diff --git a/EIPS/eip-2844.md b/EIPS/eip-2844.md index 416c2b3f697d43..9edc9c64eed582 100644 --- a/EIPS/eip-2844.md +++ b/EIPS/eip-2844.md @@ -33,13 +33,13 @@ Prompt the user to give permission to the current connection to access the user ##### Params: -* `nonce` - a ranom string used as a challenge - +* `nonce` - a random string used as a challenge +* `aud` - the intended audience of the authentication response * `paths` - an array of strings ##### Returns: -A compactly serialized JWS with the following properties: +A JWS with general serialization containing the following properties: * `nonce ` - the random string which was given as a challenge @@ -48,13 +48,14 @@ A compactly serialized JWS with the following properties: * `exp` - a unix timestamp after which the JWS should be considered invalid * `aud` - optional audience for the JWS, should match the domain which made the request +An additional property `kid` with the value which represents the DID, and the `keyFragment` that was used to sign the JWS should be added to the protected header ([details](https://github.com/decentralized-identity/did-jose-extensions/issues/2)). #### CreateJWS Creates a JSON Web Signature (JWS). -An additional property `kid` with the value which represents the DID, `version-id` and the `keyFragment` that was used to sign the JWS should be added to the potected header ([details](https://github.com/decentralized-identity/did-jose-extensions/issues/2)). +An additional property `kid` with the value which represents the DID, and the `keyFragment` that was used to sign the JWS should be added to the protected header ([details](https://github.com/decentralized-identity/did-jose-extensions/issues/2)). When `revocable` is set to false the JWS signature should not be possible to revoke. For some DID methods like. `did:key` this is always the case. For other methods which support key revocation it is necessary to include the `version-id` in the `kid` to refer to a specific version of the DID document. When `revocable` is set to true `version-id` must not be included in the `kid` for DID methods that support key revocation. ##### Method: @@ -65,10 +66,11 @@ An additional property `kid` with the value which represents the DID, `version-i * `payload` - the payload to sign, json object or `base64url` encoded string * `protected` - the protected header, json object * `did` - the DID that should sign the message, may include the key fragment, string +* `revocable` - makes the JWS revocable when rotating keys, boolean default to `false` ##### Returns: -An object with a compact serialized JWS string on the `jws` property. +An object containing a JWS with general serialization on the `jws` property. ##### Recommendation: @@ -88,7 +90,7 @@ If the cleartext object contains a property `paths` that contains an array of st ##### Params: -* `jwe` - a JWE with compact serialization, string +* `jwe` - a JWE with general serialization, string * `did` - the DID that should try to decrypt the JWE, string ##### Returns: @@ -102,7 +104,7 @@ Implement decryption using `xchacha20poly1305` and `x25519` for key agreement. ## Rationale -This EIP chooses to rely on DIDs and JOSE since there is already support for these standards in many places, by current systems and new systems. By using DIDs and JOSE wallet implementers can also choose which signing and encryption algorithms that they want to support, since these formats are faily agnostic to specific crypto implementations. +This EIP chooses to rely on DIDs and JOSE since there is already support for these standards in many places, by current systems and new systems. By using DIDs and JOSE wallet implementers can also choose which signing and encryption algorithms that they want to support, since these formats are fairly agnostic to specific crypto implementations. ### Permission system @@ -114,6 +116,8 @@ This simple permission system was inspired by some previous comments ([1](https: [IdentityWallet](https://github.com/3box/identity-wallet-js/): An implementation of the wallet side `did_*` methods using the 3ID DID. +[key-did-provider-ed25519](https://github.com/ceramicnetwork/key-did-provider-ed25519): An implementation of the wallet side `did_*` methods using the `did:key` method. + [js-did](https://github.com/ceramicnetwork/js-did): A small library which consumes the `did_*` methods. [MinimalCipher](https://github.com/digitalbazaar/minimal-cipher): An implementation of DID related encryption for JWE.