alternatively passed as HTTP headers during the dereferencing process. The important distinction is that DID parameters that are part of the DID URL should be used to specify what resource is being identified, whereas DID resolution options that are not part of the DID URL should be use to control how that resource is resolved or dereferenced.

DID parameters MAY be used if there is a clear use case where the parameter needs to be part of a URI that can be used as a link, or as a resource in RDF / JSON-LD documents.

DID parameters SHOULD NOT be used if there are already other, equivalent ways of constructing URIs that fulfill the same purpose (for example, using other syntactical constructs such as URI query strings or URI fragments).

DID parameters SHOULD NOT be used if the same functionality can be expressed by passing options to a DID resolver, and if there is no need to construct a URI for use as a link, or as a resource in RDF / JSON-LD documents.

3.2.3 Method-Specific DID URL Parameters

A DID method specification MAY specify additional method-specific parameter names. A method-specific parameter name MUST be prefixed by the method name, as defined by the method-name rule.

For example, if the method did:foo: defines the parameter bar, the parameter name must be foo:bar. An example DID URL using this method and this method-specific parameter would be as shown below.

did:foo:21tDAKCERh95uGgKbJNHYp?foo:bar=high

A method-specific parameter name defined by one DID method MAY be used by other DID methods.

did:example:21tDAKCERh95uGgKbJNHYp?foo:bar=low

Method-specific parameter names MAY be combined with generic parameter names in any order.

did:example:21tDAKCERh95uGgKbJNHYp?service=agent&foo:bar=high

Both DID method namespaces and method-specific parameter namespaces MAY include colons, so they might be partitioned hierarchically, as defined by a DID method specification. The following example DID URL illustrates both.

did:foo:baz:21tDAKCERh95uGgKbJNHYp?foo:baz:hex=b612
Issue 36: Details on the use of method-specific DID parameters discuss

Review what exactly we want to say about method-specific parameters defined by one method but used in a DID URL with a different method. Also discuss hierarchical method namespaces in DID parameter names.

3.2.4 Path

A DID path is identical to a generic URI path and MUST conform to the path-abempty ABNF rule in [RFC3986]. A DID path SHOULD be used to address resources available through a service endpoint. For more information, see Section § 5.7 Service Endpoints.

A specific DID scheme MAY specify ABNF rules for DID paths that are more restrictive than the generic rules in this section.

did:example:123456/path

3.2.5 Query

A DID query is derived from a generic URI query and MUST conform to the did-query ABNF rule in Section §  3.2.1 Generic DID URL Syntax. If a DID query is present, it MUST be used as described in Sections § 3.2.2 Generic DID URL Parameters and § 3.2.3 Method-Specific DID URL Parameters.

A specific DID scheme MAY specify ABNF rules for DID queries that are more restrictive than the generic rules in this section.

did:example:123456?query=true

3.2.6 Fragment

A DID fragment is used as method-independent reference into the DID document to identify a component of the document (for example, a unique public key description or service endpoint). DID fragment syntax and semantics are identical to a generic URI fragment and MUST conform to RFC 3986, section 3.5. To dereference a DID fragment, the complete DID URL including the DID fragment MUST be used as input to the DID URL dereferencing function for the target component in the DID document object. For more information, see § 8.2 DID URL Dereferencing .

A specific DID scheme MAY specify ABNF rules for DID fragments that are more restrictive than the generic rules in this section.

did:example:123456#public-key-1

In order to maximize interoperability, implementers are urged to ensure that DID fragments are interpreted in the same way across representations (as described in § 6. Core Representations). For example, while JSON Pointer [RFC6901] can be used in a DID fragment, it will not be interpreted in the same way across representations.

Additional semantics for fragment identifiers, which are compatible with and layered upon the semantics in this section, are described for JSON-LD representations in Section § E.2 application/did+ld+json.

3.2.7 Relative DID URLs

A relative DID URL is any URL value in a DID document that does not start with did:<method-name>:<method-specific-id>. More specifically, it is any URL value that does not start with the ABNF defined in Section § 3.1.1 Generic DID Syntax. The contents of the URL typically refers to a resource in the same DID document. Relative DID URLs MAY contain relative path components, query parameters, and fragment identifiers.

When resolving a relative DID URL reference, the algorithm specified in RFC3986 Section 5: Reference Resolution MUST be used. The base URI value is the DID that is associated with the DID subject, see Section § 5.2 DID Subject. The scheme is did. The authority is a combination of <method-name>:<method-specific-id>, and the path, query, and fragment values are those defined in Section § 3.2.4 Path, Section § 3.2.5 Query, and Section § 3.2.6 Fragment, respectively.

Relative DID URLs are often used to identify verification methods and services in a DID Document without having to use absolute URLs, which tend to be more verbose than necessary.

Example 12: An example of a relative DID URL
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "publicKey": [{
    "id": "did:example:123456789abcdefghi#key-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }, ...],
  "authentication": [
    // a relative DID URL used to reference a verification method above
    "#key-1"
  ]
}

In the example above, the relative DID URL value will be transformed to an absolute DID URL value of did:example:123456789abcdefghi#key-1.

4. Data Model

This specification defines an abstract data model for DID documents, independent of any specific representation. This section provides a high-level description of the data model, a set of requirements for representations, and a set of requirements for extensibility.

4.1 Definition

A DID document consists of a collection of property-value pairs. The definitions of each of these properties are specified in section § 5. Core Properties. Specific representations are defined in section § 6. Core Representations.

4.2 Representations

Following are the requirements for representations.

  1. A representation MUST define an unambiguous encoding and decoding of all properties and their associated values as defined in this specification. This means anything you can represent in the DID document data model can be represented in any compliant representation.
  2. The representation MUST be associated with an IANA-registered MIME type.
  3. The representation MUST define fragment processing rules for its MIME type that are conformant with the fragment processing rules defined in section § 3.2.6 Fragment of this specification.

The core representations are specified in section § 6. Core Representations.

4.3 Extensibility

The data model supports two types of extensibility.

  1. For maximum interoperability, it is RECOMMENDED that extensions use the official W3C DID Core Registries mechanism [DID-SPEC-REGISTRIES]. The use of this mechanism for new properties or other extensions is the only specified method that ensures that two different representations will be able to work together.
  2. Representations MAY define other extensibility mechanisms including methods for decentralized extensions. Such extension mechanisms MUST support lossless conversion into any other conformant representation.
Note

It is always possible for two specific implementations to agree out-of-band to use a mutually understood extension or representation that is not recorded in the DID Core Registries [DID-SPEC-REGISTRIES]; interoperability between such implementations and the larger ecosystem will be less reliable.

5. Core Properties

A DID points to a DID document. DID documents are the serialization of the data model outlined in Section § 4. Data Model. The following sections define the properties in a DID document, including whether these properties are required or optional.

5.1 Identifiers

Identifiers are used in the data model to identify specific instances of people, organizations, devices, keys, services, and things in general. Identifiers are typically URLs, or more generally, URIs. Non-URI-based identifiers are not advised because, while the data model supports them, they are not easy to use with other Internet-based identifiers.

5.2 DID Subject

The DID subject is denoted with the id property. The DID subject is the entity that the DID document is about. That is, it is the entity identified by the DID and described by the DID document.

DID documents MUST include the id property.

id
The value of id MUST be a single valid DID.
{
  "id": "did:example:21tDAKCERh95uGgKbJNHYp"
}
Note

DID method specifications can create intermediate representations of a DID document that do not contain the id key, such as when a DID resolver is performing DID resolution. However, the fully resolved DID document always contains a valid id property. The value of id in the resolved DID document is expected to match the DID that was resolved.

5.3 Verification Methods

A DID document can express verification methods, such as cryptographic keys, which can be used to authenticate or authorize interactions with the DID subject or associated parties. The information expressed often includes globally unambiguous identifiers and public key material, which can be used to verify digital signatures. For example, a public key can be used as a verification method with respect to a digital signature; in such usage, it verifies that the signer possessed the associated private key.

Verification methods might take many parameters. An example of this is a set of five cryptographic keys from which any three are required to contribute to a threshold signature. Methods need not be cryptographic. An example of this might be the contact information for a biometric service provider that compares a purported DID controller against a candidate biometric vector.

A DID document MAY include a verificationMethod property.

verificationMethod
If a DID document includes a verificationMethod property, the value of the property MUST be an array of verification method objects. Each verification method object MUST have the id, type, controller, and specific verification method properties. The verification method objects MAY include additional properties.

The value of the id property MUST be a URI. The array of verification methods MUST NOT contain multiple entries with the same id. If the array of verification methods contains multiple entries with the same id, a DID document processor MUST produce an error.

The value of the type property MUST be exactly one verification method type. In order to maximize global interoperability, the verification method type SHOULD be registered in the [DID-SPEC-REGISTRIES].

The value of the controller property, MUST be a valid DID.

In order to maximize global interoperability, the verification method properties SHOULD be registered in the [DID-SPEC-REGISTRIES].

Example 14: Example verification methods
{
  "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/v1"],
  "id": "did:example:123456789abcdefghi",
  ...
  "verificationMethod": [{
    "id": ...,
    "type": ...,
    "controller": ...,
    ...
  ]}
}

5.3.1 Verification relationships

A verification relationship expresses the relationship between the DID subject and a verification method.

A DID document MAY include a property expressing a specific verification relationship. In order to maximize global interoperability, the property SHOULD be registered in [DID-SPEC-REGISTRIES].

A DID controller MUST be explicit about the verification relationship between the DID subject and the verification method. Verification methods that are not associated with a particular verification relationship MUST NOT be used for that verification relationship. See Section § 5.5 Authentication for a more detailed example of a verification relationship.

5.4 Public Keys

A public key is a verification method. Public keys are used for digital signatures, encryption and other cryptographic operations, which in turn are the basis for purposes such as authentication (see Section § 5.5 Authentication) or establishing secure communication with service endpoints (see Section § 5.7 Service Endpoints). As well, public keys can play a role in authorization mechanisms of DID method operations (see Section § 7.2 Method Operations), which can be defined by DID method specifications.

Public keys can be included in a DID document using the publicKey or authentication properties, depending on what they are to be used for. Each public key has an identifier (id) of its own, a type, and a controller, as well as other properties that depend on the type of key it is.

This specification strives to limit the number of formats for expressing public key material in a DID Document to the fewest possible, to increase the likelihood of interoperability. The fewer formats that implementers have to implement, the more likely it will be that they will support all of them. This approach attempts to strike a delicate balance between ease of implementation and supporting formats that have historically had broad deployment. The specific types of key formats that are supported in this specification are listed below.

A DID document MAY include a publicKey property.

publicKey
If a DID document includes a publicKey property, the value of the property MUST be an array of public key objects. Each public key object MUST have the type, controller, and specific public key properties, and MUST have an id property. The public key objects MAY include additional properties.

The value of the id property MUST be a URI. The array of public keys MUST NOT contain multiple entries with the same id. In this case, a DID document processor MUST produce an error.

The value of the type property MUST be exactly one public key type. For a registry of available key types and formats, see [DID-SPEC-REGISTRIES].

The value of the controller property, which identifies the controller of the corresponding private key, MUST be a valid DID.

Note: Key controller(s) and DID controller(s)

The semantics of the controller property are the same when the subject of the relationship is the DID document as when the subject of the relationship is a key. Since a key can't control itself, and the key controller cannot be inferred from the DID document, it is necessary to explicitly express the identity of the controller of the key (which may be the DID controller or DID subject). The difference is that the value of controller on a key is not necessarily a DID controller. DID controller(s) are expressed using the controller property on the top level of the DID document; see Section § 5.6 Authorization and Delegation .

The value of the id property MAY be structured as a compound key. This is especially useful for integrating with existing key management systems and key formats such as JWK. It is RECOMMENDED that JWK kid values are set to the public key fingerprint. It is RECOMMENDED that verification methods that use JWKs to represent their public keys utilize the value of kid as their fragment identifier. See the first key in EXAMPLE 15 for an example of a public key with a compound key identifier.

All public key properties MUST be registered in the [DID-SPEC-REGISTRIES].

If a public key does not exist in the DID document, it MUST be assumed the key was revoked or is invalid. The DID document MAY NOT contain revoked keys. Each DID method specification is expected to detail how revocation is performed and tracked.

Public keys of all types MUST be expressed in either JSON Web Key (JWK) format using the publicKeyJwk property or one of the formats listed in the table below. Public key expression MUST NOT use any other key format.

Issue

The Working Group is still debating whether the base encoding format used will be Base58 (Bitcoin) [BASE58], base64url [RFC7515], or base16 (hex) [RFC4648]. The entries in the table below currently assume PEM and Base58 (Bitcoin), but might change to base64url and/or base16 (hex) after the group achieves consensus on this particular issue.

Issue

The Working Group is still debating whether secp256k1 Schnorr public key values will be elaborated upon in this specification and if so, how they will be expressed and encoded.

Key Type Support
RSA RSA public key values MUST either be encoded as a JWK or be encoded in Privacy Enhanced Mail (PEM) format using the publicKeyPem property.
ed25519 Ed25519 public key values MUST either be encoded as a JWK or be encoded as the raw 32-byte public key value in Base58 Bitcoin format using the publicKeyBase58 property.
secp256k1-koblitz Secp256k1 Koblitz public key values MUST either be encoded as a JWK or be encoded as the raw 33-byte public key value in Base58 Bitcoin format using the publicKeyBase58 property.
secp256r1 Secp256r1 public key values MUST either be encoded as a JWK or be encoded as the raw 32-byte public key value encoded in Base58 Bitcoin format using the publicKeyBase58 property.
Curve25519 Curve25519 (also known as X25519) public key values MUST either be encoded as a JWK or be encoded as the raw 32-byte public key value in Base58 Bitcoin format using the publicKeyBase58 property.

Example:

Example 15: Various public keys
{
  "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/v1"],
  "id": "did:example:123456789abcdefghi",
  ...
  "publicKey": [{
    "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
    "type": "JwsVerificationKey2020",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "crv": "Ed25519",
      "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
      "kty": "OKP",
      "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
    }
  }, {
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:pqrstuvwxyz0987654321",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }, {
    "id": "did:example:123456789abcdefghi#keys-2",
    "type": "Secp256k1VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyHex": "02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71"
  }],
  ...
}

A key MAY be embedded or referenced in a DID document. For example, the authentication property might refer to keys in both ways, as shown in the example below.

Example 16: Various public keys
{
...

  "authentication": [
    // this key is referenced, it may be used with more than one verification relationship
    "did:example:123456789abcdefghi#keys-1",
    // this key is embedded and may *only* be used for authentication
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],

...
}

The steps to use when processing a publicKey property in a DID document are:

  1. Let value be the data associated with the publicKey property and initialize result to null.
  2. If value is an object, the key material is embedded. Set result to value.
  3. If value is a string, the key is included by reference. Assume value is a URL.
    1. Dereference the URL and retrieve the publicKey properties associated with the URL. For example, process the publicKey property at the top-level of the dereferenced document.
    2. Iterating through each public key object, if the id property of the object matches value, set result to the object.
  4. If result does not contain at least the id, type, and controller properties, as well as any mandatory public cryptographic material, as determined by the type property of result, throw an error.
Note

Caching and expiration of the keys in a DID document is entirely the responsibility of DID resolvers and other clients. For more information, see Section § 8. Resolution .

5.5 Authentication

Authentication is a mechanism by which an entity can prove it is the DID subject. The verifier of an authentication attempt can check if the authenticating party is presenting a valid proof of authentication, that is, that they are who they say they are. Note that a successful authentication on its own may or may not confer authority; that is up to the verifying application.

Note: Uses of authentication

If authentication is established, it is up to the DID method or other application to decide what to do with that information. A particular DID method could decide that authenticating as a DID controller is sufficient to, for example, update or delete the DID document. Another DID method could require different keys, or a different verification method entirely, to be presented in order to update or delete the DID document than that used to authenticate. In other words, what is done after the authentication check is out of scope for the DID data model, but DID methods and applications are expected to define this themselves.

A DID document MAY include an authentication property. The authentication property is an example of a verification relationship.

authentication
The authentication property is a relationship between the DID subject and a set of verification methods (such as, but not limited to, public keys). It means that the DID subject has authorized some set of verification methods (per the value of the authentication property) for the purpose of authentication. The value of the authentication property SHOULD be an array of verification methods. Each verification method MAY be embedded or referenced. An example of a verification method is a public key (see Section § 5.4 Public Keys).

This statement is useful to any "authentication verifier" that needs to check to see if an entity that is attempting to authenticate is, in fact, presenting a valid proof of authentication. When a verifier receives some data (in some protocol-specific format) that contains a proof that was made for the purpose of "authentication", and that says that an entity is identified by the DID, then that verifier checks to ensure that the proof can be verified using a verification method (e.g., public key) listed under authentication in the DID Document.

The verification method indicated by the authentication property of a DID document can only be used to authenticate the DID subject. To authenticate the DID controller (in cases where the DID controller is not also the DID subject) the entity associated with the value of controller (see Section § 5.6 Authorization and Delegation ) needs to authenticate itself with its own DID document and attached authentication verification method relationship.

Example:

Example 17: Authentication field containing three verification methods
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  ...
  "authentication": [
    // this method can be used to authenticate as did:...fghi
    "did:example:123456789abcdefghi#keys-1",
    // this method can be used to authenticate as did:...fghi
    "did:example:123456789abcdefghi#biometric-1",
    // this method is *only* authorized for authentication, it may not
    // be used for any other proof purpose, so its full description is
    // embedded here rather than using only a reference
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],
  ...
}

5.6 Authorization and Delegation

Authorization is the mechanism used to state how operations may be performed on behalf of the DID subject. Delegation is the mechanism that the subject uses to authorize others to act on their behalf.

Note: Authorization vs authentication

Note that Authorization is separate from § 5.5 Authentication. This is particularly important for key recovery in the case of key loss, when the subject no longer has access to their keys, or key compromise, where the DID controller's trusted third parties need to override malicious activity by an attacker. See Section § 9. Security Considerations .

A DID document MAY include a controller property to indicate that there are DID controller(s) other than the DID subject. If so:

controller
The value of the controller property MUST be a valid DID or an array of valid DIDs. The corresponding DID document(s) SHOULD contain authorization relations that explicitly permit the use of certain verification methods for specific purposes.

Each DID method MUST define how authorization and delegation are implemented, including any necessary cryptographic operations.

There are at least two suggested methods for implementing Authorization and Delegation, which may be layered:

Example 18: DID document with a controller property
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "controller": "did:example:bcehfew7h32f32h7af3",
  "service": [{
    // used to retrieve Verifiable Credentials associated with the DID
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}

5.7 Service Endpoints

Service endpoints are used in DID documents to express ways of communicating with the DID subject or associated entities. Services listed in the DID document can contain information about privacy preserving messaging services, or more public information, such as social media accounts, personal websites, and email addresses although this is discouraged. See § 10.1 Keep Personally-Identifiable Information (PII) Private for additional details. The metadata associated with services are often service-specific. For example, the metadata associated with an encrypted messaging service can express how to initiate the encrypted link before messaging begins.

Pointers to services are expressed using the service property. Each service has its own id and type, as well as a serviceEndpoint with a URI or other properties describing the service.

One of the primary purposes of a DID document is to enable discovery of service endpoints. A service endpoint can be any type of service the DID subject wants to advertise, including decentralized identity management services for further discovery, authentication, authorization, or interaction.

A DID document MAY include a service property.

service
If a DID document includes a service property, the value of the property SHOULD be an array of service endpoint objects. Each service endpoint MUST have id, type, and serviceEndpoint properties, and MAY include additional properties.

The value of the id property MUST be a URI. The array of service endpoints MUST NOT contain multiple entries with the same id. In this case, a DID document processor MUST produce an error.

The value of the serviceEndpoint property MUST be a JSON-LD object or a valid URI conforming to [RFC3986] and normalized according to the rules in section 6 of [RFC3986] and to any normalization rules in its applicable URI scheme specification.

It is expected that the service endpoint protocol is published in an open standard specification.

Example 19: Various service endpoints
{
  "service": [{
    "id": "did:example:123456789abcdefghi#openid",
    "type": "OpenIdConnectVersion1.0Service",
    "serviceEndpoint": "https://openid.example.com/"
  }, {
    "id": "did:example:123456789abcdefghi#vcr",
    "type": "CredentialRepositoryService",
    "serviceEndpoint": "https://repository.example.com/service/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#xdi",
    "type": "XdiService",
    "serviceEndpoint": "https://xdi.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#agent",
    "type": "AgentService",
    "serviceEndpoint": "https://agent.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#hub",
    "type": "IdentityHub",
    "publicKey": "did:example:123456789abcdefghi#key-1",
    "serviceEndpoint": {
      "@context": "https://schema.identity.foundation/hub",
      "type": "UserHubEndpoint",
      "instances": ["did:example:456", "did:example:789"]
    }
  }, {
    "id": "did:example:123456789abcdefghi#messages",
    "type": "MessagingService",
    "serviceEndpoint": "https://example.com/messages/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#inbox",
    "type": "SocialWebInboxService",
    "serviceEndpoint": "https://social.example.com/83hfh37dj",
    "description": "My public social inbox",
    "spamCost": {
      "amount": "0.50",
      "currency": "USD"
    }
  }, {
    "id": "did:example:123456789abcdefghi#authpush",
    "type": "DidAuthPushModeVersion1",
    "serviceEndpoint": "http://auth.example.com/did:example:123456789abcdefg"
  }]
}

For more information about security considerations regarding authentication service endpoints see Sections § 7.1 Method Schemes and § 5.5 Authentication.

5.8 Created

A DID document SHOULD include a created property.

created
If a DID document includes a created property, the value of the property MUST be a valid XML datetime value, as defined in section 3.3.7 of W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes [XMLSCHEMA11-2]. This datetime value MUST be normalized to UTC 00:00, as indicated by the trailing "Z".
{
  "created": "2002-10-10T17:00:00Z"
}

5.9 Updated

Standard metadata for identifier records includes a timestamp of the most recent change.

A DID document SHOULD include an updated property.

updated
If a DID document includes an updated property, the value of the property MUST follow the same formatting rules as the created property, as outlined in Section § 5.8 Created.
{
  "updated": "2016-10-17T02:41:00Z"
}

6. Core Representations

All concrete representations of a DID document MUST be serialized using a deterministic mapping that is able to be unambiguously parsed into the data model defined in this specification. All serialization methods MUST define rules for the bidirectional translation of a DID document both into and out of the representation in question. As a consequence, translation between any two representations MUST be done by parsing the source format into a DID document model (described in Sections § 4. Data Model and § 5. Core Properties) and then serializing the DID document model into the target representation. An implementation MUST NOT convert between representations without first parsing to a DID document model.

Although syntactic mappings are provided for JSON, JSON-LD, and CBOR here, applications and services MAY use any other data representation syntax that is capable of expressing the data model, such as XML or YAML.

Producers MUST indicate which representation of a document has been used via a media type in the document's metadata. Consumers MUST determine which representation a document is in via the content-type DID resolver metadata field. (See § 8.1 DID Resolution ). Consumers MUST NOT determine the representation of a document through its content alone.

Issue 203: Define DID Document Metadata discussmetadata

This requirement depends on the return of DID document metadata that still needs to be defined by this specification. Once defined, that should be linked from here.

The production and consumption rules in this section apply to all implementations seeking to be fully compatible with independent implementations of the specification. Deployments of this specification MAY use a custom agreed-upon representation, including localized rules for handling properties not listed in the registry. See section § 4.3 Extensibility for more information.

Issue 207: Add section on extensibility and conformance editorialextensibilitypending close

A link to a section on extensibility and conformance as it applies to data representations should be added here once that section has been written.

6.1 JSON

When producing and consuming DID documents that are in plain JSON (as indicated by a content-type of application/did+json in the resolver metadata), the following rules MUST be followed.

6.1.1 Production

A DID document MUST be a single JSON object conforming to [RFC8259]. All top-level properties of the DID document MUST be represented by using the property name as the name of the member of the JSON object. The values of properties of the data model described in Section § 4. Data Model, including all extensions, MUST be encoded in JSON [RFC8259] by mapping property values to JSON types as follows:

Issue 204: Define terminology for properties and values editorial

In this section we use the term "property name" to refer to the string that represents the property itself, but this specification still needs to define a concrete term for such aspects of a property of a DID document.

  • Numeric values representable as IEEE754 MUST be represented as a Number type.
  • Boolean values MUST be represented as a Boolean literal.
  • Sequence value MUST be represented as an Array type.
  • Unordered sets of values MUST be represented as an Array type.
  • Sets of properties MUST be represented as an Object type.
  • Empty values MUST be represented as a null literal.
  • Other values MUST be represented as a String type.
Issue 204: Define terminology for properties and values editorial

An "empty" value is not specified by this document. It seems to imply a null value, but this is unclear.

All properties of the DID document MUST be included in the root object. Properties MAY define additional data sub structures subject to the value representation rules in the list above.

The member name @context MUST NOT be used as this property is reserved for JSON-LD producers.

6.1.2 Consumption

Issue 204: Define terminology for properties and values editorial

In this section and we use the term "property name" to refer to the string that represents the property itself, but this specification still needs to define a concrete term for such aspects of a property of a DID document. We also need a concrete term for "the document itself" as opposed to "the collection or properties of the document".

The top-level element MUST be a JSON object. Any other data type at the top level is an error and MUST be rejected. The top-level JSON object represents the DID document, and all members of this object are properties of the DID document. The object member name is the property name, and the member value is interpreted as follows:

  • Number types MUST interpreted as numeric values representable as IEEE754.
  • Boolean literals MUST be interpreted as a Boolean value.
  • An Array type MUST be interpreted as a Sequence or Unordered set, depending on the definition of the property for this value.
  • An Object type MUST be interpreted as a sets of properties.
  • A null literal MUST be interpreted as an Empty value.
  • String types MUST be interpreted as Strings, which may be further parsed depending on the definition of the property for this value into more specific data types such as URIs, date stamps, or other values.
Issue 204: Define terminology for properties and values editorial

An "empty" value is not specified by this document. It seems to imply a null value, but this is unclear.

The value of the @context object member MUST be ignored as this is reserved for JSON-LD consumers.

Unknown object member names MUST be ignored as unknown properties.

Issue 205: How to treat unknown properties discussextensibility

This specification needs to define clear and consistent rules for how to handle unknown data members on consumption, and this section needs to be updated with that decision.

6.2 JSON-LD

[JSON-LD] is a JSON-based format used to serialize Linked Data.

When producing and consuming DID documents that are in JSON-LD (as indicated by a content-type of application/did+ld+json in the resolver metadata), the following rules MUST be followed.

6.2.1 Production

The DID document is serialized following the rules in the JSON processor, with one addition: DID documents MUST include the @context property.

@context
The value of the @context property MUST be one or more URIs, where the value of the first URI is https://www.w3.org/ns/did/v1. All members of the @context property MUST exist be in the DID properties extension registry.
Issue 202: JSON-LD Contexts in Registry extensibilityquestion

This specification defines globally interoperable documents, and the requirement that the context value be in the verifiable data registry means that different JSON-LD processors can consume the document without having to dereference anything in the context field. However, a pair of producers and consumers can have local extension agreements. This needs to be clarified in a section on extensibility and linked here when available.

6.2.2 Consumption

The top-level element MUST be a JSON object. Any other data type at the top level is an error and MUST be rejected. This top-level JSON object is interpreted using JSON-LD processing under the rules of the defined @context fields.

@context
The value of the @context property MUST be one or more URIs, where the value of the first URI is https://www.w3.org/ns/did/v1. If more than one URI is provided, the URIs MUST be interpreted as an ordered set. It is RECOMMENDED that dereferencing each URI results in a document containing machine-readable information about the context.

Unknown object member names MUST be ignored as unknown properties.

Issue 205: How to treat unknown properties discussextensibility

This specification needs to define clear and consistent rules for how to handle unknown data members on consumption, and this section needs to be updated with that decision.

6.3 CBOR

6.3.1 Production

6.3.2 Consumption

7. Methods

7.1 Method Schemes

A DID method specification MUST define exactly one method-specific DID scheme, identified by exactly one method name. For more information, see the method-name rule in Section § 3.1.1 Generic DID Syntax.

Because the method name is part of the DID, short method names are preferred; the method name SHOULD be five characters or less. The method name might reflect the name of the verifiable data registry to which the DID method specification applies. For more information, see Section § 7.1 Method Schemes.

The DID method specification for the method-specific DID scheme MUST specify how to generate the method-specific-id component of a DID. The method-specific-id value MUST be able to be generated without the use of a centralized registry service. The method-specific-id value SHOULD be globally unique by itself. The DID, as defined by the did rule in Section § 3.1.1 Generic DID Syntax, MUST be globally unique.

If needed, a method-specific DID scheme MAY define multiple method-specific-id formats. It is RECOMMENDED that a method-specific DID scheme define as few method-specific-id formats as possible.

The method-specific-id format MAY include colons, which might be used by DID methods for various purposes, such as establishing hierarchically partitioned namespaces, or identifying specific instances or parts of the verifiable data registry. The use of colons MUST comply syntactically with the method-specific-id ABNF rule and their use is entirely method-specific. Implementers are advised to avoid assuming any meanings or behaviors associated with a colon that are generically applicable to all DID methods.

The authors of a new DID method specification SHOULD use a method name that is unique among all DID method names known to them at the time of publication.

Because there is no central authority for allocating or approving DID method names, there is no way to know for certain if a specific DID method name is unique. To help with this challenge, a non-authoritative list of known DID method names and their associated specifications is maintained in the DID Methods Registry, which is part of [DID-SPEC-REGISTRIES].

The DID Methods Registry is a tool for implementors to use when coming to consensus on a new method name, as well as an informative reference for software developers implementing DID resolvers for different DID methods. For more information about DID resolvers see Section § 8. Resolution . The DID Method Registry is not a definitive or official list of DID methods. Nonetheless, adding DID method names to the DID Method Registry is encouraged so that other implementors and members of the community have a place to see an overview of existing DID methods. The lightweight criteria for inclusion are documented in [DID-SPEC-REGISTRIES].

7.2 Method Operations

To enable the full functionality of DIDs and DID documents on a particular verifiable data registry, a DID method specification MUST specify how a client might be used to perform the create, read, update, and deactivate operations. Each operation ought to be specified to the level of detail necessary to build and test interoperable client implementations. In the event that an operation is not supported, such as update or deactivate, then it is RECOMMENDED that the DID Method specification state that it is not supported. These operations can be used to perform all the operations required of a cryptographic key management system (CKMS), e.g.: key registration, key replacement, key rotation, key recovery, and key expiration.

Determining the authority of a party to carry out the operations is method-specific. For example, a DID method MAY:

7.2.1 Create

The DID method specification MUST specify how a client creates a DID and its associated DID document on the verifiable data registry, including all cryptographic operations necessary to establish proof of control.

7.2.2 Read/Verify

The DID method specification MUST specify how a client uses a DID to request a DID document from the verifiable data registry, including how the client can verify the authenticity of the response.

7.2.3 Update

The DID method specification MUST specify how a client can update a DID document on the verifiable data registry, including all cryptographic operations necessary to establish proof of control, or state that updates are not possible.

An update to a DID is any change, after creation, in the data used to produce a DID document. DID Method implementers are responsible for defining what constitutes an update, and what properties of the DID document are supported by a given DID method. For example, an update operation which replaces key material without changing it could be a valid update that does not result in changes to the DID document.

7.2.4 Deactivate

The DID method specification MUST specify how a client can deactivate a DID on the verifiable data registry, including all cryptographic operations necessary to establish proof of deactivation, or state that deactivation is not possible.

7.3 Interoperability

Interoperability for DID methods will be determined by evaluating each DID method specification to determine, at a minimum, that the:

7.4 Extensibility

7.5 Security Requirements

DID method specifications MUST include their own Security Considerations sections. This section MUST consider all the requirements mentioned in section 5 of [RFC3552] (page 27) for the DID operations defined in the specification.

At least the following forms of attack MUST be considered: eavesdropping, replay, message insertion, deletion, modification, and man-in-the-middle. Potential denial of service attacks MUST be identified as well.

If the protocol incorporates cryptographic protection mechanisms, the DID method specification MUST clearly indicate which portions of the data are protected and what the protections are, and SHOULD give an indication to what sorts of attacks the cryptographic protection is susceptible. For example, integrity only, confidentiality, endpoint authentication, and so on.

Data which is to be held secret (keying material, random seeds, and so on) SHOULD be clearly labeled.

If the technology involves authentication, particularly user-host authentication, the security of the authentication method MUST be clearly specified.

This section MUST discuss, per Section 5 of [RFC3552], residual risks (such as the risks from compromise in a related protocol, incorrect implementation, or cipher) after threat mitigation was deployed.

This section MUST provide integrity protection and update authentication for all operations required by Section § 7.2 Method Operations.

Where DID methods make use of peer-to-peer computing resources, such as with all known DLTs, the expected burdens of those resources SHOULD be discussed in relation to denial of service.

Method-specific endpoint authentication MUST be discussed. Where DID methods make use of DLTs with varying network topology, sometimes offered as light node or thin client implementations to reduce required computing resources, the security assumptions of the topology available to implementations of the DID method MUST be discussed.

DID methods MUST discuss the policy mechanism by which DIDs are proven to be uniquely assigned. A DID fits the functional definition of a URN, as defined in [RFC8141]. That is, a DID is a persistent identifier that is assigned once to a resource and never reassigned to a different resource. This is particularly important in a security context because a DID might be used to identify a specific party subject to a specific set of authorization rights.

DID methods that introduce new authentication service endpoint types (see Section § 5.7 Service Endpoints) SHOULD consider the security requirements of the supported authentication protocol.

7.6 Privacy Requirements

DID method specifications MUST include their own Privacy Considerations sections, if only to point to § 10. Privacy Considerations .

The DID method specification's Privacy Considerations section MUST discuss any subsection of section 5 of [RFC6973] that could apply in a method-specific manner. The subsections to consider are: surveillance, stored data compromise, unsolicited traffic, misattribution, correlation, identification, secondary use, disclosure, exclusion.

8. Resolution

This section defines the inputs and outputs of the DID resolution and DID URL dereferencing processes. The exact implementation of these functions is out of scope for this specification, but some considerations for implementors are available in [DID-RESOLUTION].

8.1 DID Resolution

8.2 DID URL Dereferencing

8.3 Metadata Structure

9. Security Considerations

This section is non-normative.

Note: Note to implementers

During the Working Draft stage, this section focuses on security topics that should be important in early implementations. The editors are seeking feedback on threats and threat mitigations that should be reflected in this section or elsewhere in the spec. DIDs are designed to operate under the general Internet threat model used by many IETF standards. We assume uncompromised endpoints, but anticipate that messages could be read or corrupted on the network. Protecting against an attack when a system is compromised requires external key-signing hardware (see Section § 9.7 Key Revocation and Recovery ).

9.1 Choosing DID Resolvers

The DID Method Registry (see [DID-SPEC-REGISTRIES] is an informative list of DID method names and their corresponding DID method specifications. Implementors need to bear in mind that there is no central authority to mandate which DID method specification is to be used with any specific DID method name, but can use the DID Method Registry to make an informed decision when choosing which DID resolver implementations to use.

9.2 Binding of Identity

The following sections describe binding identities to DIDs and DID documents.

9.2.1 Proving Control of a DID and DID Document

Signatures are one way to allow DID documents to be cryptographically verifiable.

By itself, a verified signature on a self-signed DID document does not prove control of a DID. It only proves that the:

  • DID document was not tampered with since it was registered.
  • DID controller(s) controlled the private key used for the signature at the time the signature was generated.

Proving control of a DID, that is, the binding between the DID and the DID document that describes it, requires a two step process:

  1. Resolving the DID to a DID document according to its DID method specification.
  2. Verifying that the id property of the resulting DID document matches the DID that was resolved.

It should be noted that this process proves control of a DID and DID document regardless of whether the DID document is signed.

Signatures on DID documents are optional. DID method specifications SHOULD explain and specify their implementation if applicable.

It is good practice to combine timestamps with signatures.

9.2.2 Proving Control of a Public Key

There are two methods for proving control of the private key corresponding to a public key description in the DID document: static and dynamic.

The static method is to sign the DID document with the private key. This proves control of the private key at a time no later than the DID document was registered. If the DID document is not signed, control of a public key described in the DID document can still be proven dynamically as follows:

  1. Send a challenge message containing a public key description from the DID document and a nonce to an appropriate service endpoint described in the DID document.
  2. Verify the signature of the response message against the public key description.

9.2.3 Authentication and Verifiable Claims

A DID and DID document do not inherently carry any PII (personally-identifiable information). The process of binding a DID to something in the real world, such as a person or a company, for example with credentials with the same subject as that DID, is out of scope for this specification. For more information, see the [VC-DATA-MODEL] instead.

9.3 Authentication Service Endpoints

If a DID document publishes a service endpoint intended for authentication or authorization of the DID subject (see Section § 5.7 Service Endpoints), it is the responsibility of the service endpoint provider, subject, or relying party to comply with the requirements of the authentication protocols supported at that service endpoint.

9.4 Non-Repudiation

Non-repudiation of DIDs and DID document updates is supported under the assumption that the subject:

Non-repudiation is further supported if timestamps are included (see Sections § 5.8 Created and § 5.9 Updated) and the target DLT system supports timestamps.

9.5 Notification of DID Document Changes

One mitigation against unauthorized changes to a DID document is monitoring and actively notifying the DID subject when there are changes. This is analogous to helping prevent account takeover on conventional username/password accounts by sending password reset notifications to the email addresses on file.

In the case of a DID, there is no intermediary registrar or account provider to generate such notifications. However, if the verifiable data registry on which the DID is registered directly supports change notifications, a subscription service can be offered to DID controllers. Notifications could be sent directly to the relevant service endpoints listed in an existing DID.

If a DID controller chooses to rely on a third-party monitoring service (other than the verifiable data registry itself), this introduces another vector of attack.

9.6 Key and Signature Expiration

In a decentralized identifier architecture, there are no centralized authorities to enforce key or signature expiration policies. Therefore DID resolvers and other client applications need to validate that keys were not expired at the time they were used. Because some use cases might have legitimate reasons why already-expired keys can be extended, make sure a key expiration does not prevent any further use of the key, and implementations of a resolver ought to be compatible with such extension behavior.

9.7 Key Revocation and Recovery

Section § 7.2 Method Operations specifies the DID operations to be supported by a DID method specification, including deactivation of a DID document by replacing it with an updated DID document. It is also up to the DID method to define how revocation of cryptographic keys might occur. Additionally, DID method specifications are also expected to enable support for a quorum of trusted parties to enable key recovery. Some of the facilities to do so are suggested in Section § 5.6 Authorization and Delegation . Not all DID method specifications will recognize control from DIDs registered using other DID methods and they might restrict third-party control to DIDs that use the same method. Access control and key recovery in a DID method specification can also include a time lock feature to protect against key compromise by maintaining a second track of control for recovery. Further specification of this type of control is a matter for future work (see Section § D.4 Time Locks and DID Document Recovery ).

9.8 The Role of Human-Friendly Identifiers

DIDs achieve global uniqueness without the need for a central registration authority. This comes, however, at the cost of human memorability. The algorithms capable of generating globally unique identifiers automatically produce random strings of characters that have no human meaning. This demonstrates the axiom about identifiers described in Zooko's Triangle: "human-meaningful, decentralized, secure — pick any two".

There are of course many use cases where it is desirable to discover a DID when starting from a human-friendly identifier. For example, a natural language name, a domain name, or a conventional address for a DID controller, such as a mobile telephone number, email address, Twitter handle, or blog URL. However, the problem of mapping human-friendly identifiers to DIDs (and doing so in a way that can be verified and trusted) is outside the scope of this specification.

Solutions to this problem (and there are many) should be defined in separate specifications that reference this specification. It is strongly recommended that such specifications carefully consider the:

Note

A draft specification for discovering a DID from domain names and email addresses using DNS lookups is available at [DNS-DID].

9.9 Immutability

Many cybersecurity abuses hinge on exploiting gaps between reality and the assumptions of rational, good-faith actors. Like any ecosystem, the DID ecosystem has some potential for this to occur. Because this specification is focused on a data model instead of a protocol, it offers no opinion about many aspects of how that model is put to use. However, individual DID methods might want to consider constraints that would eliminate behaviors or semantics they do not need. The more locked down a DID method is, while providing the same set of features, the less it can be manipulated by malicious actors.

As an example, consider the flexibility that the data model offers with respect to updating. A single edit to a DID document can change anything and everything except the root id property of the document. And any individual JSON object in the data model can change all of its properties except its id. But is it actually desirable for a service endpoint to change its type after it is defined? Or for a key to change its value? Or would it be better to require a new id when certain fundamental properties of an object change? Malicious takeovers of a web site often aim for an outcome where the site keeps its identifier (the host name), but gets subtle, dangerous changes underneath. If certain properties of the site were required by the specification to be immutable (for example, the ASN associated with its IP address), such attacks might be much harder and more expensive to carry out, and anomaly detection would be easier.

The notion that immutability provides some cybersecurity benefits is particularly relevant because of caching. For DID methods tied to a global source of truth, a direct, just-in-time lookup of the latest version of a DID document is always possible. However, it seems likely that layers of cache might eventually sit between a client and that source of truth. If they do, believing the attributes of an object in the DID document to have a given state, when they are actually subtly different, might invite exploits. This is particularly true if some lookups are of a full DID document, and others are of partial data, where the larger context is assumed.

9.10 Encrypted Data in DID Documents

DID documents are typically publicly available. Encryption algorithms have been known to fail due to advances in cryptography and computing power. Implementers are advised to assume that any encrypted data placed in a DID document might eventually be made available in clear text to the same audience to which the encrypted data is available.

Encrypting all or parts of DID documents is not an appropriate means to protect data in the long term. Similarly, placing encrypted data in DID documents is not an appropriate means to include personally identifiable information.

Given the caveats above, if encrypted data is included in a DID document, implementers are advised to not encrypt with the public keys of entities that do not wish to be correlated with the DID.

10. Privacy Considerations

This section is non-normative.

It is critically important to apply the principles of Privacy by Design to all aspects of the decentralized identifier architecture, because DIDs and DID documents are, by design, administered directly by the DID controller(s). There is no registrar, hosting company, or other intermediate service provider to recommend or apply additional privacy safeguards. The authors of this specification have applied all seven Privacy by Design principles throughout its development. For example, privacy in this specification is preventative not remedial, and privacy is an embedded default. Furthermore, the decentralized identifier architecture by itself embodies principle #7, "Respect for user privacy — keep it user-centric."

This section lists additional privacy considerations that implementers, delegates, and DID subjects should keep in mind.

10.1 Keep Personally-Identifiable Information (PII) Private

If a DID method specification is written for a public verifiable data registry where all DIDs and DID documents are publicly available, it is critical that DID documents contain no personal data. All personal data should be kept behind service endpoints under the control of the DID subject. Additional due diligence should be taken around the use of URLs in service endpoints as well to prevent leakage of unintentional personal data or correlation within a URL of a service endpoint. For example, a URL that contains a username is likely dangerous to include in a DID Document because the username is likely to be human-meaningful in a way that can unintentionally reveal information that the DID subject did not consent to sharing. With this privacy architecture, personal data can be exchanged on a private, peer-to-peer basis using communications channels identified and secured by public key descriptions in DID documents. This also enables DID subjects and relying parties to implement the GDPR right to be forgotten, because no personal data is written to an immutable distributed ledger.

10.2 DID Correlation Risks and Pseudonymous DIDs

Like any type of globally unique identifier, DIDs might be used for correlation. DID controllers can mitigate this privacy risk by using pairwise unique DIDs, that is, sharing a different private DID for every relationship. In effect, each DID acts as a pseudonym. A pseudonymous DID need only be shared with more than one party when the DID subject explicitly authorizes correlation between those parties. If pseudonymous DIDs are the default, then the only need for a public DID (a DID published openly or shared with a large number of parties) is when the DID subject explicitly desires public identification.

10.3 DID Document Correlation Risks

The anti-correlation protections of pseudonymous DIDs are easily defeated if the data in the corresponding DID documents can be correlated. For example, using same public key descriptions or bespoke service endpoints in multiple DID documents can provide as much correlation information as using the same DID. Therefore the DID document for a pseudonymous DID also needs to use pairwise unique public keys. It might seem natural to also use pairwise unique service endpoints in the DID document for a pseudonymous DID. However, unique endpoints allow all traffic between two DIDs to be isolated perfectly into unique buckets, where timing correlation and similar analysis is easy. Therefore, a better strategy for endpoint privacy might be to share an endpoint among thousands or millions of DIDs controlled by many different subjects.

10.4 Herd Privacy

When a DID subject is indistinguishable from others in the herd, privacy is available. When the act of engaging privately with another party is by itself a recognizable flag, privacy is greatly diminished. DIDs and DID methods need to work to improve herd privacy, particularly for those who legitimately need it most. Choose technologies and human interfaces that default to preserving anonymity and pseudonymity. To reduce digital fingerprints, share common settings across client implementations, keep negotiated options to a minimum on wire protocols, use encrypted transport layers, and pad messages to standard lengths.

A. Interoperability Registries

The registries that list DID methods and extensions to this specification can be found in [DID-SPEC-REGISTRIES].

B. Real World Example

A future-facing real-world context is provided below:

Example 22: Advanced DID document example
{
  "@context": "https://w3id.org/future-method/v1",
  "id": "did:example:123456789abcdefghi",

  "publicKey": [{
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "DggG1kT5JEFwTC6RJTsT6VQPgCz1qszCkX5Lv4nun98x"

  }, {
    "id": "did:example:123456789abcdefghi#keys-3",
    "type": "Ieee2410VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }],

  "authentication": [
    // this mechanism can be used to authenticate as did:...fghi
    "did:example:123456789abcdefghi#keys-1",
    // this mechanism can be used to biometrically authenticate as did:...fghi
    "did:example:123456789abcdefghi#keys-3",
    // this mechanism is *only* authorized for authentication, it may not
    // be used for any other proof purpose, so its full description is
    // embedded here rather than using only a reference
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],

  "service": [{
    "id": "did:example:123456789abcdefghi#oidc",
    "type": "OpenIdConnectVersion1.0Service",
    "serviceEndpoint": "https://openid.example.com/"
  }, {
    "id": "did:example:123456789abcdefghi#vcStore",
    "type": "CredentialRepositoryService",
    "serviceEndpoint": "https://repository.example.com/service/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#xdi",
    "type": "XdiService",
    "serviceEndpoint": "https://xdi.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#hub",
    "type": "HubService",
    "serviceEndpoint": "https://hub.example.com/.identity/did:example:0123456789abcdef/"
  }, {
    "id": "did:example:123456789abcdefghi#messaging",
    "type": "MessagingService",
    "serviceEndpoint": "https://example.com/messages/8377464"
  }, {
    "type": "SocialWebInboxService",
    "id": "did:example:123456789abcdefghi#inbox",
    "serviceEndpoint": "https://social.example.com/83hfh37dj",
    "description": "My public social inbox",
    "spamCost": {
      "amount": "0.50",
      "currency": "USD"
    }
  }, {
    "type": "DidAuthPushModeVersion1",
    "id": "did:example:123456789abcdefghi#push",
    "serviceEndpoint": "http://auth.example.com/did:example:123456789abcdefghi"
  }, {
    "id": "did:example:123456789abcdefghi#bops",
    "type": "BopsService",
    "serviceEndpoint": "https://bops.example.com/enterprise/"
  }]
}

C. Current Issues

The list of issues below are under active discussion and are likely to result in changes to this specification.

Issue 5: Where will the DID contexts(s) live? extensibilitypending close
Where will the DID contexts(s) live?
Issue 8: Leverage RFC7518 to specify cryptographic algorithms needs-special-call
Leverage RFC7518 to specify cryptographic algorithms
Issue 9: Replace RsaSignature2017 by a standard JWA signature PR exists
Replace RsaSignature2017 by a standard JWA signature
Issue 10: Explain RsaSignature2018 PR existsdiscuss
Explain RsaSignature2018
Issue 14: Standardize the key revocation list
Standardize the key revocation list
Issue 23: publicKeyJwk, publicKeyHex, publicKeyBase64, publicKeyBase58 missing from context. discussextensibilityhigh priority
publicKeyJwk, publicKeyHex, publicKeyBase64, publicKeyBase58 missing from context.
Issue 33: Cheap DIDs and the option to migrate DIDs between ledgers using standard DID Deprecation Registries discuss
Cheap DIDs and the option to migrate DIDs between ledgers using standard DID Deprecation Registries
Issue 36: Details on the use of method-specific DID parameters discuss
Details on the use of method-specific DID parameters
Issue 55: Add support for ethereumAddress public key type in @context discusshigh priority
Add support for ethereumAddress public key type in @context
Issue 57: Clarification of other verification methods in authentication section missing discusspending close
Clarification of other verification methods in authentication section missing
Issue 58: Registry handling discussextensibility
Registry handling
Issue 65: Does DID Document metadata belong in the Document? discussmetadata
Does DID Document metadata belong in the Document?
Issue 72: Privacy Considerations - Specifically call out GDPR discusseditorialmetadata
Privacy Considerations - Specifically call out GDPR
Issue 75: tracking revocation of public keys discuss
tracking revocation of public keys
Issue 85: Syntactially differentiate data about the DID versus application data discusshigh prioritymetadata
Syntactially differentiate data about the DID versus application data
Issue 92: Add CBOR a valid type of DID document syntax similar to JSON and on par with JSON-LD PR existsdiscuss
Add CBOR a valid type of DID document syntax similar to JSON and on par with JSON-LD
Issue 94: Create DID explainer discusshorizontal review
Create DID explainer
Issue 95: Document Structure discuss
Document Structure
Issue 104: Horizontal Review: Internationalization self test horizontal reviewi18n-tracker
Horizontal Review: Internationalization self test
Issue 105: Horizontal Review: Accessibility self test a11y-trackerhorizontal review
Horizontal Review: Accessibility self test
Issue 118: Specification needs to be compliant with WCAG 2.0 editorial
Specification needs to be compliant with WCAG 2.0
Issue 119: Horizontal Review: offer review opportunity to TAG horizontal review
Horizontal Review: offer review opportunity to TAG
Issue 122: When is a DID subject not a DID controller (if ever)? discussquestion
When is a DID subject not a DID controller (if ever)?
Issue 137: Should the DID parameters be normative in the spec? discuss
Should the DID parameters be normative in the spec?
Issue 151: Include discussion of eIDAS levels-of-assurance editorial
Include discussion of eIDAS levels-of-assurance
Issue 154: Decoupling DID Core spec from LD-Proof / LDS specs extensibility
Decoupling DID Core spec from LD-Proof / LDS specs
Issue 163: Uses of terms defined in the specification should be links to their definitions editorial
Uses of terms defined in the specification should be links to their definitions
Issue 165: What are entityship and start-of-authority (SOA) problems? editorial
What are entityship and start-of-authority (SOA) problems?
Issue 169: Replace registries administered community groups with registries established by this specification extensibility
Replace registries administered community groups with registries established by this specification
Issue 170: Public key "id" and "type" members duplicate JWK "kid" and "kty" members editorialneeds-special-call
Public key "id" and "type" members duplicate JWK "kid" and "kty" members
Issue 171: Add public key examples using JWKs editorial
Add public key examples using JWKs
Issue 174: Underspecified semantics of "updated" property editorialmetadata
Underspecified semantics of "updated" property
Issue 176: Unsubstantiated statement about protecting against attacks when compromised editorial
Unsubstantiated statement about protecting against attacks when compromised
Issue 178: Underspecified statement on combining timestamps with signatures editorial
Underspecified statement on combining timestamps with signatures
Issue 185: Supported ciphers in a DID document
Supported ciphers in a DID document
Issue 190: What is being discussed in issue 4 (clarification of TERMX via use-cases, spec pointers, and PR) discusspending close
What is being discussed in issue 4 (clarification of TERMX via use-cases, spec pointers, and PR)
Issue 195: Unclear which verification methods are authorized for did document operations discuss
Unclear which verification methods are authorized for did document operations
Issue 198: Add sections on DID Resolution PR exists
Add sections on DID Resolution
Issue 199: Clarification on what DIDs might identify discuss
Clarification on what DIDs might identify
Issue 202: JSON-LD Contexts in Registry extensibilityquestion
JSON-LD Contexts in Registry
Issue 203: Define DID Document Metadata discussmetadata
Define DID Document Metadata
Issue 204: Define terminology for properties and values editorial
Define terminology for properties and values
Issue 205: How to treat unknown properties discussextensibility
How to treat unknown properties
Issue 207: Add section on extensibility and conformance editorialextensibilitypending close
Add section on extensibility and conformance
Issue 208: IETF did+ld+json media type registration extensibility
IETF did+ld+json media type registration
Issue 236: publicKeyHex format unused by spec currently question
publicKeyHex format unused by spec currently
Issue 240: Should did-core restrict the use of JWK? discussquestion
Should did-core restrict the use of JWK?
Issue 248: Need term for relying party
Need term for relying party
Issue 249: How to mitigate the single source of failure wrt/ "Trust into the Universal Resolver"?
How to mitigate the single source of failure wrt/ "Trust into the Universal Resolver"?
Added DID resolution and dereferencing contracts.
Issue 258: List of early implementations conforming to spec? question
List of early implementations conforming to spec?
Issue 259: DIDs and JOSE: publicKey.id and publicKey.publicKeyJwk.kid discuss
DIDs and JOSE: publicKey.id and publicKey.publicKeyJwk.kid
Issue 260: Clear explanation on how can A DID have more than one controller question
Clear explanation on how can A DID have more than one controller
Issue 261: Definition of the term "client" in regard to SSI principles editorial
Definition of the term "client" in regard to SSI principles
Issue 266: Should DID support self-signed certificates? extensibilityquestion
Should DID support self-signed certificates?
Put key points up front
Issue 268: What degree should proof purposes be defined for specific application layer usages? editorialready for PR
What degree should proof purposes be defined for specific application layer usages?
Issue 269: transfer of controllership and it's intersection with the subject of an identifier editorialquestion
transfer of controllership and it's intersection with the subject of an identifier
Issue 270: did parameter equivilance question
did parameter equivilance
Issue 272: Remove all unspecified properties/functionality from the spec extensibilityquestion
Remove all unspecified properties/functionality from the spec
Issue 273: invert mapping between proof purposes and verification methods? discuss
invert mapping between proof purposes and verification methods?
Issue 274: Ambiguity around necessity of populated top-level DID Document 'id' property question
Ambiguity around necessity of populated top-level DID Document 'id' property
Issue 280: Remove uses of publicKeyHex editorial
Remove uses of publicKeyHex
Issue 281: Specifications needed for supported key representations publicKeyJwk, publcKeyPem, and publicKeyBase58 editorial
Specifications needed for supported key representations publicKeyJwk, publcKeyPem, and publicKeyBase58
Added CBOR section
Issue 283: Verification method block should be a first citizen like public keys PR exists
Verification method block should be a first citizen like public keys
Issue 289: Should DID Methods expose Proof Purposes for DID Operations? question
Should DID Methods expose Proof Purposes for DID Operations?
Issue 291: PING Horizontal Review horizontal review
PING Horizontal Review
Issue 292: Horizontal Review Tracking horizontal review
Horizontal Review Tracking
Issue 293: Remove `proof` PR exists
Remove proof
Issue 294: Create a seperate top level block for defining proof purposes discuss
Create a seperate top level block for defining proof purposes
Define simple type-less resolution function
Define resolution function with data types
Define resolution function with data types and property values
Define resolution function with data types, property values, and simple metadata structures
Define resolution function with data types, property values, and full metadata structures
Define resolution function with data types, property values, and full metadata structures, without transformation

D. Future Work

D.1 Upper Limits on DID Character Length

The current specification does not take a position on maximum length of a DID. The maximum interoperable URL length is currently about 2K characters. QR codes can handle about 4K characters. Clients using DIDs will be responsible for storing many DIDs, and some methods would be able to externalize some of their costs onto clients by relying on more complicated signature schemes or by adding state into DIDs intended for temporary use. A future version of this specification should set reasonable limits on DID character length to minimize externalities.

D.2 Equivalence

Including an equivalence property, such as equivID, in DID documents whose value is an array of DIDs would allow subjects to assert two or more DIDs that represent the same subject. This capability has numerous uses, including supporting migration between verifiable data registries and providing forward compatibility of existing DIDs to future verifiable data registries. In theory, equivalent DIDs should have the same identifier rights, allowing verifiable credentials [VC-DATA-MODEL] made against one DID to apply to equivalent DIDs. Equivalence was not included in the current specification due to the complexity of verifying equivalence across different DLTs and different DID methods, and also of aggregating properties of equivalent DID documents. However equivalence should be supported in a future version of this specification.

D.3 Verifiable Timestamps

Verifiable timestamps have significant utility for identifier records. This is a good fit for DLTs, since most offer some type of timestamp mechanism. Despite some transactional cost, they are the among the most censorship-resistant transaction ordering systems at the present, so they are nearly ideal for DID document timestamping. In some cases a DLT's immediate timing is approximate, however their sense of "median time past" (see Bitcoin BIP 113) can be precisely defined. A generic DID document timestamping mechanism could would work across all DLTs and might operate via a mechanism including either individual transactions or transaction batches. The generic mechanism was deemed out of scope for this version, although it may be included in a future version of this specification.

D.4 Time Locks and DID Document Recovery

Section § 9.7 Key Revocation and Recovery mentions one possible clever use of time locks to recover control of a DID after a key compromise. The technique relies on an ability to override the most recent update to a DID document with Authorization applied by an earlier version of the DID document in order to defeat the attacker. This protection depends on adding a time lock (see Bitcoin BIP 65) to protect part of the transaction chain, enabling a Authorization block to be used to recover control. We plan to add support for time locks in a future version of this specification.

D.5 Smart Signatures

Not all DLTs can support the Authorization logic in section § 5.6 Authorization and Delegation . Therefore, in this version of the specification, all Authorization logic is delegated to DID method specifications. A potential future solution is a Smart Signature specification that specifies the code any conformant DLT may implement to process signature control logic.

D.6 Verifiable Credentials

Although DIDs and DID documents form a foundation for decentralized identity, they are only the first step in describing their subjects. The rest of the descriptive power comes through collecting and selectively using Verifiable Credentials [VC-DATA-MODEL]. Future versions of the specification will describe in more detail how DIDs and DID document can be integrated with — and help enable — the Verifiable Credentials ecosystem.

D.7 Alternate Serializations and Graph Models

This version of the specification relies on JSON-LD and the RDF graph model for expressing a DID document. Future versions of this specification might specify other semantic graph formats for a DID document.

E. IANA Considerations

This section will be submitted to the Internet Engineering Steering Group (IESG) for review, approval, and registration with IANA when this specification becomes a W3C Proposed Recommendation.

E.1 application/did+json

Type name:
application
Subtype name:
did+json
Required parameters:
None
Optional parameters:
None
Encoding considerations:
See RFC 8259, section 11.
Security considerations:
See RFC 8259, section 12 [RFC8259].
Interoperability considerations:
Not Applicable
Published specification:
http://www.w3.org/TR/did-core/
Applications that use this media type:
Any application that requires an identifier that is decentralized, persistent, cryptographically verifiable, and resolvable. Applications typically consist of cryptographic identity systems, decentralized networks of devices, and websites that issue or verify W3C Verifiable Credentials.
Additional information:
Magic number(s):
Not Applicable
File extension(s):
.did
Macintosh file type code(s):
TEXT
Person & email address to contact for further information:
Ivan Herman <ivan@w3.org>
Intended usage:
Common
Restrictions on usage:
None
Author(s):
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen
Change controller:
W3C

Fragment identifiers used with application/did+json are treated according to the rules defined in DID Core v1.0, Fragment [DID-CORE].

E.2 application/did+ld+json

Type name:
application
Subtype name:
did+ld+json
Required parameters:
None
Optional parameters:
None
Encoding considerations:
See RFC 8259, section 11.
Security considerations:
See JSON-LD 1.1, Security Considerations [JSON-LD11].
Interoperability considerations:
Not Applicable
Published specification:
http://www.w3.org/TR/did-core/
Applications that use this media type:
Any application that requires an identifier that is decentralized, persistent, cryptographically verifiable, and resolvable. Applications typically consist of cryptographic identity systems, decentralized networks of devices, and websites that issue or verify W3C Verifiable Credentials.
Additional information:
Magic number(s):
Not Applicable
File extension(s):
.did
Macintosh file type code(s):
TEXT
Person & email address to contact for further information:
Ivan Herman <ivan@w3.org>
Intended usage:
Common
Restrictions on usage:
None
Author(s):
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen
Change controller:
W3C

Fragment identifiers used with application/did+ld+json are treated according to the rules associated with the JSON-LD 1.1: application/ld+json media type [JSON-LD11].

F. References

F.1 Normative references

[DID-CORE]
Decentralized Identifiers (DIDs) v1.0. Drummond Reed; Manu Sporny; Markus Sabadello; Dave Longley; Christopher Allen. W3C. 21 April 2020. W3C Working Draft. URL: https://www.w3.org/TR/did-core/
[DID-SPEC-REGISTRIES]
Decentralized Identifiers Core and Extensions Registries. Orie Steele; Manu Sporny. Decentralized Identifier Working Group. W3C Editor's Draft. URL: https://w3c.github.io/did-core-registries/
[JSON-LD]
JSON-LD 1.0. Manu Sporny; Gregg Kellogg; Markus Lanthaler. W3C. 16 January 2014. W3C Recommendation. URL: https://www.w3.org/TR/json-ld/
[JSON-LD11]
JSON-LD 1.1. Gregg Kellogg; Pierre-Antoine Champin; Dave Longley. W3C. 7 May 2020. W3C Proposed Recommendation. URL: https://www.w3.org/TR/json-ld11/
[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119
[RFC3552]
Guidelines for Writing RFC Text on Security Considerations. E. Rescorla; B. Korver. IETF. July 2003. Best Current Practice. URL: https://tools.ietf.org/html/rfc3552
[RFC3986]
Uniform Resource Identifier (URI): Generic Syntax. T. Berners-Lee; R. Fielding; L. Masinter. IETF. January 2005. Internet Standard. URL: https://tools.ietf.org/html/rfc3986
[RFC5234]
Augmented BNF for Syntax Specifications: ABNF. D. Crocker, Ed.; P. Overell. IETF. January 2008. Internet Standard. URL: https://tools.ietf.org/html/rfc5234
[RFC5324]
MIB for Fibre-Channel Security Protocols (FC-SP). C. DeSanti; F. Maino; K. McCloghrie. IETF. September 2008. Proposed Standard. URL: https://tools.ietf.org/html/rfc5324
[RFC6973]
Privacy Considerations for Internet Protocols. A. Cooper; H. Tschofenig; B. Aboba; J. Peterson; J. Morris; M. Hansen; R. Smith. IETF. July 2013. Informational. URL: https://tools.ietf.org/html/rfc6973
[RFC8141]
Uniform Resource Names (URNs). P. Saint-Andre; J. Klensin. IETF. April 2017. Proposed Standard. URL: https://tools.ietf.org/html/rfc8141
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://tools.ietf.org/html/rfc8174
[RFC8259]
The JavaScript Object Notation (JSON) Data Interchange Format. T. Bray, Ed.. IETF. December 2017. Internet Standard. URL: https://tools.ietf.org/html/rfc8259
[VC-DATA-MODEL]
Verifiable Credentials Data Model 1.0. Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel. W3C. 19 November 2019. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-model/
[XMLSCHEMA11-2]
W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes. David Peterson; Sandy Gao; Ashok Malhotra; Michael Sperberg-McQueen; Henry Thompson; Paul V. Biron et al. W3C. 5 April 2012. W3C Recommendation. URL: https://www.w3.org/TR/xmlschema11-2/

F.2 Informative references

[BASE58]
The Base58 Encoding Scheme. Manu Sporny. IETF. December 2019. Internet-Draft. URL: https://tools.ietf.org/html/draft-msporny-base58
[DID-RESOLUTION]
Decentralized Identifier Resolution. Markus Sabadello; Dmitri Zagidulin. Credentials Community Group. Draft Community Group Report. URL: https://w3c-ccg.github.io/did-resolution/
[DID-RUBRIC]
Decentralized Characteristics Rubric v1.0. Joe Andrieu. Credentials Community Group. Draft Community Group Report. URL: https://w3c.github.io/did-rubric/
[DID-USE-CASES]
Decentralized Identifier Use Cases. Joe Andrieu; Kim Hamilton Duffy; Ryan Grant; Adrian Gropper. Decentralized Identifier Working Group. W3C Editor's Draft. URL: https://w3c.github.io/did-use-cases/
[DNS-DID]
The Decentralized Identifier (DID) in the DNS. Alexander Mayrhofer; Dimitrij Klesev; Markus Sabadello. February 2019. Internet-Draft. URL: https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/
Cryptographic Hyperlinks. Manu Sporny. IETF. December 2018. Internet-Draft. URL: https://tools.ietf.org/html/draft-sporny-hashlink-02
[IANA-URI-SCHEMES]
Uniform Resource Identifier (URI) Schemes. IANA. URL: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
[MATRIX-URIS]
Matrix URIs - Ideas about Web Architecture. Tim Berners-Lee. December 1996. Personal View. URL: https://www.w3.org/DesignIssues/MatrixURIs.html
[RFC4122]
A Universally Unique IDentifier (UUID) URN Namespace. P. Leach; M. Mealling; R. Salz. IETF. July 2005. Proposed Standard. URL: https://tools.ietf.org/html/rfc4122
[RFC4648]
The Base16, Base32, and Base64 Data Encodings. S. Josefsson. IETF. October 2006. Proposed Standard. URL: https://tools.ietf.org/html/rfc4648
[RFC6901]
JavaScript Object Notation (JSON) Pointer. P. Bryan, Ed.; K. Zyp; M. Nottingham, Ed.. IETF. April 2013. Proposed Standard. URL: https://tools.ietf.org/html/rfc6901
[RFC7230]
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing. R. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed Standard. URL: https://httpwg.org/specs/rfc7230.html
[RFC7231]
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. R. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed Standard. URL: https://httpwg.org/specs/rfc7231.html
[RFC7515]
JSON Web Signature (JWS). M. Jones; J. Bradley; N. Sakimura. IETF. May 2015. Proposed Standard. URL: https://tools.ietf.org/html/rfc7515