-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DID, DID-URL, identification (DID view <-> SW view) #183
Comments
I disagree. What part of the spec is it that gives this impression? I would argue that your examples I would argue that in the Semantic Web, two different URIs could potentially identify the same resource, e.g. In the same way, different DID URLs may or may not identify the same resource. You would have to find out by reading the appropriate DID method spec, or matrix parameter specification, or some application documentation in order to know that. So I don't really see how there are two views? |
The spec says (as @talltree pointed at during the meeting):
Take the example
That is almost correct, but one had to be cautious. On the Semantic Web those two URI-s are, by default, distinct and identify two different resources. An external entity (user) could record a statement (axiom) whereby:
but that must be stated explicitly as an additional fact in a, say, knowledge graph. An OWL reasoner could then make various deductions but, for example, a pure RDFS reasoner could not. For a pure RDFS reasoner, those two resources remain distinct. |
If you were to make two Verifiable Credentials, the first with a There is no difference with DID URLs and HTTPS URLs in this respect; Semantic Web software should treat them the same way. We should get any sort of language in the DID core spec that might lead one to believe there is a difference resolved. Note: Historically, "DIDs" were at least partially designed to be a more portable/decentralized/self-sovereign form of a "WebID" and a "DID Document" was somewhat of an analog to a WebID's associated "Profile Document". All of these technologies are intended to play nicely together and with the broader (including non-Sem Web via JSON-LD tech) community. |
I don't see the problem. In your example Two different HTTP URIs also identify different resources, even if they share the same domain name.
Yes the "DID subject" and the "resource identified by a DID URI" are different notions. |
@dlongley said:
and @peacekeeper said:
I must admit these two statements still sound a bit contradictory in my mind. Of course, if I start with what @dlongley said then there is indeed no problem whatsoever. But the statement of @peacekeeper does not make this crystal clear. Actually, he also said:
So how do these two notions differ? Can we clearly put this into the spec? |
When @peacekeeper said this:
You could sub in HTTPS URLs it would be similar to saying this: "In your example
The The "host" part in an HTTPS URL is relevant to the resolution process in the same way the "DID subject" is: an HTTPS URL is resolved relative to the host and a DID URL is resolved relative to the DID subject. But, in both cases, different URLs refer to different things. |
yeah, after I put in my previous comment, I figured out something like that. And that is fine. But the spec is not clear about this (which was my original issue in the first place!). It says:
No mention of that 'component' thing. It also includes statements like "interacting with the DID subject", "Communicating with the DID subject", "authentication of the DID subject", etc., which suggests it is some sort of an external entity (yes, much like a host). But, in §5.1, which formally defines the DID syntax, there is no mention of the DID subject being a component of a DID URL. In §6.2 the DID subject is defined as follows: "The DID subject is denoted with the id property". Well, the I believe we may be along the same lines, saying that the subject is analogous to an HTTPS host component, but the spec needs, imho, improvements to make these things clear. |
(I did not want to pursue this discussion while the Grand Compromise PR was open…) @dlongley, @peacekeeper, @talltree, I try to collect my thoughts below, based on the discussion in this thread. I hope my summary is, technically, sound. (My problems stem from a possible presentation that I may have to do on “DID for dummies”…). Strictly speaking, the DID Core specification defines two, a bit orthogonal notions:
I see these two notions as, albeit connected to one another, completely different. One is an “abstract” URN-like URI, the other is a URL, ie, a locator. Their role, their usage, etc., are different. I believe the confusion comes from the fact that they are, sort of, smushed in the document. This leads to an error in the text in the abstract which says “DIDs are URLs”. Well no, they are not. It leads to, sort of, hidden definitions (which messed me up): for example, the title in [§5.1 Generic DID syntax](https://w3c.github.io/did-core/ is a misnomer: that section defines the DID as well as the DID URLs (in fact, most of the ABNF is on DID URLs…). In general, this duality is not make explicit enough. Here is what I would propose to do: Section 5 should be restructured to make the difference much clearer. The structure could be something like:
Some other, more random thoughts and issues on the same subject:
My apologies if this note has become a bit too long… (@msporny, I am happy to create a PR for the spec along these lines at some point if you prefer, but I wanted to get some general agreement first. Also, my understanding may still be wrong…) |
Well... the discrepancy is bigger than I thought. There is an online viewer for whatwg-url at https://jsdom.github.io/whatwg-url/. Unfortunately, though DIDs and DID URLs are parsed, the result is not exactly what we would expect. See, for example
Looking at this reinforces my feeling that we should not call this a “DID URL”, ie, we should keep away from the “URL” term. The change can be as simple as call it a “DID Locator” instead. |
@iherman I apologize for not seeing/responding to this earlier. Let me summarize my feedback on both of your previous comments. First, +1 to your first overall suggestion that in the DID Core spec, we should reorganize Section 5 on Identifiers into the subsections you suggest. I think that would an excellent clarification. Secondly, I applaud your deep dive into of the applicability of the term "URL". I think most of us have been working off the general W3C definition of URLs being the subset of URIs that locate resources on the Web. But your analysis of the WHAT-WG URL parsing reminded me to revisit the
Indeed, our ABNF for DIDs uses the This is in contrast to "conventional" URLs that have an So if I understand it, the case you are making is that the term "URL" is so deeply associated with URIs that use a rooted authority component that it will be misleading for us to use the term for "DID URLs" because they do not use a rooted authority component. And thus that a term like "DID Locator" is more accurate. I believe you are right. How do others feel? |
I did not realize this difference, thanks for following this up, @talltree. But this is perfectly in line with the whatwg compliant library operation (see #183 (comment)). |
I think you are right that the terms DID and DID URL can be more clearly explained and separated, and I think your new structures for Section 5 makes a lot of sense. I'm not familiar with the WhatWG work, and I don't really understand why the use of the term URL is a problem. I thought any URI that can be dereferenced to a representation of a resource is a URL? Should we add a double-slash
I'm pretty sure it's the first, shouldn't be a problem to define the JSON-LD DID document in this way I think? |
The term URL is a problem because the WhatWG has made a decision to, essentially, dump the term 'URI' and use the term 'URL' only. They then created a new document which is used these days as a reference for HTML related documents, API-s, and implementations. We may decide to ignore this, stick to our guns, and only care about the original, IETF specifications. My personal advise is not to do that: if at some point we would like to see the DID served by browsers just as many of them can handle, say,
Well, we would then define some sort of a 'profile' of JSON-LD insofar as we restrict the possible value of |
That's true, but you may use URLs elsewhere in the DID Document, like in service descriptions... and, fundamentally, this is linked data and we should be able to point elsewhere on the Web by using HTTPS URLs. The early versions of the DID spec didn't restrict In any case, just highlighting that this isn't as simple of a decision as it may seem at first. |
@msporny I understand and, of course, I was not suggesting imposing a restriction whereby all identifiers should be did-s. Indeed, that would be crazy (e.g., due to the service parameters). Actually, a different example is:
when DID URL (as opposed to a DID) is used to identify the key, and that should be perfectly fine. The only thing I was proposing is that the value of the term |
@dmitrizagidulin may have an opinion on this isse; during a recent DID Resolution call we discussed whether multiple DID documents could exist under a single DID, e.g. Personally I don't think this is a good idea; the whole point of DIDs is that each DID subject has its own DID. But I thought I'd mention it since it came up recently. |
As @peacekeeper said above, this is an area of active discussion for the Specifically, it is appropriate (for a |
I must admit the possibility of having an HTTP URL as an identifier for a subject sounds strange to me. If there is such thing as a Administratively: this issue has yielded several issues, which is entirely my fault (#183 (comment)). The core of this issue was the did vs. did url, which has now a separate PR (#212). I would think that this issue would deserve its own issue in this group. Would it be possible to create a separate issue, summarizing the DID Resolution call discussion? |
I agree this makes sense. @dmitrizagidulin do you want to do that (since you're closest to it), or do you want me to try? |
Closing |
The issue of DID vs. DID-URL vs. identification came up during the F2F meeting, and the subsequent discussion made me realize that there may difference between what the DID document says and what the Semantic Web says.
My understanding is as follows (and my understanding may be flawed):
did:example:abcdefg
) "identifies" the subject (which is specified as part of the DID information a.k.a. DID document)did:example:abcdefg/path1/path2/path3
identifies the same subject as its "DID part", i.e.,did:example:abcdefg
.Put it another way, the 'non-did' part of the DID-URL (i.e., the path, fragment, query, or param) does not affect the action of "identification" itself.
Compare it to the way the Semantic Web considers things:
http://www.example.org
andhttp://www.example.org/path1/path2/path3
are strictly different, and they are considered to identify different resources. (It may happen that these two are aliases and dereference to the same content, but that is besides the point.)This means that for example, if in a Semantic Web sets of statements (e.g., in a Verifiable Claim...) I use the following two URIs:
did:example:abcdefg
did:example:abcdefg/path1/path2/path3
then the two views will clash: the resources that are identified from the Semantic Web point of view are different, whereas they are considered to be identical from the point of view of the DID model.
We may be o.k. and comfortable with this. But even if we are, we may want to make it clear in the document somewhere imho, because it may be source of confusion.
The text was updated successfully, but these errors were encountered: