From 0aa7c41b76f61a8aeef2990b7870c3e2575d0f84 Mon Sep 17 00:00:00 2001
From: Manu Sporny
When resolving a relative DID URL reference, the algorithm specified in RFC3986 Section 5: Reference Resolution MUST
+data-cite="RFC3986#section-5">RFC3986 Section 5: Reference Resolution MUST
be used. The base URI value is the DID that is
associated with the DID subject, see Section .
The scheme is
-The DID document MUST NOT express revoked keys using a verification
+The DID document does not express revoked keys using a verification
relationship.
@@ -1847,9 +1847,9 @@ Relative DID URLs
did
. The authority
@@ -1809,7 +1809,7 @@ Verification method types
Verification Relationships
The verification relationship between the DID subject and the
-verification method MUST be explicit in the DID document.
+verification method is explicit in the DID document.
Verification methods that are not associated with a particular
-verification relationship MUST NOT be used for that verification
+verification relationship cannot be used for that verification
relationship. For example, a verification method in the value of
the authentication
property cannot be used to engage in
key agreement protocols with the DID subject—the value of the
@@ -3226,7 +3226,7 @@
When producing and consuming DID Documents representing in DagCBOR the following -rules MUST be followed: +rules are followed:
All conformant DID resolvers MUST implement the DID resolution functions for at least one DID method and MUST be able to return a DID -document in at least one conformant representation. +document in at least one conformant representation.
-DID resolver implementations MUST NOT alter the signature of these
-functions in any way. DID resolver implementations MAY map the
+Conforming DID resolver implementations do not alter the signature of
+these functions in any way. DID resolver implementations MAY map the
resolve
and resolveRepresentation
functions to a
method-specific internal function to perform the actual DID resolution
process. DID resolver implementations MAY implement and expose
@@ -3942,7 +3942,7 @@
id
property value.
id
and
+A resolving party is expected to retain the values from the id
and
equivalentId
properties to ensure any subsequent
interactions with any of the values they contain are correctly handled as
logically equivalent (e.g. retain all variants in a database so an interaction
@@ -3999,13 +3999,13 @@ id
property value.
canonicalId
value as its
-primary ID value for the DID subject and treat all other equivalent values as
-secondary aliases. (e.g. update corresponding primary references in their
-systems to reflect the new canonical ID directive). The
-testability of resolving parties is currently under debate and normative
-statements related to resolving parties may be downgraded in the future from a
-MUST to a SHOULD/MAY or similar language.
+A resolving party is expected to use the canonicalId
value
+as its primary ID value for the DID subject and treat all other equivalent
+values as secondary aliases. (e.g. update corresponding primary references in
+their systems to reflect the new canonical ID directive). The testability of resolving parties is currently under debate and
+normative statements related to resolving parties may be downgraded in the
+future from a MUST to a SHOULD/MAY or similar language.
-The input variables of this function MUST be as follows: +The input variables of this function are as follows:
-The output variables of this function MUST be as follows: +The output variables of this function are as follows:
-DID URL Dereferencing implementations MUST NOT alter the signature of
-these functions in any way. DID URL Dereferencing implementations MAY
-map the dereference
function to a method-specific internal
-function to perform the actual DID URL Dereferencing process. DID
-URL Dereferencing implementations MAY implement and expose additional
-functions with different signatures in addition to the dereference
-function specified here.
+Conforming DID URL Dereferencing implementations do not alter the
+signature of these functions in any way. DID URL Dereferencing
+implementations MAY map the dereference
function to a
+method-specific internal function to perform the actual DID URL
+Dereferencing process. DID URL Dereferencing implementations MAY
+implement and expose additional functions with different signatures in addition
+to the dereference
function specified here.
All implementations of functions that use metadata structures as either input
-or output MUST be able to fully represent all data types described here in a
+or output are able to fully represent all data types described here in a
deterministic fashion. As inputs and outputs using metadata structures are
defined in terms of data types and not their serialization, the method for
representation is internal to the implementation of the function and is out of
From 27abae70ef88963c58f387cc45d4cd57608d0f9c Mon Sep 17 00:00:00 2001
From: Manu Sporny
@@ -2189,7 +2189,7 @@
If a DID document includes a
-Implementers as well as DID method specification authors MAY use
+Implementers as well as DID method specification authors might use
additional DID parameters that are not listed here. For maximum
interoperability, it is RECOMMENDED that DID parameters use the official W3C
DID Specification Registries mechanism [[?DID-SPEC-REGISTRIES]], to avoid
@@ -951,7 +951,7 @@
-DID parameters MAY be used if there is a clear use case where the parameter
+DID parameters might be used if there is a clear use case where the parameter
needs to be part of a URI that can be used as a link, or as a resource
in RDF / JSON-LD documents.
In the case where a verification method is a public key, the value of the
-Extensibility
together.
Service Endpoints
service
property, the value
-of the property SHOULD be an ordered set
+of the property MUST be an ordered set
of service endpoints, where each service endpoint is described by a set
of properties. Each service endpoint MUST have id
,
type
, and serviceEndpoint
properties, and MAY
From 3a9af61ed7c05fbc02960936c6d0ad15c8b23489 Mon Sep 17 00:00:00 2001
From: Manu Sporny DID Parameters
DID Parameters
Verification Methods
id
property MAY be structured as a
+id
property might be structured as a
compound key. This is
especially useful for integrating with existing key management systems and key
formats such as JWK [[RFC7517]]. It is RECOMMENDED that JWK kid
@@ -2982,12 +2982,6 @@ Production
-The property name `@context` MAY be present in the CBOR representation of a DID -Document and if present SHOULD be ignored as this property is reserved for -JSON-LD processing. -
-All properties of the DID document represented in CBOR MUST be included in the root map (major type 5). Properties MAY define additional data sub structures @@ -3406,7 +3400,7 @@
Determining the authority of a party to carry out the operations is -method-specific. For example, a DID method MAY: +method-specific. For example, a DID method might:
resolveRepresentation
function was called, this MUST be a byte stream of the resolved DID
document in one of the conformant
-representations. The byte stream MAY then be
+representations. The byte stream might then be
parsed by the caller of the resolveRepresentation
function into a
data model, which can in turn be validated and
processed. If the resolution is unsuccessful, this value MUST be an empty
@@ -3726,10 +3720,10 @@
Conforming DID resolver implementations do not alter the signature of
-these functions in any way. DID resolver implementations MAY map the
+these functions in any way. DID resolver implementations might map the
resolve
and resolveRepresentation
functions to a
method-specific internal function to perform the actual DID resolution
-process. DID resolver implementations MAY implement and expose
+process. DID resolver implementations might implement and expose
additional functions with different signatures in addition to the
resolve
function specified here.
-DID document metadata SHOULD include a created
property
-to indicate the timestamp of the Create operation.
-This property MAY not be supported by a given DID method.
-The value of the property MUST be a string
-formatted as an
-XML Datetime normalized to
-UTC 00:00:00 and without sub-second decimal precision. For example:
+DID document metadata SHOULD include a created
property to indicate
+the timestamp of the Create operation. The value of the
+property MUST be a string formatted as an XML Datetime normalized to UTC 00:00:00
+and without sub-second decimal precision. For example:
2020-12-20T19:17:47Z
.
-DID document metadata SHOULD include an updated
property
-to indicate the timestamp of the last Update operation
-for the document version which was resolved. This property MAY not be
-supported by a given DID method. The value of the property MUST
-follow the same formatting rules as the created
property.
+DID document metadata SHOULD include an updated
property to
+indicate the timestamp of the last Update operation for
+the document version which was resolved. The value of the property MUST follow
+the same formatting rules as the created
property.
next-update
property if
the resolved document version is not the latest version of the document. It
indicates the timestamp of the next Update operation.
-This property MAY not be supported by a given DID method.
The value of the property MUST follow the same formatting rules as the
created
property.
@@ -3886,11 +3876,10 @@
-DID document metadata SHOULD include a version-id
property
-to indicate the version of the last Update operation
-for the document version which was resolved. This property MAY not be
-supported by a given DID method. The value of the property MUST be
-an ASCII string.
+DID document metadata SHOULD include a version-id
property to
+indicate the version of the last Update operation for the
+document version which was resolved. The value of the property MUST be an ASCII string.
-DID document metadata SHOULD include a next-version-id
property
-if the resolved document version is not the latest version of the document.
-It indicates the version of the next Update operation.
-This property MAY not be supported by a given DID method.
-The value of the property MUST be an ASCII string.
+DID document metadata SHOULD include a next-version-id
property if
+the resolved document version is not the latest version of the document. It
+indicates the version of the next Update operation. The
+value of the property MUST be an ASCII string.
dereferencing
function was called and successful, this MUST
contain a resource corresponding to the DID URL.
-The content-stream
MAY be a DID document in one of the
+The content-stream
SHOULD be a DID document in one of the
conformant representations obtained through
the resolution process.
@@ -4118,9 +4106,9 @@
Conforming DID URL Dereferencing implementations do not alter the
signature of these functions in any way. DID URL Dereferencing
-implementations MAY map the dereference
function to a
+implementations might map the dereference
function to a
method-specific internal function to perform the actual DID URL
-Dereferencing process. DID URL Dereferencing implementations MAY
+Dereferencing process. DID URL Dereferencing implementations might
implement and expose additional functions with different signatures in addition
to the dereference
function specified here.
content-stream
. The DID
URL Dereferencing implementation SHOULD use this value to determine the
representation contained in the returned value if such a representation is
-supported and available. This property is OPTIONAL.
+supported and available.
content-stream
.
-This property is OPTIONAL if dereferencing is successful.
+The MIME type of the returned content-stream
SHOULD be expressed
+using this property if dereferencing is successful.