quartzjer / did-jwk Goto Github PK
View Code? Open in Web Editor NEWDID JWK Method Spec
License: Creative Commons Zero v1.0 Universal
did-jwk's People
Contributors
Stargazers
Watchers
did-jwk's Issues
Another implementation
https://github.com/OR13/did-jwk
You may find the examples here interesting: https://github.com/OR13/did-jwk/tree/main/src/cli-examples
DID URLs are currently ambigious
I would assume:
- didDocument.verificationMethod[0].id === didDocument.id
- didDocument.verificationMethod[0].controller === didDocument.id
But it's not clear from your example.
I need to get back something like did:jwk:encoded....#key-0
I tried to convert did keys to this format... this is what I got:
{
"keys": [
{
"id": "did:key:z6MkpFJxUgQgYKK68fmokaCWwpRYoWdG3LzZR6dLFXvdJvAT#z6MkpFJxUgQgYKK68fmokaCWwpRYoWdG3LzZR6dLFXvdJvAT",
"controller": "did:key:z6MkpFJxUgQgYKK68fmokaCWwpRYoWdG3LzZR6dLFXvdJvAT",
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "kYUxJdxcqoKbfJKjTPEmbifNrDBvuQuoGynhwmr4BSA"
},
"privateKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "kYUxJdxcqoKbfJKjTPEmbifNrDBvuQuoGynhwmr4BSA",
"d": "TmG8GRjqakeuMwczG-d5gZahqOfP5Lbo98ml82AX2Sk"
}
}
],
"didDocument": {
"id": "did:jwk:eyJraWQiOiJrZXktMCIsImt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4Ijoia1lVeEpkeGNxb0tiZkpLalRQRW1iaWZOckRCdnVRdW9HeW5od21yNEJTQSJ9",
"verificationMethod": [
{
"id": "did:jwk:eyJraWQiOiJrZXktMCIsImt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4Ijoia1lVeEpkeGNxb0tiZkpLalRQRW1iaWZOckRCdnVRdW9HeW5od21yNEJTQSJ9",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJraWQiOiJrZXktMCIsImt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4Ijoia1lVeEpkeGNxb0tiZkpLalRQRW1iaWZOckRCdnVRdW9HeW5od21yNEJTQSJ9",
"publicKeyJwk": {
"kid": "key-0",
"kty": "OKP",
"crv": "Ed25519",
"x": "kYUxJdxcqoKbfJKjTPEmbifNrDBvuQuoGynhwmr4BSA"
}
}
],
"authentication": [
"did:jwk:eyJraWQiOiJrZXktMCIsImt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4Ijoia1lVeEpkeGNxb0tiZkpLalRQRW1iaWZOckRCdnVRdW9HeW5od21yNEJTQSJ9"
],
"capabilityInvocation": [
"did:jwk:eyJraWQiOiJrZXktMCIsImt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4Ijoia1lVeEpkeGNxb0tiZkpLalRQRW1iaWZOckRCdnVRdW9HeW5od21yNEJTQSJ9"
],
"capabilityDelegation": [
"did:jwk:eyJraWQiOiJrZXktMCIsImt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4Ijoia1lVeEpkeGNxb0tiZkpLalRQRW1iaWZOckRCdnVRdW9HeW5od21yNEJTQSJ9"
],
"keyAgreement": [
"did:jwk:eyJraWQiOiJrZXktMCIsImt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4Ijoia1lVeEpkeGNxb0tiZkpLalRQRW1iaWZOckRCdnVRdW9HeW5od21yNEJTQSJ9"
]
}
}Revocability and x5c
I think it might be possible to use the x5c parameter with a mutable did method, to convert immutable did:jwk into revocable and immutable did:jwk.
Method specific sub identifier formats, eg: `did:jwk:<extension>:<base64url(jwk)>`
JWKs are a foundational component of many identity and credentialing systems.
The did:jwk method could be extended with "longer form" identitifer schemes that address these specific use cases.
For example:
Content Addressing
Its possible to compress a did:jwk using content addressing... this can be accomplished without overloading did:jwk but leveraging the naming convention used for multiple network based methods, for example:
did:jwk:ipfs:cid -> cid -> did:jwk:encoded
This would leverage any content id based storage network to shorten the did, but at the cost of a different resolution process for jwk:ipfs when compared to jwk.
WebAuthN
TODO ?
OIDC
TODO ?
add more examples
I'm wrapping up an update to our did:key library that allows for users to generate did:jwk instead.
Here is a dump on some examples:
{
"P-256": {
"keys": [
{
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9",
"publicKeyJwk": {
"kty": "EC",
"crv": "P-256",
"x": "Nw-6rVBYSZ_xE4fqpMAQW06KROCrk0U1dTXdM4vuCDk",
"y": "oMXEHZeg8jWV1JjxtGzHi3CL-bO10asAbICgvAYvfrE"
},
"privateKeyJwk": {
"kty": "EC",
"crv": "P-256",
"d": "aT2ANm0AzgqvpqDC5Fcesl3-dIiwvY9duEV7yLU2tyc",
"x": "Nw-6rVBYSZ_xE4fqpMAQW06KROCrk0U1dTXdM4vuCDk",
"y": "oMXEHZeg8jWV1JjxtGzHi3CL-bO10asAbICgvAYvfrE"
}
}
],
"didDocument": {
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9",
"verificationMethod": [
{
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9",
"publicKeyJwk": {
"kty": "EC",
"crv": "P-256",
"x": "Nw-6rVBYSZ_xE4fqpMAQW06KROCrk0U1dTXdM4vuCDk",
"y": "oMXEHZeg8jWV1JjxtGzHi3CL-bO10asAbICgvAYvfrE"
}
}
],
"authentication": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9#0"
],
"capabilityInvocation": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9#0"
],
"capabilityDelegation": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9#0"
],
"keyAgreement": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik53LTZyVkJZU1pfeEU0ZnFwTUFRVzA2S1JPQ3JrMFUxZFRYZE00dnVDRGsiLCJ5Ijoib01YRUhaZWc4aldWMUpqeHRHekhpM0NMLWJPMTBhc0FiSUNndkFZdmZyRSJ9#0"
]
}
},
"P-384": {
"keys": [
{
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9",
"publicKeyJwk": {
"kty": "EC",
"crv": "P-384",
"x": "deBSeJA9e5bQeWRDW-xafsYoyHThnvX_EMXy1xTbDJpRXma4c9L7Jv_hgM1M9EUY",
"y": "6IlXbH73WtJAQtfOQDqeqni2Qk6IwMA0Dx6Sz1sa3x8X08aPibPsvX599jW9x4qi"
},
"privateKeyJwk": {
"kty": "EC",
"crv": "P-384",
"d": "bogrviTQUnBXY_poQU-OXxAv1guZzUPVkXxW2Tr-jxM2aCaoYmU3fxFMMKmAe8sW",
"x": "deBSeJA9e5bQeWRDW-xafsYoyHThnvX_EMXy1xTbDJpRXma4c9L7Jv_hgM1M9EUY",
"y": "6IlXbH73WtJAQtfOQDqeqni2Qk6IwMA0Dx6Sz1sa3x8X08aPibPsvX599jW9x4qi"
}
}
],
"didDocument": {
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9",
"verificationMethod": [
{
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9",
"publicKeyJwk": {
"kty": "EC",
"crv": "P-384",
"x": "deBSeJA9e5bQeWRDW-xafsYoyHThnvX_EMXy1xTbDJpRXma4c9L7Jv_hgM1M9EUY",
"y": "6IlXbH73WtJAQtfOQDqeqni2Qk6IwMA0Dx6Sz1sa3x8X08aPibPsvX599jW9x4qi"
}
}
],
"authentication": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9#0"
],
"capabilityInvocation": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9#0"
],
"capabilityDelegation": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9#0"
],
"keyAgreement": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6ImRlQlNlSkE5ZTViUWVXUkRXLXhhZnNZb3lIVGhudlhfRU1YeTF4VGJESnBSWG1hNGM5TDdKdl9oZ00xTTlFVVkiLCJ5IjoiNklsWGJINzNXdEpBUXRmT1FEcWVxbmkyUWs2SXdNQTBEeDZTejFzYTN4OFgwOGFQaWJQc3ZYNTk5alc5eDRxaSJ9#0"
]
}
},
"Ed25519": {
"keys": [
{
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ",
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "bdVY9l7EL-9za8CQCjXgk-V7th0c_vuGmuIsA75hjag"
},
"privateKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "bdVY9l7EL-9za8CQCjXgk-V7th0c_vuGmuIsA75hjag",
"d": "xCajx6hc53zYwsbwwz2qJikfX9_vPyr7Y-ilLqLCtgY"
}
}
],
"didDocument": {
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ",
"verificationMethod": [
{
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ",
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "bdVY9l7EL-9za8CQCjXgk-V7th0c_vuGmuIsA75hjag"
}
}
],
"authentication": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ#0"
],
"capabilityInvocation": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ#0"
],
"capabilityDelegation": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ#0"
],
"keyAgreement": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImJkVlk5bDdFTC05emE4Q1FDalhnay1WN3RoMGNfdnVHbXVJc0E3NWhqYWcifQ#0"
]
}
},
"X25519": {
"keys": [
{
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9",
"publicKeyJwk": {
"kty": "OKP",
"crv": "X25519",
"x": "wUaaS6DwyaP-8vS_aALDfWz6_6QOddUBAq_LV6LjAH8"
},
"privateKeyJwk": {
"kty": "OKP",
"crv": "X25519",
"x": "wUaaS6DwyaP-8vS_aALDfWz6_6QOddUBAq_LV6LjAH8",
"d": "ms8ujhrsN4wUQj7YPtaS6JQpnOh2tRvyr6nFb8slooU"
}
}
],
"didDocument": {
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9",
"verificationMethod": [
{
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9",
"publicKeyJwk": {
"kty": "OKP",
"crv": "X25519",
"x": "wUaaS6DwyaP-8vS_aALDfWz6_6QOddUBAq_LV6LjAH8"
}
}
],
"authentication": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9#0"
],
"capabilityInvocation": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9#0"
],
"capabilityDelegation": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9#0"
],
"keyAgreement": [
"did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4Ijoid1VhYVM2RHd5YVAtOHZTX2FBTERmV3o2XzZRT2RkVUJBcV9MVjZMakFIOCJ9#0"
]
}
},
"secp256k1": {
"keys": [
{
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ",
"publicKeyJwk": {
"kty": "EC",
"crv": "secp256k1",
"x": "TgADGlUtXxpyNjU2evDpTVBw4UMfFknVFbj9YPVbN9c",
"y": "oKUH16_lvn4A7HCN7AMLVKf3KbcHJbgysGIAWPOMc8s"
},
"privateKeyJwk": {
"kty": "EC",
"crv": "secp256k1",
"x": "TgADGlUtXxpyNjU2evDpTVBw4UMfFknVFbj9YPVbN9c",
"y": "oKUH16_lvn4A7HCN7AMLVKf3KbcHJbgysGIAWPOMc8s",
"d": "xcqFKuNvOOOg4rWxR440AY4qZ4QfNULV3CjSBF-eO30"
}
}
],
"didDocument": {
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ",
"verificationMethod": [
{
"id": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ#0",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ",
"publicKeyJwk": {
"kty": "EC",
"crv": "secp256k1",
"x": "TgADGlUtXxpyNjU2evDpTVBw4UMfFknVFbj9YPVbN9c",
"y": "oKUH16_lvn4A7HCN7AMLVKf3KbcHJbgysGIAWPOMc8s"
}
}
],
"authentication": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ#0"
],
"capabilityInvocation": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ#0"
],
"capabilityDelegation": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ#0"
],
"keyAgreement": [
"did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJUZ0FER2xVdFh4cHlOalUyZXZEcFRWQnc0VU1mRmtuVkZiajlZUFZiTjljIiwieSI6Im9LVUgxNl9sdm40QTdIQ043QU1MVktmM0tiY0hKYmd5c0dJQVdQT01jOHMifQ#0"
]
}
}
}
Canonicalization?
Out of curiosity why not run it through the JCS algorithm first before converting it to a UTF-8 string?
I did consider this route, but decided that I wanted to keep the requirements extremely minimal.
The intent is for the owner to maintain these DIDs in their serialized form as the default/simplest use-case. They MAY decide to store in some other form and canonicalize, but that isn't required by the method.
JWK `kid` and `verificationMethod.id`
https://www.w3.org/TR/did-core/#dfn-publickeyjwk
The publicKeyJwk property is OPTIONAL. If present, the value MUST be a map representing a JSON Web Key that conforms to [RFC7517]. The map MUST NOT contain "d", or any other members of the private information class as described in Registration Template.
It is RECOMMENDED that verification methods that use JWKs [RFC7517] to represent their public keys use the value of kid as their fragment identifier. It is RECOMMENDED that JWK kid values are set to the public key fingerprint [RFC7638]. See the first key in Example 13 for an example of a public key with a compound key identifier.
Many folks who use JWK will already have an identifier for the JWK, more examples (possibly pulled from Amazon, Google, Azure KMS JWKs) would help provide better interop.
resolver extensions
one hack around did methods like this has been "resolver middleware", or... modifying a did document to contain values other than what the method author intended (for example adding service endpoints or @context or other json values to an existing did document.
It is possible to make did:jwk look like a did web by exploiting the ability to encode arbitrary JSON in the encoded JWK.
For example:
const jwk = {
kid,
'@context': options.didDocument['@context'],
service: options.didDocument.service,
...publicKeyJwk,
};
const did = `did:jwk:${base64url.encode(JSON.stringify(jwk))}`;This will then yield a did document that contains nested data which can be pulled up the correct level by "post resolution middleware"....
example:
{
"keys": [
{
"id": "did:key:z6MkpFJxUgQgYKK68fmokaCWwpRYoWdG3LzZR6dLFXvdJvAT#z6MkpFJxUgQgYKK68fmokaCWwpRYoWdG3LzZR6dLFXvdJvAT",
"controller": "did:key:z6MkpFJxUgQgYKK68fmokaCWwpRYoWdG3LzZR6dLFXvdJvAT",
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "kYUxJdxcqoKbfJKjTPEmbifNrDBvuQuoGynhwmr4BSA"
},
"privateKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "kYUxJdxcqoKbfJKjTPEmbifNrDBvuQuoGynhwmr4BSA",
"d": "TmG8GRjqakeuMwczG-d5gZahqOfP5Lbo98ml82AX2Sk"
}
}
],
"didDocument": {
// note that a resolver could inject this value
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/jws-2020/v1"
],
"id": "did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ",
"verificationMethod": [
{
"id": "did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ",
"type": "JsonWebKey2020",
"controller": "did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ",
"publicKeyJwk": {
"kid": "key-0",
// note that a resolver could remove this value
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/jws-2020/v1"
],
// note that a resolver could remove this value
"service": [
{
"id": "#agent",
"serviceEndpoint": "https://api.example.com"
}
],
"kty": "OKP",
"crv": "Ed25519",
"x": "kYUxJdxcqoKbfJKjTPEmbifNrDBvuQuoGynhwmr4BSA"
}
}
],
"authentication": [
"did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ"
],
"capabilityInvocation": [
"did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ"
],
"capabilityDelegation": [
"did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ"
],
"keyAgreement": [
"did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ"
],
// note that a resolver could inject this value
"service": [
{
"id": "did:jwk:eyJraWQiOiJrZXktMCIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSJdLCJzZXJ2aWNlIjpbeyJpZCI6IiNhZ2VudCIsInNlcnZpY2VFbmRwb2ludCI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIn1dLCJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImtZVXhKZHhjcW9LYmZKS2pUUEVtYmlmTnJEQnZ1UXVvR3luaHdtcjRCU0EifQ#agent",
"serviceEndpoint": "https://api.example.com"
}
]
}
}Possible problem: one key, several DIDs
I love the simplicity of being able to express a key as a DID. I think this is a great bridge between the two worlds, that has a lot of use cases.
One possible issue I'm seeing is that a same key pair can lead to different DIDs, depending on variations such as the order of keys in the JWT, for example. Maybe there are additional inventive ways to come up with such variations.
I know that in normal situations this won't be a problem, because you'll usually decode the key back from the DID and check some signature related to it. However, there might be a few situations where you start from the key and can produce different DIDs depending on encoding, so non-uniqueness would become an issue.
Do we consider this could be a problem? We can just accept that characteristic and keep things simple, or we can try and add uniqueness, with the risk of making the algorithm more complex.
Can we resolve other content types
Assuming this is meant to return application/json or application/did+json by default.
I would be nice to be able to use did:jwk but get back CWKs when resolving as application/did+cbor
Add driver to universal resolver
more clarifying examples
I didn't find a description of either of these points in the did:key spec, have I been using an old one?
I think you're right. But that doesn't mean you can't cover them in your spec? :)
In the did:key spec at least there are some complete examples, but in the did:jwk spec it's really not clear what the value of verificationMethod.id would be.
Originally posted by @peacekeeper in w3c/did-spec-registries#432 (comment)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.