-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to verify DID Document returned from Resolver? #74
Comments
This link is relevant, but doesn't fully answer my question: https://w3c.github.io/did-core/#proving-control-of-a-did-and-did-document "Signatures on DID documents are optional.", but doesn't describe further what field should be used. |
You're on the right track, I think. One could argue that signed DID documents do not prove much in the general sense and that trust in a DID document heavily depends on the DID method, not the signature. I suppose that this lib could forward some DID resolution input metadata to the corresponding resolver, in which case you would be able to implement the verification directly in your resolver if it requires it. |
IMO it's up to to the method specific resolvers that you plug into this package to verify the integrity of the resolverd DID document. There is never going to be a "one size fits all" for verifying integrity of DID documents. |
This seems connected to #61. If this is no longer needed, please close. Otherwise, please provide more context |
Have solved this by returning the proof as part of the |
@sondreb FYI: Most DID methods implement the check that the DID document is valid within the DID resolver itself. This means that you should strive to always run the resolution process client side. |
Not sure if I might be missing something here, but is there a way to verify the signature of a DID Document returned by the resolver?
The type in the library is "DIDDocument", which only has (excluding deprecated fields):
Does the concept of the resolver rely on trusting the result from the resolver?
I'm currently implementing an did-resolver and being able to verify the signature is something I want to support, so I'm considering adding some parameters to the getResolver method allowing retrieval of the original JWT.
Can also be handled in the resolve method and throw error, since my DID Method API returns the JWT.
Looking at some of the examples here, I see that maybe Document Metadata could be used for the signature?
https://dev.uniresolver.io/
Is it OK to extend the result returned, I see some DID Methods are using the deprecated "proof" section, yet I'd rather conform to the latest specification.
The text was updated successfully, but these errors were encountered: