From 13a36799a32428016a8f2dcb83efe29fc86d77f8 Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Mon, 1 Sep 2025 15:02:12 -0400 Subject: [PATCH 01/13] Make https binding mandatory --- index.html | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/index.html b/index.html index 16e6f2c..c5d2e38 100644 --- a/index.html +++ b/index.html @@ -2055,6 +2055,13 @@

Bindings

This section defines bindings for the abstract algorithms in sections and .

+

+ All conformant DID resolvers MUST implement at least one implementation of a resolver + with https binding. Such implementations MUST use TLS. Use of DNS names + in certificates is not required; resolvers MAY use certificates issued for IP addresses + (e.g., Let's Encrypt-style IP certificates). Additional bindings MAY also be provided. +

+

HTTP(S) Binding

This section defines a DID resolver binding which exposes the From 5d65ed333cad1f87e27b66d59464711c1222b12d Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Mon, 1 Sep 2025 16:36:10 -0400 Subject: [PATCH 02/13] correct wording to did methods --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index c5d2e38..8040bdd 100644 --- a/index.html +++ b/index.html @@ -2056,7 +2056,7 @@

Bindings

.

- All conformant DID resolvers MUST implement at least one implementation of a resolver + All conformant DID methods MUST implement at least one implementation of a resolver with https binding. Such implementations MUST use TLS. Use of DNS names in certificates is not required; resolvers MAY use certificates issued for IP addresses (e.g., Let's Encrypt-style IP certificates). Additional bindings MAY also be provided. From 9f2c955f630fd81335ab6a706c6039cc39baa47b Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Thu, 11 Sep 2025 10:54:23 -0400 Subject: [PATCH 03/13] specify local vs. remote resolvers --- index.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index cfc5a61..20e4981 100644 --- a/index.html +++ b/index.html @@ -2197,10 +2197,11 @@

Bindings

.

- All conformant DID methods MUST implement at least one implementation of a resolver + All remote DID resolvers MUST have at least one implementation of a resolver with https binding. Such implementations MUST use TLS. Use of DNS names in certificates is not required; resolvers MAY use certificates issued for IP addresses (e.g., Let's Encrypt-style IP certificates). Additional bindings MAY also be provided. + Local DID resolvers such as libraries are not required to implement https binding.

From 027e402a3a8902ebca7a5b7eb336483ba1ec3d31 Mon Sep 17 00:00:00 2001 From: Otto Mora <16960403+ottomorac@users.noreply.github.com> Date: Fri, 12 Sep 2025 13:17:06 -0400 Subject: [PATCH 04/13] Update index.html Co-authored-by: Manu Sporny --- index.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 20e4981..dcd8b72 100644 --- a/index.html +++ b/index.html @@ -2197,11 +2197,11 @@

Bindings

.

- All remote DID resolvers MUST have at least one implementation of a resolver - with https binding. Such implementations MUST use TLS. Use of DNS names - in certificates is not required; resolvers MAY use certificates issued for IP addresses - (e.g., Let's Encrypt-style IP certificates). Additional bindings MAY also be provided. - Local DID resolvers such as libraries are not required to implement https binding. + All remote DID resolvers MUST implement the GET version of the + https binding and MAY implement the POST version. + All https bindings MUST use TLS. Use of DNS names + in certificates is NOT REQUIRED; resolvers MAY use TLS certificates issued for IP addresses + (e.g., Let's Encrypt-style IP certificates).

From 8ec3f33f4af1697b46bb69b4ab3f8ba9988c1183 Mon Sep 17 00:00:00 2001 From: Otto Mora <16960403+ottomorac@users.noreply.github.com> Date: Wed, 24 Sep 2025 10:32:16 -0400 Subject: [PATCH 05/13] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index dcd8b72..e7f8e20 100644 --- a/index.html +++ b/index.html @@ -2198,8 +2198,8 @@

Bindings

All remote DID resolvers MUST implement the GET version of the - https binding and MAY implement the POST version. - All https bindings MUST use TLS. Use of DNS names + HTTPS binding and MAY implement the POST version. + All HTTPS bindings MUST use TLS. Use of DNS names in certificates is NOT REQUIRED; resolvers MAY use TLS certificates issued for IP addresses (e.g., Let's Encrypt-style IP certificates).

From 55b361610b760db30bee99e633e356068945c5e6 Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Wed, 24 Sep 2025 12:03:15 -0400 Subject: [PATCH 06/13] Add local and remote resolver classes --- index.html | 14 +++++++++++++- terms.html | 4 ++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index be95671..22301d4 100644 --- a/index.html +++ b/index.html @@ -205,6 +205,18 @@

Introduction

algorithm realized as software and/or hardware that complies with the relevant normative statements in .

+

+ A remote DID resolver is a resolver implementation that is permitted (and expected, if necessary) + to perform network calls, remote registry lookups, or external protocol interactions associated with + its resolution and de-referencing functions. +

+

+ A local DID resolver is an implementation of a DID resolver and/or + DID URL dereferencer that never performs remote HTTP(s), DNS, blockchain, or other network‐based + lookups when executing the resolution or dereferencing functions. All operations are fulfilled by + local resources: e.g. embedded keys/methods, cached/packaged DID Documents, or local verifiable + registries or storage. +

@@ -2224,7 +2236,7 @@

Bindings

.

- All remote DID resolvers MUST implement the GET version of the + All remote DID resolvers MUST implement the GET version of the HTTPS binding and MAY implement the POST version. All HTTPS bindings MUST use TLS. Use of DNS names in certificates is NOT REQUIRED; resolvers MAY use TLS certificates issued for IP addresses diff --git a/terms.html b/terms.html index e931c0c..d0ab2b0 100644 --- a/terms.html +++ b/terms.html @@ -194,12 +194,12 @@

local binding
A binding where the client invokes a DID resolver that runs on the same network host, e.g., via a local command line tool or library API. - In this case, the DID resolver is sometimes also called a "local DID resolver". + In this case, the DID resolver is sometimes also called a local DID resolver. See Section .
remote binding
A binding where the client invokes a DID resolver that runs on a different network host, e.g., via the HTTP(S) binding. - In this case, the DID resolver is sometimes also called a "remote DID resolver". + In this case, the DID resolver is sometimes also called a remote DID resolver. See Section .
services
From b5ced4ebc8106b550f9b3e615ed35acf7e767cda Mon Sep 17 00:00:00 2001 From: Otto Mora <16960403+ottomorac@users.noreply.github.com> Date: Wed, 1 Oct 2025 20:38:34 -0400 Subject: [PATCH 07/13] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 22301d4..d5a9436 100644 --- a/index.html +++ b/index.html @@ -214,7 +214,7 @@

Introduction

A local DID resolver is an implementation of a DID resolver and/or DID URL dereferencer that never performs remote HTTP(s), DNS, blockchain, or other network‐based lookups when executing the resolution or dereferencing functions. All operations are fulfilled by - local resources: e.g. embedded keys/methods, cached/packaged DID Documents, or local verifiable + local resources, e.g., embedded keys/methods, cached/packaged DID Documents, or local verifiable registries or storage.

From 4fcabb7311ac1fe11684d70ca52bf5544071cd15 Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Wed, 8 Oct 2025 19:40:43 -0400 Subject: [PATCH 08/13] Add https did resolver --- index.html | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/index.html b/index.html index 3aacaf2..c8d2504 100644 --- a/index.html +++ b/index.html @@ -224,7 +224,7 @@

Implementer Overview

A conforming DID resolver is any algorithm realized as software and/or hardware that complies with the relevant normative - statements in . + statements in as well as implement local binding.

@@ -233,18 +233,9 @@

Implementer Overview

normative statements in .

- A remote DID resolver is a resolver implementation that is permitted (and expected, if necessary) - to perform network calls, remote registry lookups, or external protocol interactions associated with - its resolution and de-referencing functions. + A https DID resolver is a conforming DID resolver that also implements + HTTP(S) Binding.

-

- A local DID resolver is an implementation of a DID resolver and/or - DID URL dereferencer that never performs remote HTTP(s), DNS, blockchain, or other network‐based - lookups when executing the resolution or dereferencing functions. All operations are fulfilled by - local resources, e.g., embedded keys/methods, cached/packaged DID Documents, or local verifiable - registries or storage. -

-
@@ -2304,7 +2295,7 @@

Bindings

.

- All remote DID resolvers MUST implement the GET version of the + All HTTP(S) DID resolvers MUST implement the GET version of the HTTPS binding and MAY implement the POST version. All HTTPS bindings MUST use TLS. Use of DNS names in certificates is NOT REQUIRED; resolvers MAY use TLS certificates issued for IP addresses From 98520be16f0a096e20c5ebcabedd21d328a92a13 Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Thu, 9 Oct 2025 09:25:06 -0400 Subject: [PATCH 09/13] Add https did resolver --- terms.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/terms.html b/terms.html index d0ab2b0..5e946ce 100644 --- a/terms.html +++ b/terms.html @@ -194,12 +194,11 @@

local binding
A binding where the client invokes a DID resolver that runs on the same network host, e.g., via a local command line tool or library API. - In this case, the DID resolver is sometimes also called a local DID resolver. See Section .
remote binding
A binding where the client invokes a DID resolver that runs on a different network host, e.g., via the HTTP(S) binding. - In this case, the DID resolver is sometimes also called a remote DID resolver. + In this case, the DID resolver is sometimes also called a https DID resolver. See Section .
services
From 049536e3e12b11f322c728bf264f7833e9e41425 Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Thu, 9 Oct 2025 16:12:07 -0400 Subject: [PATCH 10/13] Simplify change to make https binding mandatory --- index.html | 11 +++-------- terms.html | 7 +++---- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/index.html b/index.html index c8d2504..9bc52de 100644 --- a/index.html +++ b/index.html @@ -224,7 +224,7 @@

Implementer Overview

A conforming DID resolver is any algorithm realized as software and/or hardware that complies with the relevant normative - statements in as well as implement local binding. + statements in .

@@ -232,10 +232,6 @@

Implementer Overview

algorithm realized as software and/or hardware that complies with the relevant normative statements in .

-

- A https DID resolver is a conforming DID resolver that also implements - HTTP(S) Binding. -

@@ -2295,11 +2291,10 @@

Bindings

.

- All HTTP(S) DID resolvers MUST implement the GET version of the + All conforming DID resolvers MUST implement the GET version of the HTTPS binding and MAY implement the POST version. All HTTPS bindings MUST use TLS. Use of DNS names - in certificates is NOT REQUIRED; resolvers MAY use TLS certificates issued for IP addresses - (e.g., Let's Encrypt-style IP certificates). + in certificates is NOT REQUIRED; resolvers MAY use TLS certificates issued for IP addresses.

diff --git a/terms.html b/terms.html index 5e946ce..4a6facc 100644 --- a/terms.html +++ b/terms.html @@ -43,7 +43,7 @@
DID delegate
- An entity to whom a DID controller has granted permission to use a + An entity to whom a DID controller has grante(e.g., Let's Encrypt-style IP certificates)d permission to use a verification method associated with a DID via a DID document. For example, a parent who controls a child's DID document might permit the child to use their personal device in order to @@ -197,9 +197,8 @@ See Section .
remote binding
-
A binding where the client invokes a DID resolver that runs on a different network host, e.g., via the HTTP(S) binding. - In this case, the DID resolver is sometimes also called a https DID resolver. - See Section .
+
A binding where the client invokes a DID resolver that runs on a different network host, e.g., + via the HTTP(S) binding. See Section .
services
From e81362a8397fef6af8e4924de7df83cb4724b7d2 Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Thu, 9 Oct 2025 16:14:51 -0400 Subject: [PATCH 11/13] Simplify change to make https binding mandatory --- terms.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terms.html b/terms.html index 4a6facc..039d8f3 100644 --- a/terms.html +++ b/terms.html @@ -43,7 +43,7 @@
DID delegate
- An entity to whom a DID controller has grante(e.g., Let's Encrypt-style IP certificates)d permission to use a + An entity to whom a DID controller has granted permission to use a verification method associated with a DID via a DID document. For example, a parent who controls a child's DID document might permit the child to use their personal device in order to From 1933fd4e339fe5a5e7bd274eb4e775a9f6ef1464 Mon Sep 17 00:00:00 2001 From: ottomorac <16960403+ottomorac@users.noreply.github.com> Date: Thu, 9 Oct 2025 16:19:33 -0400 Subject: [PATCH 12/13] Simplify change to make https binding mandatory --- terms.html | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/terms.html b/terms.html index 039d8f3..2a83172 100644 --- a/terms.html +++ b/terms.html @@ -194,11 +194,13 @@
local binding
A binding where the client invokes a DID resolver that runs on the same network host, e.g., via a local command line tool or library API. + In this case, the DID resolver is sometimes also called a "local DID resolver". See Section .
remote binding
-
A binding where the client invokes a DID resolver that runs on a different network host, e.g., - via the HTTP(S) binding. See Section .
+
A binding where the client invokes a DID resolver that runs on a different network host, e.g., via the HTTP(S) binding. + In this case, the DID resolver is sometimes also called a "remote DID resolver". + See Section .
services
@@ -270,4 +272,4 @@ defined by [[RFC3986]]. A DID is a type of URI scheme.
- + \ No newline at end of file From 9d256982709876747492e4dfb9ed1752fae397bf Mon Sep 17 00:00:00 2001 From: Otto Mora <16960403+ottomorac@users.noreply.github.com> Date: Wed, 15 Oct 2025 14:43:08 -0400 Subject: [PATCH 13/13] Update index.html Co-authored-by: Will Abramson --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 9bc52de..0267c89 100644 --- a/index.html +++ b/index.html @@ -224,7 +224,7 @@

Implementer Overview

A conforming DID resolver is any algorithm realized as software and/or hardware that complies with the relevant normative - statements in . + statements in .