Clarify Authorization requirements.

[Fak3]

Authorization of operations performed on behalf of the DID subject is defined in several places in the spec and requirements for implementers are unclear.

Section 5.3.2 defines Authorization as "the mechanism used to state how operations are performed (by controller) on behalf of the DID subject. " - it is unclear which operations it is talking about? Does it include DID Document Update operation performed by DID controller? Or does it include assertion of a statement on behalf of the DID subject? (discussed in 5.4.2 assertionMethod). These two exemplified operations have completely different requirements and such vague definition increases confusion about the whole section.

Then it also say that "Each DID method MUST define how authorization and delegation are implemented, including any necessary cryptographic operations." - why core spec delegates the responsibility to the DID method spec, and at the same time define authorization mechanisms as 5.4.2 assertionMethod? What a DID method spec should say about implementation of assertionMethod and other operations (verification relationships) defined in the core spec?

At the end it also suggests methods that a verifiable data registry could implement to support Authorization and delegation. This increases the confusion further - what role the verifiable data registry has in interpreting behavior of 5.4.2 assertionMethod ? Could assertionMethod be delegated too?

It seems that "Authorization" as defined in this section is very vague and confusing. The whole section 5.3.2 should be somehow reworded and probably reorganized to address the relationship between section 5.4 Verification Relationships, the DID method-specific notion of authorizing of DID controller, interpreting controller property of DID Document, requirements for verifiable data registry, and delegation.

[Fak3]

Rlated: #318 #269 #199 #122

[msporny]

Agreed, we need to rewrite how Authorization is described in the spec and the Editors will need to do that in a rewrite.

[msporny]

Still waiting on a PR.

[rhiaro]

The Authorization section has now gone, and the whole Core Properties section has been reorganised and tidied up since this issue would raised. @Fak3 could you review Verification Methods and Verification Relationships to see if the latest versions goes some way towards answering your questions?

[OR13]

recommend closing, since the spec has drifted

[msporny]

PR #525 has been raised to address this issue. This issue will be closed once PR #525 is merged. @Fak3, please let us know if this addresses the concerns you raised above.

[Fak3]

Thank you. PR looks good to me

[msporny]

PR #525 has been merged, closing.