-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should "deactivated" be an error code? #468
Comments
I agree it's certainly a property of did document metadata. I think a boolean is probably correct, but worth asking if an enum would be better:
If we forsee more complicated states in the future with different semantics, this may be a better solution... assuming a did document can only be in a single state. |
I think I'd prefer a "deactivated" boolean property over a more generic state property, because then we would have to define somewhere what "DID document state" means, and what other values it could potentially have.... |
I can see the argument for a deactivated state not being an "error", but a property of the document itself -- but only in the case that the document itself is returned as well. If you're not returning the document, and the reason you're not returning the document is that it's been "deactivated", then that is an error and the nature of the current error code response. But if you're going to return the document anyway, and you want to flag something about the state of the document, then yes that's something for the DID Document Properties map. The problem with either a boolean or a state enum is going to be the combination of all of these flags. What does it mean for a document to be "deactivated" but still returned, for example? Is that different from not returning a document for the same reason? I think the solution should follow what signals you want to send. |
AFAIK, everyone is always returning a DID Document even when its deactivated... would be good to know of anyone who is NOT returning a did document if the did is deactivated. |
I thought about this a bit more, and I think the problem with returning a deactivated DID document is that you're not supposed to use a deactivated DID (document) anymore. Wouldn't there be a security risk if developers for some reason fail to check a "deactivated" flag and use the deactivated DID document in their application? At an earlier point in time, we used to call the operation "Delete" instead of "Deactivate". So perhaps NOT returning a deactivated DID document at all is actually the right thing to do... @OR13 I think you raised this topic originally (e.g. w3c/did-extensions#151 (comment)), what are your current thoughts on this? |
@peacekeeper my original thoughts are:
Given the spec text today, its highly likely that deactivate has been implemented very differently by a large number of ledgers, I would love text that at least said: If a DID is deactivated a DID Document MUST be returned and its If a DID is deactivated its verification relationship SHOULD be empty. |
@OR13 I'd be fine with that too. I think I'd slightly prefer not returning a DID document, but returning one that's (almost?) empty also sounds reasonable to me. |
@peacekeeper the reason I suggest returning a document with only an and everyone will be checking:
This way, the use of the did document will error in the same way for deactivation as removed keys, etc.... and if folks want to handle deactivation specifically they can check the metadata. |
here is an example of a did resolution response object:
I would suggest this is what deactivate should be: |
@OR13 I think in your example |
@peacekeeper I think you are right, I updated it |
PR #543 addresses this issue, which will be closed once that PR is merged. |
Being handled in PR #581 |
PR #581 addresses this issue, which will be closed once that PR is merged. |
PR #581 has been merged, closing. |
Right now, in the DID resolution metadata section we have listed an error code
deactivated
. Some people have argued that perhaps "deactivated" should not be considered an error. Instead, we could e.g. introduce a "deactivated" property with a boolean value in the DID document metadata.@OR13 @csuwildcat @cihanss
The text was updated successfully, but these errors were encountered: