Skip to content

Latest commit

 

History

History
52 lines (33 loc) · 1.52 KB

not-allowed-certificate.md

File metadata and controls

52 lines (33 loc) · 1.52 KB
Raw

Extension Error Code: notAllowedCertificate

This specification defines a new error code, to be included in the DID Spec Registries.

Status

Work-in-progress

Syntax

The error code is notAllowedCertificate.

Definition

This DID Resolution error code is used to indicate that a security policy has been triggered, and the DID document contains a key that cannot be traced back to a trusted certificate authority.

The DID Resolution Metadata MAY include additional information about why the security policy has been triggered.

Examples

{
	"@context": "https://w3id.org/did-resolution/v1",
	"didDocument": null,
	"didResolutionMetadata": {
		"error": "notAllowedCertificate"
	},
	"didDocumentMetadata": {}
}

DID Resolution Option: checkCertificate

This specification also defines a new DID Resolution Option.

Definition

This DID Resolution Option can be used by a client to override the behavior of the security policy.

Possible values:

  • error: A DID Resolution Result with error notAllowedCertificate is returned if the security policy is triggered.
  • warn: A normal DID Resolution Result is returned, but a warning is included in the didResolutionMetadata field.
  • ignore: The security policy is ignored, and a normal DID Resolution Result is returned.

Contribute

Contributions to this document can be discussed in the DIF I&D Working Group: