diff --git a/index.html b/index.html index a17881bc..85088276 100644 --- a/index.html +++ b/index.html @@ -630,7 +630,33 @@

DID Documents

-

DID Resolvers and DID Resolution

+

DID Resolution and DID URL Dereferencing

+ +

+DID resolution is the function of processing a DID by +executing a DID method to return a DID document +and additional metadata, in a conformant representation. +A DID resolver is a software and/or hardware component that is capable of +executing the DID resolution function for at least one +DID method. +

+ +

+DID URL dereferencing is the function of processing a DID URL and returning +a resource, which might or might not be a DID document, along with additional +metadata. A DID URL dereferencer is a software and/or hardware component that +is capable of executing the DID URL dereferencing function. Generally, a +DID URL dereferencer executes DID resolution on the DID portion of a +DID URL to obtain a DID document. The DID URL dereferencer then can perform +additional dereferencing on the DID document using the full DID URL, +if necessary. +

+ +

+The general inputs and outputs of the DID resolution and DID URL dereferencing functions +are specified in the section of this document. Additional considerations +for the implementation of these functions are covered in [[?DID-RESOLUTION]]. +

@@ -938,18 +964,19 @@

Generic DID URL Parameters

- Adding a DID parameter to a DID URL means that the parameter becomes part of - an identifier for a resource (the DID document or other). Alternatively, the - DID resolution and the DID URL dereferencing processes can also be influenced - by passing options to a DID resolver that are not part of the DID URL. + Adding a DID parameter to a DID URL means that the parameter becomes part of + an identifier for a resource (the DID document or other). Alternatively, the + DID resolution and the DID URL dereferencing functions can also be influenced + by passing input metadata to a DID resolver that are not part of the DID URL. + (See ). Such options could for example control caching or the desired encoding of a resolution result. This is comparable to HTTP, where certain parameters could either be included in an HTTP URL, or alternatively passed as HTTP headers during the dereferencing process. The important distinction is that DID parameters that are part of the DID URL should be used to specify - what resource is being identified, whereas DID resolver options + what resource is being identified, whereas DID resolution options that are not part of the DID URL should be use to control how that - resource is dereferenced. + resource is resolved or dereferenced.

@@ -1076,11 +1103,11 @@

Fragment

document to identify a component of the document (for example, a unique public key description or service endpoint). DID fragment syntax and semantics are identical to a generic URI fragment and MUST conform - to RFC 3986, section 3.5. To resolve + to RFC 3986, section 3.5. To dereference a DID fragment reference, the complete DID URL including the - DID fragment MUST be used as input to the DID URL dereferencing - algorithm for the target component in the DID document object. For more - information, see [[?DID-RESOLUTION]]. + DID fragment MUST be used as input to the DID URL dereferencing + function for the target component in the DID document object. For more + information, see .

@@ -1238,7 +1265,7 @@

DID Subject

DID method specifications can create intermediate representations of a DID document that do not contain the id key, such as when a -DID resolver is performing resolution. However, the fully resolved +DID resolver is performing DID resolution. However, the fully resolved DID document always contains a valid id property. The value of id in the resolved DID document is expected to match the DID that was resolved. @@ -1990,7 +2017,8 @@

Core Representations

Producers MUST indicate which representation of a document has been used via a media type in the document's metadata. Consumers MUST determine which representation a document is in -via a media type in the document's metadata. Consumers MUST NOT determine the representation +via the content-type DID resolver metadata field. (See ). +Consumers MUST NOT determine the representation of a document through its content alone.

@@ -2018,8 +2046,8 @@

-When producing and consuming DID documents that are in plain JSON (as noted by -the document metadata), the following rules MUST be followed. +When producing and consuming DID documents that are in plain JSON (as indicated by +a content-type of application/json+did in the resolver metadata), the following rules MUST be followed.

@@ -2160,8 +2188,8 @@

-When producing and consuming DID documents that are in JSON-LD (as noted by -the document metadata), the following rules MUST be followed. +When producing and consuming DID documents that are in JSON-LD (as indicated by +a content-type of application/jsonld+did in the resolver metadata), the following rules MUST be followed.

    @@ -2543,18 +2571,272 @@

    -A DID resolver is a software or hardware component with an API for -resolving DIDs of at least one DID method. It executes the read -operation for the DID method corresponding to the DID being -resolved to obtain the authoritative DID document. For more information, -see Section . +This section defines the inputs and outputs of the +DID resolution and DID URL dereferencing functions. The +exact implementation of these functions is out of scope for this specification, +but some considerations for implementors are available in [[?DID-RESOLUTION]].

    - +

    -The interfaces and algorithms for resolving DIDs and dereferencing -DID URLs are specified in [[?DID-RESOLUTION]]. +All conformant DID resolvers MUST implement the DID resolution function +for at least one DID method and be able to return a DID document in +at least one conformant representation. All conformant DID URL dereferencers +MUST implement dereferencing for at least one conformant representation type.

    +
    +

    +DID Resolution +

    + +

    +The DID resolution function resolves a DID into a DID document +by using the "Read" operation of the applicable DID method. (See .) +The details of how this process is accomplished is outside the scope of this +specification, but all implementations MUST implement a function in the form: +

    + +

    +resolve ( did, input-metadata ) -> ( did-document, did-document-metadata, did-resolution-metadata ) +

    + +

    +The inputs of this function are a DID and a set of input metadata. The +DID is REQUIRED. Note that if the caller of this function wishes to resolve a DID URL, +the caller MUST first transform the DID URL into a bare DID, +including removal of any fragment. The input metadata are a map of key-value +string pairs as described in . +The input metadata are REQUIRED but the map MAY be empty. Concrete bindings MUST NOT +define additional inputs to this function. +

    + +

    +The possible keys for the input metadata are defined by the DID Core Registry [[?DID-CORE-REGISTRY]]. This specification +defines the following keys and values: + +

    +
    accept
    +
    The MIME type of the preferred representation of the DID document. The DID resolver MAY + use this value to determine the representation of the returned DID document if such a + representation is supported and available.
    +
    +

    + + +

    +The DID resolver executes the "Read" operation of the DID method as described in +. If successful, the outputs of this function MUST contain a DID document, +a set of metadata for the DID document (which MAY be empty), and a set of metadata for the resolution process. If +the function results in an error, the outputs MUST contain a set of metadata for the resolution process. +

    + +

    +The DID document is returned as a byte stream of a conformant representation +as determined and supported by the DID resolver. The caller of the DID resolution function +can then parse and process the DID document from this byte stream. The DID document is +REQUIRED unless an error is returned by the DID resolution function. +

    + +

    +When a DID document is returned, the DID document metadata is returned as a map of +key-value string pairs as described in . This metadata +contains information about the input DID and the returned DID document. This metadata +typically does not change between invocations of the DID resolution function. The keys and +possible values for this metadata are defined in the DID Core Registry [[?DID-CORE-REGISTRY]]. +The DID Document metadata MAY be empty. +

    + +

    +The contents of the DID document metadata still needs to be defined within this document. +

    + +

    +The DID resolution metadata is returned as a map of key-value string pairs as described in +. This metadata contains information about the results of +the resolution process. This metadata typically changes between invocations of the DID resolution +function. The keys and possible values for this metadata are defined by the DID Core Registry [[?DID-CORE-REGISTRY]]. This +specification defines the following keys and values: + +

    +
    content-type
    +
    The mime-type of the returned conformant representation of the DID document if successful. + The DID resolver MUST supply this value when a DID document + is returned. The caller of the resolution function MUST use this value when determining how to + parse and process the byte stream returned by this function into + DID document.
    + +
    error
    +
    The error code from the resolution process. The DID resolver MUST supply + this value when there is an error. The possible values + this field are defined by the DID Core Registry [[?DID-CORE-REGISTRY]]. This specification defines the following + error values: + +
    +
    invalid-did
    +
    The DID supplied to the DID resolution function does not + conform to valid syntax. (See .)
    + +
    unauthorized
    +
    The caller is not authorized to resolve this DID with + this DID resolver.
    +
    + +
    + +
    +

    + +
    + +
    +

    +DID URL Dereferencing +

    + +

    +The DID URL dereferencing function dereferences a DID URL into content +represented by that DID URL based on the DID document represented by +the DID within the DID URL. This content MAY be a DID document, a +portion of a DID document, a service endpoint, or some other data. The details of the implementation of this function +are outside the scope of this specification, but all implementations MUST provide +a function of the following form: +

    + +

    +dereference ( did-url, input-options ) -> ( content, did-document-metadata, did-dereference-metadata ) +

    + + +
    +It would be possible to define dereferencing in terms of a DID URL +and a fully parsed and modeled DID document, where the resolution process could happen externally +to the dereferencer. The problem with this is that the caller could potentially +dereference a URL against a document that the DID within the DID URL does +not represent. +
    + +

    +The inputs to this function are a DID URL and a set of input metadata. The +DID URL is REQUIRED and MAY be any valid DID URL, including a fragment. +The input metadata are a map of key-value string pairs as +described in . The input metadata are REQUIRED but +the map MAY be empty. Concrete bindings MUST NOT define additional +inputs to this function. +

    + +

    +The possible keys for the input metadata are defined by the DID Core Registry [[?DID-CORE-REGISTRY]]. +

    + +

    +The DID URL dereferencer first MUST resolve the DID within the +DID URL into a DID document using a DID resolution process. +The DID URL dereferencer MUST parse the resulting DID document +from its conformant representation to allow for additional processing. +

    + +

    +The DID URL dereferencer MUST perform any additional processing indicated +by the DID URL, such as resolving a fragment into an element. If no additional processing is +required by the DID URL, the DID document is returned as the +content. +

    + +

    +The DID dereference metadata is returned as a map of key-value string pairs as described in +. The metadata structure is REQUIRED and MUST NOT be empty. +This metadata contains information about the results of +the dereferencing process. This metadata typically changes between invocations of the DID URL dereferencing +function. The keys and possible values for this metadata are defined by the DID Core Registry [[?DID-CORE-REGISTRY]]. This +specification defines the following keys and values: + +

    +
    content-type
    +
    The mime-type of the returned content if successful.
    + +
    error
    +
    The error code from the dereferencing process. The DID resolver MUST supply + this value when there is an error. The possible values + this field are defined by the DID Core Registry [[?DID-CORE-REGISTRY]]. This specification defines the following + error values: + +
    +
    invalid-url
    +
    The DID URL supplied to the DID URL dereferencing function does not + conform to valid syntax. (See .)
    +
    + +
    + +
    +

    + +

    +The content of this function's output is a byte stream of data. This byte stream MAY +represent a DID document in a conformant representation, a portion of a DID document +in a conformant representation, the results of calling a service +endpoint, or something else determined by the DID method and its services. +

    + +

    +If the returned content is a DID document, the DID URL dereferencer MAY +return an additional set of DID document metadata, as described in . +

    + +
    + +
    +

    +Metadata structure +

    + +
    +There needs to be a registry established for handling input metadata and rules defined for +how to handle an unknown input metadata name. A similar issue applies for all metadata structures +returned from these functions. +
    + +

    +Metadata structures are maps of key-value string pairs. All keys within this map +MUST be UTF-8 unicode strings. The keys of this map MUST NOT be repeated within +a given metadata structure. The keys of this map MUST be compared in a +case-insensitive way and the case MAY be transformed. The values of this map +MUST be retained as an exact string without transformation. +

    + +

    +All bindings MUST provide a way for the caller of the function to input or +receive the map of key-value string pairs as described in this specification. The +exact representation of these metadata structures as part of a protocol or serialization +is out of scope for this specification. For example, an HTTP-based binding can +use HTTP headers of an HTTP request to convey input metadata and HTTP headers of an +HTTP response to convey document and resolver metadata. Alternatively, a fully +JSON-based binding can use a JSON object to represent the metadata structures. +

    + +

    +The keys and values MAY be transformed by the binding for transport +in a deterministic and reversible fashion. For example, the content-type +DID resolution metadata element could be represented as a text header +in a binding: +

    + +

    +DID-CONTENT-TYPE: application/json+did +

    + +

    +In this example, the key content-type has had the string DID- +prepended to it and the key text is uppercased. When returned from the function, this transformation +would be reversed to provide the value application/json+did under the key +content-type to the caller. Implementations of these functions MUST NOT +require the caller to transform its inputs into the implementation's underlying +transmission formats. In other words, the caller need not +know the underlying representation of the metadata used by the implementation of +the function in order to call the function. +

    +
    +

diff --git a/terms.html b/terms.html index 3a4df6cb..3822bbb9 100644 --- a/terms.html +++ b/terms.html @@ -7,6 +7,12 @@
+
binding
+
+A concrete mechanism through which a caller invokes a DID resolver or a DID URL dereferencer. +This could be a local command line tool, a library API, or a network call such as an HTTP(S) request. +
+
blockchain
@@ -123,12 +129,23 @@ verifiable data registry. For more information, see [[VC-DATA-MODEL]].
+
DID resolution
+ +
+The function that takes as its input a DID and a set of resolution +options and returns a DID document in a conforming representation +plus additional metadata. This function relies on the "Read" operation of the +applicable DID method. The contract of this function is defined +in . +
+
DID resolver
-A system that is capable of retrieving a DID document for a given -DID. These systems are specified in the DID Resolution specification -[[DID-RESOLUTION]]. +A software and/or hardware system that is capable of executing the DID resolution +function, retrieving a DID document for a given +DID. The details of such systems are discussed in the DID Resolution specification +[[?DID-RESOLUTION]].
DID scheme
@@ -154,6 +171,27 @@ by a DID fragment. +
DID URL dereferencing
+ +
+The function that takes as its input a DID URL, a DID document, +and a set of dereferencing options and returns a resource, which might be +a DID document, plus additional metadata. This function can use the DID resolution +function to fetch a DID document indicated by the DID within the DID URL. +The dereferencing function then can perform additional processing on the DID document to return +the dereferenced resource indicated by the DID URL. The contract of this +function is defined in . +
+ +
DID URL dereferencer
+ +
+A software and/or hardware system that is capable of executing the DID URL dereferencing +function, retrieving some form of data, which might or might not be a DID document) for a given +DID URL. The details of systems are specified in the DID Resolution specification +[[?DID-RESOLUTION]]. +
+
distributed ledger (DLT)