Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Canonical URL algorithm needed for did:web id field #54

Open
msporny opened this issue Dec 17, 2021 · 3 comments
Open

Canonical URL algorithm needed for did:web id field #54

msporny opened this issue Dec 17, 2021 · 3 comments

Comments

@msporny
Copy link
Contributor

msporny commented Dec 17, 2021

What is the canonical URL for a did:web id field. At present, one variation of the future looks like this:

did:web:example.com -> HTTP GET https://example.com/.well-known/did.json

Then the question becomes, what should we expect in the id field for the resulting DID Document. One possibility is this:

  "id": "did:web:example.com"

... but another possibility is this:

  "id": "did:web:example.com/.well-known/did.json"

What if someone specified this as their DID: did:web:example.com/alice.json, but their DID Document states:

  "id": "did:web:example.com/alice"

Is this DID did:web:example.com equivalent to this DID did:web:example.com/?

The current specification does not have an answer to any of these questions, which can be summarized as: What is the canonical URL for a DID Web identifier, if any?

Therefore, if the proposal to use absolute URLs is rejected #52 ... then it raises the question around what a canonical DID Web ID is.

At present, there might be an assumption that there is a canonical URL for a DID Web ID, that is, these are canonical URLs for the examples above:

did:web:example.com
did:web:example.com/alice

If that's the case, then it holds that we have to have at least two special cases when determining if a DID Web ID is valid based on the DID Document we receive:

  • A DID for a domain DID Web ID is found at DOMAIN/.well-known/did.json but the id field in the DID Document MUST be did:web:DOMAIN.
  • A DID for a non-domain DID Web ID is found at DOMAIN/ARBITRARY_PATH/FILE.EXTENSION but the id field in the DID Document MUST be did:web:DOMAIN/ARBITRARY_PATH/FILE (without the extension).
  • Extra rules will be needed if we support re-directs, where you have to remember the initial HTTP GET you did AND there are security concerns if you're sent off of the original domain.

Are there any other special cases we need to consider?

@msporny msporny changed the title Canonical URL for did:web id field Canonical URL algorithm needed for did:web id field Dec 17, 2021
@gribneau
Copy link
Contributor

In my view, the decentralized identifier (DID) itself is canonical.

Canonical URLs as described in RFC 6596 exist so one of several identical resources can be identified as representative of the entire group. The DID meets that need.

@Muthurajj
Copy link

Muthurajj commented Sep 24, 2022

can we upload json file in google drive and share it like http://drive.google.com/uc?export=download&id=1LX7vjFYFU9yTj14mvFwCj22lQKHDH7J3 in issuer in vc
instead of did:web: domainname ??

@dmitrizagidulin
Copy link
Collaborator

can we upload json file in google drive and share it like http://drive.google.com/uc?export=download&id=1LX7vjFYFU9yTj14mvFwCj22lQKHDH7J3 in issuer in vc
instead of did:web: domainname ??

Great question. I do think the 'upload to google drive' is a good usecase to think through.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants