Improve DID URL dereferencing for verification methods #128
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Copied from #122
Verification method maps may appear in a DID document in multiple places, e.g.
authentication
orassertionMethod
. Previously we required them to be under theverificationMethod
property. When a verification method (or itsid
) is included in one of these arrays, it indicates a verification relationship between the DID subject and the verification method. These verification relationships correspond to the proofPurpose property in linked data proofs. DID Core says that theassertionMethod
verification relationship is used for issuing Verifiable Credentials. It also says thatauthentication
is used for authenticating via challenge-response protocols. Typically, theauthentication
proof purpose is used for creating Verifiable Presentations, as seen in VC Data Model - Example 45, and in test cases in vc-http-api-test-server such ascase-1.json
. We should respect verification relationships when verifying proofs.This PR sets the default behavior for verifying a verifiable credential or verifiable presentation to require the proof's verification method to be in the DID document with the verification relationship corresponding to the proof purpose in the verification options - with
assertionMethod
the default proof purpose for a VC, andauthentication
the default for a VP.This change only affects verification. During issuance, the proof purpose and verification method must still be passed in as options.
The publicKey is added back to the DID document even though it is no longer in DID Core, since there is a test case in
vc-http-api-test-server
that depends on it. It is treated as another place where verification methods may be stored, like theverificationMethod
array. A verification method in theverificationMethod
array orpublicKey
array should also be referenced in one of the verification relationship arrays likeassertionMethod
and/orauthentication
, to express a verification relationship and therefore be used with linked data proofs.