index.html

<!DOCTYPE html>
<html>
<head>
  <title>
    Decentralized Identifiers (DIDs) v1.0
  </title>
  <meta content='text/html; charset=utf-8' http-equiv='Content-Type'><!--
    === NOTA BENE ===
    For the three scripts below, if your spec resides on dev.w3 you can check them
    out in the same tree and use relative links so that they'll work offline.
   -->

  <script class='remove'
    src='https://www.w3.org/Tools/respec/respec-w3c-common'>
  </script><!--script src='./respec-w3c-common.js' class='remove'></script-->

  <script class='remove' src="./common.js">
  </script>
  <script class="remove" type="text/javascript">
  var respecConfig = {
        wgPublicList: "public-did-wg",
        wgPatentURI:  "https://www.w3.org/2004/01/pp-impl/117488/status",
        wg: "Decentralized Identifier Working Group",
        wgURI: "https://www.w3.org/2019/did-wg/",

    // specification status (e.g., WD, LCWD, NOTE, etc.). If in doubt use ED.
    specStatus: "WD",

    // the specification's short name, as in http://www.w3.org/TR/short-name/
    shortName: "did-core",


    edDraftURI: "https://w3c.github.io/did-core/",

    // subtitle
    subtitle: "Core architecture, data model, and representations",

    // if you wish the publication date to be other than today, set this
    //publishDate:  "2019-11-07",

    // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
    // and its maturity status
    previousPublishDate:  "2019-12-09",
    previousMaturity:  "WD",

    pluralize: true,

    // extend the bibliography entries
    localBiblio: ccg.localBiblio,
    github: {
            repoURL: "https://github.com/w3c/did-core/",
            branch: "master"
    },
    includePermalinks: false,


    // editors, add as many as you like
    // only "name" is required
    editors: [{
        name: "Drummond Reed",
        url: "https://www.linkedin.com/in/drummondreed/",
        company: "Evernym",
        companyURL: "https://www.evernym.com/",
        w3cid: 3096
      },
      {
        name: "Manu Sporny",
        url: "http://manu.sporny.org/",
        company: "Digital Bazaar",
        companyURL: "https://digitalbazaar.com/",
        w3cid: 41758
      },
      {
        name: "Markus Sabadello",
        url: "https://www.linkedin.com/in/markus-sabadello-353a0821",
        company: "Danube Tech",
        companyURL: "https://danubetech.com/",
        w3cid: 46729
      }
    ],

    // authors, add as many as you like.
    // This is optional, uncomment if you have authors as well as editors.
    // only "name" is required. Same format as editors.
    authors: [{
        name: "Drummond Reed",
        url: "https://www.linkedin.com/in/drummondreed/",
        company: "Evernym",
        companyURL: "https://www.evernym.com/",
        w3cid: 3096
      },
      {
        name: "Manu Sporny",
        url: "http://manu.sporny.org/",
        company: "Digital Bazaar",
        companyURL: "https://digitalbazaar.com/",
        w3cid: 41758
      },
      {
        name: "Dave Longley",
        url: "",
        company: "Digital Bazaar",
        companyURL: "https://digitalbazaar.com/",
        w3cid: 48025
      },
      {
        name: "Christopher Allen",
        url: "https://www.linkedin.com/in/christophera",
        company: "Blockchain Commons",
        companyURL: "https://www.BlockchainCommons.com",
        w3cid: 85560
      },
      {
        name: "Ryan Grant",
        url: "",
        company: "",
        companyURL: ""
      },
      {
        name: "Markus Sabadello",
        url: "https://www.linkedin.com/in/markus-sabadello-353a0821",
        company: "Danube Tech",
        companyURL: "https://danubetech.com/",
        w3cid: 46729
      }
    ]
    };
  </script>
  <style>
  pre .highlight {
    font-weight: bold;
    color: green;
  }
  pre .comment {
    color: SteelBlue;
    -webkit-user-select: none;
    -moz-user-select: none;
    -ms-user-select: none;
    user-select: none;
  }
  </style>
</head>
<body>
  <section id='abstract'>
    <p class="issue">
This document is undergoing a major structural refactoring and will not be easy
to read. A <a href="https://www.w3.org/TR/2019/WD-did-core-20191209/">previously
published version</a> that has a better topical flow may be a better read for
people new to this work. When this document has been updated to have a
better flow, this comment will be removed.
    </p>

    <p>
<a>Decentralized identifiers</a> (DIDs) are a new type of identifier that
enables verifiable, decentralized digital identity. A <a>DID</a> identifies
any subject (e.g., a person, organization, thing, data model, abstract entity, etc.)
that the controller of the <a>DID</a> decides that it 
identifies. These new identifiers are designed to enable the controller 
of a <a>DID</a> to prove control over it and to be implemented independently 
of any centralized registry, identity provider, or certificate authority. 
<a>DID</a>s are URLs that associate a <a>DID subject</a> with a 
<a>DID document</a> allowing trustable interactions associated with that subject. 
Each <a>DID document</a> can express cryptographic material, verification methods, 
or <a>service endpoints</a>, which provide a set of mechanisms enabling a 
<a>DID controller</a> to prove control of the <a>DID</a>. <a>Service 
endpoints</a> enable trusted interactions associated with the <a>DID 
subject</a>. A <a>DID document</a> might contain semantics about the subject 
that it identifies. A <a>DID document</a> might contain the <a>DID subject</a> 
itself (e.g. a data model).
    </p>
    <p>
This document specifies a common data model, a URL format, and a set of
operations for <a>DIDs</a>, <a>DID documents</a>, and <a>DID methods</a>.
    </p>
  </section>

  <section id='sotd'>

    <p>
This specification is under active development and implementers are advised
against implementing the specification unless they are directly involved
with the W3C DID Working Group. There are use cases [[?DID-USE-CASES]] in active
development that establish requirements for this document.
    </p>

    <p>
At present, there exist
<a href="https://w3c-ccg.github.io/did-method-registry/#the-registry">40
experimental implementations</a> and a preliminary
<a href="https://github.com/w3c-ccg/did-test-suite/">test suite</a>
that will eventually determine whether or not implementations are conformant.
Readers are advised that Appendix <a href="#current-issues"></a> contains a
list of concerns and proposed changes that will most likely result in
alterations to this specification.
    </p>

    <p>
Comments regarding this document are welcome. Please file issues
directly on <a href="https://github.com/w3c/did-core/issues/">GitHub</a>,
or send them
to <a href="mailto:public-did-wg@w3.org">public-did-wg@w3.org</a> (
<a href="mailto:public-did-wg-request@w3.org?subject=subscribe">subscribe</a>,
<a href="https://lists.w3.org/Archives/Public/public-did-wg/">archives</a>).
    </p>

    <p>
Portions of the work on this specification have been funded by the
United States Department of Homeland Security's Science and Technology
Directorate under contracts HSHQDC-16-R00012-H-SB2016-1-002 and
HSHQDC-17-C-00019. The content of this specification does not
necessarily reflect the position or the policy of the U.S. Government
and no official endorsement should be inferred.
    </p>

    <p>
Work on this specification has also been supported by the Rebooting the
Web of Trust community facilitated by Christopher Allen, Shannon
Appelcline, Kiara Robles, Brian Weller, Betty Dhamers, Kaliya Young,
Kim Hamilton Duffy, Manu Sporny, Drummond Reed, Joe Andrieu, and
Heather Vescent.
    </p>
  </section>

  <section class="informative">
    <h1>
Introduction
    </h1>

    <p>
Conventional <a href="https://en.wikipedia.org/wiki/Identity_management">identity management</a>
systems are based on centralized authorities such as corporate
<a href="https://en.wikipedia.org/wiki/Directory_service">directory services</a>,
<a href="https://en.wikipedia.org/wiki/Certificate_authority">certificate authorities</a>,
or <a href="https://en.wikipedia.org/wiki/Domain_name_registry">domain name registries</a>.
From the standpoint of cryptographic trust verification, each of these
centralized authorities serves as its own
<a href="https://en.wikipedia.org/wiki/Trust_anchor">root of trust</a>. To make
identity management work across these systems requires implementing
<a href="https://en.wikipedia.org/wiki/Federated_identity">federated identity management</a>.
    </p>

    <p>
The emergence of <a>distributed ledger technology</a> (DLT) and
<a>blockchain technology</a> provides the opportunity for fully
<a>decentralized identity management</a>. In a decentralized identity system,
entities (that is, discrete identifiable units such as, but not limited to,
people, organizations, and things) are free to use any shared root of trust.
Globally distributed ledgers, decentralized P2P networks, or other systems
with similar capabilities, provide the means for managing a root of
trust without introducing a centralized authority or a single point of
failure. In combination, <a>DLTs</a> and
<a>decentralized identity management</a> systems enable any entity to create and
manage their own identifiers on any number of distributed, independent roots of
trust.
    </p>

    <p>
Entities are identified by <a>decentralized identifiers</a> (<a>DIDs</a>), and
can authenticate using proofs (for example, digital signatures,
privacy-preserving biometric protocols, and so on). <a>DIDs</a> point to
<a>DID documents</a>. A <a>DID document</a> contains a set of
<a>service endpoints</a> for interacting with the entity that the <a>DID</a>
identifies (that is, the <a>DID subject</a>). Following the guidelines of
<a href="https://en.wikipedia.org/wiki/Privacy_by_design">Privacy by
Design</a>, any entity can have as many <a>DIDs</a> (and corresponding
<a>DID documents</a> and <a>service endpoints</a>) as necessary to respect the
entity’s desired separation of identities, personas, and contexts (in the
everyday sense of these words).
    </p>

    <p>
<a>DID methods</a> are the mechanism by which a <a>DID</a> and its associated
<a>DID document</a> are created, read, updated, and deactivated on a specific
<a>distributed ledger</a> or network. <a>DID methods</a> are defined using
separate <a>DID method</a> specifications.
    </p>

    <p>
This design eliminates dependence on centralized registries for
identifiers as well as centralized certificate authorities for key
management, which is the standard in hierarchical
<a href="https://en.wikipedia.org/wiki/Public_key_infrastructure">PKI (public key infrastructure</a>).
In cases where the <a>DID registry</a> is a <a>distributed ledger</a>, each
entity can serve as its own root authority. This architecture is referred to as
<a href="https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/final-documents/dpki.pdf">DPKI (decentralized PKI)</a>.
    </p>

    <p class="note">
<a>DID methods</a> can also be developed for identifiers registered in federated
or centralized identity management systems. Indeed, all types of identifier
systems can add support for <a>DIDs</a>. This creates an interoperability bridge
between the worlds of centralized, federated, and
<a>decentralized identifiers</a>.
    </p>

    <p>
The first purpose of this specification is to define the generic
<a>DID scheme</a> and a generic set of operations on <a>DID documents</a> that
can be implemented for any <a>DID registry</a>. The second purpose of this
specification is to define the conformance requirements for a <a>DID method</a>
specification. The <a>DID method</a> specification is a separate document that
defines a specific <a>DID scheme</a> and specific set of <a>DID document</a>
operations for a specific <a>DID registry</a>.
    </p>

    <p class="note">
Conceptually, the relationship between this specification and a
<a>DID method</a> specification is similar to the relationship between the IETF
generic <a>URI</a> specification ([[RFC3986]]) and a specific <a>URI</a> scheme
([[IANA-URI-SCHEMES]] (such as the http: and https: schemes specified in
[[RFC7230]]). It is also similar to the relationship between the IETF generic
URN specification ([[RFC8141]]) and a specific URN namespace definition, (such
as the <a>UUID</a> URN namespace defined in [[RFC4122]]). The difference is that
a <a>DID method</a> specification, as well as defining a specific
<a>DID scheme</a>, also specifies the methods for resolving and deactivating
<a>DIDs</a> on, and writing <a>DID documents</a> to, the appropriate
<a>DID registry</a>.
    </p>

    <p>
The hierarchical design of a generic <a>DID</a> specification with specific
<a>DID method</a> specifications introduces some of the same concepts as the
<a>URI</a> specification:
    </p>
      <ul>
        <li>
<a>DIDs</a> from different <a>DID methods</a> might not be interoperable, just
as <a>URIs</a> from different URI schemes might not be interoperable.
        </li>
        <li>
Entities might need multiple <a>DIDs</a> to support different relationships
because the other party might only support certain <a>DID methods</a>, in the
same way that some browsers might only support certain URI schemes.
        </li>
        <li>
Entities might need multiple <a>DIDs</a> to support the different cryptographic
schemes of different <a>DID methods</a> because not all parties will support the
same cryptographic schemes, in the same way that not all browsers support the
same URI schemes.
        </li>
        <li>
Managing multiple <a>DIDs</a>, and tracking which <a>DID</a> belongs to which
relationship, under which cryptographic scheme, introduces similar logistical
challenges as managing multiple web addresses and tracking which address belongs
to which website, or tracking which email address belongs to which relationship.
        </li>
      </ul>

    <p>
For a list of <a>DID methods</a> and their corresponding specifications,
see the DID Method Registry [[?DID-METHOD-REGISTRY]].
      </p>

  <section class="informative">
    <h2>
A Simple Example
    </h2>

    <p>
A <a>DID</a> is a simple text string consisting of three parts, the:
    </p>
      <ul>
        <li>
URL scheme identifier (<code>did</code>)
        </li>
        <li>
Identifier for the <a>DID method</a>
        </li>
        <li>
DID method-specific identifier.
        </li>
      </ul>

    <pre class="example nohighlight" title="A simple example of a decentralized identifier (DID)">
did:example:123456789abcdefghi
    </pre>

    <p>
The example <a>DID</a> above resolves to a <a>DID document</a>. A
<a>DID document</a> contains information associated with the <a>DID</a>, such as
ways to cryptographically authenticate the entity in control of the <a>DID</a>,
as well as services that can be used to interact with the entity.
    </p>

    <pre class="example nohighlight" title="Minimal self-managed DID document">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    <span class="comment">// used to authenticate as did:...fghi</span>
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "RsaVerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }],
  "service": [{
    <span class="comment">// used to retrieve Verifiable Credentials associated with the DID</span>
    "id":"did:example:123456789abcdefghi#vcs",
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}
    </pre>
  </section>

  <section class="informative">
    <h2>
Design Goals
    </h2>

    <p>
<a>Decentralized Identifiers</a> are a component of larger systems, such as
the Verifiable Credentials ecosystem [[VC-DATA-MODEL]], which drove the design
goals for this specification. This section summarizes the primary design goals
for this specification.
    </p>

    <table class="simple">
      <thead>
        <tr>
          <th>
Goal
          </th>
          <th>
Description
          </th>
        </tr>
      </thead>

      <tbody>
        <tr>
          <td>
Decentralization
          </td>
          <td>
Eliminate the requirement for centralized authorities or single point
failure in identifier management, including the registration of globally unique
identifiers, public verification keys, <a>service endpoints</a>, and other
metadata.
          </td>
        </tr>

        <tr>
          <td>
Control
          </td>
          <td>
Give entities, both human and non-human, the power to directly control their
digital identifiers without the need to rely on external authorities.
          </td>
        </tr>

        <tr>
          <td>
Privacy
          </td>
          <td>
Enable entities to control the privacy of their information, including minimal,
selective, and progressive disclosure of attributes or other data.
          </td>
        </tr>

        <tr>
          <td>
Security
          </td>
          <td>
Enable sufficient security for relying parties to depend on <a>DID documents</a>
for their required level of assurance.
          </td>
        </tr>

        <tr>
            <td>
Proof-based
          </td>
          <td>
Enable <a>DID subjects</a> to provide cryptographic proof when interacting with
other entities.
          </td>
        </tr>

        <tr>
          <td>
Discoverability
          </td>
          <td>
Make it possible for entities to discover <a>DIDs</a> for other entities to
learn more about or interact with those entities.
          </td>
        </tr>

        <tr>
          <td>
Interoperability
          </td>
          <td>
Use interoperable standards so <a>DID</a> infrastructure can make use of
existing tools and software libraries designed for interoperability.
          </td>
        </tr>

        <tr>
          <td>
Portability
          </td>
          <td>
Be system and network-independent and enable entities to use their digital
identifiers with any system that supports <a>DIDs</a> and <a>DID methods</a>.
          </td>
        </tr>

        <tr>
          <td>
Simplicity
          </td>
          <td>
Favor a reduced set of simple features to make the technology easier to
understand, implement, and deploy.
          </td>
        </tr>

        <tr>
          <td>
Extensibility
          </td>
          <td>
Where possible, enable extensibility provided it does not greatly hinder
interoperability, portability, or simplicity.
          </td>
        </tr>
      </tbody>
    </table>
  </section>

  <section>
    <h3>
Interoperability
    </h3>

    <p>
Interoperability of implementations for <a>DIDs</a> and <a>DID documents</a>
will be tested by evaluating an implementation's ability to create and parse
<a>DIDs</a> and <a>DID documents</a> that conform to the specification.
Interoperability for <a>DID methods</a> will be determined by evaluating each
<a>DID method</a> specification to determine, at a minimum, that the:
    </p>
      <ul>
        <li>
<a>DID method</a> name is unique and not used by an existing, incompatible
<a>DID method</a>.
        </li>
        <li>
Required operations are supported.
        </li>
        <li>
Operations requiring descriptions are described.
        </li>
        <li>
Specification is specific, detailed, and complete enough for independent
implementation.
        </li>
        <li>
Specification contains sections describing security and privacy considerations.
        </li>
      </ul>

    <p>
Interoperability for producers and consumers of <a>DIDs</a> and
<a>DID documents</a> is provided by ensuring the <a>DIDs</a> and
<a>DID documents</a> conform. Interoperability for <a>DID method</a>
specifications is provided by the details in each <a>DID method</a>
specification. It is understood that, in the same way that a web browser is not
required to implement all known URI schemes, conformant software that works
with <a>DIDs</a> is not required to implement all known <a>DID methods</a>.
However, all implementations of a given <a>DID method</a> must be interoperable
for that method.
    </p>
  </section>

  </section>

  <section class="informative">
    <h1>
Terminology
    </h1>

    <div data-include="terms.html" data-oninclude="restrictReferences">
    </div>

  </section>

  <section>
    <h1>Overall Architecture</h1>

    <section>
      <h2>DIDs</h2>
    </section>

    <section>
      <h2>DID Registries</h2>
    </section>

    <section>
      <h2>DID Documents</h2>

      <p>
A <a>DID document</a> is the <a>resource</a> that is associated with a
<a>decentralized identifier</a> (DID). <a>DID documents</a> typically express
verification methods (such as public keys) and services that can be used to
interact with a <a>DID controller</a>.
      </p>

      <p>
A <a>DID document</a> is serialized according to a particular syntax, as
outlined in Section <a href="#core-representations"></a>). The <a>DID</a> itself
is contained in the <code>id</code> property.
      </p>

      <p>
The properties that can be present in a <a>DID document</a> are outlined in
Section <a href="#did-documents"></a>.
      </p>

      <p>
The properties present in a <a>DID document</a> can be updated according to
the applicable operations outlined in Section <a href="#methods"></a>.
      </p>

    </section>

    <section>
      <h2>DID Resolvers and DID Resolution</h2>
    </section>

    <section>
      <h2>Security and Privacy</h2>
    </section>

  </section>

  <section id="conformance">

    <p>
This document contains examples that contain JSON, CBOR, and JSON-LD content.
Some of these examples contain characters that are invalid, such as inline
comments (<code>//</code>) and the use of ellipsis (<code>...</code>) to denote
information that adds little value to the example. Implementers are cautioned to
remove this content if they desire to use the information as valid JSON, CBOR,
or JSON-LD.
    </p>

   <p>
A <dfn>conforming DID</dfn> is any concrete expression of the rules
specified in Section <a href="#identifier"></a> and MUST comply with relevant
normative statements in that section.
   </p>

    <p>
A <dfn>conforming DID Document</dfn> is any concrete expression of the data
model described in this specification and MUST comply with the relevant
normative statements in Sections <a href="#data-model"></a> and  <a
href="#core-properties"></a>. A serialization format for the conforming document
MUST be deterministic, bi-directional, and lossless as described in Section <a
href="#core-representations"></a>. The <a>conforming DID document</a> MAY be
transmitted or stored in any such serialization format.
    </p>

    <p>
A <dfn>conforming DID Method</dfn> is any specification that complies with the
relevant normative statements in Section <a href="#methods"></a>.
    </p>

    <p>
A <dfn>producer</dfn> is any algorithm realized as software and/or
hardware and conforms to this specification if it generates
<a>conforming DID</a>s or <a>conforming DID Document</a>s.
A <a>producer</a> that is conformant with this specification MUST NOT produce
non-conforming <a>DIDs</a> or <a>DID Documents</a>.
    </p>

    <p>
A <dfn>consumer</dfn> is any algorithm realized as software and/or
hardware and conforms to this specification if it consumes
<a>conforming DID</a>s or <a>conforming DID Document</a>s. A
<a>consumer</a> that is conformant with this specification MUST produce errors
when consuming non-conforming <a>DIDs</a> or <a>DID Documents</a>.
    </p>

  </section>

  <section>
    <h2>Identifier</h2>

    <p>
The concept of a globally unique <a>decentralized identifier</a> is not new.
<a>Universally Unique Identifiers</a> (UUIDs) were first developed in the 1980s
and later became a standard feature of the Open Software Foundation’s
<a href="https://en.wikipedia.org/wiki/Distributed_Computing_Environment">Distributed Computing Environment</a>.
<a>UUIDs</a> achieve global uniqueness without a centralized registry service by
using an algorithm that generates 128-bit values with sufficient entropy that
the chance of collision are infinitesimally small. <a>UUIDs</a> are formally
specified in [[RFC4122]] as a specific type of Unified Resource Name (URN).
    </p>

    <p>
A <a>DID</a> is similar to a <a>UUID</a> except that:
    </p>
    <ul>
      <li>
Like a URL, it can be resolved or dereferenced to a standard <a>resource</a> describing
the subject. That is, a <a>DID document</a>. For more information, see Section
<a href="#did-documents"></a>.
      </li>
      <li>
Unlike most <a>resources</a> returned when dereferencing URLs, a <a>DID document</a>
usually contains cryptographic material enabling authentication of the
<a>DID subject</a>.
      </li>
    </ul>

    <section>
      <h3>DID Syntax</h3>
      <section>
        <h2 id="generic-did-syntax">Generic DID Syntax</h2>

        <p>
          The generic <a>DID scheme</a> is a URI scheme conformant with [[!RFC3986]].

        <p class="note">
            A <a>DID</a> always identifies the <a>DID subject</a>.
         </p>

        <p>
          The following is the ABNF definition using the syntax in [[!RFC5234]], which
          defines <code>ALPHA</code> and <code>DIGIT</code>. All other rule names not
          defined in this ABNF are defined in [[RFC3986]].
        </p>

        <pre class="nohighlight">
  did                = "did:" method-name ":" method-specific-id
  method-name        = 1*method-char
  method-char        = %x61-7A / DIGIT
  method-specific-id = *( ":" *idchar ) 1*idchar
  idchar             = ALPHA / DIGIT / "." / "-" / "_"
        </pre>

        <p class="issue" data-number="34">
  The grammar currently allows an empty <code>method-specific-id</code>,
  e.g., <code>did:example:</code> would be a valid <a>DID</a> that could identify
  the <a>DID method</a> itself.
        </p>
      </section>
      <section id="method-specific-parameters">
        <h2>Method-Specific Syntax</h2>

        <p>
  A <a>DID method</a> specification MUST further restrict the generic <a>DID</a>
  syntax by defining its own <code>method-name</code> and its own
  <code>method-specific-id</code> syntax. For more information, see Section
  <a href="#methods"></a>.
        </p>

      </section>
      <section>
        <h2>Normalization</h2>

        <p>
  For the broadest interoperability, make <a>DID</a> normalization as simple and
  universal as possible:
        </p>
        <ul>
          <li>
  The <a>DID scheme</a> name MUST be lowercase.
          </li>

          <li>
  The <a>DID method</a> name MUST be lowercase.
          </li>

          <li>
  Case sensitivity and normalization of the value of the
  <code>method-specific-id</code> rule in Section
  <a href="#generic-did-syntax"></a> MUST be defined by the governing
  <a>DID method</a> specification.
          </li>
        </ul>
      </section>

      <section>
        <h2>Persistence</h2>

        <p>
  A <a>DID</a> is expected to be persistent and immutable. That is, a <a>DID</a>
  is bound exclusively and permanently to its one and only subject. Even after a
  <a>DID</a> is deactivated, it is intended that it never be repurposed.
        </p>

        <p>
  Ideally, a <a>DID</a> would be a completely abstract decentralized identifier
  (like a <a>UUID</a>) that could be bound to multiple underlying
  <a>DID registries</a> over time, thus maintaining its persistence independent of
  any particular system. However, registering the same identifier on multiple
  <a>DID registries</a> introduces extremely hard entityship and
  <a href="https://en.wikipedia.org/wiki/List_of_DNS_record_types%23SOA">start-of-authority</a>
  (SOA) problems. It also greatly increases implementation complexity for
  developers.
        </p>

        <p class="note">
To avoid these issues, developers should refer to the Decentralized Characteristics 
Rubric [[?DID-RUBRIC]] to decide which <a>DID method</a> best addresses the needs of 
the use case.
        </p>

        <p class="note">
  Although not included in this version, future versions of this specification
  might support a <a>DID document</a> <code>equivID</code> property to establish
  verifiable equivalence relations between <a>DIDs</a> representing the same
  subject on multiple <a>DID registries</a>. Such equivalence relations can
  produce the practical equivalent of a single persistent abstract <a>DID</a>. For
  more information, see Section <a href="#future-work"></a>.
        </p>
      </section>
     </section>

    <section>
      <h3>DID URL Syntax</h3>

      <section>
        <h2>Generic DID URL Syntax</h2>

        <p>
  A <a>DID URL</a> always identifies a <a>resource</a> to be located. It can be used,
  for example, to identify a specific part of a <a>DID document</a>.
        </p>

        <p>
  This following is the ABNF definition using the syntax in [[!RFC5324]]. It builds on the <code>did</code> scheme defined in <a href="#generic-did-syntax"></a>. The <code>path-abempty</code>, <code>query</code>, and
  <code>fragment</code> components are identical to the ABNF rules defined in
  [[!RFC3986]].
        </p>


        <pre class="nohighlight">
  did-url            = did *( ";" param ) path-abempty [ "?" query ]
                       [ "#" fragment ]
  param              = param-name [ "=" param-value ]
  param-name         = 1*param-char
  param-value        = *param-char
  param-char         = ALPHA / DIGIT / "." / "-" / "_" / ":" /
                       pct-encoded
        </pre>

      </section>

      <section>
        <h2>Generic DID URL Parameters</h2>

        <p>
  The <a>DID URL</a> syntax supports a simple, generalized format for parameters
  based on the matrix parameter syntax ([[?MATRIX-URIS]]). The ABNF above
  specifies the basic syntax (the <code>param-name</code> rule) but does not
  specify any concrete parameter names.
        </p>
        <p>
  Some generic DID parameter names (for example, for service selection) are
  completely independent of any specific <a>DID method</a> and MUST always
  function the same way for all <a>DIDs</a>. Other DID parameter names (for
  example, for versioning) MAY be supported by certain <a>DID methods</a>, but
  MUST operate uniformly across those <a>DID methods</a> that do support them.
        </p>
        <p>
  Parameter names that are completely method-specific are described in Section
  <a href="#method-specific-parameters"></a>.
        </p>
        <p>
  The following table defines a set of generic DID parameter names.
        </p>

        <table class="simple">
          <thead>
            <tr>
              <th>
  Generic DID Parameter Name
              </th>
              <th>
  Description
              </th>
            </tr>
          </thead>

          <tbody>
            <tr>
              <td>
  <code>hl</code>
              </td>
              <td>
  A resource hash of the <a>DID document</a> to add integrity protection, as
  specified in [[?HASHLINK]].
              </td>
            </tr>
            <tr>
              <td>
  <code>service</code>
              </td>
              <td>
  Identifies a service from the <a>DID document</a> by service ID.
              </td>
            </tr>
            <tr>
              <td>
  <code>version-id</code>
              </td>
              <td>
  Identifies a specific version of a <a>DID document</a> to be resolved (the
  version ID could be sequential, or a <a>UUID</a>, or method-specific). Note that
  this parameter might not be supported by all <a>DID methods</a>.
              </td>
            </tr>

            <tr>
              <td>
  <code>version-time</code>
              </td>
              <td>
  Identifies a certain version timestamp of a <a>DID document</a> to be resolved.
  That is, the <a>DID document</a> that was valid for a <a>DID</a> at a certain
  time. Note that this parameter might not be supported by all <a>DID methods</a>.
              </td>
            </tr>
          </tbody>
        </table>

        <p>
  The exact processing rules for these parameters are specified in
  [[?DID-RESOLUTION]].
        </p>

        <p>
  Adding a DID parameter to a DID URL means that the parameter becomes part of
  an identifier for a <a>resource</a> (the DID document or other). Alternatively, the
  DID resolution and the DID URL dereferencing processes can also be influenced
  by passing options to a <a>DID resolver</a> that are not part of the DID URL.
  Such options could for example control caching or the desired encoding of a
  resolution result. This is comparable to HTTP, where certain parameters could
  either be included in an HTTP URL, or alternatively passed as HTTP headers
  during the dereferencing process. The important distinction is that DID
  parameters that are part of the <a>DID URL</a> should be used to specify
  <i>what <a>resource</a> is being identified</i>, whereas <a>DID resolver</a> options
  that are not part of the <a>DID URL</a> should be use to control <i>how that
  <a>resource</a> is dereferenced</i>.
        </p>

        <p>
  DID parameters MAY be used if there is a clear use case where
  the parameter needs to be part of a URI that can be used as a link, or
  as a <a>resource</a> in RDF / JSON-LD documents.
        </p>

        <p>
  DID parameters SHOULD NOT be used if there are already other, equivalent
  ways of constructing URIs that fulfill the same purpose (for example, using
  other syntactical constructs such as URI query strings or URI fragments).
        </p>

        <p>
  DID parameters SHOULD NOT be used if the same functionality can be expressed
  by passing options to a <a>DID resolver</a>, and if there is no need to
  construct a URI for use as a link, or as a <a>resource</a> in RDF / JSON-LD documents.
        </p>

      </section>

      <section>
        <h2>Method-Specific DID URL Parameters</h2>

        <p>
  A <a>DID method</a> specification MAY specify additional method-specific
  parameter names. A method-specific parameter name MUST be prefixed by the method
  name, as defined by the <code>method-name</code> rule.
        </p>

        <p>
  For example, if the method <code>did:foo:</code> defines the parameter bar, the
  parameter name must be <code>foo:bar</code>. An example <a>DID URL</a> using
  this method and this method-specific parameter would be as shown below.
        </p>

        <pre class="example nohighlight">
  did:foo:21tDAKCERh95uGgKbJNHYp;foo:bar=high
        </pre>

        <p>
  A method-specific parameter name defined by one <a>DID method</a> MAY be used by
  other <a>DID methods</a>.
        </p>

        <pre class="example nohighlight">
  did:example:21tDAKCERh95uGgKbJNHYp;foo:bar=low
        </pre>

        <p>
  Method-specific parameter names MAY be combined with generic parameter names in
  any order.
        </p>

        <pre class="example nohighlight">
  did:example:21tDAKCERh95uGgKbJNHYp;service=agent;foo:bar=high
        </pre>

        <p>
  Both <a>DID method</a> namespaces and method-specific parameter namespaces MAY
  include colons, so they might be partitioned hierarchically, as defined by a
  <a>DID method</a> specification. The following example <a>DID URL</a>
  illustrates both.
        </p>

        <pre class="example nohighlight">
  did:foo:baz:21tDAKCERh95uGgKbJNHYp;foo:baz:hex=b612
        </pre>

        <p class="issue" data-number="36">
  Review what exactly we want to say about method-specific parameters
  defined by one method but used in a <a>DID URL</a> with a different method.
  Also discuss hierarchical method namespaces in DID parameter names.
        </p>

      </section>

      <section>
        <h2>Path</h2>

        <p>
  A generic <a>DID path</a> is identical to a URI path and MUST conform to the
  <code>path-abempty</code> ABNF rule in [[!RFC3986]]. A <a>DID path</a> SHOULD be
  used to address <a>resources</a> available through a <a>service endpoint</a>. For more
  information, see Section <a href="#service-endpoints"></a>.
        </p>

        <p>
  A specific <a>DID scheme</a> MAY specify ABNF rules for <a>DID paths</a> that
  are more restrictive than the generic rules in this section.
        </p>

        <pre class="example nohighlight">
  did:example:123456/path
        </pre>
      </section>

      <section>
        <h2>Query</h2>

        <p>
  A generic <a>DID query</a> is identical to a URI query and MUST conform to the
  <code>query</code> ABNF rule in [[!RFC3986]]. A <a>DID query</a> SHOULD be used
  to address <a>resources</a> available through a <a>service endpoint</a>. For more
  information, see Section <a href="#service-endpoints"></a>.
        </p>

        <p>
  A specific <a>DID scheme</a> MAY specify ABNF rules for <a>DID queries</a> that
  are more restrictive than the generic rules in this section.
        </p>

        <pre class="example nohighlight">
  did:example:123456?query=true
        </pre>
      </section>

      <section>
        <h2>Fragment</h2>

        <p>
  A <a>DID fragment</a> is used as method-independent reference into the <a>DID
  document</a> to identify a component of the document (for example, a unique
  <a>public key description</a> or <a>service endpoint</a>). <a>DID fragment</a>
  syntax and semantics are identical to a generic URI fragment and  MUST conform
  to <a data-cite="RFC3986#section-3.5">RFC&nbsp;3986, section 3.5</a>. To resolve
  a <a>DID fragment</a> reference, the complete <a>DID URL</a> including the
  <a>DID fragment</a> MUST be used as input to the <a>DID URL</a> dereferencing
  algorithm for the target component in the <a>DID document</a> object. For more
  information, see [[?DID-RESOLUTION]].
        </p>

        <p>
  A specific <a>DID scheme</a> MAY specify ABNF rules for <a>DID fragments</a>
  that are more restrictive than the generic rules in this section.
        </p>

        <p>
  Implementations need not rely on graph-based processing of <a>DID documents</a>
  to locate metadata contained in the <a>DID document</a> when the <a>DID</a>
  includes a <a>DID fragment</a>. Tree-based processing can be used instead.
        </p>

        <p>
  Implementations SHOULD NOT prevent the use of <a>JSON Pointer</a>
  ([[!RFC6901]]).
        </p>

        <pre class="example nohighlight">
  did:example:123456#public-key-1
        </pre>

        <p>
  Additional semantics for fragment identifiers, which are compatible with and
  layered upon the semantics in this section, are described for JSON-LD
  representations in Section <a href="#application-did-ld-json"></a>.
        </p>

      </section>

      <section>
        <h2>Relative DID URLs</h2>

        <p>
A relative DID URL is any URL value in a <a>DID document</a> that does not start
with <code>did:&lt;method-name>:&lt;method-specific-id></code>. More
specifically, it is any URL value that does not start with the ABNF defined  in
Section <a href="#generic-did-syntax"></a>. The contents of the URL typically
refers to a <a>resource</a> in the same <a>DID document</a>. Relative DID URLs MAY
contain relative path components, query parameters, and fragment identifiers.
        </p>

        <p>
When resolving a relative DID URL reference, the algorithm specified in <a
data-cite="RFC3986#section-5">RFC3986 Section 5: Reference Resolution</a>  MUST
be used. The <strong>base URI</strong> value is the <a>DID</a> that is
associated with the <a>DID subject</a>, see Section <a href="#did-subject"></a>.
The <strong>scheme</strong> is <code>did</code>. The <strong>authority</strong>
is a combination of <code>&lt;method-name>:&lt;method-specific-id></code>, and
the <strong>path</strong>, <strong>query</strong>, and <strong>fragment</strong>
values are those defined in Section <a href="#path"></a>, Section <a
href="#query"></a>, and Section <a href="#fragment"></a>, respectively.
        </p>

        <p>
Relative DID URLs are often used to identify <a>verification methods</a> and
<a>services</a> in a DID Document without having to use absolute URLs, which
tend to be more verbose than necessary.
        </p>

        <pre class="example nohighlight" title="An example of a relative DID URL">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "publicKey": [{
    "id": "did:example:123456789abcdefghi#key-1",
    "type": "RsaVerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }, ...],
  "authentication": [
<span class="comment">    // a relative DID URL used to reference a verification method above</span>
    "<span class="highlight">#key-1</span>"
  ]
}
        </pre>

        <p>
In the example above, the relative DID URL value will be transformed to an
absolute DID URL value of <code>did:example:123456789abcdefghi#key-1</code>.
        </p>
      </section>

    </section>

  </section>

  <section class="informative">
    <h1>Data Model</h1>

    <section>
      <h2>Definition</h2>
    </section>

    <section>
      <h2>Extensibility</h2>
    </section>

    <section>
      <h2>Representation Requirements</h2>
    </section>

  </section>

  <section>
    <h1>Core Properties</h1>

    <p>
A <a>DID</a> points to a <a>DID document</a>. <a>DID documents</a> are the
serialization of the data model outlined in Section <a href="#data-model"></a>.
The following sections define the properties in a <a>DID document</a>,
including whether these properties are required or optional.
    </p>

    <section>
      <h2>
Identifiers
      </h2>
      <p>
Identifiers are used in the data model to identify specific instances of people,
organizations, devices, keys, services, and things in general. Identifiers are
typically URLs, or more generally, <a>URIs</a>. Non-<a>URI</a>-based identifiers
are not advised because, while the data model supports them, they are not easy
to use with other Internet-based identifiers.
      </p>
    </section>

    <section>
      <h2>DID Subject</h2>

      <p>
The <a>DID subject</a> is denoted with the <code>id</code> property. The
<a>DID subject</a> is the entity that the <a>DID document</a> is about. That is,
it is the entity identified by the <a>DID</a> and described by the
<a>DID document</a>.
      </p>

      <p>
<a>DID documents</a> MUST include the <code>id</code> property.
      </p>

      <dl>
        <dt><dfn>id</dfn></dt>
        <dd>
The value of <code>id</code> MUST be a single valid <a>DID</a>.
        </dd>
      </dl>

      <pre class="example nohighlight">
{
  "id": "did:example:21tDAKCERh95uGgKbJNHYp"
}
      </pre>

      <p class="note">
<a>DID method</a> specifications can create intermediate representations of a
<a>DID document</a> that do not contain the <code>id</code> key, such as when a
<a>DID resolver</a> is performing resolution. However, the fully resolved
<a>DID document</a> always contains a valid <code>id</code> property. The value
of <code>id</code> in the resolved <a>DID document</a> is expected to match the
<a>DID</a> that was resolved.
      </p>
    </section>

    <section>
      <h2>Public Keys</h2>

      <p>
A <a>DID document</a> can express cryptographic keys and other verification
methods, which can be used to authenticate or authorize interactions with the
<a>DID subject</a> or associated parties. The information expressed often
includes globally unambiguous identifiers and public key material, which can be
used to verify digital signatures. Other information can be expressed, such as
status information for the key (for example, whether it is suspended or
revoked), or other attributes that enable one to determine whether it is a
hardware-backed cryptographic key.
      </p>

      <p>
Regarding cryptographic key material, public keys can be included in a
<a>DID document</a> using, for example, the <code>publicKey</code> or
<code>authentication</code> properties, depending on what they are to be used
for. Each public key has an identifier (<code>id</code>) of its own, a
<code>type</code>, and a <code>controller</code>, as well as other properties
that depend on the type of key it is.
      </p>

      <p>
This specification strives to limit the number of formats for expressing public
key material in a DID Document to the fewest possible, to increase the
likelihood of interoperability. The fewer formats that implementers have to
implement, the more likely it will be that they will support all of them. This
approach attempts to strike a delicate balance between ease of implementation
and supporting formats that have historically had broad deployment. The specific
types of key formats that are supported in this specification are listed below.
      </p>

      <p>
A public key is a <a>verification method</a>.
Public keys are used for digital signatures, encryption and other cryptographic
operations, which in turn are the basis for purposes such as authentication
(see Section <a href="#authentication"></a>) or establishing secure
communication with <a>service endpoints</a> (see Section
<a href="#service-endpoints"></a>). As well, public keys can play a role in
authorization mechanisms of <a>DID</a> method operations (see Section
<a href="#method-operations"></a>), which can be defined by <a>DID method</a>
specifications.
      </p>

      <p class="note" title="Verification methods">
A public key is just one type of <a>verification method</a>.  A <a>DID
document</a> expresses the relationship between the <a>DID subject</a> and a
<a>verification method</a> using a <dfn>verification relationship</dfn>.
Examples of <a>verification relationship</a>s include:
<code>authentication</code>, <code> capabilityInvocation</code>,
<code>capabilityDelegation</code>, <code>keyAgreement</code>, and
<code>assertionMethod</code>. A <a>DID controller</a> MUST be explicit about the
<a>verification relationship</a> between the DID subject and the <a>verification
method</a>. <a>Verification methods</a> that are not associated with a
particular <a>verification relationship</a> MUST NOT be used for that
<a>verification relationship</a>. See Section <a href="#authentication"></a>
for a more detailed example of a <a>verification relationship</a>.
      </p>

      <p>
A <a>DID document</a> MAY include a <code>publicKey</code> property.
      </p>

      <dl>
        <dt><dfn>publicKey</dfn></dt>
        <dd>
If a <a>DID document</a> includes a <code>publicKey</code> property, the value
of the property MUST be an array of public key objects. Each public key object
MUST have the <code>type</code>, <code>controller</code>, and specific public
key properties, and MUST have an <code>id</code> property. The public key
objects MAY include additional properties.
        </dd>
      </dl>

      <p>
The value of the <code>id</code> property MUST be a <a>URI</a>. The
array of public keys MUST NOT contain multiple entries with the same
<code>id</code>. In this case, a <a>DID document</a> processor MUST produce an
error.
      </p>

      <p>
The value of the <code>type</code> property MUST be exactly one public key type.
For a registry of available key types and formats, see Appendix
<a href="#interoperability-registries"></a>.
      </p>

      <p>
The value of the <code>controller</code> property, which identifies the
controller of the corresponding private key, MUST be a valid <a>DID</a>.
      </p>

      <p class="note" title="Key controller(s) and DID controller(s)">
The semantics of the <code>controller</code> property are the same when the
subject of the relationship is the <a>DID document</a> as when the subject
of the relationship is a key. Since a key can't control itself, and the
key controller cannot be inferred from the <a>DID document</a>, it is
necessary to explicitly express the identity of the controller of the key
(which may be the <a>DID controller</a> or <a>DID subject</a>). The
difference is that the value of <code>controller</code> on a key is not
necessarily a <a>DID controller</a>. <a>DID controller(s)</a> are
expressed using the <code>controller</code> property on the top level of
the <a>DID document</a>; see Section <a href="#authorization-and-delegation"></a>.
      </p>

      <p>
The value of the <code>id</code> property MAY be structured as a <a href="https://en.wikipedia.org/wiki/Compound_key">compound key</a>. 
This is especially useful for integrating with existing key management systems and key formats such as <a href="https://tools.ietf.org/html/rfc7517">JWK</a>.
It is RECOMMENDED that <a href="https://tools.ietf.org/html/rfc7517">JWK</a> <code>kid</code> values are set to the <a href="https://tools.ietf.org/html/rfc7638">public key fingerprint</a>. 
It is RECOMMENDED that verification methods that use JWKs to represent their 
public keys utilize the value of <code>kid</code> as their fragment identifier.
See the first key in <a href="#example-12-various-public-keys">EXAMPLE 12</a> for an example of a public key with a compound key identifier.
      </p>

      <p>
All public key properties MUST be from the Linked Data Cryptographic Suite
Registry. For a registry of key types and formats, see Appendix
<a href="#interoperability-registries"></a>.
      </p>

      <p>
If a public key does not exist in the <a>DID document</a>, it MUST be assumed
the key was revoked or is invalid. The <a>DID document</a> MAY contain revoked
keys. A <a>DID document</a> containing a revoked key MUST also contain or refer
to the revocation information for the key (for example, a revocation list). Each
<a>DID method</a> specification is expected to detail how revocation is
performed and tracked.
      </p>

      <p>
Public keys of all types MUST be expressed in either JSON Web Key (JWK) format
using the <code>publicKeyJwk</code> property or one of the formats listed in the
table below. Public key expression MUST NOT use any other key format.
      </p>

      <p class="issue">
The Working Group is still debating whether the base encoding format used will be
Base58 (Bitcoin) [[BASE58]], base64url [[RFC7515]], or base16 (hex) [[RFC4648]].
The entries in the table below currently assume PEM and Base58 (Bitcoin), but might
change to base64url and/or base16 (hex) after the group achieves consensus on this
particular issue.
      </p>

      <p class="issue">
The Working Group is still debating whether secp256k1 Schnorr public key values
will be elaborated upon in this specification and if so, how they will be
expressed and encoded.
      </p>

      <table class="simple">
        <thead>
          <tr>
            <th>
Key&nbsp;Type
            </th>
            <th>
Support
            </th>
          </tr>
        </thead>

        <tbody>
          <tr>
            <td>
RSA
            </td>
            <td>
RSA public key values MUST either be encoded as a JWK or be encoded in
Privacy Enhanced Mail (PEM) format using the <code>publicKeyPem</code> property.
            </td>
          </tr>
          <tr>
            <td>
ed25519
            </td>
            <td>
Ed25519 public key values MUST either be encoded as a JWK or be encoded as
the raw 32-byte public key value in Base58 Bitcoin format using the
<code>publicKeyBase58</code> property.
            </td>
          </tr>
          <tr>
            <td>
secp256k1-koblitz
            </td>
            <td>
Secp256k1 Koblitz public key values MUST either be encoded as a JWK or be
encoded as the raw 33-byte public key value in Base58 Bitcoin format using the
<code>publicKeyBase58</code> property.
            </td>
          </tr>
          <tr>
            <td>
secp256r1
            </td>
            <td>
Secp256r1 public key values MUST either be encoded as a JWK or be encoded as
the raw 32-byte public key value encoded in Base58 Bitcoin format using the
<code>publicKeyBase58</code> property.
            </td>
          </tr>
          <tr>
            <td>
Curve25519
            </td>
            <td>
Curve25519 (also known as X25519) public key values MUST either be encoded as
a JWK or be encoded as the raw 32-byte public key value in Base58 Bitcoin format
using the <code>publicKeyBase58</code> property.
            </td>
          </tr>
        </tbody>
      </table>

      <p>
Example:
      </p>

      <pre class="example nohighlight" title="Various public keys">
{
  "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/v1"],
  "id": "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "publicKey": [{
    "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
    "type": "JwsVerificationKey2020",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "crv": "Ed25519",
      "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
      "kty": "OKP",
      "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
    }
  }, {
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "RsaVerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }, {
    "id": "did:example:123456789abcdefghi#keys-2",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:pqrstuvwxyz0987654321",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }, {
    "id": "did:example:123456789abcdefghi#keys-3",
    "type": "Secp256k1VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyHex": "02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71"
  }],
  <span class="comment">...</span>
}
      </pre>

      <p>
A key MAY be <em>embedded</em> or <em>referenced</em> in a <a>DID document</a>.
For example, the <code>authentication</code> property might refer to keys in
both ways, as shown in the example below.
      </p>

      <pre class="example nohighlight" title="Various public keys">
{
<span class="comment">...</span>

  "authentication": [
    <span class="comment">// this key is referenced, it may be used with more than one verification relationship</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this key is embedded and may *only* be used for authentication</span>
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],

<span class="comment">...</span>
}
      </pre>

      <p>
The steps to use when processing a <code>publicKey</code> property in a
<a>DID document</a> are:
      </p>

      <ol class="algorithm">
        <li>
Let <em>value</em> be the data associated with the <code>publicKey</code>
property and initialize <em>result</em> to <code>null</code>.
        </li>

        <li>
If <em>value</em> is an object, the key material is embedded. Set
<em>result</em> to <em>value</em>.
        </li>

        <li>
If <em>value</em> is a string, the key is included by reference. Assume
<em>value</em> is a URL.
          <ol>
            <li>
Dereference the URL and retrieve the <code>publicKey</code> properties
associated with the URL. For example, process the <code>publicKey</code>
property at the top-level of the dereferenced document.
            </li>

            <li>
Iterating through each public key object, if the <code>id</code> property of the
object matches <em>value</em>, set <em>result</em> to the object.
            </li>
          </ol>
        </li>

        <li>
If <em>result</em> does not contain at least the <code>id</code>,
<code>type</code>, and <code>controller</code> properties, as well as any
mandatory public cryptographic material, as determined by the <code>type</code>
property of <em>result</em>, throw an error.
        </li>
      </ol>

      <p class="note">
Caching and expiration of the keys in a <a>DID document</a> is entirely the
responsibility of <a>DID resolvers</a> and other clients. For more information,
see Section <a href="#resolution"></a>.
      </p>

    </section>

    <section>
      <h2>Authentication</h2>

      <p>
Authentication is a mechanism by which an entity can prove it is the
<a>DID subject</a>. The <em>verifier</em> of an authentication attempt
can check if the authenticating party is presenting a valid proof of
authentication, that is, that they are who they say they are. Note that
a successful authentication on its own may or may not confer authority;
that is up to the verifying application.
      </p>

      <p class="note" title="Uses of authentication">
If authentication is established, it is up to the <a>DID method</a> or other
application to decide what to do with that information. A particular <a>DID
method</a> could decide that authenticating as a <a>DID controller</a> is
sufficient to, for example, update or delete the <a>DID document</a>. Another
<a>DID method</a> could require different keys, or a different verification
method entirely, to be presented in order to update or delete the <a>DID
document</a> than that used to authenticate. In other words, what is done
<em>after</em> the authentication check is out of scope for the DID data
model, but <a>DID methods</a> and applications are expected to define this
themselves.
      </p>

      <p>
A <a>DID document</a> MAY include an <code>authentication</code> property.
      </p>

      <dl>
          <dt><dfn>authentication</dfn></dt>
          <dd>
The <code>authentication</code> property is a relationship between the
<a>DID subject</a> and a set of verification methods (such as, but not
limited to, public keys). It means that the <a>DID subject</a> has authorized
some set of <a>verification methods</a> (per the value of the
<code>authentication</code> property) for the purpose of authentication. The value
of the <code>authentication</code> property SHOULD be an array of
<a>verification methods</a>. Each <a>verification method</a> MAY be embedded
or referenced. An example of a <a>verification method</a> is a public key
(see Section <a href="#public-keys"></a>).
          </dd>
      </dl>

      <p>
This statement is useful to any "authentication verifier" that needs to check
to see if an entity that is attempting to authenticate is, in fact, presenting
a valid proof of authentication. When a verifier receives some data (in some
protocol-specific format) that contains a proof that was made for the purpose
of "authentication", and that says that an entity is identified by the <a>DID</a>,
then that verifier checks to ensure that the proof can be verified using a
<a>verification method</a> (e.g., public key) listed under
<code>authentication</code> in the <a>DID Document</a>.
      </p>

      <p>
The <a>verification method</a> indicated by the <code>authentication</code>
property of a <a>DID document</a> can only be used to authenticate the
<a>DID subject</a>. To authenticate the <a>DID controller</a> (in cases
where the <a>DID controller</a> is not <em>also</em> the <a>DID subject</a>)
the entity associated with the value of <code>controller</code> (see
Section <a href="#authorization-and-delegation"></a>) needs to
authenticate itself with its <em>own</em> <a>DID document</a> and attached
<code>authentication</code> <a>verification method</a> relationship.
      </p>

      <p>
Example:
      </p>

      <pre class="example nohighlight" title="Authentication field containing three verification methods">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "authentication": [
    <span class="comment">// this method can be used to authenticate as did:...fghi</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this method can be used to authenticate as did:...fghi</span>
    "did:example:123456789abcdefghi#biometric-1",
    <span class="comment">// this method is *only* authorized for authentication, it may not</span>
    <span class="comment">// be used for any other proof purpose, so its full description is</span>
    <span class="comment">// embedded here rather than using only a reference</span>
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],
  <span class="comment">...</span>
}
      </pre>
    </section>

    <section>
      <h2>
Authorization and Delegation
      </h2>

      <p>
Authorization is the mechanism used to state how operations may be
performed on behalf of the <a>DID subject</a>. Delegation is the
mechanism that the subject uses to authorize others to act
on their behalf.
      </p>

      <p class="note" title="Authorization vs authentication">
Note that Authorization is separate from <a href="#authentication"></a>.
This is particularly important for key recovery in the case of key loss,
when the subject no longer has access to their keys, or key compromise,
where the <a>DID controller</a>'s trusted third parties need to override
malicious activity by an attacker. See Section <a href="#security-considerations"></a>.
      </p>

      <p>
A DID document MAY include a <code>controller</code> property to indicate
that there are <a>DID controller(s)</a> other than the <a>DID subject</a>.
If so:
      </p>

      <dl>
          <dt><dfn>controller</dfn></dt>
          <dd>
The value of the <code>controller</code> property MUST be a valid <a>DID</a>
or an array of valid <a>DIDs</a>. The corresponding <a>DID document</a>(s)
SHOULD contain authorization relations that explicitly permit the use of
certain verification methods for specific purposes.
          </dd>
      </dl>

      <p>
Each <a>DID method</a> MUST define how authorization and delegation are
implemented, including any necessary cryptographic operations.
      </p>

      <p>
There are at least two suggested methods for implementing Authorization and
Delegation, which may be layered:
      </p>

      <ul>
        <li>
A <a>DID registry</a> could implement a coarse-grained <code>controller</code>
pattern by enabling <a>DID documents</a> to express the <a>DID</a> of another
<a>DID controller</a> that controls it, or
additionally,
        </li>

        <li>
A <a>DID registry</a> could implement a capabilities-based approach enabling
further fine-grained control of authorization and delegation.
        </li>
      </ul>

      <pre class="example nohighlight" title="DID document with a controller property">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "controller": "did:example:bcehfew7h32f32h7af3",
  "service": [{
    <span class="comment">// used to retrieve Verifiable Credentials associated with the DID</span>
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}
      </pre>
    </section>

    <section>
      <h2>Service Endpoints</h2>

      <p>
<a>Service endpoints</a> are used in <a>DID documents</a> to express ways of
communicating with the <a>DID subject</a> or associated entities. Services
listed in the <a>DID document</a> can contain information about privacy
preserving messaging services, or more public information, such as social media
accounts, personal websites, and email addresses although this is discouraged.
See <a href="#keep-personally-identifiable-information-pii-private"></a> for
additional details. The metadata associated with services are often
service-specific. For example, the metadata associated with an encrypted
messaging service can express how to initiate the encrypted link before
messaging begins.
        </p>
      <p>
Pointers to services are expressed using the <code>service</code> property.
Each service has its own <code>id</code> and <code>type</code>, as well as a
<code>serviceEndpoint</code> with a <a>URI</a> or other properties describing
the service.
      </p>

      <p>
One of the primary purposes of a <a>DID document</a> is to enable discovery of
<a>service endpoints</a>. A <a>service endpoint</a> can be any type of service
the <a>DID subject</a> wants to advertise, including
<a>decentralized identity management</a> services for further discovery,
authentication, authorization, or interaction.
      </p>

      <p>
A <a>DID document</a> MAY include a <code>service</code> property.
      </p>

      <dl>
        <dt><dfn>service</dfn></dt>
        <dd>
If a <a>DID document</a> includes a <code>service</code> property, the value of
the property SHOULD be an array of <a>service endpoint</a> objects. Each
<a>service endpoint</a> MUST have <code>id</code>, <code>type</code>, and
<code>serviceEndpoint</code> properties, and MAY include additional properties.
        </dd>
      </dl>

      <p>
The value of the <code>id</code> property MUST be a <a>URI</a>.
The array of <a>service endpoints</a> MUST NOT contain multiple entries
with the same <code>id</code>. In this case, a <a>DID document</a> processor
MUST produce an error.
      </p>

      <p>
The value of the <code>serviceEndpoint</code> property MUST be a JSON-LD object
or a valid <a>URI</a> conforming to [[RFC3986]] and normalized according to the
rules in section 6 of [[RFC3986]] and to any normalization rules in its
applicable <a>URI</a> scheme specification.
      </p>

      <p>
It is expected that the <a>service endpoint</a> protocol is published in an open
standard specification.
      </p>

      <pre class="example nohighlight" title="Various service endpoints">
{
  "service": [{
    "id": "did:example:123456789abcdefghi#openid",
    "type": "OpenIdConnectVersion1.0Service",
    "serviceEndpoint": "https://openid.example.com/"
  }, {
    "id": "did:example:123456789abcdefghi#vcr",
    "type": "CredentialRepositoryService",
    "serviceEndpoint": "https://repository.example.com/service/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#xdi",
    "type": "XdiService",
    "serviceEndpoint": "https://xdi.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#agent",
    "type": "AgentService",
    "serviceEndpoint": "https://agent.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#hub",
    "type": "IdentityHub",
    "publicKey": "did:example:123456789abcdefghi#key-1",
    "serviceEndpoint": {
      "@context": "https://schema.identity.foundation/hub",
      "type": "UserHubEndpoint",
      "instances": ["did:example:456", "did:example:789"]
    }
  }, {
    "id": "did:example:123456789abcdefghi#messages",
    "type": "MessagingService",
    "serviceEndpoint": "https://example.com/messages/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#inbox",
    "type": "SocialWebInboxService",
    "serviceEndpoint": "https://social.example.com/83hfh37dj",
    "description": "My public social inbox",
    "spamCost": {
      "amount": "0.50",
      "currency": "USD"
    }
  }, {
    "id": "did:example:123456789abcdefghi#authpush",
    "type": "DidAuthPushModeVersion1",
    "serviceEndpoint": "http://auth.example.com/did:example:123456789abcdefg"
  }]
}
      </pre>

      <p>
For more information about security considerations regarding authentication
<a>service endpoints</a> see Sections <a href="#method-schemes"></a>
and <a href="#authentication"></a>.
      </p>
    </section>

    <section>
      <h2>Created</h2>

      <p>
A <a>DID document</a> SHOULD include a <code>created</code> property.
      </p>

      <dl>
          <dt><dfn>created</dfn></dt>
          <dd>
If a <a>DID document</a> includes a <code>created</code> property, the value of
the property MUST be a valid XML datetime value, as defined in section 3.3.7 of
<a href="https://www.w3.org/TR/xmlschema11-2/">W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes</a>
[[!XMLSCHEMA11-2]]. This datetime value MUST be normalized to UTC 00:00, as
indicated by the trailing "Z".
          </dd>
      </dl>

      <pre class="example nohighlight">
{
  "created": "2002-10-10T17:00:00Z"
}
      </pre>
    </section>

    <section>
      <h2>Updated</h2>

      <p>
Standard metadata for identifier records includes a timestamp of the most recent
change.
      </p>

      <p>
A <a>DID document</a> SHOULD include an <code>updated</code> property.
      </p>

      <dl>
          <dt><dfn>updated</dfn></dt>
          <dd>
If a <a>DID document</a> includes an <code>updated</code> property, the value of
the property MUST follow the same formatting rules as the <code>created</code>
property, as outlined in Section <a href="#created"></a>.
          </dd>
      </dl>

      <pre class="example nohighlight">
{
  "updated": "2016-10-17T02:41:00Z"
}
      </pre>
    </section>

    <section>
      <h2>Proof</h2>

      <p>
A <code>proof</code> on a <a>DID document</a> is cryptographic proof of the
integrity of the <a>DID document</a> according to either the:
      </p>

      <ul>
        <li>
<a>DID subject</a>, as defined in Section <a href="#did-subject"></a>
        </li>

        <li>
<a>DID controller</a>, as defined in Section
<a href="#authorization-and-delegation"></a>, if present.
        </li>
      </ul>

      <p>
This proof is NOT proof of the binding between a <a>DID</a> and a
<a>DID document</a>. For more information, see Section
<a href="#binding-of-identity"></a>.
      </p>

      <p>
A <a>DID document</a> MAY include a <code>proof</code> property.
      </p>

      <dl>
        <dt><dfn>proof</dfn></dt>
        <dd>
If a <a>DID document</a> includes a <code>proof</code> property, the value of
the property MUST be a valid JSON-LD proof, as defined by Linked Data Proofs
[[?LD-PROOFS]].
        </dd>
      </dl>

      <pre class="example nohighlight" title="A signature-based proof">
{
  "proof": {
    "type": "LinkedDataSignature2015",
    "created": "2016-02-08T16:02:20Z",
    "creator": "did:example:8uQhQMGzWxR8vw5P3UWH1ja#keys-1",
    "signatureValue": "QNB13Y7Q9...1tzjn4w=="
  }
}
      </pre>
    </section>

  </section>

  <section class="normative">
    <h1>Core Representations</h1>

    <p>
All concrete representations of a <a>DID document</a> MUST be serialized using a
deterministic mapping that is able to be unambiguously parsed into the data model
defined in this specification. All serialization methods MUST define rules for
the bidirectional translation of a <a>DID document</a> both into and out of the
representation in question. As a consequence, translation between any two representations
MUST be done by parsing the source format into a <a>DID document</a> model
(described in Sections <a href="#data-model"></a> and <a href="#did-documents"></a>)
and then serializing the <a>DID document</a> model into the target representation. An
implementation MUST NOT convert between representations without first parsing to a
<a>DID document</a> model.
    </p>

    <p>
Although syntactic mappings are provided for JSON, JSON-LD, and CBOR here, applications
and services MAY use any other data representation syntax that is capable of expressing
the data model, such as XML or YAML.
    </p>

    <p>
Producers MUST indicate which representation of a document has been used via a media type
in the document's metadata. Consumers MUST determine which representation a document is in
via a media type in the document's metadata. Consumers MUST NOT determine the representation
of a document through its content alone.
    </p>

    <p class="issue" data-number="203">
This requirement depends on the return of DID document metadata that still needs to be
defined by this specification. Once defined, that should be linked from here.
    </p>

    <p>
The production and consumption rules in this section apply to all implementations
seeking to be fully compatible with independent implementations of the specification.
Deployments of this specification MAY use a custom agreed-upon representation, including
localized rules for handling properties not listed in the registry.
See section ?? on Extensibility for more information.
    </p>

    <p class="issue" data-number="207">
A link to a section on extensibility and conformance as it applies to data representations
should be added here once that section has been written.
    </p>

    <section>
        <h2>
JSON
        </h2>

        <p>
When producing and consuming DID documents that are in plain JSON (as noted by
the document metadata), the following rules MUST be followed.
        </p>

        <section>
            <h3>Production</h3>

            <p>
A <a>DID document</a> MUST be a single <a data-cite="RFC8259#section-4">JSON object</a> conforming to [[!RFC8259]]. All
top-level properties of the <a>DID document</a> MUST be represented by using the
property name as the name of the member of the JSON object. The values of
properties of the data model described in Section <a href="#data-model"></a>,
including all extensions, MUST be encoded in JSON [[RFC8259]] by mapping property
values to JSON types as follows:
            </p>

            <p class="issue" data-number="204">
In this section we use the term "property name" to refer to the string that represents
the property itself, but this specification still needs to define a concrete term for
such aspects of a property of a DID document.
            </p>

            <ul>
                <li>
Numeric values representable as IEEE754 MUST be represented as a <a data-cite="RFC8259#section-6">Number type</a>.
                </li>
                <li>
Boolean values MUST be represented as a <a data-cite="RFC8259#section-3">Boolean literal</a>.
                </li>
                <li>
Sequence value MUST be represented as an <a data-cite="RFC8259#section-5">Array type</a>.
                </li>
                <li>
Unordered sets of values MUST be represented as an <a data-cite="RFC8259#section-5">Array type</a>.
                </li>
                <li>
Sets of properties MUST be represented as an <a data-cite="RFC8259#section-4">Object type</a>.
                </li>
                <li>
Empty values MUST be represented as a <a data-cite="RFC8259#section-3">null literal</a>.
                </li>
                <li>
Other values MUST be represented as a <a data-cite="RFC8259#section-7">String type</a>.
                </li>
            </ul>

            <p class="issue" data-number="204">
An "empty" value is not specified by this document. It seems to imply a null
value, but this is unclear.
            </p>

            <p>
All properties of the <a>DID document</a> MUST be included in
the root object. Properties MAY define additional data sub structures subject
to the value representation rules in the list above.
            </p>

            <p>
The member name <code>@context</code> MUST NOT be used as this property is reserved
for JSON-LD producers.
            </p>

        </section>

        <section>
            <h3>
Consumption
            </h3>

            <p class="issue" data-number="204">
In this section and we use the term "property name" to refer to the string that represents
the property itself, but this specification still needs to define a concrete term for
such aspects of a property of a DID document. We also need a concrete term for "the document
itself" as opposed to "the collection or properties of the document".
            </p>

            <p>
The top-level element MUST be a JSON object. Any other data type at the top
level is an error and MUST be rejected. The top-level JSON object represents
the <a>DID document</a>, and all members of this object are properties of the
<a>DID document</a>. The object member name is the property name, and the
member value is interpreted as follows:
            </p>

            <ul>
                <li>
<a data-cite="RFC8259#section-6">Number types</a> MUST interpreted as numeric values representable as IEEE754.
                </li>
                <li>
<a data-cite="RFC8259#section-3">Boolean literals</a> MUST be interpreted as a Boolean value.
                </li>
                <li>
An <a data-cite="RFC8259#section-5">Array type</a> MUST be interpreted as a Sequence or Unordered set, depending on the
definition of the property for this value.
                </li>
                <li>
An <a data-cite="RFC8259#section-4">Object type</a> MUST be interpreted as a sets of properties.
                </li>
                <li>
A <a data-cite="RFC8259#section-3">null literal</a> MUST be interpreted as an Empty value.
                </li>
                <li>
<a data-cite="RFC8259#section-7">String types</a> MUST be interpreted as Strings, which may be further parsed
depending on the definition of the property for this value into more specific data types such as URIs,
date stamps, or other values.
                </li>
            </ul>

            <p class="issue" data-number="204">
An "empty" value is not specified by this document. It seems to imply a null
value, but this is unclear.
            </p>

            <p>
The value of the <code>@context</code> object member MUST be ignored as this is
reserved for JSON-LD consumers.
            </p>

            <p>
Unknown object member names MUST be ignored as unknown properties.
            </p>

            <p class="issue" data-number="205">
This specification needs to define clear and consistent rules for how to handle unknown
data members on consumption, and this section needs to be updated with that decision.
            </p>

        </section>

    </section>

    <section>
        <h2>
JSON-LD
        </h2>

        <p>
[[!JSON-LD]] is a JSON-based format used to serialize
<a href="http://www.w3.org/TR/ld-glossary/#linked-data">Linked Data</a>.
        </p>

        <p>
When producing and consuming DID documents that are in JSON-LD (as noted by
the document metadata), the following rules MUST be followed.
        </p>

        <ul>
            <li>
The <code>@id</code> and <code>@type</code> keywords are aliased to
<code>id</code> and <code>type</code> respectively, enabling developers to use
this specification as idiomatic JSON.
            </li>
            <li>
Even though JSON-LD allows any IRI as node identifiers, <a>DID documents</a>
are explicitly restricted to only describe DIDs. This means that the value of
<code>id</code> MUST be a valid <a>DID</a> and not any other kind of IRI.
            </li>
            <li>
Data types, such as integers, dates, units of measure, and URLs, are
automatically typed to provide stronger type guarantees for use cases that
require them.
            </li>
        </ul>

        <section>
            <h2>
Production
            </h2>

            <p>
The <a>DID document</a> is serialized following the rules in the JSON processor, with
one addition: <a>DID documents</a> MUST include the <code>@context</code> property.
            </p>

            <dl>
                <dt>@context</dt>
                <dd>
The value of the <code>@context</code> property MUST be one or more <a>URIs</a>,
where the value of the first <a>URI</a> is
<code>https://www.w3.org/ns/did/v1</code>. All members of the <code>@context</code>
property MUST exist be in the DID properties extension registry.
                </dd>
            </dl>

            <p class="issue" data-number="202">
This specification defines globally interoperable documents, and the requirement that the
context value be in the DID registry means that different JSON-LD processors can consume
the document without having to dereference anything in the context field. However,
a pair of producers and consumers can have local extension agreements. This needs to be
clarified in a section on extensibility and linked here when available.
            </p>

        </section>

        <section>
            <h2>
Consumption
            </h2>

            <p>
The top-level element MUST be a JSON object. Any other data type at the top
level is an error and MUST be rejected. This top-level JSON object is interpreted
using JSON-LD processing under the rules of the defined <code>@context</code> fields.
            </p>

            <dl>
                <dt>@context</dt>
                <dd>
The value of the <code>@context</code> property MUST be one or more <a>URIs</a>,
where the value of the first <a>URI</a> is
<code>https://www.w3.org/ns/did/v1</code>. If more than one <a>URI</a> is
provided, the <a>URIs</a> MUST be interpreted as an ordered set. It is
RECOMMENDED that dereferencing each <a>URI</a> results in a document containing
machine-readable information about the context.
                </dd>
            </dl>


            <p>
Unknown object member names MUST be ignored as unknown properties.
            </p>

            <p class="issue" data-number="205">
This specification needs to define clear and consistent rules for how to handle unknown
data members on consumption, and this section needs to be updated with that decision.
            </p>

        </section>

    </section>

    <section>
        <h2>
CBOR
        </h2>

        <section>
            <h3>
Production
            </h3>
        </section>

        <section>
            <h3>
Consumption
            </h3>
        </section>

    </section>
  </section>

  <section>
    <h1>Methods</h1>

    <section class="normative">
      <h2>Method Schemes</h2>

      <p>
A <a>DID method</a> specification MUST define exactly one method-specific
<a>DID scheme</a>, identified by exactly one method name. For more information,
see the <code>method-name</code> rule in Section
<a href="#generic-did-syntax"></a>.
      </p>

      <p>
Because the method name is part of the <a>DID</a>, short method names are
preferred; the method name SHOULD be five characters or less. The method name
might reflect the name of the <a>DID registry</a> to which the <a>DID method</a>
specification applies. For more information, see Section
<a href="#method-schemes"></a>.
      </p>

      <p>
The <a>DID method</a> specification for the method-specific <a>DID scheme</a>
MUST specify how to generate the <code>method-specific-id</code> component of a
<a>DID</a>. The <code>method-specific-id</code> value MUST be able to be
generated without the use of a centralized registry service. The
<code>method-specific-id</code> value SHOULD be globally unique by itself. The
<a>DID</a>, as defined by the <code>did</code> rule in Section
<a href="#generic-did-syntax"></a>, MUST be globally unique.
      </p>

      <p>
If needed, a method-specific <a>DID scheme</a> MAY define multiple
<code>method-specific-id</code> formats. It is RECOMMENDED that a
method-specific <a>DID scheme</a> define as few <code>method-specific-id</code>
formats as possible.
      </p>

      <p>
The <code>method-specific-id</code> format MAY include colons, which might be
used by <a>DID methods</a> for various purposes, such as establishing
hierarchically partitioned namespaces, or identifying specific instances or
parts of the <a>DID registry</a>. The use of colons MUST comply syntactically
with the <code>method-specific-id</code> ABNF rule and their use is entirely
method-specific. Implementers are advised to avoid
assuming any meanings or behaviors associated with a colon that are
generically applicable to all <a>DID methods</a>.
      </p>

      <p>
The authors of a new <a>DID method</a> specification SHOULD use a method name
that is unique among all <a>DID method</a> names known to them at the time of
publication.
      </p>
      <p>
Because there is no central authority for allocating or approving
<a>DID method</a> names, there is no way to know for certain if a specific
<a>DID method</a> name is unique. To help with this challenge, the
<a href="https://www.w3.org/community/credentials/">W3C Credentials Community Group</a>
maintains a non-authoritative list of known <a>DID method</a> names and their
associated specifications. For more information, see Appendix
<a href="#interoperability-registries"></a>.
      </p>
      <p>
The [[?DID-METHOD-REGISTRY]] is a tool for implementors to use when coming to
consensus on a new method name, as well as an informative reference for software
developers implementing <a>DID resolvers</a> for different <a>DID methods</a>.
For more information about <a>DID resolvers</a> see Section
<a href="#resolution"></a>. The [[?DID-METHOD-REGISTRY]] is not a definitive
or official list of <a>DID methods</a>. Nonetheless, adding <a>DID method</a>
names to the [[?DID-METHOD-REGISTRY]] is encouraged so that other implementors
and members of the community have a place to see an overview of existing
<a>DID methods</a>. The lightweight criteria for inclusion are documented in the
[[?DID-METHOD-REGISTRY]].
      </p>
    </section>

    <section>
      <h2>Method Operations</h2>

      <p>
To enable the full functionality of <a>DIDs</a> and <a>DID documents</a> on a
particular <a>DID registry</a>, a <a>DID method</a> specification MUST specify
how a client might be used to perform the create, read, update, and deactivate
operations. Each operation ought to be specified to the level of detail
necessary to build and test interoperable client implementations. In the event
that an operation is not supported, such as update or deactivate, then it is
RECOMMENDED that the <a>DID Method</a> specification state that it is not
supported. These operations can be used to perform all the operations required
of a cryptographic key management system (CKMS), e.g.: key registration, key
replacement, key rotation, key recovery, and key expiration.
      </p>

      <p>
Determining the authority of a party to carry out the operations is method-specific.
For example, a <a>DID method</a> MAY:
      </p>
      <ul>
        <li>
use the <a>verification methods</a> listed under <a>authentication</a> to
decide whether an update/deactivate operation is allowed; or
        </li>
        <li>
use other constructs in the <a>DID Document</a> to decide this, for example,
a verification method specified under capabilityInvocation could be used to
verify the invocation of a capability to update the DID Document.; or
        </li>
        <li>
not use the <a>DID Document</a> at all to decide this, but have rules that are
"built into" the method.
        </li>
      </ul>

      <section>
        <h3>
Create
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a client creates a
<a>DID</a> and its associated <a>DID document</a> on the <a>DID registry</a>,
including all cryptographic operations necessary to establish proof of control.
        </p>
      </section>

      <section>
        <h3>
Read/Verify
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a client uses a <a>DID</a>
to request a <a>DID document</a> from the <a>DID registry</a>, including how the
client can verify the authenticity of the response.
        </p>
      </section>

      <section>
        <h3>
Update
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a client can update a
<a>DID document</a> on the <a>DID registry</a>, including all cryptographic
operations necessary to establish proof of control, <em>or</em> state that
updates are not possible. 
        </p>

        <p>
An update to a <a>DID</a> is any change, after creation, in the data used to produce a <a>DID document</a>. 
<a>DID Method</a> implementers are responsible for defining what constitutes an update, 
and what properties of the <a>DID document</a> are supported by a given <a>DID method</a>. 
For example, an update operation which replaces key material without changing it could be a valid update that does not result in changes to the <a>DID document</a>.
        </p>
      </section>

      <section>
        <h3>
Deactivate
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a client can deactivate a
<a>DID</a> on the <a>DID registry</a>, including all cryptographic operations
necessary to establish proof of deactivation, <em>or</em> state that
deactivation is not possible.
        </p>
      </section>
    </section>

    <section>
      <h2>Extensibility</h2>
    </section>

    <section>
      <h2>
Security Requirements
      </h2>
      <p>
<a>DID method</a> specifications MUST include their own Security
Considerations sections. This section MUST consider all the requirements
mentioned in section 5 of [[RFC3552]] (page 27) for the <a>DID</a> operations
defined in the specification.
      </p>
      <p>
At least the following forms of attack MUST be considered: eavesdropping,
replay, message insertion, deletion, modification, and man-in-the-middle.
Potential denial of service attacks MUST be identified as well.
      </p>
      <p>
If the protocol incorporates cryptographic protection mechanisms, the
<a>DID method</a> specification MUST clearly indicate which portions of the
data are protected and what the protections are, and SHOULD give an indication
to what sorts of attacks the cryptographic protection is susceptible.
For example, integrity only, confidentiality, endpoint authentication, and so
on.
      <p>
Data which is to be held secret (keying material, random seeds, and so on) SHOULD
be clearly labeled.
      </p>
      <p>
If the technology involves authentication, particularly user-host
authentication, the security of the authentication method MUST be clearly
specified.
      </p>
      <p>
This section MUST discuss, per Section 5 of [[RFC3552]], residual risks (such as
the risks from compromise in a related protocol, incorrect implementation, or
cipher) after threat mitigation was deployed.
      </p>
      <p>
This section MUST provide integrity protection and update authentication for all
operations required by Section <a href="#method-operations"></a>.
      </p>
      <p>
Where <a>DID methods</a> make use of peer-to-peer computing resources, such as
with all known <a>DLTs</a>, the expected burdens of those resources SHOULD be
discussed in relation to denial of service.
      </p>
      <p>
Method-specific endpoint authentication MUST be discussed. Where
<a>DID methods</a> make use of <a>DLTs</a> with varying network topology,
sometimes offered as <em>light node</em> or
<em><a href="https://en.bitcoin.it/wiki/Thin_Client_Security">thin client</a></em>
implementations to reduce required computing resources, the security assumptions
of the topology available to implementations of the <a>DID method</a> MUST be
discussed.
      </p>
      <p>
<a>DID methods</a> MUST discuss the policy mechanism by which <a>DIDs</a> are
proven to be uniquely assigned. A <a>DID</a> fits the functional definition
of a URN, as defined in [[RFC8141]]. That is, a <a>DID</a> is a persistent
identifier that is assigned once to a resource and never reassigned to a
different resource. This is particularly important in a security context because
a <a>DID</a> might be used to identify a specific party subject to a specific
set of authorization rights.
      </p>
      <p>
<a>DID methods</a> that introduce new authentication <a>service endpoint</a>
types (see Section <a href="#service-endpoints"></a>) SHOULD consider the
security requirements of the supported authentication protocol.
      </p>

    </section>

    <section class='normative'>
      <h2>
Privacy Requirements
      </h2>

      <p>
<a>DID method</a> specifications MUST include their own Privacy
Considerations sections, if only to point to
<a href="#privacy-considerations"></a>.
      </p>

      <p>
The <a>DID method</a> specification's Privacy Considerations section
MUST discuss any subsection of section 5 of [[RFC6973]] that could
apply in a method-specific manner. The subsections to consider are:
surveillance, stored data compromise, unsolicited traffic, misattribution,
correlation, identification, secondary use, disclosure, exclusion.
      </p>
    </section>
  </section>
  </section>

  <section class='normative'>
    <h1>
Resolution
    </h1>

    <p>
A <a>DID resolver</a> is a software or hardware component with an API for
resolving <a>DIDs</a> of at least one <a>DID method</a>. It executes the read
operation for the <a>DID method</a> corresponding to the <a>DID</a> being
resolved to obtain the authoritative <a>DID document</a>. For more information,
see Section <a href="#read-verify"></a>.
    </p>

    <p>
The interfaces and algorithms for resolving <a>DIDs</a> and dereferencing
<a>DID URLs</a> are specified in [[?DID-RESOLUTION]].
    </p>

  </section>

  <section class="informative">
    <h1>
Security Considerations
    </h1>

    <p class="note" title="Note to implementers">
During the Working Draft stage, this section focuses on security topics that
should be important in early implementations. The editors are seeking feedback
on threats and threat mitigations that should be reflected in this section or
elsewhere in the spec. <a>DIDs</a> are designed to operate under the general
Internet threat model used by many IETF standards. We assume uncompromised
endpoints, but anticipate that messages could be read or corrupted on the network.
Protecting against an attack when a system is compromised requires external
key-signing hardware (see Section <a href="#key-revocation-and-recovery"></a>).
    </p>

    <section>
      <h2>
Choosing DID Resolvers
      </h2>

      <p>
The [[?DID-METHOD-REGISTRY]] is an informative list of <a>DID method</a> names
and their corresponding <a>DID method</a> specifications. Implementors need to
bear in mind that there is no central authority to mandate which
<a>DID method</a> specification is to be used with any specific
<a>DID method</a> name, but can use the [[?DID-METHOD-REGISTRY]] to make an
informed decision when choosing which <a>DID resolver</a> implementations to
use.
      </p>
    </section>

    <section>
      <h2>
Binding of Identity
      </h2>

      <p>
The following sections describe binding identities to <a>DIDs</a> and
<a>DID documents</a>.
      </p>

      <section>
        <h3>
Proving Control of a DID and DID Document
        </h3>

        <p>
Signatures are one way to allow <a>DID documents</a> to be cryptographically
verifiable.
        </p>

        <p>
By itself, a verified signature on a self-signed <a>DID document</a> does not
prove control of a <a>DID</a>. It only proves that the:
        </p>

        <ul>
          <li>
<a>DID document</a> was not tampered with since it was registered.
          </li>

          <li>
<a>DID controller(s)</a> controlled the private key used for the signature at
the time the signature was generated.
          </li>
        </ul>

        <p>
Proving control of a <a>DID</a>, that is, the binding between the <a>DID</a> and
the <a>DID document</a> that describes it, requires a two step process:
        </p>

        <ol start="1">
          <li>
Resolving the <a>DID</a> to a <a>DID document</a> according to its
<a>DID method</a> specification.
          </li>

          <li>
Verifying that the <code>id</code> property of the resulting <a>DID document</a>
matches the <a>DID</a> that was resolved.
          </li>
        </ol>

        <p>
It should be noted that this process proves control of a <a>DID</a> and
<a>DID document</a> regardless of whether the <a>DID document</a> is signed.
        </p>

        <p>
Signatures on <a>DID documents</a> are optional. <a>DID method</a>
specifications SHOULD explain and specify their implementation if applicable.
        </p>

        <p>
It is good practice to combine timestamps with signatures.
        </p>
      </section>

      <section>
        <h3>
Proving Control of a Public Key
        </h3>

        <p>
There are two methods for proving control of the private key corresponding to a
<a>public key description</a> in the <a>DID document</a>: static and dynamic.
        </p>

        <p>
The static method is to sign the <a>DID document</a> with the private key. This
proves control of the private key at a time no later than the
<a>DID document</a> was registered. If the <a>DID document</a> is not signed,
control of a public key described in the <a>DID document</a> can still be proven
dynamically as follows:
        </p>

        <ol start="1">
          <li>
Send a challenge message containing a <a>public key description</a> from the
<a>DID document</a> and a nonce to an appropriate <a>service endpoint</a>
described in the <a>DID document</a>.
          </li>

          <li>
Verify the signature of the response message against the
<a>public key description</a>.
          </li>
        </ol>
      </section>

      <section>
        <h3>
Authentication and Verifiable Claims
        </h3>

        <p>
A <a>DID</a> and <a>DID document</a> do not inherently carry any
<a href="https://en.wikipedia.org/wiki/Personally_identifiable_information">PII</a>
(personally-identifiable information). The process of binding a <a>DID</a> to
something in the real world, such as a person or a company, for example with
credentials with the same subject as that <a>DID</a>, is out of scope for this
specification. For more information, see the [[VC-DATA-MODEL]] instead.
        </p>
      </section>
    </section>

    <section>
      <h2>
Authentication Service Endpoints
      </h2>

      <p>
If a <a>DID document</a> publishes a <a>service endpoint</a> intended for
authentication or authorization of the <a>DID subject</a> (see Section
<a href="#service-endpoints"></a>), it is the responsibility of the
<a>service endpoint</a> provider, subject, or relying party to comply with the
requirements of the authentication protocols supported at that
<a>service endpoint</a>.
      </p>
    </section>

    <section>
      <h2>
Non-Repudiation
      </h2>

      <p>
Non-repudiation of <a>DIDs</a> and <a>DID document</a> updates is supported
under the assumption that the subject:
      </p>

      <ul>
        <li>
Is monitoring for unauthorized updates (see Section
<a href="#notification-of-did-document-changes"></a>).
        </li>
        <li>
Has had adequate opportunity to revert malicious updates according to the
access control mechanism for the <a>DID method</a> (see Section
<a href="#authentication"></a>).
        </li>
      </ul>

      <p>
Non-repudiation is further supported if timestamps are included (see Sections
<a href="#created"></a> and <a href="#updated"></a>) and the target <a>DLT</a>
system supports timestamps.
      </p>
    </section>

    <section>
      <h2>
Notification of DID Document Changes
      </h2>

      <p>
One mitigation against unauthorized changes to a <a>DID document</a> is
monitoring and actively notifying the <a>DID subject</a> when there are changes.
This is analogous to helping prevent account takeover on conventional
username/password accounts by sending password reset notifications to the email
addresses on file.
      </p>
      <p>
In the case of a <a>DID</a>, there is no intermediary registrar or account
provider to generate such notifications. However, if the <a>DID registry</a>
on which the <a>DID</a> is registered directly supports change notifications,
a subscription service can be offered to <a>DID controllers</a>. Notifications
could be sent directly to the relevant <a>service endpoints</a> listed in an
existing <a>DID</a>.
      </p>
      <p>
If a <a>DID controller</a> chooses to rely on a third-party monitoring service
(other than the <a>DID registry</a> itself), this introduces another vector of
attack.
      </p>
    </section>

    <section>
      <h2>
Key and Signature Expiration
      </h2>

      <p>
In a <a>decentralized identifier</a> architecture, there are no centralized
authorities to enforce key or signature expiration policies. Therefore
<a>DID resolvers</a> and other client applications need to validate that keys
were not expired at the time they were used. Because some use cases might have
legitimate reasons why already-expired keys can be extended, make sure a key
expiration does not prevent any further use of the key, and implementations
of a resolver ought to be compatible with such extension behavior.
      </p>
    </section>

    <section>
      <h2>
Key Revocation and Recovery
      </h2>

      <p>
Section <a href="#method-operations"></a> specifies the <a>DID</a> operations to
be supported by a <a>DID method</a> specification, including deactivation of a
<a>DID document</a> by replacing it with an updated <a>DID document</a>. It is
also up to the <a>DID method</a> to define how revocation of cryptographic keys
might occur. Additionally, <a>DID method</a> specifications are also expected
to enable support for a quorum of trusted parties to enable key recovery. Some
of the facilities to do so are suggested in Section
<a href="#authorization-and-delegation"></a>. Not all <a>DID method</a>
specifications will recognize control from <a>DIDs</a> registered using other
<a>DID methods</a> and they might restrict third-party control to <a>DIDs</a>
that use the same method. Access control and key recovery in a <a>DID method</a>
specification can also include a time lock feature to protect against key
compromise by maintaining a second track of control for recovery. Further
specification of this type of control is a matter for future work (see Section
<a href="#time-locks-and-did-document-recovery"></a>).
</p>
    </section>

    <section>
      <h2>
The Role of Human-Friendly Identifiers
      </h2>

      <p>
<a>DIDs</a> achieve global uniqueness without the need for a central
registration authority. This comes, however, at the cost of human memorability.
The algorithms capable of generating globally unique identifiers automatically
produce random strings of characters that have no human meaning. This
demonstrates the axiom about identifiers described in
<a href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's Triangle</a>:
"human-meaningful, decentralized, secure &mdash; pick any two".
      </p>

      <p>
There are of course many use cases where it is desirable to
discover a <a>DID</a> when starting from a human-friendly identifier. For
example, a natural language name, a domain name, or a conventional address for
a <a>DID controller</a>, such as a mobile telephone number, email address,
Twitter handle, or blog URL. However, the problem of mapping human-friendly
identifiers to <a>DIDs</a> (and doing so in a way that can be verified and
trusted) is outside the scope of this specification.
      </p>

      <p>
Solutions to this problem (and there are many) should be defined in separate
specifications that reference this specification. It is strongly recommended
that such specifications carefully consider the:
      </p>

      <ul>
        <li>
Numerous security attacks based on deceiving users about the true human-friendly
identifier for a target entity.
        </li>
        <li>
Privacy consequences of using human-friendly identifiers that are inherently
correlatable, especially if they are globally unique.
        </li>
      </ul>

      <p class="note">
A draft specification for discovering a <a>DID</a> from domain names and email
addresses using DNS lookups is available at [[?DNS-DID]].
      </p>
    </section>

    <section>
        <h2>
Immutability
        </h2>

        <p>
Many cybersecurity abuses hinge on exploiting gaps between reality and the
assumptions of rational, good-faith actors. Like any ecosystem, the <a>DID</a>
ecosystem has some potential for this to occur. Because this specification is
focused on a data model instead of a protocol, it offers no opinion about many
aspects of how that model is put to use. However, individual <a>DID methods</a>
might want to consider constraints that would eliminate behaviors or semantics
they do not need. The more <em>locked down</em> a <a>DID method</a> is, while
providing the same set of features, the less it can be manipulated by malicious
actors.
        </p>
        <p>
As an example, consider the flexibility that the data model offers with respect
to updating. A single edit to a <a>DID document</a> can change anything and
everything except the root <code>id</code> property of the document. And any
individual JSON object in the data model can change all of its properties except
its <code>id</code>. But is it actually desirable for a <a>service endpoint</a>
to change its <code>type</code> after it is defined? Or for a key to change its
value? Or would it be better to require a new <code>id</code> when certain
fundamental properties of an object change? Malicious takeovers of a web site
often aim for an outcome where the site keeps its identifier (the host name),
but gets subtle, dangerous changes underneath. If certain properties of the site
were required by the specification to be immutable (for example, the
<a target="_blank" href="https://en.wikipedia.org/wiki/Autonomous_system_(Internet)">ASN</a>
associated with its IP address), such attacks might be much harder and more
expensive to carry out, and anomaly detection would be easier.
        </p>
        <p>
The notion that immutability provides some cybersecurity benefits is
particularly relevant because of caching. For <a>DID methods</a> tied to a
global source of truth, a direct, just-in-time lookup of the latest version of a
<a>DID document</a> is always possible. However, it seems likely that layers of
cache might eventually sit between a client and that source of truth. If they
do, believing the attributes of an object in the <a>DID document</a> to have a
given state, when they are actually subtly different, might invite exploits.
This is particularly true if some lookups are of a full <a>DID document</a>, and
others are of partial data, where the larger context is assumed.
        </p>
    </section>

    <section>
      <h2>
Encrypted Data in DID Documents
      </h2>
      <p>
DID documents are typically publicly available. Encryption algorithms have been 
known to fail due to advances in cryptography and computing power. 
Implementers are advised to assume that any
encrypted data placed in a <a>DID document</a> might eventually be made available in clear
text to the same audience to which the encrypted data is available.
      </p>
      <p>
Encrypting all or parts of DID documents is <em>not</em> an appropriate means to protect data
in the long term. Similarly, placing encrypted data in DID documents is not an appropriate
means to include personally identifiable information.
      </p>
      <p>
Given the caveats above, if encrypted data is included in a DID document, implementers are advised to not
encrypt with the public keys of entities that do not wish to be correlated with the
<a>DID</a>.
      </p>

    </section>

  </section>

  <section class="informative">
    <h1>
Privacy Considerations
    </h1>

    <p>
It is critically important to apply the principles of Privacy by Design
to all aspects of the <a>decentralized identifier</a> architecture, because
<a>DIDs</a> and <a>DID documents</a> are, by design, administered directly by
the <a>DID controller(s)</a>. There is no registrar, hosting company, or other
intermediate service provider to recommend or apply additional privacy
safeguards. The authors of this specification have applied all seven Privacy by
Design principles throughout its development. For example, privacy in this
specification is preventative not remedial, and privacy is an embedded default.
Furthermore, the <a>decentralized identifier</a> architecture by itself embodies
principle #7, "Respect for user privacy &mdash; keep it user-centric."
    </p>

    <p>
This section lists additional privacy considerations that implementers,
delegates, and <a>DID subjects</a> should keep in mind.
    </p>

    <section>
      <h2>
Keep Personally-Identifiable Information (PII) Private
      </h2>

      <p>
If a <a>DID method</a> specification is written for a public <a>DID
registry</a> where all <a>DIDs</a> and <a>DID documents</a> are publicly
available, it is <em>critical</em> that <a>DID documents</a> contain no
personal data. All personal data should be kept behind <a>service
endpoints</a> under the control of the <a>DID subject</a>. Additional due
diligence should be taken around the use of URLs in service endpoints as well
to prevent leakage of unintentional personal data or correlation within a URL
of a service endpoint. For example, a URL that contains a username is likely
dangerous to include in a <a>DID Document</a> because the username is likely
to be human-meaningful in a way that can unintentionally reveal information
that the <a>DID subject</a> did not consent to sharing. With this privacy
architecture, personal data can be exchanged on a private, peer-to-peer basis
using communications channels identified and secured by <a>public key
descriptions</a> in <a>DID documents</a>. This also enables <a>DID
subjects</a> and relying parties to implement the <a
href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a> <a
href="https://en.wikipedia.org/wiki/Right_to_be_forgotten">right to be
forgotten</a>, because no personal data is written to an immutable
<a>distributed ledger</a>.
      </p>
    </section>

    <section>
      <h2>
DID Correlation Risks and Pseudonymous DIDs
      </h2>

      <p>
Like any type of globally unique identifier, <a>DIDs</a> might be used for
correlation. <a>DID controllers</a> can mitigate this privacy risk by using
pairwise unique <a>DIDs</a>, that is, sharing a different private <a>DID</a> for
every relationship. In effect, each <a>DID</a> acts as a pseudonym. A
pseudonymous <a>DID</a> need only be shared with more than one party when
the <a>DID subject</a> explicitly authorizes correlation between those parties.
If pseudonymous <a>DIDs</a> are the default, then the only need for a public
<a>DID</a> (a <a>DID</a> published openly or shared with a large number of
parties) is when the <a>DID subject</a> explicitly desires public
identification.
      </p>
    </section>

    <section>
      <h2>
DID Document Correlation Risks
      </h2>

      <p>
The anti-correlation protections of pseudonymous <a>DIDs</a> are easily defeated
if the data in the corresponding <a>DID documents</a> can be correlated. For
example, using same <a>public key descriptions</a> or bespoke
<a>service endpoints</a> in multiple <a>DID documents</a> can provide as much
correlation information as using the same <a>DID</a>. Therefore the
<a>DID document</a> for a pseudonymous <a>DID</a> also needs to use pairwise
unique public keys.

It might seem natural to also use pairwise unique <a>service endpoints</a> in
the <a>DID document</a> for a pseudonymous <a>DID</a>. However, unique endpoints
allow all traffic between two <a>DIDs</a> to be isolated perfectly into unique
buckets, where timing correlation and similar analysis is easy. Therefore, a
better strategy for endpoint privacy might be to share an endpoint among
thousands or millions of <a>DIDs</a> controlled by many different subjects.
      </p>
    </section>

    <section>
      <h2>
Herd Privacy
      </h2>

      <p>
When a <a>DID subject</a> is indistinguishable from others in the herd, privacy
is available. When the act of engaging privately with another party
is by itself a recognizable flag, privacy is greatly diminished. <a>DIDs</a>
and <a>DID methods</a> need to work to improve herd privacy, particularly for
those who legitimately need it most. Choose technologies and human interfaces
that default to preserving anonymity and pseudonymity. To reduce
<a href="https://en.wikipedia.org/wiki/Device_fingerprint">digital fingerprints</a>,
share common settings across client implementations, keep negotiated options to
a minimum on wire protocols, use encrypted transport layers, and pad messages to
standard lengths.
      </p>
    </section>
  </section>

  <section class="appendix">
    <h1>
Interoperability Registries
    </h1>

    <p>
There are multiple registries that define <a>DID methods</a> and extensions to
this specification. These registries are:
    </p>

    <table class="simple">
      <thead>
        <tr>
          <th>
Registry
          </th>
          <th>
Purpose
          </th>
        </tr>
      </thead>

      <tbody>
        <tr>
          <td>
<a href="https://w3c-ccg.github.io/did-method-registry/">DID
Method Registry</a>
          </td>
          <td>
Lists all known <a>DID methods</a> and contains links to their
specifications.
          </td>
        </tr>

        <tr>
          <td>
<a href="https://w3c-ccg.github.io/ld-cryptosuite-registry/">Linked Data
Cryptography Suite Registry</a>
          </td>
          <td>
Defines all known Linked Data Cryptography Suites and Key
Formats.
          </td>
        </tr>
      </tbody>
    </table>
  </section>

  <section class="appendix">
    <h1>
Real World Example
    </h1>

    <p>
A future-facing real-world context is provided below:
    </p>

    <pre class="example nohighlight" title="Advanced DID document example">
{
  "@context": "https://w3id.org/future-method/v1",
  "id": "did:example:123456789abcdefghi",

  "publicKey": [{
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "RsaVerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }, {
    "id": "did:example:123456789abcdefghi#keys-3",
    "type": "Ieee2410VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
  }],

  "authentication": [
    <span class="comment">// this mechanism can be used to authenticate as did:...fghi</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this mechanism can be used to biometrically authenticate as did:...fghi</span>
    "did:example:123456789abcdefghi#keys-3",
    <span class="comment">// this mechanism is *only* authorized for authentication, it may not</span>
    <span class="comment">// be used for any other proof purpose, so its full description is</span>
    <span class="comment">// embedded here rather than using only a reference</span>
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],

  "service": [{
    "id": "did:example:123456789abcdefghi#oidc",
    "type": "OpenIdConnectVersion1.0Service",
    "serviceEndpoint": "https://openid.example.com/"
  }, {
    "id": "did:example:123456789abcdefghi#vcStore",
    "type": "CredentialRepositoryService",
    "serviceEndpoint": "https://repository.example.com/service/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#xdi",
    "type": "XdiService",
    "serviceEndpoint": "https://xdi.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#hub",
    "type": "HubService",
    "serviceEndpoint": "https://hub.example.com/.identity/did:example:0123456789abcdef/"
  }, {
    "id": "did:example:123456789abcdefghi#messaging",
    "type": "MessagingService",
    "serviceEndpoint": "https://example.com/messages/8377464"
  }, {
    "type": "SocialWebInboxService",
    "id": "did:example:123456789abcdefghi#inbox",
    "serviceEndpoint": "https://social.example.com/83hfh37dj",
    "description": "My public social inbox",
    "spamCost": {
      "amount": "0.50",
      "currency": "USD"
    }
  }, {
    "type": "DidAuthPushModeVersion1",
    "id": "did:example:123456789abcdefghi#push",
    "serviceEndpoint": "http://auth.example.com/did:example:123456789abcdefghi"
  }, {
    "id": "did:example:123456789abcdefghi#bops",
    "type": "BopsService",
    "serviceEndpoint": "https://bops.example.com/enterprise/"
  }]
}
</pre>
  </section>

  <section class="appendix">
    <h1>Current Issues</h1>

    <p>
The list of issues below are under active discussion and are likely to
result in changes to this specification.
    </p>

    <div class="issue" data-number="85">Syntactically differentiate data about the DID versus application data</div>
    <div class="issue" data-number="84">Add `initial-values` matrix parameter to Generic DID Parameters</div>
    <div class="issue" data-number="75">tracking revocation of public keys</div>
    <div class="issue" data-number="72">Privacy Considerations - Specifically call out GDPR</div>
    <div class="issue" data-number="70">Enable instant DID use/resolution for DID Methods that include a propagation delay</div>
    <div class="issue" data-number="65">Does DID Document metadata belong in the Document?</div>
    <div class="issue" data-number="63">Add publicKeyHex as a valid publicKey format</div>
    <div class="issue" data-number="62">Add "service-type" DID URL matrix parameter.</div>
    <div class="issue" data-number="61">Add "content-type" and "content-id" DID URL matrix parameters.</div>
    <div class="issue" data-number="60">Add "key-type" DID URL matrix parameter.</div>
    <div class="issue" data-number="59">Add "key" DID URL matrix parameter.</div>
    <div class="issue" data-number="58">Registry handling</div>
    <div class="issue" data-number="57">Clarification of other verification methods in authentication section missing</div>
    <div class="issue" data-number="56">Added support for ethereumAddress in context - fixed #55</div>
    <div class="issue" data-number="55">Add support for ethereumAddress public key type in @context</div>
    <div class="issue" data-number="53">Normative vs. non-normative references</div>
    <div class="issue" data-number="45">Is method-specific-id supposed to be equivalent to param-char?</div>
  </section>

  <section class="appendix">
    <h1>
Future Work
    </h1>

    <section>
      <h2>
Upper Limits on DID Character Length
      </h2>

      <p>
The current specification does not take a position on maximum length
of a <a>DID</a>. The maximum interoperable URL length is currently about 2K
characters. QR codes can handle about 4K characters. Clients using
<a>DIDs</a> will be responsible for storing many <a>DIDs</a>, and some methods
would be able to externalize some of their costs onto clients by
relying on more complicated signature schemes or by adding state into
<a>DIDs</a> intended for temporary use. A future version of this
specification should set reasonable limits on <a>DID</a> character length to
minimize externalities.
      </p>
    </section>

    <section>
      <h2>
Equivalence
      </h2>

      <p>
Including an equivalence property, such as <code>equivID</code>, in <a>DID documents</a>
whose value is an array of <a>DIDs</a> would allow subjects to assert two or
more <a>DIDs</a> that represent the same subject. This capability has
numerous uses, including supporting migration between <a>DID registries</a> and
providing forward compatibility of existing <a>DIDs</a> to future <a>DID
registries</a>. In
theory, equivalent <a>DIDs</a> should have the same identifier rights,
allowing <a href="https://w3c.github.io/vctf/">verifiable claims</a>
made against one <a>DID</a> to apply to equivalent <a>DIDs</a>. Equivalence was not
included in the current specification due to the complexity of
verifying equivalence across different <a>DLTs</a> and different <a>DID
methods</a>, and also of aggregating properties of equivalent <a>DID
documents</a>. However equivalence should be supported in a future
version of this specification.
      </p>
    </section>

    <section>
      <h2>
Timestamps
      </h2>

      <p>
Verifiable timestamps have significant utility for identifier
records. This is a good fit for <a>DLTs</a>, since most offer some type of
timestamp mechanism. Despite some transactional cost, they are the
most censorship-resistant transaction ordering systems in the world,
so they are nearly ideal for <a>DID document</a> timestamping. In some cases
a <a>DLT</a>'s immediate timing is approximate, however their sense of
<a href="https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki#Abstract">
"median time past" (see Bitcoin BIP 113)</a> can be precisely
defined. A generic <a>DID document</a> timestamping mechanism could would
work across all <a>DLTs</a> and might operate via a mechanism including
either individual transactions or transaction batches. The generic
mechanism was deemed out of scope for this version, although it may
be included in a future version of this specification.
      </p>
    </section>

    <section>
      <h2>
Time Locks and DID Document Recovery
      </h2>

      <p>
Section <a href="#key-revocation-and-recovery"></a> mentions one
possible clever use of time locks to recover control of a <a>DID</a> after a
key compromise. The technique relies on an ability to override the
most recent update to a <a>DID document</a> with Authorization applied by an
earlier version of the <a>DID document</a> in order to defeat the attacker.
This protection depends on adding a <a href="https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki%23Abstract">
time lock (see Bitcoin BIP 65)</a> to protect part of the transaction
chain, enabling a Authorization block to be used to recover control.
We plan to add support for time locks in a future version of this
specification.
      </p>
    </section>

    <section>
      <h2>
Smart Signatures
      </h2>

      <p>
Not all <a>DLTs</a> can support the Authorization logic in section
<a href="#authorization-and-delegation"></a>.
Therefore, in this version of the specification, all Authorization
logic is delegated to <a>DID method</a> specifications. A potential
future solution is a <a href="http://www.weboftrust.info/downloads/smart-signatures.pdf">Smart
Signature</a> specification that specifies the code any conformant
<a>DLT</a> may implement to process signature control logic.
      </p>
    </section>

    <section>
      <h2>
Verifiable Credentials
      </h2>

      <p>
Although <a>DIDs</a> and <a>DID documents</a> form a foundation for
decentralized identity, they are only the first step in describing their
subjects. The rest of the descriptive power comes through collecting and
selectively using Verifiable Credentials [[!VC-DATA-MODEL]]. Future versions of
the specification will describe in more detail how <a>DIDs</a> and <a>DID
document</a> can be integrated with &mdash; and help enable &mdash; the
Verifiable Credentials ecosystem.
      </p>
    </section>

    <section>
      <h2>
Alternate Serializations and Graph Models
      </h2>

      <p>
This version of the specification relies on JSON-LD and the RDF graph
model for expressing a <a>DID document</a>. Future versions of this
specification might specify other semantic graph formats for a <a>DID
document</a>.
      </p>
    </section>
</section>

<section class="appendix">
    <h1>
IANA Considerations
    </h1>

    <p>
This section will be submitted to the Internet Engineering Steering Group
(IESG) for review, approval, and registration with IANA when this specification
becomes a W3C Proposed Recommendation.
    </p>

    <section>
      <h2>application/did+json</h2>
      <dl>
        <dt>Type name:</dt>
        <dd>application</dd>
        <dt>Subtype name:</dt>
        <dd>did+json</dd>
        <dt>Required parameters:</dt>
        <dd>None</dd>
        <dt>Optional parameters:</dt>
        <dd>None</dd>
        <dt>Encoding considerations:</dt>
        <dd>
See <a data-cite="RFC8259#section-11">RFC&nbsp;8259, section 11</a>.
        </dd>
        <dt>Security considerations:</dt>
        <dd>
See <a data-cite="RFC8259#section-12">RFC&nbsp;8259, section 12</a> [[RFC8259]].
        </dd>
        <dt>Interoperability considerations:</dt>
        <dd>Not Applicable</dd>
        <dt>Published specification:</dt>
        <dd>http://www.w3.org/TR/did-core/</dd>
        <dt>Applications that use this media type:</dt>
        <dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify W3C Verifiable Credentials.
        </dd>
        <dt>Additional information:</dt>
        <dd>
          <dl>
            <dt>Magic number(s):</dt>
            <dd>Not Applicable</dd>
            <dt>File extension(s):</dt>
            <dd>.did</dd>
            <dt>Macintosh file type code(s):</dt>
            <dd>TEXT</dd>
          </dl>
        </dd>
        <dt>Person &amp; email address to contact for further information:</dt>
        <dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
        <dt>Intended usage:</dt>
        <dd>Common</dd>
        <dt>Restrictions on usage:</dt>
        <dd>None</dd>
        <dt>Author(s):</dt>
        <dd>Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen</dd>
        <dt>Change controller:</dt>
        <dd>W3C</dd>
      </dl>

      <p>
Fragment identifiers used with
<a href="#application-did-json">application/did+json</a> are treated
according to the rules defined in
<a data-cite="DID-CORE#fragment">DID Core v1.0, Fragment</a> [[DID-CORE]].
      </p>
    </section>

    <section>
      <h2>application/did+ld+json</h2>
      <dl>
        <dt>Type name:</dt>
        <dd>application</dd>
        <dt>Subtype name:</dt>
        <dd>did+ld+json</dd>
        <dt>Required parameters:</dt>
        <dd>None</dd>
        <dt>Optional parameters:</dt>
        <dd>None</dd>
        <dt>Encoding considerations:</dt>
        <dd>
See <a data-cite="RFC8259#section-11">RFC&nbsp;8259, section 11</a>.
        </dd>
        <dt>Security considerations:</dt>
        <dd>
See <a data-cite="JSON-LD11#security">JSON-LD 1.1, Security Considerations</a>
[[JSON-LD11]].
        </dd>
        <dt>Interoperability considerations:</dt>
        <dd>Not Applicable</dd>
        <dt>Published specification:</dt>
        <dd>http://www.w3.org/TR/did-core/</dd>
        <dt>Applications that use this media type:</dt>
        <dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify W3C Verifiable Credentials.
        </dd>
        <dt>Additional information:</dt>
        <dd>
          <dl>
            <dt>Magic number(s):</dt>
            <dd>Not Applicable</dd>
            <dt>File extension(s):</dt>
            <dd>.did</dd>
            <dt>Macintosh file type code(s):</dt>
            <dd>TEXT</dd>
          </dl>
        </dd>
        <dt>Person &amp; email address to contact for further information:</dt>
        <dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
        <dt>Intended usage:</dt>
        <dd>Common</dd>
        <dt>Restrictions on usage:</dt>
        <dd>None</dd>
        <dt>Author(s):</dt>
        <dd>Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen</dd>
        <dt>Change controller:</dt>
        <dd>W3C</dd>
      </dl>

      <p>
Fragment identifiers used with
<a href="#application-did-ld-json">application/did+ld+json</a> are treated
according to the rules associated with the
<a data-cite="JSON-LD11#iana-considerations">JSON-LD 1.1: application/ld+json
media type</a> [[JSON-LD11]].
      </p>
    </section>

  </section>

</body>
</html>