index.html

<!DOCTYPE html>
<html>
<head>
  <title>
    Decentralized Identifiers (DIDs) v1.0
  </title>
  <meta content='text/html; charset=utf-8' http-equiv='Content-Type'><!--
    === NOTA BENE ===
    For the three scripts below, if your spec resides on dev.w3 you can check
    them out in the same tree and use relative links so that they'll work
    offline.
  -->

  <script class="remove"
    src="https://unpkg.com/browse/jquery/dist/jquery.min.js"></script>
  <script class="remove"
    src="https://www.w3.org/Tools/respec/respec-w3c"></script>
  <script class="remove"
    src="https://unpkg.com/reqlist/lib/reqlist.js"></script>
  <link class="removeOnSave" rel="stylesheet" type="text/css"
    href="https://unpkg.com/reqlist/lib/reqlist.css" />

  <script class='remove' src="./common.js"></script>
  <script class="remove" type="text/javascript">
  var respecConfig = {
    // the W3C WG and public mailing list
    group: "did",
    wgPublicList: "public-did-wg",

    // the specification's short name, as in http://www.w3.org/TR/short-name/
    shortName: "did-core",

    // specification status (e.g., WD, LCWD, NOTE, etc.). If in doubt use ED.
    specStatus: "WD",

    // Editor's Draft URL
    edDraftURI: "https://w3c.github.io/did-core/",

    // subtitle for the spec
    subtitle: "Core architecture, data model, and representations",

    // if you wish the publication date to be other than today, set this
    //publishDate:  "2019-11-07",

    // previously published draft, uncomment this and set its
    // YYYY-MM-DD date and its maturity status
    previousPublishDate:  "2020-11-08",
    previousMaturity:  "WD",

    // automatically allow term pluralization
    pluralize: true,

    // extend the bibliography entries
    localBiblio: ccg.localBiblio,
    xref: "web-platform",
    github: {
      repoURL: "https://github.com/w3c/did-core/",
      branch: "main"
    },
    includePermalinks: false,

    // Uncomment these to use the respec extension that generates a list of
    //   normative statements:
    // preProcess: [
    //   prepare_reqlist
    // ],
    postProcess: [
    //   add_reqlist_button,
      restrictRefs
    ],

    // list of specification editors
    editors: [{
        name: "Drummond Reed",
        url: "https://www.linkedin.com/in/drummondreed/",
        company: "Evernym",
        companyURL: "https://www.evernym.com/",
        w3cid: 3096
      },
      {
        name: "Manu Sporny",
        url: "http://manu.sporny.org/",
        company: "Digital Bazaar",
        companyURL: "https://digitalbazaar.com/",
        w3cid: 41758
      },
      {
        name: "Markus Sabadello",
        url: "https://www.linkedin.com/in/markus-sabadello-353a0821",
        company: "Danube Tech",
        companyURL: "https://danubetech.com/",
        w3cid: 46729
      }
    ],

    // list of specification authors
    authors: [{
        name: "Drummond Reed",
        url: "https://www.linkedin.com/in/drummondreed/",
        company: "Evernym",
        companyURL: "https://www.evernym.com/",
        w3cid: 3096
      },
      {
        name: "Manu Sporny",
        url: "http://manu.sporny.org/",
        company: "Digital Bazaar",
        companyURL: "https://digitalbazaar.com/",
        w3cid: 41758
      },
      {
        name: "Dave Longley",
        url: "https://github.com/dlongley",
        company: "Digital Bazaar",
        companyURL: "https://digitalbazaar.com/",
        w3cid: 48025
      },
      {
        name: "Christopher Allen",
        url: "https://www.linkedin.com/in/christophera",
        company: "Blockchain Commons",
        companyURL: "https://www.BlockchainCommons.com",
        w3cid: 85560
      },
      {
        name: "Ryan Grant",
        url: "",
        company: "",
        companyURL: ""
      },
      {
        name: "Markus Sabadello",
        url: "https://www.linkedin.com/in/markus-sabadello-353a0821",
        company: "Danube Tech",
        companyURL: "https://danubetech.com/",
        w3cid: 46729
      }
    ]
    };
  </script>
  <style>
  pre .highlight {
    font-weight: bold;
    color: green;
  }
  pre .comment {
    color: SteelBlue;
    -webkit-user-select: none;
    -moz-user-select: none;
    -ms-user-select: none;
    user-select: none;
  }
  code a[href] {
    color: inherit;
    border-bottom: none;
  }
  code a[href]:hover {
    border-bottom: 1px solid #c63501;
  }
  </style>
</head>
<body data-cite="infra rfc3986">
  <section id='abstract'>

    <p>
<a>Decentralized identifiers</a> (DIDs) are a new type of identifier that
enables verifiable, decentralized digital identity. A <a>DID</a> identifies any
subject (e.g., a person, organization, thing, data model, abstract entity, etc.)
that the controller of the <a>DID</a> decides that it identifies. In contrast to
typical, federated identifiers, DIDs have been designed so that they may be
decoupled from centralized registries, identity providers, and certificate
authorities. Specifically, while other parties might be used to help enable the
discovery of information related to a <a>DID</a>, the design enables the
controller of a <a>DID</a> to prove control over it without requiring permission
from any other party. <a>DIDs</a> are URIs that associate a <a>DID subject</a>
with a <a>DID document</a> allowing trustable interactions associated with that
subject.
    </p>
    <p>
Each <a>DID document</a> can express cryptographic material, verification
methods, or <a>service endpoints</a>, which provide a set of mechanisms enabling
a <a>DID controller</a> to prove control of the <a>DID</a>. <a>Service
endpoints</a> enable trusted interactions associated with the <a>DID
subject</a>. A <a>DID document</a> might contain the <a>DID subject</a> itself,
if the <a>DID subject</a> is an information resource such as a data model.
    </p>
    <p>
This document specifies a common data model, a URL format, and a set of
operations for <a>DIDs</a>, <a>DID documents</a>, and <a>DID methods</a>.
    </p>
  </section>

  <section id='sotd'>

    <p>
This specification is under active development and implementers are advised
against implementing the specification unless they are directly involved with
the W3C DID Working Group. There are use cases [[?DID-USE-CASES]] in active
development that establish requirements for this document.
    </p>

    <p>
At present, there exist
<a href="https://w3c-ccg.github.io/did-method-registry/#did-methods">80
experimental implementations</a> and a preliminary
<a href="https://github.com/w3c-ccg/did-test-suite/">test suite</a>
that will eventually determine whether or not implementations are conformant.
Readers are advised that Appendix <a href="#current-issues"></a> contains a
list of concerns and proposed changes that will most likely result in
alterations to this specification.
    </p>

    <p>
Comments regarding this document are welcome. Please file issues
directly on <a href="https://github.com/w3c/did-core/issues/">GitHub</a>,
or send them
to <a href="mailto:public-did-wg@w3.org">public-did-wg@w3.org</a> (
<a href="mailto:public-did-wg-request@w3.org?subject=subscribe">subscribe</a>,
<a href="https://lists.w3.org/Archives/Public/public-did-wg/">archives</a>).
    </p>

    <p>
Portions of the work on this specification have been funded by the United States
Department of Homeland Security's (US DHS) Science and Technology Directorate
under contracts HSHQDC-16-R00012-H-SB2016-1-002, and HSHQDC-17-C-00019, as well
as  the US DHS Silicon Valley Innovation Program under contracts
70RSAT20T00000010, 70RSAT20T00000029, 70RSAT20T00000030. The content of this specification does not
necessarily reflect the position or the policy of the U.S. Government and no
official endorsement should be inferred.
    </p>

    <p>
Portions of the work on this specification have also been funded by the European
Union's StandICT.eu program under sub-grantee contract number CALL05/19.
    </p>

    <p>
Work on this specification has also been supported by the Rebooting the Web of
Trust community facilitated by Christopher Allen, Shannon Appelcline, Kiara
Robles, Brian Weller, Betty Dhamers, Kaliya Young, Kim Hamilton Duffy, Manu
Sporny, Drummond Reed, Joe Andrieu, and Heather Vescent.
    </p>
  </section>

  <section class="informative">
    <h1>
Introduction
    </h1>
    <p>
As individuals and organizations, many of us use globally unique identifiers in
a wide variety of contexts. They serve as communications addresses (telephone
numbers, email addresses, usernames on social media), ID numbers (for passports,
drivers licenses, tax IDs, health insurance), and product identifiers (serial
numbers, barcodes, RFIDs). Resources on the Internet are identified by globally
unique identifiers in the form of <abbr title="Media Access Control">MAC</abbr>
addresses; URIs (Uniform Resource Identifiers) are used for resources on the Web
and each web page you view in a browser has a globally unique URL (Uniform
Resource Locator).
    </p>
    <p>
The vast majority of these globally unique identifiers are not under our
control. They are issued by external authorities that decide who or what they
identify and when they can be revoked. They are useful only in certain contexts
and recognized only by certain bodies (not of our choosing). They may disappear
or cease to be valid with the failure of an organization. They may unnecessarily
reveal personal information. And in many cases they can be fraudulently
replicated and asserted by a malicious third-party ("identity theft").
    </p>
    <p>
The Decentralized Identifiers (DIDs) defined in this specification are a new
type of globally unique identifier designed to enable individuals and
organizations to generate our own identifiers using systems we trust, and to
prove control of those identifiers (authenticate) using cryptographic proofs
(for example, digital signatures).
    </p>
    <p>
Because we control the generation and assertion of these identifiers, each of us
can have as many DIDs as we need to respect our desired separation of
identities, personas, and contexts (in the everyday sense of these words). We
can scope the use of these identifiers to the most appropriate contexts. We can
interact with other people, institutions or systems that require us to identify
ourselves (or things we control) while maintaining control over how much
personal or private data should be revealed, and without depending on a central
authority to guarantee the continued existence of the identifier.
    </p>
    <p>
This specification does not presuppose any particular technology or
cryptography to underpin the generation, persistence, resolution or
interpretation of DIDs. Rather, it defines: a) the generic syntax for all
DIDs, and b) the generic requirements for performing the four basic CRUD
operations (create, read, update, deactivate) on the information associated
with a DID (called the DID document).
    </p>
    <p>
This enables implementers to design specific types of DIDs to work with the
computing infrastructure they trust (e.g., distributed ledger, decentralized
file system, distributed database, peer-to-peer network). The specification
for a specific type of DID is called a DID method. Implementers of
applications or systems using DIDs can choose to support the DID methods most
appropriate for their particular use cases.
    </p>
    <p>
This specification is for:
    </p>
    <ul>
      <li>
Developers who want to enable users of their system to generate and assert their
own identifiers (producers of DIDs);
      </li>
      <li>
Developers who want to enable their systems to accept user-controlled
identifiers (consumers of DIDs);
      </li>
      <li>
Developers who wish to enable the use of DIDs with particular computing
infrastructure (DID method developers).
      </li>
    </ul>

    <p class="note" title="Diversity of DID systems">
DID methods can also be developed for identifiers registered in federated or
centralized identity management systems. Indeed, almost all types of identifier
systems can add support for DIDs. This creates an interoperability bridge
between the worlds of centralized, federated, and decentralized identifiers.
    </p>

    <section class="informative">
      <h2>
A Simple Example
      </h2>

      <p>
A <a>DID</a> is a simple text string consisting of three parts, the:
      </p>
        <ul>
          <li>
URI scheme identifier (<code>did</code>)
          </li>
          <li>
Identifier for the <a>DID method</a>
          </li>
          <li>
DID method-specific identifier.
          </li>
        </ul>

      <pre class="example nohighlight"
      title="A simple example of a decentralized identifier (DID)">
did:example:123456789abcdefghi
      </pre>

      <p>
The example <a>DID</a> above resolves to a <a>DID document</a>. A <a>DID
document</a> contains information associated with the <a>DID</a>, such as ways
to cryptographically <a>authenticate</a> the <a>DID controller</a>, as
well as <a>services</a> that can be used to interact with the <a>DID subject</a>.
      </p>

      <pre class="example nohighlight" title="Minimal self-managed DID document">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    <span class="comment">// used to authenticate as did:...fghi</span>
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }],
  "service": [{
    <span class="comment">// used to retrieve Verifiable Credentials associated with the DID</span>
    "id":"did:example:123456789abcdefghi#vcs",
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}
      </pre>
    </section>

    <section class="informative">
      <h2>
Design Goals
      </h2>

      <p>
<a>Decentralized Identifiers</a> are a component of larger systems, such as
the Verifiable Credentials ecosystem [[VC-DATA-MODEL]], which drove the design
goals for this specification. These design goals are summarized here.
      </p>

      <table class="simple">
        <thead>
          <tr>
            <th>
Goal
            </th>
            <th>
Description
            </th>
          </tr>
        </thead>

        <tbody>
          <tr>
            <td>
Decentralization
            </td>
            <td>
Eliminate the requirement for centralized authorities or single point
failure in identifier management, including the registration of globally unique
identifiers, public verification keys, <a>service endpoints</a>, and other
information.
            </td>
          </tr>

          <tr>
            <td>
Control
            </td>
            <td>
Give entities, both human and non-human, the power to directly control their
digital identifiers without the need to rely on external authorities.
            </td>
          </tr>

          <tr>
            <td>
Privacy
            </td>
            <td>
Enable entities to control the privacy of their information, including minimal,
selective, and progressive disclosure of attributes or other data.
            </td>
          </tr>

          <tr>
            <td>
Security
            </td>
            <td>
Enable sufficient security for requesting parties to depend on
<a>DID documents</a> sfor their required level of assurance.
            </td>
          </tr>

          <tr>
            <td>
Proof-based
            </td>
            <td>
Enable <a>DID controllers</a> to provide cryptographic proof when interacting
with other entities.
            </td>
          </tr>

          <tr>
            <td>
Discoverability
            </td>
            <td>
Make it possible for entities to discover <a>DIDs</a> for other entities, to
learn more about or interact with those entities.
            </td>
          </tr>

          <tr>
            <td>
Interoperability
            </td>
            <td>
Use interoperable standards so <a>DID</a> infrastructure can make use of
existing tools and software libraries designed for interoperability.
            </td>
          </tr>

          <tr>
            <td>
Portability
            </td>
            <td>
Be system- and network-independent and enable entities to use their digital
identifiers with any system that supports <a>DIDs</a> and <a>DID methods</a>.
            </td>
          </tr>

          <tr>
            <td>
Simplicity
            </td>
            <td>
Favor a reduced set of simple features to make the technology easier to
understand, implement, and deploy.
            </td>
          </tr>

          <tr>
            <td>
Extensibility
            </td>
            <td>
Where possible, enable extensibility provided it does not greatly hinder
interoperability, portability, or simplicity.
            </td>
          </tr>
        </tbody>
      </table>
    </section>

    <section>
      <h2>
Architecture Overview
      </h2>

      <p>
This section provides a basic understanding of the major elements of DID
architecture. Formal definitions of terms are provided in
<a href="#terminology"></a>.
      </p>

      <figure id="architecture">
          <img style="margin: auto; display: block; width: 75%;"
            src="diagrams/did_architecture_overview.svg" alt="
Diagram showing that DIDs are recorded on a Verifiable Data Registry; DIDs
resolve to DID documents; DIDs identify DID subjects; a DID controller can
modify a DID document; a DID method generates a DID; a DID method instructs a
DID resolver.
          " >
          <figcaption>
The basic components of DID architecture.
          </figcaption>
      </figure>

      <dl>
        <dt>
DIDs and DID URLs
        </dt>
        <dd>
A <a>DID</a>, or Decentralized Identifier, is a URI composed of three parts: the
scheme "did:", a method identifier, and a unique, method-specific identifier
generated by the <a>DID method</a>. DIDs are resolvable to <a>DID documents</a>.
A <a>DID URL</a> extends the syntax of a basic DID to incorporate other standard
URI components (path, query, fragment) in order to locate a particular
resource&mdash;for example, a public key inside a <a>DID document</a>, or a
resource available external to the <a>DID document</a>.
        </dd>

        <dt>
DID Subjects
        </dt>
        <dd>
The subject of a <a>DID</a> is, by definition, the entity identified by the
<a>DID</a>. The <a>DID subject</a> may also be the <a>DID controller</a>.
Anything can be the subject of a DID: person, group, organization, physical
thing, logical thing, etc.
        </dd>

        <dt>
DID Controllers
        </dt>
        <dd>
The <a>controller</a> of a <a>DID</a> is the entity (person, organization, or
autonomous software) that has the capability&mdash;as defined by a <a>DID
method</a>&mdash;to make changes to a <a>DID document</a>. This capability is
typically asserted by the control of a set of cryptographic keys used by
software acting on behalf of the controller, though it may also be asserted via
other mechanisms. Note that a DID may have more than one controller, and the
<a>DID subject</a> can be the DID controller, or one of them.
        </dd>

        <dt>
Verifiable Data Registries
        </dt>
        <dd>
In order to be resolvable to <a>DID documents</a>, <a>DIDs</a> are typically
recorded on an underlying system or network of some kind. Regardless of the
specific technology used, any such system that supports recording DIDs and
returning data necessary to produce <a>DID documents</a> is called a
<a>verifiable data registry</a>. Examples include distributed ledgers,
decentralized file systems, databases of any kind, peer-to-peer networks, and
other forms of trusted data storage.
        </dd>

        <dt>
DID documents
        </dt>
        <dd>
<a>DID documents</a> contain information associated with a <a>DID</a>. They
typically express verification methods (such as public keys) and <a>services</a>
relevant to interactions with the DID subject. A DID document can be serialized
according to a particular syntax (see <a href="#representations"></a>). The
generic properties supported in a DID document are specified in <a
href="#core-properties"></a>. The <a>DID</a> itself is the value of the `id`
property. The properties present in a DID document may be updated according to
the applicable operations outlined in <a href="#methods"></a>.
        </dd>

        <dt>
DID Methods
        </dt>
        <dd>
<a>DID methods</a> are the mechanism by which a particular type of <a>DID</a>
and its associated <a>DID document</a> are created, resolved, updated, and
deactivated using a particular <a>verifiable data registry</a>. <a>DID
methods</a> are defined using separate DID method specifications (see
<a href="#methods"></a>).

          <p class="note">
Conceptually, the relationship between this specification and a <a>DID
method</a> specification is similar to the relationship between the IETF generic
<a>URI</a> specification ([[RFC3986]]) and a specific <a>URI</a> scheme
([[IANA-URI-SCHEMES]] (such as the http: and https: schemes specified in
[[RFC7230]]). It is also similar to the relationship between the IETF generic
URN specification ([[RFC8141]]) and a specific URN namespace definition (such
as the <a>UUID</a> URN namespace defined in [[RFC4122]]). The difference is that
a DID method specification, as well as defining a specific DID scheme, also
specifies the methods creating, resolving, updating, and deactivating
<a>DIDs</a> and <a>DID documents</a> using a specific type of <a>verifiable data
registry</a>.
          </p>
        </dd>

        <dt>
DID resolvers and DID resolution
        </dt>
        <dd>
A <a>DID resolver</a> is a software and/or hardware component that takes a
<a>DID</a> (and associated input metadata) as input and produces a conforming
<a>DID document</a> (and associated metadata) as output. This process is called
<a>DID resolution</a>. The inputs and outputs of the DID resolution process are
defined in <a href="#resolution"></a>. The specific steps for resolving a
specific type of DID are defined by the relevant <a>DID method</a>
specification. Additional considerations for implementing a DID resolver are
discussed in [[DID-RESOLUTION]].
        </dd>
        <dt>
DID URL dereferencers and DID URL dereferencing
        </dt>
        <dd>
A <a>DID URL</a> dereferencer is a software and/or hardware component that takes
a DID URL (and associated input metadata) as input and produces a resource (and
associated metadata) as output. This process is called DID URL dereferencing.
The inputs and outputs of the DID URL dereferencing process are defined in <a
href="#did-url-dereferencing"></a>. Additional considerations for implementing a
DID URL dereferencer are discussed in [[DID-RESOLUTION]].
        </dd>
      </dl>

    </section>

    <section id="conformance">

      <p>
This document contains examples that contain JSON, CBOR, and JSON-LD content.
Some of these examples contain characters that are invalid, such as inline
comments (<code>//</code>) and the use of ellipsis (<code>...</code>) to denote
information that adds little value to the example. Implementers are cautioned to
remove this content if they desire to use the information as valid JSON, CBOR,
or JSON-LD.
      </p>

      <p>
Interoperability of implementations for DIDs and DID documents will be tested by
evaluating an implementation's ability to create and parse <a>DIDs</a> and
<a>DID documents</a> that conform to the specification. Interoperability for
producers and consumers of <a>DIDs</a> and <a>DID documents</a> is provided by
ensuring the <a>DIDs</a> and <a>DID documents</a> conform. Interoperability for
<a>DID method</a> specifications is provided by the details in each DID method
specification. It is understood that, in the same way that a web browser is not
required to implement all known URI schemes, conformant software that works with
DIDs is not required to implement all known DID methods (however, all
implementations of a given DID method must be interoperable for that method).
      </p>

     <p>
A <dfn>conforming DID</dfn> is any concrete expression of the rules specified
in Section <a href="#identifier"></a> which complies with relevant normative
statements in that section.
     </p>

      <p>
A <dfn>conforming DID document</dfn> is any concrete expression of the data
model described in this specification which complies with the relevant
normative statements in Sections <a href="#data-model"></a> and <a
href="#core-properties"></a>. A serialization format for the conforming
document is deterministic, bi-directional, and lossless as described in
Section <a href="#representations"></a>.
      </p>

      <p>
A <dfn>conforming DID method</dfn> is any specification that complies with the
relevant normative statements in Section <a href="#methods"></a>.
      </p>

      <p>
A <dfn>conforming producer</dfn> is any algorithm realized as software and/or
hardware and conforms to this specification if it generates <a>conforming
DIDs</a> or <a>conforming DID Documents</a>. A conforming producer MUST
NOT produce non-conforming <a>DIDs</a> or <a>DID documents</a>.
      </p>

      <p>
A <dfn>conforming consumer</dfn> is any algorithm realized as software and/or
hardware and conforms to this specification if it consumes <a>conforming
DIDs</a> or <a>conforming DID documents</a>. A conforming consumer MUST
produce errors when consuming non-conforming <a>DIDs</a> or <a>DID documents</a>.
      </p>

    </section>

  </section>

  <section class="informative">
    <h2>
Terminology
    </h2>

    <div data-include="terms.html">
    </div>

    <p>
In addition to the terminology above, this specification also uses terminology
from the [[INFRA]] specification to formally define the <a
href="#data-model">data model</a>. When [[INFRA]] terminology is used, such as
<a data-cite="INFRA#strings">string</a>, <a
data-cite="INFRA#ordered-set">ordered set</a>, and <a
data-cite="INFRA#maps">map</a>, it is linked directly to that specification.
    </p>

  </section>

  <section>
    <h2>Identifier</h2>
    <p>
This section describes the formal syntax for DIDs and DID URLs. The term
"generic" is used to differentiate the syntax defined here from syntax defined
by <em>specific</em> <a>DID methods</a> in their respective specifications.
    </p>

    <section class="normative">
      <h3>DID Syntax</h3>

      <p>
The generic <a>DID scheme</a> is a URI scheme conformant with [[!RFC3986]].
      </p>

      <p>
The <a>DID scheme</a> name MUST be an
<a data-lt="ascii lowercase">ASCII lowercase string</a>.
      </p>
      <p>
The <a>DID method</a> name MUST be a string which consists of
<a data-lt="ascii lower alpha">ASCII lowercase characters</a> and
<a data-lt="ascii digit">ASCII digits</a>.
      </p>

      <p>
The following is the ABNF definition using the syntax in [[!RFC5234]], which
defines <code>ALPHA</code> and <code>DIGIT</code>. All other rule names not
defined in this ABNF are defined in [[RFC3986]].
      </p>

      <pre class="nohighlight">
did                = "did:" method-name ":" method-specific-id
method-name        = 1*method-char
method-char        = %x61-7A / DIGIT
method-specific-id = *( *idchar ":" ) 1*idchar
idchar             = ALPHA / DIGIT / "." / "-" / "_"
      </pre>

      <p class="issue atrisk" data-number="34">
This ABNF does not currently permit an empty <code>method-specific-id</code>
string. Some DID methods have expressed an interest in providing
resolution of an DID with an empty <code>method-specific-id</code> string,
for example to enable discovery of a DID document describing a
<a>verifiable data registry</a> by resolving the DID method name alone.
The Working Group is requesting feedback during the Candidate Recommendation
stage on whether or not an empty <code>method-specific-id</code> string is
of interest to implementers. This feature may change as a result of that feedback.
      </p>

      <p>
For requirements on <a>DID methods</a> relating to the <a>DID</a> syntax, see
Section <a href="#method-schemes"></a>.
      </p>

      <div class="note" title="Persistence">
        <p>
  A <a>DID</a> is expected to be persistent and immutable. That is, a <a>DID</a>
  is bound exclusively and permanently to its one and only subject. Even after a
  <a>DID</a> is deactivated, it is intended that it never be repurposed.
        </p>
        <p>
Ideally, a <a>DID</a> would be a completely abstract decentralized identifier
(like a <a>UUID</a>) that could be bound to multiple underlying <a>verifiable
data registries</a> over time, thus maintaining its persistence independent of
any particular system. However, registering the same identifier on multiple
<a>verifiable data registries</a> makes it extremely difficult to identify the
authoritative version of a <a>DID document</a> if the contents diverge
between the different <a>verifiable data registries</a>. It also greatly
increases implementation complexity for developers.
        </p>
        <p>
To avoid these issues, developers should refer to the Decentralized
Characteristics Rubric [[?DID-RUBRIC]] to decide which <a>DID method</a> best
addresses the needs of the use case.
        </p>
      </div>

    </section>

    <section class="normative">
      <h3>DID URL Syntax</h3>

      <p>
A <a>DID URL</a> always identifies a <a>resource</a> to be located. It can be
used, for example, to identify a specific part of a <a>DID document</a>.
      </p>

      <p>
This following is the ABNF definition using the syntax in [[!RFC5234]]. It
builds on the <code>did</code> scheme defined in <a href="#did-syntax"></a>. The
<a data-cite="!rfc3986#section-3.3"><code>path-abempty</code></a>,
<a data-cite="!rfc3986#section-3.4"><code>query</code></a>, and
<a data-cite="!rfc3986#section-3.5"><code>fragment</code></a>
components are identical to the ABNF rules defined in [[!RFC3986]].
      </p>

      <pre class="nohighlight">
did-url = did path-abempty [ "?" query ] [ "#" fragment ]
      </pre>

      <p class="note">
This specification reserves the semicolon (<code>;</code>) character for
possible future use as a sub-delimiter for parameters as described in
[[?MATRIX-URIS]].
      </p>

      <section>
        <h2>DID Parameters</h2>

        <p>
The <a>DID URL</a> syntax supports a simple format for parameters
based on the <code>query</code> component (See <a href="#query"></a>). Adding
a DID parameter to a <a>DID URL</a> means that the parameter becomes part of
the identifier for a <a>resource</a>.
        </p>
        <p>
Some DID parameters are completely independent of of any specific <a>DID
method</a>, and function the same way for all <a>DIDs</a>. Other DID
parameters are not necessarily supported by all <a>DID methods</a>. Where
optional parameters are supported, they are expected to operate uniformly
across the <a>DID methods</a> that do support them. Requirements which enable
this are detailed in the following table.
        </p>

        <table class="simple">
          <thead>
            <tr>
              <th>
Parameter&nbsp;Name
              </th>
              <th>
Description
              </th>
            </tr>
          </thead>

          <tbody>
            <tr>
              <td>
<code>relative-ref</code>
              </td>
              <td>
A relative URI reference according to <a
data-cite="RFC3986#section-4.2">RFC3986 Section 4.2</a>
that identifies a resource at a <a>service endpoint</a>, which is selected from
a <a>DID document</a> by using the <code>service</code> parameter. Support for
this parameter is REQUIRED. The associated value MUST be an <a data-lt="ascii
string">ASCII string</a> and MUST use percent-encoding for certain characters
as specified in <a data-cite="RFC3986#section-2.1">RFC3986 Section 2.1</a>.
              </td>
            </tr>
            <tr>
              <td>
<code><a>service</a></code>
              </td>
              <td>
Identifies a service from the <a>DID document</a> by service ID. Support for
this parameter is REQUIRED. The associated value MUST be an <a data-lt="ascii
string">ASCII string</a>.
              </td>
            </tr>
            <tr>
              <td>
<code>version-id</code>
              </td>
              <td>
Identifies a specific version of a <a>DID document</a> to be resolved (the
version ID could be sequential, or a <a>UUID</a>, or method-specific). Support
for this parameter is OPTIONAL. If present, the associated value MUST be an <a
data-lt="ascii string">ASCII string</a>.
              </td>
            </tr>
            <tr>
              <td>
<code>version-time</code>
              </td>
              <td>
Identifies a certain version timestamp of a <a>DID document</a> to be resolved.
That is, the <a>DID document</a> that was valid for a <a>DID</a> at a certain
time. Support for this parameter is OPTIONAL. If present, the associated value
MUST be an <a data-lt="ascii string">ASCII string</a> which is a valid XML
datetime value, as defined in section 3.3.7 of <a
href="https://www.w3.org/TR/xmlschema11-2/">W3C XML Schema Definition Language
(XSD) 1.1 Part 2: Datatypes</a> [[XMLSCHEMA11-2]]. This datetime value MUST be
normalized to UTC 00:00, as indicated by the trailing "Z".
              </td>
            </tr>
            <tr>
              <td>
<code>hl</code>
              </td>
              <td>
A resource hash of the <a>DID document</a> to add integrity protection, as
specified in [[?HASHLINK]]. This parameter is non-normative. Support for this
parameter is OPTIONAL. If present, the associated value MUST be an
<a data-lt="ascii string">ASCII string</a>.
              </td>
            </tr>
            <tr>
              <td>
<code>resource</code>
              </td>
              <td>
Indicates that the resource to be dereferenced is the <a>DID Subject</a>, rather
than the <a>DID Document</a>. This parameter is used to retrieve an information
resource identified by a <a>DID</a>. Support for this parameter is OPTIONAL.
If present, the associated value MUST be the
<a data-lt="ascii string">ASCII string</a> <code>true</code>.
              </td>
            </tr>
          </tbody>
        </table>

        <p>
Implementers as well as <a>DID method</a> specification authors might use
additional DID parameters that are not listed here. For maximum
interoperability, it is RECOMMENDED that DID parameters use the official W3C
DID Specification Registries mechanism [[?DID-SPEC-REGISTRIES]], to avoid
collision with other uses of the same DID parameter with different semantics.
        </p>

        <p>
DID parameters might be used if there is a clear use case where the parameter
needs to be part of a URI that can be used as a link, or as a <a>resource</a>
in RDF / JSON-LD documents.
        </p>

        <p>
It is expected that DID parameters will <em>not</em> be used if the same
functionality can be expressed by passing input metadata to a DID resolver.
        </p>

        <p>
Additional considerations for processing these parameters are discussed in
[[?DID-RESOLUTION]].
        </p>

        <p>
Some example <a>DID URLs</a> using DID parameters are shown below.
        </p>

        <pre class="example nohighlight"
          title="A DID URL with a 'service' DID parameter">
did:foo:21tDAKCERh95uGgKbJNHYp?service=agent
        </pre>

        <pre class="example nohighlight"
          title="A DID URL with a 'version-time' DID parameter">
did:foo:21tDAKCERh95uGgKbJNHYp?version-time=2002-10-10T17:00:00Z
        </pre>

        <pre class="example nohighlight" title="A DID URL with a 'resource' DID parameter">
did:foo:21tDAKCERh95uGgKbJNHYp?resource=true
        </pre>

        <p class="note" title="DID parameters and DID resolution">
The <a>DID resolution</a> and the <a>DID URL dereferencing</a> functions can
be influenced by passing input metadata to a <a>DID resolver</a> that are
not part of the DID URL. (See <a
href="#did-resolution-input-metadata-properties"></a>). This is comparable to
HTTP, where certain parameters could either be included in an HTTP URL, or
alternatively passed as HTTP headers during the dereferencing process. The
important distinction is that DID parameters that are part of the <a>DID
URL</a> should be used to specify <em>what <a>resource</a> is being
identified</em>, whereas input metadata that is not part of the <a>DID URL</a>
should be use to control <em>how that <a>resource</a> is resolved or
dereferenced</em>.
        </p>

      </section>

      <section>
        <h2>Path</h2>

        <p>
A <a>DID path</a> is identical to a generic URI path and MUST conform to the
<a data-cite="!rfc3986#section-3.3"><code>path-abempty</code></a> ABNF rule in
[[!RFC3986]].
        </p>

        <p>
A <a>DID method</a> specification MAY specify ABNF rules for <a>DID paths</a>
that are more restrictive than the generic rules in this section.
        </p>

        <pre class="example nohighlight">
did:example:123456/path
        </pre>
      </section>

      <section>
        <h2>Query</h2>

        <p>
A <a>DID query</a> is derived from a generic URI query and MUST conform to the
<code>did-query</code> ABNF rule in Section <a href="#did-url-syntax">
</a>. If a <a>DID query</a> is present, it MUST be used
as described in Section <a href="#did-parameters"></a>.
        </p>

        <p>
A <a>DID method</a> specification MAY specify ABNF rules for <a>DID queries</a>
that are more restrictive than the generic rules in this section.
        </p>

        <pre class="example nohighlight">
did:example:123456?query=true
        </pre>
      </section>

      <section>
        <h2>Fragment</h2>

        <p>
A <a>DID fragment</a> is used as method-independent reference into a <a>DID
document</a> or external resource.
        </p>

        <p>
<a>DID fragment</a> syntax and semantics are identical to a generic URI
fragment and MUST conform to <a data-cite="RFC3986#section-3.5">RFC&nbsp;3986,
section 3.5</a>.
        </p>
        <p>
For information about how to dereference a <a>DID fragment</a>, see
<a href="#did-url-dereferencing"></a>.
        </p>

        <p>
A <a>DID method</a> specification MAY specify ABNF rules for <a>DID
fragments</a> that are more restrictive than the generic rules in this section.
        </p>

        <p>
In order to maximize interoperability, implementers are urged to ensure that
<a>DID fragments</a> are interpreted in the same way across representations (as
described in <a href="#representations"></a>). For example, while
JSON Pointer [[?RFC6901]] can be used in a <a>DID fragment</a>, it will not
be interpreted in the same way across representations.
        </p>

        <p>For example:</p>
        <ul>
          <li>A unique <a>verification method</a> in a <a>DID Document</a>
            <pre class="example nohighlight">did:example:123#public-key-0</pre>
          </li>

          <li>A unique <a>service endpoint</a> in a <a>DID Document</a>
            <pre class="example nohighlight">did:example:123#agent</pre>
          </li>

          <li>A resource external to a <a>DID Document</a>
            <pre class="example nohighlight">did:example:123?service=agent&relativeRef=/credentials#degree</pre>
          </li>
        </ul>

        <p>
Additional semantics for fragment identifiers, which are compatible with and
layered upon the semantics in this section, are described for JSON-LD
representations in Section <a href="#application-did-ld-json"></a>.
        </p>

      </section>

      <section>
        <h2>Relative DID URLs</h2>

        <p>
A relative DID URL is any URL value in a <a>DID document</a> that does not start
with <code>did:&lt;method-name>:&lt;method-specific-id></code>. More
specifically, it is any URL value that does not start with the ABNF defined  in
Section <a href="#did-syntax"></a>. The contents of the URL typically
refers to a <a>resource</a> in the same <a>DID document</a>. Relative DID URLs
MAY contain relative path components, query parameters, and fragment
identifiers.
        </p>

        <p>
When resolving a relative DID URL reference, the algorithm specified in <a
data-cite="RFC3986#section-5">RFC3986 Section 5: Reference Resolution</a> MUST
be used. The <strong>base URI</strong> value is the <a>DID</a> that is
associated with the <a>DID subject</a>, see Section <a href="#did-subject"></a>.
The <strong>scheme</strong> is <code>did</code>. The <strong>authority</strong>
is a combination of <code>&lt;method-name>:&lt;method-specific-id></code>, and
the <strong>path</strong>, <strong>query</strong>, and <strong>fragment</strong>
values are those defined in Section <a href="#path"></a>, Section <a
href="#query"></a>, and Section <a href="#fragment"></a>, respectively.
        </p>

        <p>
Relative DID URLs are often used to identify <a>verification methods</a> and
<a>services</a> in a DID Document without having to use absolute URLs, which
tend to be more verbose than necessary.
        </p>

        <pre class="example nohighlight"
          title="An example of a relative DID URL">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "verificationMethod": [{
    "id": "did:example:123456789abcdefghi#key-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }, ...],
  "authentication": [
<span class="comment">    // a relative DID URL used to reference a verification method above</span>
    "<span class="highlight">#key-1</span>"
  ]
}
        </pre>

        <p>
In the example above, the relative DID URL value will be transformed to an
absolute DID URL value of <code>did:example:123456789abcdefghi#key-1</code>.
        </p>
      </section>

    </section>

  </section>

  <section>
    <h1>Data Model</h1>
    <p>
This specification defines a data model for <a>DID documents</a> that
is capable of being serialized into multiple concrete representations. This
section provides a high-level description of the data model, how different types
of properties are expressed in the data model, and instructions for extending
the data model.
    </p>
    <p>
A <a>DID document</a> consists of a <a data-cite="INFRA#maps">map</a> of <a
data-cite="INFRA#map-entry">properties</a>, where each property consists of
a property name/property value pair. The data model contains at least two
different classes of properties. The first class of properties are called
core properties, and are specified in section <a href="#core-properties"></a>.
The second class of properties are called representation properties, and
are specified in section <a href="#representations"></a>.
    </p>
    <p>
All property names in the data model are <a
data-cite="INFRA#strings">strings</a>. All property values are expressed
using one of the abstract data types in the table below while each
representation specifies the concrete serialization format of each data type.
    </p>

    <table class="simple" id="data-types">
      <thead>
        <tr>
          <th>
Data&nbsp;Type
          </th>
          <th>
Considerations
          </th>
        </tr>
      </thead>

      <tbody>
        <tr>
          <td>
<a data-cite="INFRA#maps">ordered&nbsp;map</a>
          </td>
          <td>
A finite ordered sequence of key/value pairs, with no key appearing twice as
specified in [[INFRA]].
          </td>
        </tr>
        <tr>
          <td>
<a data-cite="INFRA#list">list</a>
          </td>
          <td>
A finite ordered sequence of items as specified in [[INFRA]].
          </td>
        </tr>
        <tr>
          <td>
<a data-cite="INFRA#ordered-set">ordered&nbsp;set</a>
          </td>
          <td>
A finite ordered sequence of items that does not contain the same item twice
as specified in [[INFRA]].
          </td>
        </tr>
        <tr>
          <td>
<dfn>datetime</dfn>
          </td>
          <td>
A date and time value that is capable of losslessly expressing all values
expressible by a `dateTime` as specified in
[<a data-cite="XMLSCHEMA11-2#dateTime">XMLSCHEMA11-2</a>].
          </td>
        </tr>
        <tr>
          <td>
<a data-cite="INFRA#string">string</a>
          </td>
          <td>
A sequence of code units often used to represent human readable language
as specified in [[INFRA]].
          </td>
        </tr>
        <tr>
          <td>
<dfn>integer</dfn>
          </td>
          <td>
A real number without a fractional component as specified in
[<a data-cite="XMLSCHEMA11-2#decimal">XMLSCHEMA11-2</a>]. To maximize
interoperability, implementers are urged to heed the advice regarding
integers in <a data-cite="rfc7159#section-6">RFC7159, Section 6: Numbers</a>.
          </td>
        </tr>
        <tr>
          <td>
<dfn>double</dfn>
          </td>
          <td>
A value that is often used to approximate arbitrary real numbers as specified
in [<a data-cite="XMLSCHEMA11-2#double">XMLSCHEMA11-2</a>]. To maximize
interoperability, implementers are urged to heed the advice regarding
doubles in <a data-cite="rfc7159#section-6">RFC7159, Section 6: Numbers</a>.
          </td>
        </tr>
        <tr>
          <td>
<a data-cite="INFRA#boolean">boolean</a>
          </td>
          <td>
A value that is either true or false as defined in [[INFRA]].
          </td>
        </tr>
        <tr>
          <td>
<a data-cite="INFRA#null">null</a>
          </td>
          <td>
A value that is used to indicate the lack of a value as defined in [[INFRA]].
          </td>
        </tr>
      </tbody>
    </table>

    <section>
      <h2>Extensibility</h2>
      <p>
The data model supports two types of extensibility.
      </p>
      <ol>
        <li>
For maximum interoperability, it is RECOMMENDED that extensions use the official
W3C DID Specification Registries mechanism [[?DID-SPEC-REGISTRIES]]. The use of
this mechanism for new properties or other extensions is the only specified
method that ensures that two different representations will be able to work
together.
        </li>
      <li>
Representations MAY define other extensibility mechanisms, including ones that
do not require the use of the DID Specification Registries. Such extension
mechanisms SHOULD support lossless conversion into any other conformant
representation. Extension mechanisms for a representation SHOULD define a
mapping of all properties and representation syntax into the <a
href="#data-model">data model</a> and its type system.
      </li>
      </ol>
      <p class="note">
It is always possible for two specific implementations to agree out-of-band to
use a mutually understood extension or representation that is not recorded in
the DID Core Registries [[?DID-SPEC-REGISTRIES]]; interoperability between such
implementations and the larger ecosystem will be less reliable.
      </p>
    </section>

  </section>

  <section>
    <h1>Core Properties</h1>

    <p>
A <a>DID</a> points to a <a>DID document</a>. <a>DID documents</a> are the
serialization of the <a href="#data-model">data model</a>.
The following sections define the properties in a <a>DID document</a>,
including whether these properties are required or optional. These properties
describe relationships between the <a>DID subject</a> and the value of the
property.
    </p>

    <p>
For reference, the core properties found in the <a>DID document</a> (the
topmost <a data-cite="INFRA#ordered-map">map</a> in the  <a
href="#data-model">data model</a>) are as follows. Properties belonging to other
<a data-cite="INFRA#ordered-map">maps</a> referenced in the <a>DID document</a>
are also listed, with their respective property.
    </p>
    <ul id="core-properties-summary">
      <li>
<code><a>id</a></code>: defined in <a href="#identifier-0"></a>
      </li>
      <li>
<code><a>alsoKnownAs</a></code>: defined in <a href="#also-known-as"></a>
      </li>
      <li>
<code><a>controller</a></code>: defined in <a href="#did-controller"></a>
      </li>
      <li>
<code><a>verificationMethod</a></code>: defined in
<a href="#verification-methods"></a>. Nested properties include <code>id</code>,
<code>type</code>, <code>controller</code>.
      </li>
      <li>
<code><a>authentication</a></code>: defined in <a href="#authentication"></a>.
      </li>
      <li>
<code><a>assertionMethod</a></code>: defined in <a href="#assertion"></a>.
      </li>
      <li>
<code><a>keyAgreement</a></code>: defined in <a href="#key-agreement"></a>.
      </li>
      <li>
<code><a>capabilityInvocation</a></code>: defined in
<a href="#capability-invocation"></a>.
      </li>
      <li>
<code><a>capabilityDelegation</a></code>: defined in
<a href="#capability-delegation"></a>.
      </li>
      <li>
<code><a>service</a></code>: defined in <a href="#service-endpoints"></a>.
Nested properties include <code>id</code>, <code>type</code> and
<code><a>serviceEndpoint</a></code>.
      </li>
    </ul>

    <p class="note" title="Ordering of values">
As a result of the <a href="#data-model">data model</a> being defined using
terminology from [[INFRA]], property values which can contain more than one
item, such as <a
data-cite="INFRA#ordered-set">sets</a>, are explicitly ordered. For the purposes
of this specification, unless otherwise stated, ordering is not important and
implementations are not expected to produce or consume deterministically ordered
values.
    </p>

    <section>
      <h2>DID Subject</h2>

      <p>
The <a>DID subject</a> is the entity that the <a>DID document</a> is about.
That is, it is the entity identified by the <a>DID</a> and described by the
<a>DID document</a>.
      </p>

      <section>
        <h3>
Identifier
        </h3>
        <p>
The <a>DID</a> for a particular <a>DID subject</a> is denoted with the
<code><a>id</a></code> property in the <a>DID document</a>.
        </p>

        <p>
<a>DID documents</a> MUST include the <code><a>id</a></code> property in the
the topmost <a data-cite="INFRA#ordered-map">map</a> in the
<a href="#data-model">data model</a>.
        </p>

        <dl>
          <dt><dfn>id</dfn></dt>
          <dd>
The value of <code>id</code> MUST be a <a
data-cite="INFRA#string">string</a> that conforms to the rules in Section <a
href="#did-syntax"></a>.
          </dd>
        </dl>

        <pre class="example nohighlight">
{
  "id": "did:example:21tDAKCERh95uGgKbJNHYp"
}
        </pre>

        <p class="note" title="Intermediate representations">
<a>DID method</a> specifications can create intermediate representations of a
<a>DID document</a> that do not contain the <code><a>id</a></code> property,
such as when a <a>DID resolver</a> is performing <a>DID resolution</a>.
However, the fully resolved <a>DID document</a> always contains a valid
<code><a>id</a></code> property. The value of <code><a>id</a></code> in the
resolved <a>DID document</a> MUST match the <a>DID</a> that was
resolved.
      </p>

        <p class="note" title="Nested objects with the id property">
A <a>DID document</a> can contain objects which have their own unique
identifier; see, for example, <a href="#verification-methods"></a>. Such other
objects also use the <code>id</code> property to denote the identifier of
the object in question. The <code>id</code> property only denotes the
<a>DID</a> of the <a>DID subject</a> when it is present at the <em>top
level</em> of a <a>DID document</a>.
        </p>

      </section>

      <section>
        <h3>Also Known As</h3>

        <p>
A <a>DID subject</a> can have multiple identifiers for different purposes, or
at different times. The assertion that two or more <a>DIDs</a> (or other types
of <a>URI</a>) identify the same <a>DID subject</a> can be made using the
<code><a>alsoKnownAs</a></code> property.
        </p>

        <p>
<a>DID documents</a> MAY include the <code><a>alsoKnownAs</a></code> property.
        </p>

        <dl>
          <dt><dfn>alsoKnownAs</dfn></dt>
          <dd>
The value of <code>alsoKnownAs</code> MUST be an
<a data-cite="INFRA#ordered-set">ordered set</a> where each item in the set is a
<a>URI</a> conforming to [[RFC3986]].
          </dd>
          <dd>
This relationship is a statement that the subject of this identifier is
also identified by one or more other identifiers.
          </dd>
        </dl>

        <div class="note" title="Equivalence and alsoKnownAs">
          <p>
Applications might choose to consider two identifiers related by
<code><a>alsoKnownAs</a></code> to be equivalent <em>if</em> the
<code><a>alsoKnownAs</a></code> relationship is reciprocated in the reverse
direction. It is best practice <em>not</em> to consider them equivalent in the
absence of this inverse relationship. In other words, the presence of an
<code><a>alsoKnownAs</a></code> assertion does not prove that this assertion
is true. Therefore it is strongly advised that a requesting party obtain
independent verification of an <code>alsoKnownAs</code> assertion.
          </p>
          <p>
Given that the <a>DID subject</a> might use different identifiers for different
purposes, an expectation of strong equivalence between the two identifiers, or
merging the graphs of the two corresponding <a>DID documents</a>, is not
necessarily appropriate, <em>even with</em> a reciprocal relationship.
          </p>
        </div>

      </section>

    </section>

    <section>
     <h2>
DID Controller
      </h2>

      <p>
A <a>DID controller</a> is an entity that is authorized to make changes to
a <a>DID document</a>. The process of authorizing a <a>DID controller</a> is
defined by the <a>DID Method</a>.
      </p>

      <p>
A DID document MAY include a <code><a>controller</a></code> property to
indicate the <a>DID controller(s)</a>. If so:
      </p>
      <dl>
          <dt><dfn>controller</dfn></dt>
          <dd>
The value of the <code>controller</code> property MUST be a <a
data-cite="INFRA#string">string</a> or an <a
data-cite="INFRA#ordered-set">ordered set</a> of <a
data-cite="INFRA#string">strings</a> that conform to the rules in Section <a
href="#did-syntax"></a>. The corresponding <a>DID document</a>(s) SHOULD
contain <a>verification relationships</a> that explicitly permit the use of
certain verification methods for specific purposes.
          </dd>
      </dl>

      <p>
When a <code><a>controller</a></code> property is present in a
<a>DID Document</a>, its value expresses one or more <a>DIDs</a>. Any
<a>verification methods</a> contained in the <a>DID Documents</a> for those
<a>DIDs</a> SHOULD be accepted as authoritative, such that proofs that satisfy
those verification methods are to be considered equivalent to proofs provided
by the <a>DID Subject</a>.
      </p>

      <p class="note" title="Authorization vs authentication">
Note that Authorization is separate from <a href="#authentication"></a>. This is
particularly important for key recovery in the case of cryptographic key loss,
when the subject no longer has access to their keys, or key compromise, where
the <a>DID controller</a>'s trusted third parties need to override malicious
activity by an attacker. See Section <a href="#security-considerations"></a>.
      </p>

      <pre class="example nohighlight"
        title="DID document with a controller property">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "controller": "did:example:bcehfew7h32f32h7af3",
  "service": [{
    <span class="comment">// used to retrieve Verifiable Credentials
    associated with the DID</span>
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}
      </pre>
    </section>

    <section>
      <h2>Verification Methods</h2>
      <p>
A <a>DID document</a> can express <a>verification methods</a>, such as
cryptographic keys, which can be used to authenticate or authorize interactions
with the <a>DID subject</a> or associated parties. The information expressed
often includes globally unambiguous identifiers and public key material, which
can be used to verify digital signatures. For example, a public key can be
used as a verification method with respect to a digital signature; in such
usage, it verifies that the signer possessed the associated private key.
      </p>
      <p>
Verification methods might take many parameters. An example of this is a set
of five cryptographic keys from which any three are required to contribute to
a threshold signature. Methods need not be cryptographic.
      </p>

      <p>
In order to maximize interoperability, support for public keys as verification
methods is restricted: see <a href="#verification-method-types"></a>. For other
types of verification method, the verification method SHOULD be registered in
the [[?DID-SPEC-REGISTRIES]].
      </p>

      <p>
A <a>DID document</a> MAY include a <code><a>verificationMethod</a></code>
property.
      </p>

      <dl>
        <dt><dfn>verificationMethod</dfn></dt>
        <dd>
          <p>
If a <a>DID document</a> includes a <code>verificationMethod</code> property,
the value of the property MUST be an <a data-cite="INFRA#ordered-set">ordered
set</a> of verification methods, where each verification method is described by
a <a data-cite="INFRA#ordered-map">map</a> containing properties. The properties
MUST include the <code>id</code>, <code>type</code>, <code>controller</code>,
and specific verification method properties, and MAY include additional
properties.
          </p>
          <p>
The value of the <code><a>id</a></code> property for a verification method MUST
be a <a>URI</a>. When more than one verification method is present, the value of
<code><a>verificationMethod</a></code> MUST NOT contain multiple entries with
the same <code>id</code>. If the value of <code><a>verificationMethod</a></code>
contains multiple entries with the same <code>id</code>, a <a>DID document</a>
processor MUST produce an error.
          </p>

          <p>
In the case where a verification method is a public key, the value of the
<code><a>id</a></code> property might be structured as a
<a href="https://en.wikipedia.org/wiki/Compound_key">compound key</a>. This is
especially useful for integrating with existing key management systems and key
formats such as JWK [[RFC7517]]. It is RECOMMENDED that JWK <code>kid</code>
values are set to the public key fingerprint [[RFC7638]]. It is RECOMMENDED
that verification methods that use JWKs to represent their public keys utilize
the value of <code>kid</code> as their fragment identifier. See the first key
in <a href="#example-16-various-verification-method-types"></a>
for an example of a public key with a compound key identifier.
          </p>

          <p>
The value of the <code>type</code> property MUST be exactly one verification
method type. In order to maximize global interoperability, the
<a>verification method</a> type SHOULD be registered in the
[[?DID-SPEC-REGISTRIES]].
          </p>
          <p>
The value of the <code>controller</code> property MUST be a <a
data-cite="INFRA#string">string</a> that conforms to the rules in Section <a
href="#did-syntax"></a>.
          </p>

          <p>
A verification method MUST contain verification material, such as
<a>publicKeyJwk</a> or <a>publicKeyBase58</a>.
          </p>

          <p>
A <a>verification method</a> MUST NOT contain multiple verification material
properties for the same material. For example, expressing key material in a
<a>verification method</a> using both <code>publicKeyJwk</code> and
<code>publicKeyBase58</code> at the same time is prohibited.
          </p>
        </dd>
        <dt><dfn>publicKeyJwk</dfn></dt>
        <dd>
A JSON Web Key that conforms to [[RFC7517]]. This value MUST NOT contain "d", or
any other members of the private information class as described in
<a href="https://tools.ietf.org/html/rfc7517#section-8.1.1">Registration
Template</a>.
        </dd>
        <dt><dfn>publicKeyBase58</dfn></dt>
        <dd>
A base58btc encoded public key.
        </dd>
      </dl>

      <p class="note"
        title="Verification method controller(s) and DID controller(s)">
The semantics of the <code>controller</code> property are the same when the
subject of the relationship is the <a>DID document</a> as when the subject
of the relationship is a verification method, such as a public key. Since a
key (for example) can't control itself, and the key controller cannot be
inferred from the <a>DID document</a>, it is necessary to explicitly express
the identity of the controller of the key. The difference is that the value of
<code>controller</code> for a verification method is <em>not</em> necessarily
a <a>DID controller</a>. <a>DID controller(s)</a> are expressed using the
<code><a>controller</a></code> property at the highest level of the
<a>DID document</a> (the topmost <a data-cite="INFRA#ordered-map">map</a> in
the <a href="#data-model">data model</a>); see
<a href="#did-controller"></a>.
      </p>

      <pre class="example" title="Example verification methods">
{
  "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/v1"],
  "id": "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "verificationMethod": [{
    "id": <span class="comment">...</span>,
    "type": <span class="comment">...</span>,
    "controller": <span class="comment">...</span>,
    "publicKeyJwk": <span class="comment">...</span>
  }, {
    "id": <span class="comment">...</span>,
    "type": <span class="comment">...</span>,
    "controller": <span class="comment">...</span>,
    "publicKeyBase58": <span class="comment">...</span>
  }]
}
      </pre>

      <p>
As well as the <code><a>verificationMethod</a></code> property, verification
methods can be embedded in or referenced from properties associated with
various <a>verification relationships</a> (see
<a href="#verification-relationships"></a>). Referencing verification methods
allows them to be used with more than one <a>verification relationship</a>.
      </p>

      <p>
The steps to use when processing a <a>verification method</a> in a
<a>DID document</a> are:
      </p>

      <ol class="algorithm">
        <li>
Let <em>value</em> be the data associated with the
<code><a>verificationMethod</a></code> property or property for a particular
<a>verification relationship</a> and initialize <em>result</em> to
<code>null</code>.
        </li>

        <li>
If <em>value</em> is an object, the verification method material is embedded.
Set <em>result</em> to <em>value</em>.
        </li>

        <li>
If <em>value</em> is a string, the verification method is included by
reference. Assume <em>value</em> is a URL.
          <ol>
            <li>
Dereference the URL and retrieve the <code><a>verificationMethod</a></code>
properties associated with the URL. For example, process the
<code><a>verificationMethod</a></code> property in the topmost
<a data-cite="INFRA#ordered-map">map</a> of the dereferenced document.
            </li>

            <li>
Iterating through each object, if the <code><a>id</a></code> property of the
object matches <em>value</em>, set <em>result</em> to the object.
            </li>
          </ol>
        </li>

        <li>
If <em>result</em> does not contain at least the <code>id</code>,
<code>type</code>, and <code>controller</code> properties, as well as any
mandatory public cryptographic material, as determined by the <code>type</code>
property of <em>result</em>, throw an error.
        </li>
      </ol>

      <pre class="example nohighlight"
        title="Embedding and referencing verification methods">
{
<span class="comment">...</span>

  "authentication": [
    <span class="comment">// this key is referenced, it may be used with more than one verification relationship</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this key is embedded and may *only* be used for authentication</span>
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],

<span class="comment">...</span>
}
      </pre>

      <section>
        <h3>Verification method types</h3>

        <p>
A public key can be used as a <a>verification method</a>.
        </p>

        <p>
This specification strives to limit the number of formats for expressing public
key material in a <a>DID document</a> to the fewest possible, to increase the
likelihood of interoperability. The fewer formats that implementers have to
implement, the more likely it will be that they will support all of them. This
approach attempts to strike a delicate balance between ease of implementation
and supporting formats that have historically had broad deployment.
        </p>

        <p>
A suite definition is responsible for specifying the verification method
<code>type</code> and proof <code>type</code>. For example, see
<a href="https://w3c-ccg.github.io/lds-jws2020/">JSON Web Signature 2020</a> and
<a href="https://w3c-ccg.github.io/lds-ed25519-2018/">Ed25519 Signature 2018</a>
. For all registered and supported verification method types available for DIDs,
please see [[?DID-SPEC-REGISTRIES]].
        </p>

        <pre class="example nohighlight"
          title="Various verification method types">
{
  "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/v1"],
  "id": "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "verificationMethod": [{
    "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
    "type": "JsonWebKey2020",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "crv": "Ed25519",
      "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
      "kty": "OKP",
      "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
    }
  }, {
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:pqrstuvwxyz0987654321",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }],
  <span class="comment">...</span>
}
        </pre>


        <p>
The <a>DID document</a> does not express revoked keys using a <a>verification
relationship</a>.
        </p>
        <p>
If a referenced verification method is not in the <a>DID Document</a> used to
dereference it, then that verification method is considered invalid or revoked.
        </p>
        <p>
Each <a>DID method</a> specification is expected to detail how revocation is
performed and tracked.
        </p>

        <p class="note">
Caching and expiration of the keys in a <a>DID document</a> is entirely the
responsibility of <a>DID resolvers</a> and requesting parties. For more
information, see Section <a href="#resolution"></a>.
        </p>

      </section>
    </section>

    <section>
      <h2>Verification Relationships</h2>

      <p>
A <a>verification relationship</a> expresses the relationship between the <a>DID
subject</a> and a <a>verification method</a>.
      </p>
      <p>
Different <a>verification relationships</a> enable the associated
<a>verification methods</a> to be used for different purposes. It is up to a
<em>verifier</em> to ascertain the validity of a verification attempt by
checking that the <a>verification method</a> used is contained in the
appropriate <a>verification relationship</a> property of the
<a>DID Document</a>.
      </p>
      <p>
The <a>verification relationship</a> between the <a>DID subject</a> and the
<a>verification method</a> is explicit in the <a>DID document</a>.
<a>Verification methods</a> that are not associated with a particular
<a>verification relationship</a> cannot be used for that <a>verification
relationship</a>. For example, a <a>verification method</a> in the value of
the <code><a>authentication</a></code> property cannot be used to engage in
key agreement protocols with the <a>DID subject</a>&mdash;the value of the
<code><a>keyAgreement</a></code> property needs to be used for that.
      </p>
      <p>
This specification defines several <a>verification relationships</a> below. A
<a>DID document</a> MAY include any of these, or other properties, to express
a specific <a>verification relationship</a>. In order to maximize global
interoperability, any such properties used SHOULD be registered in
[[DID-SPEC-REGISTRIES]].
      </p>

      <section>
        <h2>Authentication</h2>

        <p>
The `authentication` <a>verification relationship</a> is used to specify how the
<a>DID subject</a> is expected to be authenticated, such as for the purposes of
logging into a website.
        </p>

        <dl>
          <dt><dfn>authentication</dfn></dt>
          <dd>
The <code>authentication</code> property is OPTIONAL. If present, the associated
value MUST be an <a data-cite="INFRA#ordered-set">ordered set</a> of one or more
<a>verification methods</a>. Each <a>verification method</a> MAY be embedded or
referenced.
          </dd>
        </dl>

        <div class="note" title="Uses of authentication">
          <p>
If authentication is established, it is up to the <a>DID method</a> or other
application to decide what to do with that information. A particular <a>DID
method</a> could decide that authenticating as a <a>DID controller</a> is
sufficient to, for example, update or delete the <a>DID document</a>. Another
<a>DID method</a> could require different keys, or a different verification
method entirely, to be presented in order to update or delete the <a>DID
document</a> than that used to authenticate. In other words, what is done
<em>after</em> the authentication check is out of scope for the
<a href="#data-model">data model</a>, but <a>DID methods</a> and applications
are expected to define this themselves.
          </p>
          <p>
This is useful to any <em>authentication verifier</em> that needs
to check to see if an entity that is attempting to <a>authenticate</a> is, in
fact, presenting a valid proof of authentication. When a <em>verifier</em>
receives some data (in some protocol-specific format) that contains a proof
that was made for the purpose of "authentication", and that says that an
entity is identified by the <a>DID</a>, then that <em>verifier</em> checks to
ensure that the proof can be verified using a <a>verification method</a> (e.g.,
public key) listed under <code><a>authentication</a></code> in the
<a>DID Document</a>.
          </p>
          <p>
Note that the <a>verification method</a> indicated by the
<code><a>authentication</a></code> property of a <a>DID document</a> can only
be used to <a>authenticate</a> the <a>DID subject</a>. To <a>authenticate</a>
a different <a>DID controller</a>, the entity associated with the value of
<code>controller</code> (see Section <a href="#did-controller"></a>) needs to
<a>authenticate</a> with its <em>own</em> <a>DID document</a> and attached
<code><a>authentication</a></code> <a>verification relationship</a>.
          </p>
        </div>

        <pre class="example nohighlight" title="Authentication property
                      containing three verification methods">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "authentication": [
    <span class="comment">// this method can be used to authenticate as did:...fghi</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this method can be used to authenticate as did:...fghi</span>
    "did:example:123456789abcdefghi#biometric-1",
    <span class="comment">// this method is *only* approved for authentication, it may not</span>
    <span class="comment">// be used for any other proof purpose, so its full description is</span>
    <span class="comment">// embedded here rather than using only a reference</span>
    {
      "id": "did:example:123456789abcdefghi#keys-2",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123456789abcdefghi",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],
  <span class="comment">...</span>
}
        </pre>
      </section>

      <section>
        <h2>Assertion</h2>

        <p>
The `assertionMethod` <a>verification relationship</a> is used to specify how
the <a>DID subject</a> is expected to express claims, such as for the purposes
of issuing a Verifiable Credential [[?VC-DATA-MODEL]].
        </p>

        <dl>
          <dt><dfn>assertionMethod</dfn></dt>
          <dd>
The <code>assertionMethod</code> property is OPTIONAL. If present, the
associated value MUST be an <a data-cite="INFRA#ordered-set">ordered set</a> of
one or more <a>verification methods</a>. Each <a>verification method</a> MAY be
embedded or referenced.
          </dd>
        </dl>

        <p>
An example of when this property is useful is during the processing of a
verifiable credential by a verifier. During validation, a verifier checks to
see if a verifiable credential has been signed by the <a>DID Subject</a> by
checking that the <a>verification method</a> used to assert the proof is
associated with the <code><a>assertionMethod</a></code> property in the
corresponding <a>DID Document</a>.
        </p>

        <pre class="example nohighlight" title="Assertion method property
                    containing two verification methods">
{
"@context": "https://www.w3.org/ns/did/v1",
"id": "did:example:123456789abcdefghi",
<span class="comment">...</span>
"assertionMethod": [
  <span class="comment">// this method can be used to assert statements as did:...fghi</span>
  "did:example:123456789abcdefghi#keys-1",
  <span class="comment">// this method is *only* approved for assertion of statements, it may not</span>
  <span class="comment">// be used for any other verification relationship, so its full description is</span>
  <span class="comment">// embedded here rather than using only a reference</span>
  {
    "id": "did:example:123456789abcdefghi#keys-2",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }
],
<span class="comment">...</span>
}
        </pre>
      </section>

      <section>
        <h2>Key Agreement</h2>

        <p>
The `keyAgreement` <a>verification relationship</a> is used to specify how
to encrypt information to the <a>DID subject</a>, such as for the purposes
of establishing a secure communication channel with the recipient.
        </p>

        <dl>
          <dt><dfn>keyAgreement</dfn></dt>
          <dd>
The <code>keyAgreement</code> property is OPTIONAL. If present, the associated
value MUST be an <a data-cite="INFRA#ordered-set">ordered set</a> of one or more
<a>verification methods</a>. Each <a>verification method</a> MAY be embedded or
referenced.
          </dd>
        </dl>

        <p>
An example of when this property is useful is when encrypting a message
intended for the <a>DID Subject</a>. In this case, the counterparty uses the
public cryptographic key information in the <a>verification method</a>
to wrap a decryption key for the recipient.
        </p>

        <pre class="example nohighlight" title="Key agreement property
                      containing two verification methods">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "keyAgreement": [
    <span class="comment">// this method can be used to perform key agreement as did:...fghi</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this method is *only* approved for key agreement usage, it may not</span>
    <span class="comment">// be used for any other verification relationship, so its full description is</span>
    <span class="comment">// embedded here rather than using only a reference</span>
    {
      "id": "did:example:123#zC9ByQ8aJs8vrNXyDhPHHNNMSHPcaSgNpjjsBYpMMjsTdS",
      "type": "X25519KeyAgreementKey2019",
      "controller": "did:example:123",
      "publicKeyBase58": "9hFgmPVfmBZwRvFEyniQDBkz9LmV7gDEqytWyGZLmDXE"
    }
  ],
  <span class="comment">...</span>
}
        </pre>
      </section>

      <section>
        <h2>Capability Invocation</h2>

        <p>
The `capabilityInvocation` <a>verification relationship</a> is used to specify
a <a>verification method</a> that might be used by the <a>DID subject</a> to
invoke a cryptographic capability, such as the authorization to update the
<a>DID Document</a> or the authorization to access an HTTP API.
        </p>

        <dl>
          <dt><dfn>capabilityInvocation</dfn></dt>
          <dd>
The <code>capabilityInvocation</code> property is OPTIONAL. If present, the
associated value MUST be an <a data-cite="INFRA#ordered-set">ordered set</a> of
one or more <a>verification methods</a>. Each <a>verification method</a> MAY be
embedded or referenced.
          </dd>
        </dl>

        <p>
An example of when this property is useful is when a <a>DID subject</a>
chooses to invoke their capability to start a vehicle through the combined
usage of a <a>verification method</a> and the <code>StartCar</code>
capability. In this example, the vehicle would be the <em>verifier</em> and
would need to verify that the <a>verification method</a> exists in the
<code><a>capabilityInvocation</a></code> property.
        </p>

        <pre class="example nohighlight" title="Capability invocation property
                      containing two verification methods">
{
  "@context": "https://www.w3.org/ns/did/v1", "id":
  "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "capabilityInvocation: [
    <span class="comment">// this method can be used to invoke capabilities as did:...fghi</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this method is *only* approved for capability invocation usage, it may not</span>
    <span class="comment">// be used for any other verification relationship, so its full description is</span>
    <span class="comment">// embedded here rather than using only a reference</span>
    {
    "id": "did:example:123456789abcdefghi#keys-2",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],
  <span class="comment">...</span>
}
        </pre>
      </section>

      <section>
        <h2>Capability Delegation</h2>

        <p>
The `capabilityDelegation` <a>verification relationship</a> is used to specify
a mechanism that might be used by the <a>DID subject</a> to delegate
a cryptographic capability to another party, such as delegating the
authority to access a specific HTTP API to a subordinate.
        </p>

        <dl>
          <dt><dfn>capabilityDelegation</dfn></dt>
          <dd>
The <code>capabilityDelegation</code> property is OPTIONAL. If present, the
associated value MUST be an <a data-cite="INFRA#ordered-set">ordered set</a> of
one or more <a>verification methods</a>. Each <a>verification method</a> MAY be
embedded or referenced.
          </dd>
        </dl>

        <p>
An example of when this property is useful is when a <a>DID Subject</a>
chooses to grant their capability to start a vehicle through the combined
usage of a <a>verification method</a> and the <code>StartCar</code> capability
to a party other than themselves.
        </p>

        <pre class="example nohighlight" title="Capability Delegation property
                      containing two verification methods">
{
  "@context": "https://www.w3.org/ns/did/v1", "id":
  "did:example:123456789abcdefghi",
  <span class="comment">...</span>
  "capabilityDelegation": [
    <span class="comment">// this method can be used to perform capability delegation as did:...fghi</span>
    "did:example:123456789abcdefghi#keys-1",
    <span class="comment">// this method is *only* approved for granting capabilities it may not</span>
    <span class="comment">// be used for any other verification relationship, so its full description is</span>
    <span class="comment">// embedded here rather than using only a reference</span>
    {
    "id": "did:example:123456789abcdefghi#keys-2",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }
  ],
  <span class="comment">...</span>
}
        </pre>
      </section>
    </section>

    <section>
      <h2>Service Endpoints</h2>

      <p>
<a>Service endpoints</a> are used in <a>DID documents</a> to express ways of
communicating with the <a>DID subject</a> or associated entities.
<a>Services</a> listed in the <a>DID document</a> can contain information about
privacy preserving messaging services, or more public information, such as
social media accounts, personal websites, and email addresses although this is
discouraged. See
<a href="#keep-personally-identifiable-information-pii-private"></a> for
additional details. The information associated with <a>services</a> are often
service-specific. For example, the information associated with an encrypted
messaging service can express how to initiate the encrypted link before
messaging begins.
      </p>
      <p>
Pointers to <a>services</a> are expressed using the <code><a>service</a></code>
property. Each service has its own <code>id</code> and <code>type</code>
properties, as well as a <code><a>serviceEndpoint</a></code> property with a
<a>URI</a> or a set of other properties describing the service.
      </p>

      <p>
One of the primary purposes of a <a>DID document</a> is to enable discovery of
<a>service endpoints</a>. A <a>service endpoint</a> can be any type of service
the <a>DID subject</a> wants to advertise, including
<a>decentralized identity management</a> services for further discovery,
authentication, authorization, or interaction.
      </p>

      <p>
A <a>DID document</a> MAY include a <code><a>service</a></code> property.
      </p>

      <dl>
        <dt><dfn>service</dfn></dt>
        <dd>
          <p>
If a <a>DID document</a> includes a <code>service</code> property, the value
of the property MUST be an <a data-cite="INFRA#ordered-set">ordered set</a>
of <a>service endpoints</a>, where each service endpoint is described by a set
of properties. Each <a>service endpoint</a> MUST have <code><a>id</a></code>,
<code>type</code>, and <code><a>serviceEndpoint</a></code> properties, and MAY
include additional properties.
          </p>
          <p>
The value of the <code><a>id</a></code> property MUST be a <a>URI</a>.
The value of <code>service</code> MUST NOT contain multiple entries with the
same <code>id</code>. In this case, a <a>DID document</a> processor MUST
produce an error.
          </p>
          <p>
The value of the <code><dfn>serviceEndpoint</dfn></code> property MUST be a
<a data-cite="INFRA#string">string</a>, a <a data-cite="INFRA#string">map</a>,
or an <a data-cite="INFRA#ordered-set">ordered set</a> composed of a one or more
<a data-cite="INFRA#string">strings</a> and/or
<a data-cite="INFRA#string">maps</a>. All <a data-cite="INFRA#string">string</a>
values MUST be valid <a>URIs</a> conforming to [[RFC3986]] and normalized
according to the rules in section 6 of [[RFC3986]] and to any normalization
rules in its applicable <a>URI</a> scheme specification. Extension
specifications for services MAY further restrict the properties associated
with the extension.
          </p>
        </dd>
      </dl>

      <p>
It is expected that the <a>service endpoint</a> protocol is published in an open
standard specification.
      </p>

      <pre class="example nohighlight" title="Various service endpoints">
{
  "service": [{
    "id":"did:example:123#linked-domain",
    "type": "LinkedDomains",
    "serviceEndpoint": "https://bar.example.com"
  }, {
    "id": "did:example:123456789abcdefghi#openid",
    "type": "OpenIdConnectVersion1.0Service",
    "serviceEndpoint": "https://openid.example.com/"
  }, {
    "id": "did:example:123456789abcdefghi#vcr",
    "type": "CredentialRepositoryService",
    "serviceEndpoint": "https://repository.example.com/service/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#xdi",
    "type": "XdiService",
    "serviceEndpoint": "https://xdi.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#agent",
    "type": "AgentService",
    "serviceEndpoint": "https://agent.example.com/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#hub",
    "type": "IdentityHub",
    "verificationMethod": "did:example:123456789abcdefghi#key-1",
    "serviceEndpoint": ["did:example:456", "did:example:789"]
  }, {
    "id": "did:example:123456789abcdefghi#messages",
    "type": "MessagingService",
    "serviceEndpoint": "https://example.com/messages/8377464"
  }, {
    "id": "did:example:123456789abcdefghi#inbox",
    "type": "SocialWebInboxService",
    "serviceEndpoint": "https://social.example.com/83hfh37dj",
    "description": "My public social inbox",
    "spamCost": {
      "amount": "0.50",
      "currency": "USD"
    }
  }, {
    "id": "did:example:123456789abcdefghi#authpush",
    "type": "DidAuthPushModeVersion1",
    "serviceEndpoint": "http://auth.example.com/did:example:123456789abcdefg"
  }]
}
      </pre>

      <p>
For more information about security considerations regarding authentication
<a>service endpoints</a> see Sections <a href="#method-schemes"></a>
and <a href="#authentication"></a>.
      </p>
    </section>

  </section>

  <section class="normative">
    <h1>Representations</h1>

    <p>
All concrete representations of a <a>DID document</a> are serialized using a
deterministic mapping that is able to be unambiguously parsed into the <a
href="#data-model">data model</a> defined in this specification. All
serialization methods MUST define rules for the bidirectional translation of a
<a>DID document</a> both into and out of the representation in question. An
implementation MUST NOT convert between representations without first parsing to
a <a href="#data-model">data model</a> (described in Sections <a
href="#data-model"></a> and <a href="#core-properties"></a>); translation
between any two representations is done by parsing the source representation
into the <a href="#data-model">data model</a> and then serializing the <a
href="#data-model">data model</a> into the target representation.
    </p>

    <p>
Although syntactic mappings are provided for JSON, JSON-LD, and CBOR here,
applications and services MAY use any other data representation syntax that is
capable of expressing the <a href="#data-model">data model</a>, such as XML or
YAML.
    </p>

    <p>
Producers MUST indicate which representation of a document has been used via a
media type in the document's metadata. Consumers MUST determine the
representation of a <a>DID document</a> via the <code>content-type</code> DID
resolver metadata field (see <a href="#did-resolution"></a>), <em>not</em>
through the content of the <a>DID document</a> alone.
    </p>

    <p>
Unrecognized properties MUST be preserved. An unrecognized property is any
property that does not have explicit processing rules known to the consumer or
producer. Consumers MUST add all properties that do not have explicit processing
rules for the representation being consumed to the <a href="#data-model">data
model</a> using only the representation's generic type processing rules.
Producers MUST serialize all properties in the <a href="#data-model">data
model</a> that do not have explicit processing rules for the representation
being produced using only the representation's generic type processing rules.
    </p>

    <p class="note" title="Representation-specific syntax properties">
Note that properties that contain representation-specific syntax will only have
special processing rules defined by a single representation. Consumers of a
different representation are required to include these properties in the <a
href="#data-model">data model</a> using only their generic type processing rules
to enable lossless conversion of representations. Similarly, producers are
required to treat properties containing representation-specific syntax using
generic type processing rules when producing a representation for which the
property is not defined. Representations are required to define producer
behavior for any such properties defined by the representation.
    </p>

<p class="note" title="Representation properties lexical and value space">
It is RECOMMENDED that representations use the lexical representation
of registered data types. For example, JSON and JSON-LD use the XML
Schema dateTime lexical representation to represent <a>datetimes</a>.
A representation MAY choose to represent the data types differently.
For example, CBOR-LD represents some <a>datetime</a> values
using integers to represent the number of seconds since the Unix epoch.
</p>

    <p>
The production and consumption rules in this section apply to all
implementations seeking to be fully compatible with independent implementations
of the specification. Deployments of this specification MAY use a custom
agreed-upon representation, including rules agreed to by a pair of producers
and consumers for handling properties not listed in the registry. See section <a
  href="#extensibility"></a> for more information.
    </p>

    <section>
      <h2>Representation Requirements</h2>
      <p>
The <a href="#data-model">data model</a> provided in this specification
supports being serialized into a variety of existing representations. Some
applications might require the creation of a new representation. All
representations require the following:
      </p>
      <ol>
        <li>
A representation MUST define an unambiguous encoding and decoding for all
property names and all <a href="#data-model">data model</a> <a
href="#data-model">data types</a> as defined in this specification. This enables
anything that can be represented in the  <a href="#data-model">data model</a> to
also be represented in a compliant representation.
        </li>
        <li>
The representation MUST be uniquely associated with an IANA-registered MIME
type.
        </li>
        <li>
The representation MUST define fragment processing rules for its MIME type that
are conformant with the fragment processing rules defined in section
<a href="#fragment"></a> of this specification.
        </li>
        <li>
The representation MAY define representation-specific syntax that can be stored
as properties in the <a href="#data-model">data model</a>. These properties are
included when consuming or producing to aid in ensuring lossless conversion.
        </li>
      </ol>
      <p>
In order to maximize interoperability, representation specification authors
SHOULD register their representation in the [[?DID-SPEC-REGISTRIES]].
      </p>
    </section>

    <section>
      <h2>
JSON
      </h2>

      <p>
This section sets out the requirements for producing and consuming <a>DID
documents</a> that are in plain JSON (as indicated by a
<code>content-type</code> of <code>application/did+json</code> in the resolver
metadata).
      </p>

      <section>
        <h3>Production</h3>

        <p>
A <a>DID document</a> MUST be a single <a data-cite="RFC8259#section-4">JSON
object</a> conforming to [[!RFC8259]]. All properties of the <a>DID
document</a> MUST be represented by using the property name as the name of the
member of the JSON object. The values of properties of the <a
href="#data-model">data model</a> described in <a href="#data-model"></a>,
including all extensions, are encoded in JSON [[RFC8259]] by mapping property
values to JSON types as follows:
        </p>

        <table class="simple" id="json-representation-production">
          <thead>
            <tr>
              <th>
Data&nbsp;Type
              </th>
              <th>
JSON Representation Type
              </th>
            </tr>
          </thead>

          <tbody>
            <tr>
              <td>
<a data-cite="INFRA#maps">ordered&nbsp;map</a>
              </td>
              <td>
<a data-cite="RFC8259#section-4">JSON Object</a>, each property is represented
as a member of the JSON Object with the property name as the member name and the
property value according to its type, as defined in this section
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#list">list</a>
              </td>
              <td>
<a data-cite="RFC8259#section-5">JSON Array</a>, each element of the list is
added, in order, as a value of the array according to its type, as defined in
this section
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#ordered-set">ordered&nbsp;set</a>
              </td>
              <td>
<a data-cite="RFC8259#section-5">JSON Array</a>, each element of the set is
added, in order, as a value of the array according to its type, as defined in
this section
              </td>
            </tr>
            <tr>
              <td>
<a>datetime</a>
              </td>
              <td>
<a data-cite="RFC8259#section-7">JSON String</a> formatted as an
<a data-cite="XMLSCHEMA11-2#dateTime">XML Datetime</a> normalized to
UTC 00:00:00 and without sub-second decimal precision. For example:
<code>2020-12-20T19:17:47Z</code>.
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#string">string</a>
              </td>
              <td>
<a data-cite="RFC8259#section-7">JSON String</a>
              </td>
            </tr>
            <tr>
              <td>
<a>integer</a>
              </td>
              <td>
<a data-cite="RFC8259#section-6">JSON Number</a> without a decimal or
fractional component
              </td>
            </tr>
            <tr>
              <td>
<a>double</a>
              </td>
              <td>
<a data-cite="RFC8259#section-6">JSON Number</a> with a fractional component
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#boolean">boolean</a>
              </td>
              <td>
<a data-cite="RFC8259#section-3">JSON Boolean</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#null">null</a>
              </td>
              <td>
<a data-cite="RFC8259#section-3">JSON null literal</a>
              </td>
            </tr>
          </tbody>
        </table>

        <p>
Implementers producing JSON are advised to ensure that their algorithms are
aligned with the <a data-cite="INFRA#json">JSON serialization rules</a> in
the [[INFRA]] specification.
        </p>

        <p>
All properties of the <a>DID document</a> MUST be included in
the root object. Properties MAY define additional data sub structures subject
to the value representation rules in the list above.
        </p>

      </section>

      <section>
        <h3>
Consumption
        </h3>

        <p>
The topmost element MUST be a JSON object. Any other data type at the topmost
level is an error and MUST be rejected. The topmost JSON object represents the
<a>DID document</a>, and all members of this object are properties of the <a>DID
document</a>. The object member name is the property name, and the member value
is interpreted as follows:
        </p>

        <table class="simple" id="json-representation-consumption">
          <thead>
            <tr>
              <th>
JSON Representation Type
              </th>
              <th>
Data&nbsp;Type
              </th>
            </tr>
          </thead>

          <tbody>
            <tr>
              <td>
<a data-cite="RFC8259#section-4">JSON Object</a>
              </td>
              <td>
<a data-cite="INFRA#maps">ordered&nbsp;map</a>, each member of the JSON Object
is added as a property to the ordered map with the property name being the
member name and the value converted based on the JSON type and, if available,
property definition, as defined here; as no order is specified by JSON Objects,
no insertion order is guaranteed
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-5">JSON Array</a> where <a href="#data-model">data
model</a> property value is a <a data-cite="INFRA#list">list</a> or unknown
              </td>
              <td>
<a data-cite="INFRA#list">list</a>, each value of the JSON Array is added to the
list in order, converted based on the JSON type of the array value, as defined
here
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-5">JSON Array</a> where <a href="#data-model">data
model</a> property value is an <a
data-cite="INFRA#ordered-set">ordered&nbsp;set</a>
              </td>
              <td>
<a data-cite="INFRA#ordered-set">ordered&nbsp;set</a>, each value of the JSON
Array is added to the ordered set in order, converted based on the JSON type of
the array value, as defined here
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-7">JSON String</a> where <a
href="#data-model">data model</a> property value is an <a>datetime</a>
              </td>
              <td>
<a>datetime</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-7">JSON String</a>, where <a
href="#data-model">data model</a> property value type is <a>string</a> or
unknown
              </td>
              <td>
<a data-cite="INFRA#string">string</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-6">JSON Number</a> without a decimal or
fractional component
              </td>
              <td>
<a>integer</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-6">JSON Number</a> with a fractional component, or
when property value is a <a>double</a> regardless of inclusion of fractional
component
              </td>
              <td>
<a>double</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-3">JSON Boolean</a>
              </td>
              <td>
<a data-cite="INFRA#boolean">boolean</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC8259#section-3">JSON null literal</a>
              </td>
              <td>
<a data-cite="INFRA#null">null</a>
              </td>
            </tr>
          </tbody>
        </table>

        <p>
Implementers consuming JSON are advised to ensure that their algorithms are
aligned with the <a
data-cite="INFRA#convert-a-json-derived-javascript-value-to-an-infra-value">JSON
consumption rules</a> in the [[INFRA]] specification.
        </p>
        <p>
Note that the <code>@context</code> object member, if present, will not have
additional processing applied to its value, which will be added verbatim to the
<a href="#data-model">data model</a>.
        </p>
      </section>

    </section>

    <section>
      <h2>
JSON-LD
      </h2>

      <p>
JSON-LD is a JSON-based format used to serialize
<a href="http://www.w3.org/TR/ld-glossary/#linked-data">Linked Data</a>.
This section establishes the requirements for producing and consuming <a>DID
documents</a> that are expressed as JSON-LD. JSON-LD <a>DID documents</a>
are indicated by a <code>content-type</code> resolver metadata field that is
set to <code>application/did+ld+json</code>.
      </p>

      <p class="issue atrisk" data-number="208">
Use of the media type <code>application/did+ld+json</code> is pending
clarification over the registration of
<a href="https://datatracker.ietf.org/doc/html/draft-w3cdidwg-media-types-with-multiple-suffixes">
media types with multiple suffixes</a>. The alternative will be to use
<code>application/ld+json</code> with an expected profile parameter of
<code>https://www.w3.org/ns/did/json-ld-profile</code> if multiple suffixes
cannot be registered by the time the rest of DID Core is ready for W3C
Proposed Recommendation.
      </p>

      <p>
The following application-specific modifications are made by this specification
to the JSON-LD specification [[JSON-LD11]] to ease interoperability between
JSON and JSON-LD implementations:
      </p>

      <ul>
        <li>
The <code>@id</code> and <code>@type</code> keywords are aliased to
<code><a>id</a></code> and <code>type</code> respectively, enabling developers
to use this specification as idiomatic JSON.
        </li>
        <li>
Even though JSON-LD allows any IRI as node identifiers, <a>DID documents</a>
are explicitly restricted to only describe DIDs. This means that the value of
<code><a>id</a></code> that refers to the <a>DID subject</a> MUST be a valid
<a>DID</a> and not any other kind of IRI.
        </li>
        <li>
Data types, such as integers, dates, units of measure, and URLs, are
automatically typed to provide stronger type guarantees for use cases that
require them.
        </li>
      </ul>

      <section>
        <h3>
Production
        </h3>

        <p>
The <a>DID document</a> MUST be serialized according to the
<a href="#production">production rules for JSON</a>, with one additional
requirement: The <a>DID document</a> MUST include the <code>@context</code>
property.
        </p>

        <dl>
          <dt>@context</dt>
          <dd>

            <p>
The <a href="https://www.w3.org/TR/json-ld11/#the-context">JSON-LD
specification</a> defines values that are valid for this property. This property
contains representation-specific syntax and therefore could be present in the <a
href="#data-model">data model</a> to aid in lossless conversion. If the property
is present in the <a href="#data-model">data model</a>, it MUST be used during
production unless either an alternative <code>@context</code> value is
explicitly provided to the producer or if the value from the data model is not
valid according to the consumption rules.
            </p>

            <p>
The value of <code>@context</code> MUST be exactly one of these values.
            </p>

            <ul>
              <li>
The <a href="https://infra.spec.whatwg.org/#strings">INFRA string</a>
<code>https://www.w3.org/ns/did/v1</code>.
                <pre class="example">
{
  "@context": "https://www.w3.org/ns/did/v1",
  ...
}
                </pre>
              </li>
              <li>  
An <a data-cite="INFRA#ordered-set">INFRA ordered set</a>,
with first item the <a href="https://infra.spec.whatwg.org/#strings">INFRA
string</a> <code>https://www.w3.org/ns/did/v1</code>, and subsequent items of
type <a href="https://infra.spec.whatwg.org/#strings">INFRA string</a> or
<a href="https://infra.spec.whatwg.org/#maps">INFRA map</a>.
                <pre class="example">
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://example.com/blockchain-identity/v1"
  ],
  ...
}
                </pre>
              </li>
            </ul>

            <p>
All members of the <code>@context</code> property SHOULD exist in the DID
specification registries [[?DID-SPEC-REGISTRIES]] in order to achieve
interoperability across different representations. If a member does not exist
in the DID specification registries, then the <a>DID document</a> might not be
interoperable across representations.
            </p>

            <p>
It is RECOMMENDED that dereferencing each <a>URI</a> value of the
<code>@context</code> property results in a document containing machine-readable
information about the context. These URIs SHOULD be associated with a
cryptographic hash of the content of the JSON-LD Context as part of registration
in the DID Specification Registries [[?DID-SPEC-REGISTRIES]].
            </p>
            <p class="advisement">
If included, the cryptographic hash of the content of the JSON-LD Context MUST
be computed in a manner equivalent to the following:
            </p>
            <pre class="example">
curl -s https://www.w3.org/ns/did/v1 | openssl sha256
            </pre>
            <p>
The command above will result in the following hash, expressed in hexadecimal
notation:
            </p>
            <pre class="example">
910cd6648f6f7b72a7896a8da83e63460eb8355a0af4b56b699c9281452ac8bb
            </pre>
            </p>
          </dd>
        </dl>
        <p>
Producers SHOULD NOT produce <a>DID documents</a> that contain properties not
defined via the <code>@context</code>. Properties that are not defined via the
<code>@context</code> MAY be dropped by Consumers.
        </p>

      </section>

      <section>
        <h3>
Consumption
        </h3>

        <p>
The <a>DID document</a> MUST be deserialized as a JSON document according to
the <a href="#consumption">consumption rules for JSON</a>, with one additional
requirement: The <a>DID document</a> MUST include the <code>@context</code>
property and be processed according to the rules below.
        </p>

        <dl>
          <dt>@context</dt>
          <dd>
            <p>
The value of the <code>@context</code> property conforms to the
<a href="#production-0">JSON-LD Production Rules</a>. If more than one
<a>URI</a> is provided, the <a>URIs</a> MUST be interpreted as an
<a data-cite="INFRA#ordered-set">ordered set</a>.
            </p>
          </dd>
        </dl>

        <p>
Consumers SHOULD drop all properties from a <a>DID document</a> that are not
defined via the <code>@context</code>.
        </p>

      </section>

    </section>

    <section>
      <h2>CBOR</h2>
      <p>
Like Javascript Object Notation (JSON) [[RFC8259]], Concise Binary Object
Representation (CBOR) [[RFC7049]] defines a set of formatting rules for the
portable representation of structured data. CBOR is a more concise,
machine-readable, language-independent data interchange format that is
self-describing and has built-in semantics for interoperability.
      </p>

      <p>
The following sections outline the rules for producing and consuming
<a>DID documents</a> that are expressed in CBOR as indicated by a
<code>content-type</code> of <code>application/did+cbor</code> in the resolver
metadata.
      </p>

      <section>
        <h3>Production</h3>

        <p>
A <a>DID document</a> MUST be a single <a data-cite="RFC7049#section-2.1">CBOR
Map</a> conforming to [[RFC7049]]. All topmost properties of the <a>DID
document</a> MUST be represented by using the property name as the name of the
key of the CBOR Map. The values of properties of the <a href="#data-model">data
model</a> described in Section <a href="#data-model"></a>, including all
extensions, are encoded in CBOR [[RFC7049]] by mapping property values to CBOR
types as follows:
        </p>

        <table class="simple" id="cbor-representation-production">
          <thead>
            <tr>
              <th>
Data&nbsp;Type
              </th>
              <th>
CBOR Representation Type
              </th>
            </tr>
          </thead>

          <tbody>
            <tr>
              <td>
<a data-cite="INFRA#maps">ordered&nbsp;map</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR map</a> (major type 5), each property
is represented as a member of the CBOR Map with the property name as the key and
the property value according to its type, as defined in this section
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#list">list</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR array</a> (major type 4), each element
of the list is added, in order, as a value of the array according to its type,
as defined in this section
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#ordered-set">ordered&nbsp;set</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR array</a> (major type 4), each element
of the list is added, in order, as a value of the array according to its type,
as defined in this section
              </td>
            </tr>
            <tr>
              <td>
<a>datetime</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR string</a> (major type 5) formatted as
an <a data-cite="XMLSCHEMA11-2#dateTime">XML Datetime</a> normalized to
UTC 00:00 and without sub-second decimal precision. For example:
<code>2020-12-20T19:17:47Z</code>.
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#string">string</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR string</a> (major type 5)
              </td>
            </tr>
            <tr>
              <td>
<a>integer</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR integer</a> (major type 0 or 1),
choosing the shortest byte representation
              </td>
            </tr>
            <tr>
              <td>
<a>double</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR floating-point number</a> (major type
7)</a>. All floating point values MUST be encoded as 64-bits (additional type
value 27), even for integral values.
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#boolean">boolean</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.3">CBOR simple value</a> (major type 7,
subtype 24) with a simple value of 21 (True) or 20 (False)
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="INFRA#null">null</a>
              </td>
              <td>
<a data-cite="RFC7049#section-2.3">CBOR simple value</a> (major type 7,
subtype 24) with a simple value of 22 (Null)
              </td>
            </tr>
          </tbody>
        </table>

        <ul>
          <li>
Other Data Types not otherewise defined in the Data Model MUST be
represented as a <a href="https://tools.ietf.org/html/rfc7049#section-2.1">CBOR
String type. (major type 5)</a>
          </li>
          <li>
Indefinite-length items are not allowed and MUST be made <a
href="https://tools.ietf.org/html/rfc7049#section-2.2.1">CBOR definite
length.</a>
          </li>
        </ul>

      <p>
All properties of the DID document represented in CBOR MUST be included in the
root map (major type 5). Properties MAY define additional data sub structures
represented as nested CBOR maps (major type 5) and is subject to the value
representation rules in the lists above and conformance to section <a
href="#extensibility"> § 4.3 Extensibility</a>.
      </p>

      <pre class="example nohighlight"
        title="Example 2 DID Document encoded as CBOR (hexadecimal)">
A2626964781E6469643A6578616D706C653A313233343536373839616263
6465666768696E61757468656E7469636174696F6E81A462696478256469
643A6578616D706C653A313233343536373839616263646566676869236B
6579732D316474797065781A45643235353139566572696669636174696F
6E4B6579323031386A636F6E74726F6C6C6572781E6469643A6578616D70
6C653A3132333435363738396162636465666768696F7075626C69634B65
79426173653538782C483343324156764C4D7636676D4D4E616D33755641
6A5A70666B634A437744776E5A6E367A3377586D715056
      </pre>

      <pre class="example nohighlight"
        title="Example 2 DID Document encoded as CBOR (diagnostic notation)">
A2                                   # map(2)
62                                   # text(2)
   6964                              # "id"
78 1E                                # text(30)
   6469643A6578616D706C653A313233343536373839616263646566676869 # "did:example:123456789abcdefghi"
6E                                   # text(14)
   61757468656E7469636174696F6E      # "authentication"
81                                   # array(1)
   A4                                # map(4)
      62                             # text(2)
         6964                        # "id"
      78 25                          # text(37)
         6469643A6578616D706C653A313233343536373839616263646566676869236B6579732D31 # "did:example:123456789abcdefghi#keys-1"
      64                             # text(4)
         74797065                    # "type"
      78 1A                          # text(26)
         45643235353139566572696669636174696F6E4B657932303138 # "Ed25519VerificationKey2018"
      6A                             # text(10)
         636F6E74726F6C6C6572        # "controller"
      78 1E                          # text(30)
         6469643A6578616D706C653A313233343536373839616263646566676869 # "did:example:123456789abcdefghi"
      6F                             # text(15)
         7075626C69634B6579426173653538 # "publicKeyBase58"
      78 2C                          # text(44)
         483343324156764C4D7636676D4D4E616D337556416A5A70666B634A437744776E5A6E367A3377586D715056 # "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
              </pre>

      </section>

      <section>
        <h3>Consumption</h3>
        <p>
The topmost element MUST be a <a data-cite="RFC7049#section-2.1">CBOR map</a>
(major type 5). Any other data type at the highest level of the
<a>DID document</a> (the topmost <a data-cite="INFRA#ordered-map">map</a> in
the <a href="#data-model">data model</a>) is an error and MUST be
rejected. The topmost <a data-cite="RFC7049#section-2.1">CBOR map</a>
represents the <a>DID document</a>, and all data items of this map are
properties of the <a>DID document</a>. The data item key is the property name,
and the data item value is interpreted as follows:
        </p>

        <table class="simple" id="cbor-representation-consumption">
          <thead>
            <tr>
              <th style="width: 50%">
CBOR Representation Type
              </th>
              <th>
Data&nbsp;Type
              </th>
            </tr>
          </thead>

          <tbody>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR map</a> (major type 5)
              </td>
              <td>
<a data-cite="INFRA#maps">ordered&nbsp;map</a>, each data item of the CBOR map
is added as a property to the ordered map with the property name being the data
item name and the value converted based on the CBOR type and, if available,
property definition, as defined here; as no order can be enforced for general
CBOR maps, no insertion order is guaranteed.
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR array</a> (major type 4), where the <a
href="#data-model">data model</a> property value is a <a
data-cite="INFRA#list">list</a> or unknown
              </td>
              <td>
<a data-cite="INFRA#list">list</a>, each value of the
<a data-cite="RFC7049#section-2.1">CBOR array</a> is added to the list in order,
converted based on the CBOR type of the array value, as defined in this table
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR array</a> (major type 4), where the <a
href="#data-model">data model</a> property value is an <a
data-cite="INFRA#ordered-set">ordered&nbsp;set</a>
              </td>
              <td>
<a data-cite="INFRA#ordered-set">ordered&nbsp;set</a>, each value of the
<a data-cite="RFC7049#section-2.1">CBOR array</a> is added to the ordered set
in order, converted based on the CBOR type of the array value as defined
in this table
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR string</a> (major type 5) where the
<a href="#data-model">data model</a> property value is a <a>datetime</a>
              </td>
              <td>
  <a>datetime</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR string</a> (major type 5), where the <a
href="#data-model">data model</a> property value type is <a>string</a> or
unknown
              </td>
              <td>
<a data-cite="INFRA#string">string</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR integer</a> (major type 0 or 1),
choosing the shortest byte representation
              </td>
              <td>
<a>integer</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.1">CBOR floating-point number</a> (major type
7)</a>.
              </td>
              <td>
<a>double</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.3">CBOR simple value</a> (major type 7,
subtype 24) with a simple value of 21 (True) or 20 (False)
              </td>
              <td>
<a data-cite="INFRA#boolean">boolean</a>
              </td>
            </tr>
            <tr>
              <td>
<a data-cite="RFC7049#section-2.3">CBOR simple value</a> (major type 7,
subtype 24) with a simple value of 22 (Null)
              </td>
              <td>
<a data-cite="INFRA#null">null</a>
              </td>
            </tr>
          </tbody>
        </table>

        <p>
Additional Considerations:
        </p>

        <ul>
          <li>
<a href="https://tools.ietf.org/html/rfc7049#section-2.2.1">CBOR
Indefinite-length items</a> are not allowed and MUST throw an Error.
          </li>
          <li>
Duplicate key in the same CBOR map MUST throw an Error.
          </li>
          <li>
<a href="https://tools.ietf.org/html/rfc7049#section-3.3.3">Unknown Additional
Properties and Values</a> that are not defined in <a href="#data-model">data
model</a>, represented in the `@context`, or represented in <a href="">the DID
spec registries</a> or be explicitly documented as an extension of the DID
document conformant to <a href="#extensibility"> § 4.3 Extensibility</a> MUST be
preserved by default and represented as major type 3 (UTF-8 String)
          </li>
        </ul>

      </section>

      <section>
        <h3>CBOR Extensibility</h3>
        <p>
In CBOR, one point of extensibility is with the use of CBOR tags. [[RFC7049]]
defines a basic set of data types, as well as a tagging mechanism that enables
extending the set of data types supported via the <a
href="https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml">IANA CBOR Tag
Registry</a>. This allows for tags to enhance the semantic description of the
data that follows.  Extensibility with CBOR tags also facilitates lossless
conversion to other core representations. CBOR Tags number 21 to 23 indicate
that a following byte string might require a specific encoding when
interoperating with a text-based representation such as JSON.  These tags are
useful when an encoder knows that the byte string data it is writing is likely
to be later converted to a particular text-based usage such as JSON.  These
three tag numbers suggest conversions to three of the base data encodings
defined in [[RFC4648]].  Tag number 21 suggests conversion to base64url encoding
(Section 5 of [[RFC4648]]), where padding is not used (see Section 3.2 of
[[RFC4648]]); that is, all trailing equals signs ("=") are removed from the
encoded string.  Tag number 22 suggests conversion to classical base64 encoding
(Section 4 of [[RFC4648]] ), with padding as defined in [[RFC4648]].  For both
base64url and base64, padding bits are set to zero (see Section 3.5 of
[[RFC4648]] ), and encoding is performed without the inclusion of any line
breaks, whitespace, or other additional characters.  Tag number 23 suggests
conversion to base16 (hex) encoding, with uppercase alphabetics (see Section 8
of [[RFC4648]]).  Note that, for all three tag numbers, the encoding of the
empty byte string is the empty text string of other representations.
        </p>

        <section>
          <h4>DagCBOR</h4>
          <p>
DagCBOR is a further restricted subset of CBOR for representing the DID Document
as a Directed Acyclic Graph model using canonical CBOR encoding
with additional constraints. DagCBOR requires that there exist a single way of
encoding any given object, and that encoded forms contain no superfluous data
that may be ignored or lost in a round-trip decode/encode.
          </p>

          <p>
To produce a deterministic canonical CBOR representation of a DID document and
faciliate maximal lossless compatiblity with other core representations via the
<a href="#data-model">data model</a> the following constraints of a CBOR
representation are as follows:
          </p>

          <ul>
            <li>
Property names MUST be represented as text string (major type 3) and contain
only UTF-8 strings.
            </li>
            <li>
Undefined Values of Required Properties as defined in <a href="#data-model">the
Data Model</a> that are absent from the CBOR representation SHOULD be labeled
with Primitive type (major type 7) with value 23 (Undefined value).
            </li>
            <li>
Property names in each CBOR map MUST be unique.
            </li>
            <li>
Integer encoding MUST be as short as possible.
            </li>
            <li>
The expression of lengths in CBOR major types 2 through 5 MUST be as short as
possible.
            </li>
            <li>
The keys in every map must be sorted lowest value to highest. Sorting is
performed on the bytes of the representation of the keys. If two keys have
different lengths, the shorter one sorts earlier.  If two keys have the same
length, the one with the lower value in (byte-wise) lexical order sorts earlier.
            </li>
          </ul>

          <p class="issue">
How to represent Floating-point values that can exceed the range or the
precision IEEE 754. See <a
href="https://github.com/w3c/did-core/issues/361">issue #361</a>.
          </p>

          <p>
When producing and consuming DID Documents representing in DagCBOR the following
rules are followed:
          </p>

          <ul>
            <li>
CBOR tags other than the CID tag (42) MUST NOT be used.
            </li>
          </ul>

          <pre class="example nohighlight"
            title="DID Document as DagCBOR with tag 42 used in Proof section">
a5                                      # map(5)
62                                   # text(2)
   6964                              # "id"
78 40                                # text(64)
   6469643a6578616d706c653a313244334b6f6f574d4864727a6377706a6264725a7335474771455241766367715833623564707550745061396f743639796577 # "did:example:12D3KooWMHdrzcwpjbdrZs5GGqERAvcgqX3b5dpuPtPa9ot69yew"
65                                   # text(5)
   70726f6f66                        # "proof"
d8 2a                                # tag(42)
   58 26                             # bytes(38)
      000190011b20a7f3a13d0dafa9b8b640fee52173c27b9a66ff27f6669b3be73fc0ee6849e2ce # "\x00\x01\x90\x01\e \xA7\xF3\xA1=\r\xAF\xA9\xB8\xB6@\xFE\xE5!s\xC2{\x9Af\xFF'\xF6f\x9B;\xE7?\xC0\xEEhI\xE2\xCE"
68                                   # text(8)
   40636f6e74657874                  # "@context"
78 1c                                # text(28)
   68747470733a2f2f7777772e77332e6f72672f6e732f6469642f7631 # "https://www.w3.org/ns/did/v1"
6e                                   # text(14)
   61757468656e7469636174696f6e      # "authentication"
81                                   # array(1)
   78 83                             # text(131)
      6469643a6578616d706c653a313244334b6f6f574d4864727a6377706a6264725a7335474771455241766367715833623564707550745061396f7436397965773b6b65792d69643d6261667972656963756274783577716f336e6f73633463617a726b63746668776436726577657a6770776f6534737769726c733465626468733269 # "did:example:12D3KooWMHdrzcwpjbdrZs5GGqERAvcgqX3b5dpuPtPa9ot69yew;key-id=bafyreicubtx5wqo3nosc4cazrkctfhwd6rewezgpwoe4swirls4ebdhs2i"
72                                   # text(18)
   766572696669636174696f6e4d6574686f64 # "verificationMethod"
81                                   # array(1)
   78 40                             # text(64)
      6469643a6578616d706c653a313244334b6f6f574d4864727a6377706a6264725a7335474771455241766367715833623564707550745061396f743639796577 # "did:example:12D3KooWMHdrzcwpjbdrZs5GGqERAvcgqX3b5dpuPtPa9ot69yew"
          </pre>

        </section>
      </section>
    </section>
  </section>

  <section>
    <h1>
Methods
    </h1>

    <p>
<a>DID methods</a> provide the means to implement this specification on
different <a>verifiable data registries</a>. New <a>DID methods</a> are
defined in their own specifications, so that interoperability between
different implementations of the same <a>DID method</a> is ensured. This
section specifies the requirements on any <a>DID method</a>, which are met by
the <a>DID method</a>'s associated specification.
    </p>

    <p>
For adding properties to a <a>DID document</a> which are specific to a
particular <a>DID method</a>, see <a href="#extensibility"></a>.
    </p>

    <section class="normative">
      <h2>Method Schemes</h2>

      <p>
A <a>DID method</a> specification MUST define exactly one method-specific
<a>DID scheme</a>, identified by exactly one method name (see the
<code>method-name</code> rule in Section <a href="#did-syntax"></a>).
      </p>

      <p>
The authors of a new <a>DID method</a> specification are expected to use a
method name that is unique among all <a>DID method</a> names known to them at
the time of publication.
      </p>

      <div class="note" title="Unique DID method names">
        <p>
Because there is no central authority for allocating or approving <a>DID
method</a> names, there is no way to know for certain if a specific <a>DID
method</a> name is unique. To help with this challenge, a non-authoritative list
of known <a>DID method</a> names and their associated specifications is
maintained in the DID Methods Registry, which is part of
[[?DID-SPEC-REGISTRIES]].
        </p>
        <p>
Authors of new <a>DID method</a> specifications are encouraged to add their
method names to the DID Method Registry so that other implementors
and members of the community have a place to see an overview of existing
<a>DID methods</a>.
        </p>
      </div>

      <p>
The <a>DID method</a> specification MUST specify how to generate the
<code>method-specific-id</code> component of a <a>DID</a>.
      </p>
      <p>
Case sensitivity and normalization of the value of the
<code>method-specific-id</code> rule MUST be defined by the <a>DID method</a>
specification.
      </p>
      <p>
The <code>method-specific-id</code> value MUST be able to be generated without
the use of a centralized registry service.
      </p>
      <p>
The <code>method-specific-id</code> value SHOULD be globally unique by itself.
Any <a>DID</a> generated by the method MUST be globally unique.
      </p>

      <p>
If needed, a method-specific <a>DID scheme</a> MAY define multiple
<code>method-specific-id</code> formats.
      </p>

      <p>
The <code>method-specific-id</code> format MAY include colons. The use of
colons MUST comply syntactically with the <code>method-specific-id</code> ABNF
rule.
      </p>
      <p class="note" title="Colons in method-specific-id">
The meaning of colons in the <code>method-specific-id</code> is entirely
method-specific. Colons might be used by <a>DID methods</a> for establishing
hierarchically partitioned namespaces, for identifying specific instances or
parts of the <a>verifiable data registry</a>, or for other purposes.
Implementers are advised to avoid assuming any meanings or
behaviors associated with a colon that are generically applicable to all
<a>DID methods</a>.
      </p>

    </section>

    <section>
      <h2>Method Operations</h2>
      <p>
This section sets out the requirements for <a>DID method</a> specifications
with regards to operations that can be performed on a <a>DID document</a>.
      </p>
      <p>
Determining the authority of a party to carry out the operations is
method-specific. For example, a <a>DID method</a> might:
      </p>
      <ul>
        <li>
make use of the <code><a>controller</a></code> property.
        </li>
        <li>
use the <a>verification methods</a> listed under
<code><a>authentication</a></code> to decide whether an update/deactivate
operation is allowed.
        </li>
        <li>
use other constructs in the <a>DID Document</a> to decide this, for example, a
verification method specified under <code><a>capabilityInvocation</a></code>
could be used to verify the invocation of a capability to update the DID
Document.
        </li>
        <li>
not use the <a>DID Document</a> at all to decide this, but have rules that are
"built into" the method.
        </li>
      </ul>

      <p>
Each <a>DID method</a> MUST define how authorization to perform DID method
operations is implemented, including any necessary cryptographic operations.
      </p>

      <section>
        <h3>
Create
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a <a>DID controller</a>
creates a <a>DID</a> and its associated <a>DID document</a> on the <a>verifiable
data registry</a>, including all cryptographic operations necessary to establish
proof of control.
        </p>
      </section>

      <section>
        <h3>
Read/Verify
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a <a>DID resolver</a> uses
a <a>DID</a> to request a <a>DID document</a> from the <a>verifiable data
registry</a>, including how the <a>DID resolver</a> can verify the authenticity
of the response.
        </p>
      </section>

      <section>
        <h3>
Update
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a <a>DID controller</a> can
update a <a>DID document</a> on the <a>verifiable data registry</a>, including
all cryptographic operations necessary to establish proof of control,
<em>or</em> state that updates are not possible.
        </p>

        <p>
An update to a <a>DID</a> is any change, after creation, in the data used to
produce a <a>DID document</a>. <a>DID Method</a> implementers are responsible
for defining what constitutes an update, and what properties of the <a>DID
document</a> are supported by a given <a>DID method</a>. For example, an update
operation which replaces key material without changing it could be a valid
update that does not result in changes to the <a>DID document</a>.
        </p>
      </section>

      <section>
        <h3>
Deactivate
        </h3>

        <p>
The <a>DID method</a> specification MUST specify how a <a>DID controller</a> can
deactivate a <a>DID</a> on the <a>verifiable data registry</a>, including all
cryptographic operations necessary to establish proof of deactivation,
<em>or</em> state that deactivation is not possible.
        </p>
      </section>
    </section>

    <section>
      <h2>
Security Requirements
      </h2>
      <p>
<a>DID method</a> specifications MUST include their own Security
Considerations sections. This section MUST consider all the requirements
mentioned in section 5 of [[RFC3552]] (page 27) for the <a>DID</a> operations
defined in the specification.
      </p>
      <p>
At least the following forms of attack MUST be considered: eavesdropping,
replay, message insertion, deletion, modification, and man-in-the-middle.
Potential denial of service attacks MUST be identified as well.
      </p>
      <p>
This section MUST discuss, per Section 5 of [[RFC3552]], residual risks (such
as the risks from compromise in a related protocol, incorrect implementation,
or cipher) after threat mitigation was deployed.
      </p>
      <p>
This section MUST provide integrity protection and update authentication for
all operations required by Section <a href="#method-operations"></a>.
      </p>
      <p>
If the technology involves authentication, particularly user-host
authentication, the security of the authentication method MUST be clearly
specified.
      </p>
      <p>
<a>DID methods</a> MUST discuss the policy mechanism by which <a>DIDs</a> are
proven to be uniquely assigned. A <a>DID</a> fits the functional definition of
a URN, as defined in [[RFC8141]]. That is, a <a>DID</a> is a persistent
identifier that is assigned once to a resource and never reassigned to a
different resource. This is particularly important in a security context
because a <a>DID</a> might be used to identify a specific party subject to a
specific set of authorization rights.
      </p>
      <p>
Method-specific endpoint authentication MUST be discussed. Where <a>DID
methods</a> make use of <a>DLTs</a> with varying network topology, sometimes
offered as <em>light node</em> or <em>
<a href="https://en.bitcoin.it/wiki/Thin_Client_Security">thin client</a></em>
implementations to reduce required computing resources, the security assumptions
of the topology available to implementations of the <a>DID method</a> MUST be
discussed.
      </p>
      <p>
If the protocol incorporates cryptographic protection mechanisms, the
<a>DID method</a> specification MUST clearly indicate which portions of the
data are protected and what the protections are, and SHOULD give an indication
to what sorts of attacks the cryptographic protection is susceptible.
For example, integrity only, confidentiality, endpoint authentication, and so
on.
      </p>
      <p>
Data which is to be held secret (keying material, random seeds, and so on)
SHOULD be clearly labeled.
      </p>
      <p>
<a>DID method</a> specifications SHOULD explain and specify the implementation
of signatures on <a>DID documents</a>, if applicable.
      </p>
      <p>
Where <a>DID methods</a> make use of peer-to-peer computing resources, such as
with all known <a>DLTs</a>, the expected burdens of those resources SHOULD be
discussed in relation to denial of service.
      </p>
      <p>
<a>DID methods</a> that introduce new authentication <a>service endpoint</a>
types (see Section <a href="#service-endpoints"></a>) SHOULD consider the
security requirements of the supported authentication protocol.
      </p>

    </section>

    <section class='normative'>
      <h2>
Privacy Requirements
      </h2>

      <p>
<a>DID method</a> specifications MUST include their own Privacy
Considerations sections, if only to point to
<a href="#privacy-considerations"></a>.
      </p>

      <p>
The <a>DID method</a> specification's Privacy Considerations section MUST
discuss any subsection of Section 5 of [[RFC6973]] that could apply in a
method-specific manner. The subsections to consider are: surveillance, stored
data compromise, unsolicited traffic, misattribution, correlation,
identification, secondary use, disclosure, exclusion.
      </p>
    </section>
  </section>

  <section class='normative'>
    <h1>
Resolution
    </h1>

    <p>
This section defines the inputs and outputs of <a>DID resolution</a> and <a>DID
URL dereferencing</a>. These functions are defined in an abstract way. Their
exact implementation is out of scope for this specification, but some
considerations for implementors are discussed in [[?DID-RESOLUTION]].
    </p>

    <p>
All conformant <a>DID resolvers</a> MUST implement the <a>DID resolution</a>
functions for at least one <a>DID method</a> and MUST be able to return a <a>DID
document</a> in at least one conformant representation.
    </p>

    <section>
        <h2>
DID Resolution
        </h2>
        <p>
The <a>DID resolution</a> functions resolve a <a>DID</a> into a <a>DID
document</a> by using the "Read" operation of the applicable <a>DID method</a>.
(See <a href="#read-verify"></a>.) The details of how this process is
accomplished are outside the scope of this specification, but all conformant
implementations implement two functions which have the following abstract
forms:
        </p>

        <p><code>
resolve ( did, did-resolution-input-metadata ) <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&gt; ( did-resolution-metadata, did-document, did-document-metadata )
        </code></p>

        <p><code>
resolveRepresentation ( did, did-resolution-input-metadata ) <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&gt; ( did-resolution-metadata, did-document-stream, did-document-metadata )
        </code></p>

        <p>
The input variables of these functions are as follows:
        </p>

        <dl>
            <dt>
did
            </dt>
            <dd>
This is the <a>DID</a> to resolve. This input is REQUIRED and the value MUST
be a conformant <a>DID</a> as defined in <a href="#did-syntax"></a>.
            </dd>
            <dt>
did-resolution-input-metadata
            </dt>
            <dd>
A <a href="#metadata-structure">metadata structure</a> consisting of input
options to the <code>resolve</code> and <code>resolveRepresentation</code>
functions in addition to the <code>did</code> itself. Properties defined by this
specification are in <a href="#did-resolution-input-metadata-properties"></a>.
This input is REQUIRED, but the structure MAY be empty.
            </dd>
        </dl>

        <p>
The output variables of these functions are as follows:
        </p>

        <dl>
            <dt>
did-resolution-metadata
            </dt>
            <dd>
              <p>
A <a href="#metadata-structure">metadata structure</a> consisting of values
relating to the results of the <a>DID resolution</a> process. This structure
is REQUIRED and MUST NOT be empty.
              </p>
              <p>
This metadata typically changes between invocations of the
<code>resolve</code> and <code>resolveRepresentation</code> functions as it
represents data about the resolution process itself. Properties defined by
this specification are in <a href="#did-resolution-metadata-properties"></a>.
              </p>
              <p>
If the resolution is successful, and if the <code>resolveRepresentation</code>
function was called, this structure MUST contain a <code>content-type</code>
property containing the mime-type of the <code>did-document-stream</code> in
this result. If the resolution is not successful, this structure MUST contain
an <code>error</code> property describing the error.
              </p>
            </dd>
            <dt>
did-document
            </dt>
            <dd>
If the resolution is successful, and if the <code>resolve</code> function was
called, this MUST be a <a>conforming DID document</a>. If the resolution is
unsuccessful, this value MUST be empty.
            </dd>
            <dt>
did-document-stream
            </dt>
            <dd>
If the resolution is successful, and if the <code>resolveRepresentation</code>
function was called, this MUST be a byte stream of the resolved <a>DID
document</a> in one of the conformant
<a href="#representations">representations</a>. The byte stream might then be
parsed by the caller of the <code>resolveRepresentation</code> function into a
<a href="#data-model">data model</a>, which can in turn be validated and
processed. If the resolution is unsuccessful, this value MUST be an empty
stream.
            </dd>
            <dt>
did-document-metadata
            </dt>
            <dd>
If the resolution is successful, this MUST be a <a
href="#metadata-structure">metadata structure</a>. This structure contains
metadata about the <a>DID document</a> contained in the
<code>did-document</code> or <code>did-document-stream</code>. This metadata
typically does not change between invocations of the <code>resolve</code>
function unless the <a>DID document</a> changes, as it represents data about
the <a>DID document</a>. If the resolution is unsuccessful, this output MUST
be an empty <a href="#metadata-structure">metadata structure</a>. Properties
defined by this specification are in <a
href="#did-document-metadata-properties"></a>.
            </dd>
        </dl>

        <p>
Conforming <a>DID resolver</a> implementations do not alter the signature of
these functions in any way. <a>DID resolver</a> implementations might map the
<code>resolve</code> and <code>resolveRepresentation</code> functions to a
method-specific internal function to perform the actual <a>DID resolution</a>
process. <a>DID resolver</a> implementations might implement and expose
additional functions with different signatures in addition to the
<code>resolve</code> function specified here.
        </p>

        <section>
            <h3>
DID Resolution Input Metadata Properties
            </h3>

            <p>
The possible properties within this structure and their possible values are
defined by [[?DID-SPEC-REGISTRIES]]. This specification defines the following
common properties.
            </p>

            <dl>
                <dt>
accept
                </dt>
                <dd>
The MIME type expressed as an <a data-lt="ascii string">ASCII string</a> of the
caller's preferred <a href="#representations">representation</a> of the <a>DID
document</a>. The <a>DID resolver</a> implementation SHOULD use this value to
determine the representation contained in the returned
<code>did-document-stream</code> if such a representation is supported and
available. This property is OPTIONAL. It is only used if the
<code>resolveRepresentation</code> function is called and MUST be ignored if the
<code>resolve</code> function is called.
                </dd>
            </dl>
        </section>

        <section>
            <h3>
DID Resolution Metadata Properties
            </h3>

            <p>
The possible properties within this structure and their possible values are
defined by [[?DID-SPEC-REGISTRIES]]. This specification defines the following
common properties.
            </p>

            <dl>
                <dt>
content-type
                </dt>
                <dd>
The MIME type of the returned <code>did-document-stream</code>. This property is
REQUIRED if resolution is successful and if the
<code>resolveRepresentation</code> function was called. This property MUST NOT
be present if the <code>resolve</code> function was called. The value of this
property MUST be an <a data-lt="ascii string">ASCII string</a> that is the MIME
type of the conformant <a href="#representations">representations</a>. The
caller of the <code>resolveRepresentation</code> function MUST use this value
when determining how to parse and process the <code>did-document-stream</code>
returned by this function into the <a href="#data-model">data model</a>.
                </dd>
                <dt>
error
                </dt>
                <dd>
The error code from the resolution process. This property is REQUIRED when there
is an error in the resolution process. The value of this property MUST be a
single keyword <a data-lt="ascii string">ASCII string</a>. The possible property
values of this field SHOULD be registered in the DID Specification Registries
[[?DID-SPEC-REGISTRIES]]. This specification defines the following error values:
                    <dl>
                        <dt>
invalid-did
                        </dt>
                        <dd>
The <a>DID</a> supplied to the <a>DID resolution</a> function does not conform
to valid syntax. (See <a href="#did-syntax"></a>.)
                        </dd>
                        <dt>
not-found
                        </dt>
                        <dd>
The <a>DID resolver</a> was unable to find the <a>DID document</a>
resulting from this resolution request.
                        </dd>
                        <dt>
representation-not-supported
                        </dt>
                        <dd>
This error code is returned if the representation requested via the
<code>accept</code> input metadata property is not supported by the DID method
and/or DID resolver implementation.
</dd>
                        <dt>
deactivated
                        </dt>
                        <dd>
The <a>DID</a> supplied to the <a>DID resolution</a> function has been
deactivated. (See <a href="#deactivate"></a>.)
                        </dd>
                    </dl>
                </dd>
            </dl>

        </section>

        <section>
          <h3>DID Document Metadata Properties</h3>

          <p>
The possible properties within this structure and their possible values SHOULD
be registered in the DID Specification Registries [[?DID-SPEC-REGISTRIES]].
This specification defines the following common properties.
          </p>

          <section>
            <h4>created</h4>
            <p>
DID document metadata SHOULD include a <code>created</code> property to indicate
the timestamp of the <a href="#create">Create operation</a>. The value of the
property MUST be a <a data-cite="INFRA#string">string</a> formatted as an <a
data-cite="XMLSCHEMA11-2#dateTime">XML Datetime</a> normalized to UTC 00:00:00
and without sub-second decimal precision. For example:
<code>2020-12-20T19:17:47Z</code>.
            </p>
          </section>

          <section>
            <h4>updated</h4>
            <p>
DID document metadata SHOULD include an <code>updated</code> property to
indicate the timestamp of the last <a href="#update">Update operation</a> for
the document version which was resolved. The value of the property MUST follow
the same formatting rules as the <code>created</code> property.
                </p>
              </section>

            <section>
                <h4>
                  next-update
                </h4>
                <p>
DID document metadata SHOULD include a <code>next-update</code> property if
the resolved document version is not the latest version of the document. It
indicates the timestamp of the next <a href="#update">Update operation</a>.
The value of the property MUST follow the same formatting rules as the
<code>created</code> property.
            </p>
          </section>

          <section>
              <h4>
                version-id
              </h4>
              <p>
DID document metadata SHOULD include a <code>version-id</code> property to
indicate the version of the last <a href="#update">Update operation</a> for the
document version which was resolved. The value of the property MUST be an <a
data-lt="ascii string">ASCII string</a>.
              </p>
            </section>

          <section>
              <h4>
                next-version-id
              </h4>
              <p>
DID document metadata SHOULD include a <code>next-version-id</code> property if
the resolved document version is not the latest version of the document. It
indicates the version of the next <a href="#update">Update operation</a>. The
value of the property MUST be an <a data-lt="ascii string">ASCII string</a>.
              </p>
            </section>

          <section>
            <h4>equivalentId</h4>
                <p>
A <a>DID Method</a> can define different forms of a DID that are logically
equivalent. An example is when a DID takes one form prior to registration in a
verifiable data registry and another form after such registration. In this case,
the <a>DID Method</a> specification may need to express one or more DIDs that
are logically equivalent to the resolved DID as a property of the DID document.
This is the purpose of the <code><a>equivalentId</a></code>  property.
                </p>

                <dl>
                  <dt><dfn>equivalentId</dfn></dt>
                  <dd>
The value of <code>equivalentId</code> MUST be an <a
data-cite="INFRA#ordered-set">ordered set</a> where each item in the list is a <a
data-cite="INFRA#string">string</a> that conforms to the rules in Section <a
href="#did-syntax"></a>.
                  </dd>
                  <dd>
The relationship is a statement that each <code><a>equivalentId</a></code> value
is logically equivalent to the <code>id</code> property value and thus
identifies the same DID subject.
                  </dd>
                  <dd>
Each <code><a>equivalentId</a></code> DID value MUST be produced by, and a form
of, the same <a>DID Method</a> as the <code>id</code> property value. (e.g.
<code>did:example:abc</code> == <code>did:example:ABC</code>)
                  </dd>
                  <dd>
A conforming <a>DID Method</a> specification MUST guarantee that each
<code><a>equivalentId</a></code> value is logically equivalent to the
<code>id</code> property value.
                  </dd>
                  <dd>
A resolving party is expected to retain the values from the <code>id</code> and
<code><a>equivalentId</a></code> properties to ensure any subsequent
interactions with any of the values they contain are correctly handled as
logically equivalent (e.g. retain all variants in a database so an interaction
with any one maps to the same underlying account). <span class="issue">The
testability of resolving parties is currently under debate and normative
statements related to resolving parties may be downgraded in the future from a
MUST to a SHOULD/MAY or similar language.</span>
                  </dd>
                </dl>

                <div class="note" title="Equivalence and equivalentId">
                  <p>
<code><a>equivalentId</a></code> is a much stronger form of equivalence than
<code><a>alsoKnownAs</a></code> because the equivalence MUST be guaranteed by
the governing DID method. <code><a>equivalentId</a></code> represents a full
graph merge because the same DID document describes both the
<code><a>equivalentId</a></code> DID and the <code>id</code> property DID.
                  </p>
                </div>

                <div class="issue" title="Observance of equivalentId recommendations">
                  <p>
If a resolving party does not retain the values from the <code>id</code> and
<code><a>equivalentId</a></code> properties and ensure any subsequent
interactions with any of the values they contain are correctly handled as
logically equivalent, there may be negative or unexpected issues that 
arise related to user experience. You are strongly advised to observe the 
directives related to this metadata property.
                  </p>
                </div>

              </section>

            <section>
              <h4>canonicalId</h4>
                <p>
The <code><a>canonicalId</a></code> property is identical to the
<code><a>equivalentId</a></code> property except: a) it accepts only a single
value rather than a list, and b) that DID is defined to be the canonical ID for
the DID subject within the scope of the containing DID document.
                </p>

                <dl>
                  <dt><dfn>canonicalId</dfn></dt>
                  <dd>
The value of <code><a>canonicalId</a></code> MUST be a <a
data-cite="INFRA#string">string</a> that conforms to the rules in Section <a
href="#did-syntax"></a>.
                  </dd>
                  <dd>
The relationship is a statement that the <code><a>canonicalId</a></code> value
is logically equivalent to the <code>id</code> property value and that the
<code><a>canonicalId</a></code> value is defined by the <a>DID Method</a> to be
the canonical ID for the DID subject in the scope of the containing DID
document.
                  </dd>
                  <dd>
A <code><a>canonicalId</a></code> value MUST be produced by, and a form of, the
same <a>DID Method</a> as the <code>id</code> property value. (e.g.
<code>did:example:abc</code> == <code>did:example:ABC</code>)
                  </dd>
                  <dd>
A conforming <a>DID Method</a> specification MUST guarantee that the
<code><a>canonicalId</a></code> value is logically equivalent to the
<code>id</code> property value.
                  </dd>
                  <dd>
A resolving party is expected to use the <code><a>canonicalId</a></code> value
as its primary ID value for the DID subject and treat all other equivalent
values as secondary aliases. (e.g. update corresponding primary references in
their systems to reflect the new canonical ID directive). <span
class="issue">The testability of resolving parties is currently under debate and
normative statements related to resolving parties may be downgraded in the
future from a MUST to a SHOULD/MAY or similar language.</span>
                  </dd>
                </dl>

                <div class="note" title="Equivalence and canonicalId">
                  <p>
<code><a>canonicalId</a></code> is the same statement of equivalence as
<code><a>equivalentId</a></code> except it is constrained to a single value that
is defined to be canonical for the DID subject in the scope of the DID document.
Like <code><a>equivalentId</a></code>, <code><a>canonicalId</a></code>
represents a full graph merge because the same DID document describes both the
<code><a>canonicalId</a></code> DID and the <code>id</code> property DID.
                  </p>
                </div>

                <div class="issue" title="Observance of canonicalId recommendations">
                  <p>
If a resolving party does not use the <code><a>canonicalId</a></code> value
as its primary ID value for the DID subject and treat all other equivalent
values as secondary aliases, there may be negative or unexpected issues that 
arise related to user experience. You are strongly advised to observe the 
directives related to this metadata property.
                  </p>
                </div>

        </section>
      </section>
    </section>

    <section>
      <h2>
DID URL Dereferencing
      </h2>
      <p>
The DID URL dereferencing function dereferences a <a>DID URL</a> into
a resource with contents depending on the <a>DID URL</a>'s components,
including the <a>DID method</a>, method-specific identifier, path, query,
and fragment. This process depends on <a>DID resolution</a> of the <a>DID</a>
contained in the <a>DID URL</a>.
The details of how this process is accomplished are outside the scope of this
specification, but all conformant implementations implement a function
which has the following abstract form:
      </p>

      <p><code>
dereference ( did-url, did-url-dereferencing-input-metadata ) <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&gt; ( did-url-dereferencing-metadata, content-stream, content-metadata )
      </code></p>

      <p>
The input variables of this function are as follows:
      </p>

      <dl>
        <dt>
did-url
        </dt>
        <dd>
A conformant <a>DID URL</a> as a single string. This is the <a>DID URL</a> to
dereference. To dereference a <a>DID fragment</a>, the complete <a>DID URL</a>
including the <a>DID fragment</a> MUST be used. This input is REQUIRED.
        </dd>
        <dt>
did-url-dereferencing-input-metadata
        </dt>
        <dd>
A <a href="metadata-structure">metadata structure</a> consisting of input
options to the <code>dereference</code> function in addition to the
<code>did-url</code> itself. Properties defined by this specification are in
<a href="#did-url-dereferencing-input-metadata-properties"></a>. This input is
REQUIRED, but the structure MAY be empty.
        </dd>
      </dl>

      <p>
The output variables of this function are as follows:
      </p>

      <dl>
        <dt>
did-url-dereferencing-metadata
        </dt>
        <dd>
A <a href="metadata-structure">metadata structure</a> consisting of values
relating to the results of the <a>DID URL Dereferencing</a> process. This
structure is REQUIRED and in the case of an error in the dereferencing process,
this MUST NOT be empty.
Properties defined by this specification are in
<a href="#did-url-dereferencing-metadata-properties"></a>.
If the dereferencing is not successful, this structure MUST contain an
<code>error</code> property describing the error.
        </dd>
        <dt>
content-stream
        </dt>
        <dd>
If the <code>dereferencing</code> function was called and successful, this MUST
contain a resource corresponding to the <a>DID URL</a>.
The <code>content-stream</code> SHOULD be a <a>DID document</a> in one of the
conformant <a href="#representations">representations</a> obtained through
the resolution process.

If the dereferencing is unsuccessful, this value MUST be empty.
        </dd>
        <dt>
content-metadata
        </dt>
        <dd>
If the dereferencing is successful, this MUST be a <a href="metadata-structure">
metadata structure</a>, but the structure MAY be empty. This structure contains
metadata about the <code>content-stream</code>.
If the <code>content-stream</code> is a <a>DID document</a>, this MUST be a
<code>did-document-metadata</code> structure as described in <a>DID
Resolution</a>.

If the dereferencing is unsuccessful, this output MUST be an empty <a
href="metadata-structure">metadata structure</a>.
        </dd>
    </dl>

    <p>
Conforming <a>DID URL Dereferencing</a> implementations do not alter the
signature of these functions in any way. <a>DID URL Dereferencing</a>
implementations might map the <code>dereference</code> function to a
method-specific internal function to perform the actual <a>DID URL
Dereferencing</a> process. <a>DID URL Dereferencing</a> implementations might
implement and expose additional functions with different signatures in addition
to the <code>dereference</code> function specified here.
    </p>

      <section>
        <h3>DID URL Dereferencing Input Metadata Properties</h3>

        <p>
The possible properties within this structure and their possible values SHOULD
be registered in the [[?DID-SPEC-REGISTRIES]]. This specification defines the
following common properties.
            </p>

            <dl>
                <dt>
accept
                </dt>
                <dd>
The MIME type the caller prefers for <code>content-stream</code>. The <a>DID
URL Dereferencing</a> implementation SHOULD use this value to determine the
representation contained in the returned value if such a representation is
supported and available.
                </dd>
            </dl>
        </section>

        <section>
            <h3>
DID URL Dereferencing Metadata Properties
            </h3>

            <p>
The possible properties within this structure and their possible values are
defined by [[?DID-SPEC-REGISTRIES]]. This specification defines the following
common properties.
            </p>

            <dl>
                <dt>
content-type
                </dt>
                <dd>
The MIME type of the returned <code>content-stream</code> SHOULD be expressed
using this property if dereferencing is successful.
                </dd>
                <dt>
error
                </dt>
                <dd>
The error code from the dereferencing process. This property is REQUIRED when
there is an error in the dereferencing process. The value of this property is
a single keyword string. The possible property values of this field SHOULD be
registered in the DID Specification Registries [DID-SPEC-REGISTRIES]]. This
specification defines the following error values:
                    <dl>
                        <dt>
invalid-did-url
                        </dt>
                        <dd>
The <a>DID URL</a> supplied to the <a>DID URL Dereferencing</a> function does
not conform to valid syntax. (See <a href="#did-url-syntax"></a>.)
                        </dd>
                        <dt>
not-found
                        </dt>
                        <dd>
The <a>DID URL dereferencer</a> was unable to find the
<code>content-stream</code> resulting from this dereferencing request.
                        </dd>
                        <dt>
deactivated
                        </dt>
                        <dd>
The <a>DID</a> in the <a>DID URL</a> supplied to the <a>DID URL
dereferencing</a> function has been deactivated. (See
<a href="#deactivate"></a>.)
                    </dl>
                </dd>
            </dl>

        </section>
    </section>

    <section>
        <h2>
Metadata Structure
        </h2>

        <p>
Input and output metadata is often involved during the <a>DID Resolution</a>,
<a>DID URL Dereferencing</a>, and other DID-related processes. The structure
used to communicate this metadata MUST be a <a data-cite="INFRA#maps">map</a>
of properties. Each property name MUST be a <a
data-cite="INFRA#string">string</a>. Each property value MUST be a <a
data-cite="INFRA#string">string</a>, <a data-cite="INFRA#maps">map</a>, <a
data-cite="INFRA#list">list</a>, <a data-cite="INFRA#ordered-set">ordered set</a>, <a data-cite="INFRA#boolean">boolean</a>, or
<a data-cite="INFRA#null">null</a>. The values within any complex data
structures such as maps and lists MUST be one of these data types as well.
All metadata property definitions MUST define the value type, including any
additional formats or restrictions to that value (for example, a string
formatted as a date or as a decimal integer). It is RECOMMENDED that property
definitions use strings for values.
        </p>

        <p>
All implementations of functions that use metadata structures as either input
or output are able to fully represent all data types described here in a
deterministic fashion. As inputs and outputs using metadata structures are
defined in terms of data types and not their serialization, the method for
representation is internal to the implementation of the function and is out of
scope of this specification.
        </p>

        <p>
The following example demonstrates a JSON-encoded metadata structure that
might be used as <a href="#did-resolution-input-metadata-properties">DID
resolution input metadata</a></a>.
        </p>

        <pre class="example"
          title="JSON-encoded DID resolution input metadata example">
{
  "accept": "application/did+ld+json"
}
        </pre>

        <p>
This example corresponds to a metadata structure of the following format:
        </p>

        <pre class="example" title="DID resolution input metadata example">
«[
  "accept" → "application/did+ld+json"
]»
        </pre>

        <p>
The next example demonstrates a JSON-encoded metadata structure that might be
used as <a href="#did-resolution-metadata-properties">DID resolution
metadata</a> if a DID was not found.
        </p>

        <pre class="example"
        title="JSON-encoded DID resolution metadata example">
{
  "error": "not-found"
}
        </pre>

        <p>
This example corresponds to a metadata structure of the following format:
        </p>

        <pre class="example" title="DID resolution metadata example">
«[
  "error" → "not-found"
]»
        </pre>

        <p>
The next example demonstrates a JSON-encoded metadata structure that might be
used as <a href="#did-document-metadata-properties">DID document metadata</a>
to describe timestamps associated with the DID document.
        </p>

        <pre class="example" title="JSON-encoded DID document metadata example">
{
  "created": "2019-03-23T06:35:22Z",
  "updated": "2023-08-10T13:40:06Z"
}
        </pre>

        <p>
This example corresponds to a metadata structure of the following format:
        </p>

        <pre class="example" title="DID document metadata example">
«[
  "created" → "2019-03-23T06:35:22Z",
  "updated" → "2023-08-10T13:40:06Z"
]»
        </pre>

    </section>

  </section>

  <section class="informative">
    <h1>
Security Considerations
    </h1>

    <p class="note" title="Note to implementers">
During the Working Draft stage, this section focuses on security topics that
should be important in early implementations. The editors are seeking feedback
on threats and threat mitigations that should be reflected in this section or
elsewhere in the spec. <a>DIDs</a> are designed to operate under the general
Internet threat model used by many IETF standards. We assume uncompromised
endpoints, but anticipate that messages could be read or corrupted on the
network.
    </p>

    <section>
      <h2>
Choosing DID Resolvers
      </h2>

      <p>
The DID Method Registry (see [[?DID-SPEC-REGISTRIES]] is an informative list of
<a>DID method</a> names and their corresponding <a>DID method</a>
specifications. Implementors need to bear in mind that there is no central
authority to mandate which <a>DID method</a> specification is to be used with
any specific <a>DID method</a> name, but can use the DID Method Registry to make
an informed decision when choosing which <a>DID resolver</a> implementations to
use.
      </p>
    </section>

    <section>
      <h2>
Binding of Identity
      </h2>

      <p>
The following sections describe binding identities to <a>DIDs</a> and
<a>DID documents</a>.
      </p>

      <section>
        <h3>
Proving Control of a DID and DID Document
        </h3>

        <p>
Signatures and <a>verifiable timestamps</a> allow <a>DID documents</a> to be
cryptographically verifiable.
        </p>

        <p>
By itself, a verified signature on a self-signed <a>DID document</a> does not
prove control of a <a>DID</a>. It only proves that the:
        </p>

        <ul>
          <li>
<a>DID document</a> was not tampered with since it was timestamped.
          </li>

          <li>
<a>DID controller(s)</a> controlled the private key used for the signature at
the time the timestamp was created.
          </li>
        </ul>

        <p>
Proving control of a <a>DID</a>, that is, the binding between the <a>DID</a>
and the <a>DID document</a> that describes it, requires a two step process:
        </p>

        <ol start="1">
          <li>
Resolving the <a>DID</a> to a <a>DID document</a> according to its
<a>DID method</a> specification.
          </li>

          <li>
Verifying that the <code><a>id</a></code> property of the resulting <a>DID
document</a> matches the <a>DID</a> that was resolved.
          </li>
        </ol>

        <p>
It should be noted that this process proves control of a <a>DID</a> and
<a>DID document</a> regardless of whether the <a>DID document</a> is signed.
        </p>

        <p>
Signatures on <a>DID documents</a> are optional. <a>DID method</a>
specifications are expected to explain and specify their implementation if
applicable.
        </p>
      </section>

      <section>
        <h3>
Proving Control of a Public Key
        </h3>

        <p>
There are two methods for proving control of the private key corresponding to a
<a>public key description</a> in the <a>DID document</a>: static and dynamic.
        </p>

        <p>
The static method is to sign the <a>DID document</a> with the private key. This
proves control of the private key at a time no later than the
<a>DID document</a> was registered. If the <a>DID document</a> is not signed,
control of a public key described in the <a>DID document</a> can still be proven
dynamically as follows:
        </p>

        <ol start="1">
          <li>
Send a challenge message containing a <a>public key description</a> from the
<a>DID document</a> and a nonce to an appropriate <a>service endpoint</a>
described in the <a>DID document</a>.
          </li>

          <li>
Verify the signature of the response message against the
<a>public key description</a>.
          </li>
        </ol>
      </section>

      <section>
        <h3>
Real-World Identity
        </h3>

        <p>
A <a>DID</a> and <a>DID document</a> do not inherently carry any
<a href="https://en.wikipedia.org/wiki/Personally_identifiable_information">
  PII</a>
(personally-identifiable information).
        </p>

        <p>
It can be useful to express a binding of <a>DID</a> to a person's or company's
real world identity, in a way that is provably asserted by a trusted authority
such as a government. This can enable interactions that can be considered
legally valid under one or more jurisdictions; establishing such bindings has to
be carefully balanced against privacy considerations (see <a
href="#privacy-considerations"></a>).
        </p>

        <p>
The process of binding a <a>DID</a> to something in the real world, such as a
person or a company, for example using <a>verifiable credentials</a> with the
same subject as that <a>DID</a>, is out of scope for this specification. For
more information, see the [[VC-DATA-MODEL]] instead.
        </p>
      </section>
    </section>

    <section>
      <h2>
Authentication Service Endpoints
      </h2>

      <p>
If a <a>DID document</a> publishes a <a>service endpoint</a> intended for
authentication or authorization of the <a>DID subject</a> (see Section <a
href="#service-endpoints"></a>), it is the responsibility of the <a>service
endpoint</a> provider, subject, or requesting party to comply with the
requirements of the authentication protocols supported at that <a>service
endpoint</a>.
      </p>
    </section>

    <section>
      <h2>
Non-Repudiation
      </h2>

      <p>
Non-repudiation of <a>DIDs</a> and <a>DID document</a> updates is supported
under the assumption that the subject:
      </p>

      <ul>
        <li>
Is monitoring for unauthorized updates (see Section
<a href="#notification-of-did-document-changes"></a>).
        </li>
        <li>
Has had adequate opportunity to revert malicious updates according to the
access control mechanism for the <a>DID method</a> (see Section
<a href="#authentication"></a>).
        </li>
      </ul>

      <p>
Non-repudiation is further supported if timestamps are included (see Section
<a href="#did-document-metadata-properties"></a>) and the target <a>DLT</a>
system supports timestamps.
      </p>
    </section>

    <section>
      <h2>
Notification of DID Document Changes
      </h2>

      <p>
One mitigation against unauthorized changes to a <a>DID document</a> is
monitoring and actively notifying the <a>DID subject</a> when there are changes.
This is analogous to helping prevent account takeover on conventional
username/password accounts by sending password reset notifications to the email
addresses on file.
      </p>
      <p>
In the case of a <a>DID</a>, there is no intermediary registrar or account
provider to generate such notifications. However, if the <a>verifiable data
registry</a> on which the <a>DID</a> is registered directly supports change
notifications, a subscription service can be offered to <a>DID controllers</a>.
Notifications could be sent directly to the relevant <a>service endpoints</a>
listed in an existing <a>DID</a>.
      </p>
      <p>
If a <a>DID controller</a> chooses to rely on a third-party monitoring service
(other than the <a>verifiable data registry</a> itself), this introduces another
vector of attack.
      </p>
    </section>

    <section>
      <h2>
Key and Signature Expiration
      </h2>

      <p>
In a <a>decentralized identifier</a> architecture, there are no centralized
authorities to enforce key or signature expiration policies. Therefore
<a>DID resolvers</a> and requesting parties need to validate that keys
were not expired at the time they were used. Because some use cases might have
legitimate reasons why already-expired keys can be extended, make sure a key
expiration does not prevent any further use of the key, and implementations
of a resolver ought to be compatible with such extension behavior.
      </p>
    </section>

    <section>
      <h2>
Key Revocation and Recovery
      </h2>

      <p>
Section <a href="#method-operations"></a> specifies the <a>DID</a> operations to
be supported by a <a>DID method</a> specification, including deactivation of a
<a>DID document</a> by replacing it with an updated <a>DID document</a>. It is
also up to the <a>DID method</a> to define how revocation of cryptographic keys
might occur. Additionally, <a>DID method</a> specifications are also expected
to enable support for a quorum of trusted parties to enable key recovery. Some
of the facilities to do so are suggested in Section
<a href="#did-controller"></a>. Not all <a>DID method</a>
specifications will recognize control from <a>DIDs</a> registered using other
<a>DID methods</a> and they might restrict third-party control to <a>DIDs</a>
that use the same method. Access control and key recovery in a <a>DID method</a>
specification can also include a time lock feature to protect against key
compromise by maintaining a second track of control for recovery. Further
specification of this type of control is a matter for future work.
</p>
    </section>

    <section>
      <h2>
The Role of Human-Friendly Identifiers
      </h2>

      <p>
<a>DIDs</a> achieve global uniqueness without the need for a central
registration authority. This comes, however, at the cost of human memorability.
The algorithms capable of generating globally unique identifiers automatically
produce random strings of characters that have no human meaning. This
demonstrates the axiom about identifiers described in
<a href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's Triangle</a>:
"human-meaningful, decentralized, secure &mdash; pick any two".
      </p>

      <p>
There are of course many use cases where it is desirable to
discover a <a>DID</a> when starting from a human-friendly identifier. For
example, a natural language name, a domain name, or a conventional address for
a <a>DID controller</a>, such as a mobile telephone number, email address,
Twitter handle, or blog URL. However, the problem of mapping human-friendly
identifiers to <a>DIDs</a> (and doing so in a way that can be verified and
trusted) is outside the scope of this specification.
      </p>

      <p>
Solutions to this problem should be defined in separate specifications that
reference this specification. It is strongly recommended that such
specifications carefully consider the:
      </p>

      <ul>
        <li>
Numerous security attacks based on deceiving users about the true human-friendly
identifier for a target entity.
        </li>
        <li>
Privacy consequences of using human-friendly identifiers that are inherently
correlatable, especially if they are globally unique.
        </li>
      </ul>

      <p class="note">
A draft specification for discovering a <a>DID</a> from domain names and email
addresses using DNS lookups is available at [[?DNS-DID]].
      </p>
    </section>

    <section>
        <h2>
Immutability
        </h2>

        <p>
Many cybersecurity abuses hinge on exploiting gaps between reality and the
assumptions of rational, good-faith actors. Like any ecosystem, the <a>DID</a>
ecosystem has some potential for this to occur. Because this specification is
focused on a <a href="#data-model">data model</a> instead of a protocol, it
offers no opinion about many aspects of how that model is put to use. However,
individual <a>DID methods</a> might want to consider constraints that would
eliminate behaviors or semantics they do not need. The more <em>locked down</em>
a <a>DID method</a> is, while providing the same set of features, the less it
can be manipulated by malicious actors.
        </p>
        <p>
As an example, consider the flexibility that the <a href="#data-model">data
model</a> offers with respect to updating. A single edit to a <a>DID
document</a> can change anything and everything except the root
<code><a>id</a></code> property of the document. And any individual JSON object
in the <a href="#data-model">data model</a> can change all of its properties
except its <code><a>id</a></code>. But is it actually desirable for a <a>service
endpoint</a> to change its <code>type</code> after it is defined? Or for a key
to change its value? Or would it be better to require a new
<code><a>id</a></code> when certain fundamental properties of an object change?
Malicious takeovers of a web site often aim for an outcome where the site keeps
its identifier (the host name), but gets subtle, dangerous changes underneath.
If certain properties of the site were required by the specification to be
immutable (for example, the <a target="_blank"
href="https://en.wikipedia.org/wiki/Autonomous_system_(Internet)">ASN</a>
associated with its IP address), such attacks might be much harder and more
expensive to carry out, and anomaly detection would be easier.
        </p>
        <p>
The notion that immutability provides some cybersecurity benefits is
particularly relevant because of caching. For <a>DID methods</a> tied to a
global source of truth, a direct, just-in-time lookup of the latest version of a
<a>DID document</a> is always possible. However, it seems likely that layers of
cache might eventually sit between a <a>DID resolver</a> and that source of
truth. If they do, believing the attributes of an object in the <a>DID
document</a> to have a given state, when they are actually subtly different,
might invite exploits. This is particularly true if some lookups are of a full
<a>DID document</a>, and others are of partial data, where the larger context is
assumed.
        </p>
    </section>

    <section>
      <h2>
Encrypted Data in DID Documents
      </h2>
      <p>
DID documents are typically publicly available. Encryption algorithms have been
known to fail due to advances in cryptography and computing power. Implementers
are advised to assume that any encrypted data placed in a <a>DID document</a>
might eventually be made available in clear text to the same audience to which
the encrypted data is available.
      </p>
      <p>
Encrypting all or parts of DID documents is <em>not</em> an appropriate means to
protect data in the long term. Similarly, placing encrypted data in DID
documents is not an appropriate means to include personally identifiable
information.
      </p>
      <p>
Given the caveats above, if encrypted data is included in a DID document,
implementers are advised to not encrypt with the public keys of entities that do
not wish to be correlated with the <a>DID</a>.
      </p>

    </section>

    <section>
      <h2>Equivalence Properties</h2>
      <p>
The three equivalence properties defined in Core Properties
—<code><a>alsoKnownAs</a></code>, <code><a>equivalentId</a></code>, and
<code><a>canonicalId</a></code>—are subject to special security considerations
related to attacks against DIDs that are asserted to be equivalent. Each of the
equivalence property sections describes relevant mitigation instructions. In
general, they are:
      </p>
      <p>
The <code><a>equivalentId</a></code> and <code><a>canonicalId</a></code>
properties that constrain equivalence assertions to variants of a single DID
produced by the same <a>DID method</a> (e.g. <code>did:foo:123</code> ≡
<code>did:foo:hash(123)</code>) can be trusted to the extent the resolving party
trusts the <a>DID method</a> (and a conforming producer) itself.
      </p>
      <p>
The <code><a>alsoKnownAs</a></code> property that permits an equivalence
assertion to URIs that are not governed by the same <a>DID method</a> (or may
not be DIDs at all) cannot be trusted without performing verification steps
outside of the governing <a>DID method</a>. See Section 5.1.1 for the
recommendation to verify inverse relationships.
      </p>
      <p>
As with any other sensitive properties in the DID Document (e.g. public key
references), parties relying on any equivalence statement in a DID Document
should guard against the values of these properties being substituted by an
attacker after the proper verification has been performed. Any write access to a
DID document stored in memory or disk after verification has been performed is
an attack vector that will circumvent verification unless the DID document is
re-verified.
      </p>

    </section>
  </section>

  <section class="informative">
    <h1>Privacy Considerations</h1>

    <p>
It is critically important to apply the principles of Privacy by Design
[[PRIVACY-BY-DESIGN]] to all aspects of the <a>decentralized identifier</a>
architecture, because <a>DIDs</a> and <a>DID documents</a> are, by design,
administered directly by the <a>DID controller(s)</a>. There is no registrar,
hosting company, or other intermediate service provider to recommend or apply
additional privacy safeguards. The authors of this specification have applied
all seven Privacy by Design principles throughout its development. For example,
privacy in this specification is preventative not remedial, and privacy is an
embedded default. Furthermore, the <a>decentralized identifier</a>
architecture by itself embodies Privacy by Design principle #7: "Respect for
user privacy &mdash; keep it user-centric."
    </p>

    <p>
This section lists additional privacy considerations that implementers,
delegates, and <a>DID subjects</a> should keep in mind.
    </p>

    <section>
      <h2>
Keep Personally-Identifiable Information (PII) Private
      </h2>

      <p>
If a <a>DID method</a> specification is written for a public <a>verifiable data
registry</a> where all <a>DIDs</a> and <a>DID documents</a> are publicly
available, it is <em>critical</em> that <a>DID documents</a> contain no
personal data. All personal data should be kept behind <a>service
endpoints</a> under the control of the <a>DID subject</a>. Additional due
diligence should be taken around the use of URLs in service endpoints as well
to prevent leakage of unintentional personal data or correlation within a URL
of a service endpoint. For example, a URL that contains a username is likely
dangerous to include in a <a>DID Document</a> because the username is likely
to be human-meaningful in a way that can unintentionally reveal information
that the <a>DID subject</a> did not consent to sharing. With this privacy
architecture, personal data can be exchanged on a private, peer-to-peer basis
using communications channels identified and secured by <a>public key
descriptions</a> in <a>DID documents</a>. This also enables <a>DID
subjects</a> and requesting parties to implement the <a
href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a>
<a href="https://en.wikipedia.org/wiki/Right_to_be_forgotten">right to be
forgotten</a>, because no personal data is written to an immutable
<a>distributed ledger</a>.
      </p>
    </section>

    <section>
      <h2>
DID Correlation Risks and Pseudonymous DIDs
      </h2>

      <p>
Like any type of globally unique identifier, <a>DIDs</a> might be used for
correlation. <a>DID controllers</a> can mitigate this privacy risk by using
pairwise unique <a>DIDs</a>, that is, sharing a different private <a>DID</a> for
every relationship. In effect, each <a>DID</a> acts as a pseudonym. A
pseudonymous <a>DID</a> need only be shared with more than one party when
the <a>DID subject</a> explicitly authorizes correlation between those parties.
If pseudonymous <a>DIDs</a> are the default, then the only need for a public
<a>DID</a> (a <a>DID</a> published openly or shared with a large number of
parties) is when the <a>DID subject</a> explicitly desires public
identification.
      </p>
    </section>

    <section>
      <h2>
DID Document Correlation Risks
      </h2>

      <p>
The anti-correlation protections of pseudonymous <a>DIDs</a> are easily defeated
if the data in the corresponding <a>DID documents</a> can be correlated. For
example, using same <a>public key descriptions</a> or bespoke
<a>service endpoints</a> in multiple <a>DID documents</a> can provide as much
correlation information as using the same <a>DID</a>. Therefore the
<a>DID document</a> for a pseudonymous <a>DID</a> also needs to use pairwise
unique public keys.

It might seem natural to also use pairwise unique <a>service endpoints</a> in
the <a>DID document</a> for a pseudonymous <a>DID</a>. However, unique endpoints
allow all traffic between two <a>DIDs</a> to be isolated perfectly into unique
buckets, where timing correlation and similar analysis is easy. Therefore, a
better strategy for endpoint privacy might be to share an endpoint among
thousands or millions of <a>DIDs</a> controlled by many different subjects.
      </p>
    </section>

    <section>
      <h2>
Assigning a type to the DID subject
      </h2>
      <p>
It is dangerous to add properties to the <a>DID document</a> that can be used
to indicate, explicitly or through inference, what <em>type</em> or nature of
thing the <a>DID subject</a> is, particularly if the <a>DID subject</a> is a
person.
      </p>
      <p>
Not only do such properties potentially result in personally identifiable
information (see
<a href="#keep-personally-identifiable-information-pii-private"></a>) or
correlatable data (see <a href="#did-correlation-risks-and-pseudonymous-dids">
</a> and <a href="#did-document-correlation-risks"></a>) being present in the
<a>DID document</a>, but they can be used for grouping particular <a>DIDs</a>
in such a way that they are included in or excluded from certain operations or
functionalities.
      </p>
      <p>
Including <em>type</em> information in a <a>DID Document</a> can
result in personal privacy harms even for <a>DID Subjects</a> that are
non-person entities, such as IoT devices. The aggregation of such
information around a <a>DID Controller</a> could serve as a form of
digital fingerprint and this is best avoided.
      </p>
      <p>
To minimize these risks, all properties in a <a>DID document</a> ought to be for
expressing cryptographic material, endpoints, or verification methods related to
using the <a>DID</a>.
      </p>

    </section>

    <section>
      <h2>
Herd Privacy
      </h2>

      <p>
When a <a>DID subject</a> is indistinguishable from others in the herd, privacy
is available. When the act of engaging privately with another party is by itself
a recognizable flag, privacy is greatly diminished. <a>DIDs</a> and <a>DID
methods</a> need to work to improve herd privacy, particularly for those who
legitimately need it most. Choose technologies and human interfaces that default
to preserving anonymity and pseudonymity. To reduce <a
href="https://en.wikipedia.org/wiki/Device_fingerprint"> digital
fingerprints</a>, share common settings across requesting party implementations,
keep negotiated options to a minimum on wire protocols, use encrypted transport
layers, and pad messages to standard lengths.
      </p>
    </section>

    <section>
      <h2>
          Service Privacy
      </h2>
      <p>
The ability for a controller to optionally state at least one service endpoint
in the DID document increases their control and agency. Each additional
endpoint in the DID document adds privacy risk either due to correlation
(e.g., across endpoint descriptions) or because the services are not
protected by an authorization mechanism, or both.
      </p>
      <p>
The degree of additional privacy risk caused by using multiple service 
endpoints in one DID document can be difficult to estimate. Privacy 
harms are typically unintended consequences. DIDs can identify documents, 
services, schemas, and other things that may be associated 
with individual people, households, clubs, and employers &mdash; and 
correlation of their service endpoints could become a powerful 
surveillance and inference tool.
      </p>
      <p>
DID documents are often public and will be stored and indexed efficiently by
their very standards-based nature. This risk is worse if DID documents are
published to immutable Verifiable Data Registries. Access to a history of the
DID documents referenced by a DID represents a form of traffic analysis made
more efficient through the use of standards.
      </p>
      <p>
Examples of service endpoints in DID documents come in three broad categories:
      </p>
      <ol>
          <li>
Intentional public disclosures
          </li>
          <li>
DIDs about natural persons (as might be covered by GDPR and similar
privacy regulations)
          </li>
          <li>
DIDs about things and documents that are associated with natural persons
          </li>
      </ol>
      <p>
For the first category, consider non-DID publication mechanisms with only 
a single service endpoint. In some cases, the publication mechanism might
reference a DID Document with no service endpoints at all. For the second
category, prefer using only one service that points to an authorization server, 
mediator, or proxy that can provide herd immunity. For the third category, 
avoid the use of multiple service endpoints for a DID because some
of these (e.g., an authorization server) are likely to be reused with other,
related DIDs. Place correlatable service endpoints behind a 
privacy-preserving  mechanism, if possible, or introduce a mediator or proxy 
as a sole service endpoint in order to obscure related devices and documents 
through herd immunity.
      </p>
    </section>
  </section>
  
  <section class="informative">
    <h1>
      Examples
    </h1>
    <section class="informative">
      <h2>DID Documents</h2>

      <p>
See <a
href="https://www.w3.org/TR/did-spec-registries/#verification-method-types">
did-spec-registries</a> for optional extensions and other verifcation method
types.
      </p>

      <p class="note">
These examples are for information purposes only, it is considered a best
practice to avoid using the same verification method for multiple purposes.
      </p>

      <pre class="example" title="DID Document with 1 verification method type">
  {
    "@context": "https://www.w3.org/ns/did/v1",
    "id": "did:example:123",
    "authentication": [
      {
        "id": "did:example:123#z6MkecaLyHuYWkayBDLw5ihndj3T1m6zKTGqau3A51G7RBf3",
        "type": "Ed25519VerificationKey2018",
        "controller": "did:example:123",
        "publicKeyBase58": "AKJP3f7BD6W4iWEQ9jwndVTCBq8ua2Utt8EEjJ6Vxsf"
      }
    ],
    "capabilityInvocation": [
      {
        "id": "did:example:123#z6MkhdmzFu659ZJ4XKj31vtEDmjvsi5yDZG5L7Caz63oP39k",
        "type": "Ed25519VerificationKey2018",
        "controller": "did:example:123",
        "publicKeyBase58": "4BWwfeqdp1obQptLLMvPNgBw48p7og1ie6Hf9p5nTpNN"
      }
    ],
    "capabilityDelegation": [
      {
        "id": "did:example:123#z6Mkw94ByR26zMSkNdCUi6FNRsWnc2DFEeDXyBGJ5KTzSWyi",
        "type": "Ed25519VerificationKey2018",
        "controller": "did:example:123",
        "publicKeyBase58": "Hgo9PAmfeoxHG8Mn2XHXamxnnSwPpkyBHAMNF3VyXJCL"
      }
    ],
    "assertionMethod": [
      {
        "id": "did:example:123#z6MkiukuAuQAE8ozxvmahnQGzApvtW7KT5XXKfojjwbdEomY",
        "type": "Ed25519VerificationKey2018",
        "controller": "did:example:123",
        "publicKeyBase58": "5TVraf9itbKXrRvt2DSS95Gw4vqU3CHAdetoufdcKazA"
      }
    ]
}
      </pre>

      <pre class="example" title="DID Document with many different verification methods">
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123",
  "verificationMethod": [
    {
      "id": "did:example:123#ZC2jXTO6t4R501bfCXv3RxarZyUbdP2w_psLwMuY6ec",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    },
    {
      "id": "did:example:123#zQ3shP2mWsZYWgvgM11nenXRTx9L1yiJKmkf9dfX7NaMKb1pX",
      "type": "EcdsaSecp256k1VerificationKey2019",
      "controller": "did:example:123",
      "publicKeyBase58": "d5cW2R53NHTTkv7EQSYR8YxaKx7MVCcchjmK5EgCNXxo",
    },
    {
      "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ"
      }
    },
    {
      "id": "did:example:123#z6LSnjagzhe8Df6gZmroW3wjDd7XQLwAuYfwa4ZeTBCGFoYc",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "X25519",
        "x": "pE_mG098rdQjY3MKK2D5SUQ6ZOEW3a6Z6T7Z4SgnzCE"
      },
    }
    {
      "id": "did:example:123#4SZ-StXrp5Yd4_4rxHVTCYTHyt4zyPfN1fIuYsm6k3A",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "EC",
        "crv": "secp256k1",
        "x": "Z4Y3NNOxv0J6tCgqOBFnHnaZhJF6LdulT7z8A-2D5_8",
        "y": "i5a2NtJoUKXkLm6q8nOEu9WOkso1Ag6FTUT6k_LMnGk"
      }
    },
    {
      "id": "did:example:123#n4cQ-I_WkHMcwXBJa7IHkYu8CMfdNcZKnKsOrnHLpFs",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "RSA",
        "e": "AQAB",
        "n": "omwsC1AqEk6whvxyOltCFWheSQvv1MExu5RLCMT4jVk9khJKv8JeMXWe3bWHatjPskdf2dlaGkW5QjtOnUKL742mvr4tCldKS3ULIaT1hJInMHHxj2gcubO6eEegACQ4QSu9LO0H-LM_L3DsRABB7Qja8HecpyuspW1Tu_DbqxcSnwendamwL52V17eKhlO4uXwv2HFlxufFHM0KmCJujIKyAxjD_m3q__IiHUVHD1tDIEvLPhG9Azsn3j95d-saIgZzPLhQFiKluGvsjrSkYU5pXVWIsV-B2jtLeeLC14XcYxWDUJ0qVopxkBvdlERcNtgF4dvW4X00EHj4vCljFw"
      }
    },
    {
      "id": "did:example:123#_TKzHv2jFIyvdTGF1Dsgwngfdg3SH6TpDv0Ta1aOEkw",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8",
        "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"
      }
    },
    {
      "id": "did:example:123#8wgRfY3sWmzoeAL-78-oALNvNj67ZlQxd1ss_NX1hZY",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "EC",
        "crv": "P-384",
        "x": "GnLl6mDti7a2VUIZP5w6pcRX8q5nvEIgB3Q_5RI2p9F_QVsaAlDN7IG68Jn0dS_F",
        "y": "jq4QoAHKiIzezDp88s_cxSPXtuXYFliuCGndgU4Qp8l91xzD1spCmFIzQgVjqvcP"
      }
    },
    {
      "id": "did:example:123#NjQ6Y_ZMj6IUK_XkgCDwtKHlNTUTVjEYOWZtxhp1n-E",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "EC",
        "crv": "P-521",
        "x": "AVlZG23LyXYwlbjbGPMxZbHmJpDSu-IvpuKigEN2pzgWtSo--Rwd-n78nrWnZzeDc187Ln3qHlw5LRGrX4qgLQ-y",
        "y": "ANIbFeRdPHf1WYMCUjcPz-ZhecZFybOqLIJjVOlLETH7uPlyG0gEoMWnIZXhQVypPy_HtUiUzdnSEPAylYhHBTX2"
      }
    }
  ]
}
      </pre>

    </section>

    <section class="informative">
      <h2>Proving</h2>

      <p class="note">
These examples are for information purposes only. See
<a href="https://www.w3.org/TR/vc-data-model/">W3C Verifiable Credentials Data
Model</a> for additional examples.
      </p>

      <pre class="example"
        title="Verifiable Credential linked to a verification method of type Ed25519VerificationKey2018">
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://w3id.org/citizenship/v1"
  ],
  "type": [
    "VerifiableCredential",
    "PermanentResidentCard"
  ],
  "credentialSubject": {
    "id": "did:example:123",
    "type": [
      "PermanentResident",
      "Person"
    ],
    "givenName": "JOHN",
    "familyName": "SMITH",
    "gender": "Male",
    "image": "data:image/png;base64,iVBORw0KGgo...kJggg==",
    "residentSince": "2015-01-01",
    "lprCategory": "C09",
    "lprNumber": "000-000-204",
    "commuterClassification": "C1",
    "birthCountry": "Bahamas",
    "birthDate": "1958-08-17"
  },
  "issuer": "did:example:456",
  "issuanceDate": "2020-04-22T10:37:22Z",
  "identifier": "83627465",
  "name": "Permanent Resident Card",
  "description": "Government of Example Permanent Resident Card.",
  "proof": {
    "type": "Ed25519Signature2018",
    "created": "2020-04-22T10:37:22Z",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:example:456#key-1",
    "jws": "eyJjcml0IjpbImI2NCJdLCJiNjQiOmZhbHNlLCJhbGciOiJFZERTQSJ9..BhWew0x-txcroGjgdtK-yBCqoetg9DD9SgV4245TmXJi-PmqFzux6Cwaph0r-mbqzlE17yLebjfqbRT275U1AA"
  }
}
    </pre>

    <pre class="example"
      title="Verifiable Credential linked to a verification method of type JsonWebKey2020">
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "id": "http://example.gov/credentials/3732",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": { "id": "did:example:123" },
  "issuanceDate": "2020-03-10T04:24:12.164Z",
  "credentialSubject": {
    "id": "did:example:456",
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  },
  "proof": {
    "type": "JsonWebSignature2020",
    "created": "2020-02-15T17:13:18Z",
    "verificationMethod": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
    "proofPurpose": "assertionMethod",
    "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..Y0KqovWCPAeeFhkJxfQ22pbVl43Z7UI-X-1JX32CA9MkFHkmNprcNj9Da4Q4QOl0cY3obF8cdDRdnKr0IwNrAw"
  }
}
    </pre>

    <pre class="example" title="Verifiable Credential as Decoded JWT">
{
  "protected": {
    "kid": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
    "alg": "EdDSA"
  },
  "payload": {
    "iss": "did:example:123",
    "sub": "did:example:456",
    "vc": {
      "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://www.w3.org/2018/credentials/examples/v1"
      ],
      "id": "http://example.gov/credentials/3732",
      "type": [
        "VerifiableCredential",
        "UniversityDegreeCredential"
      ],
      "issuer": {
        "id": "did:example:123"
      },
      "issuanceDate": "2020-03-10T04:24:12.164Z",
      "credentialSubject": {
        "id": "did:example:456",
        "degree": {
          "type": "BachelorDegree",
          "name": "Bachelor of Science and Arts"
        }
      }
    },
    "jti": "http://example.gov/credentials/3732",
    "nbf": 1583814252
  },
  "signature": "qSv6dpZJGFybtcifLwGf4ujzlEu-fam_M7HPxinCbVhz9iIJCg70UMeQbPa1ex6BmQ2tnSS7F11FHnMB2bJRAw"
}
      </pre>
    </section>

    <section class="informative">
      <h2>Encrypting</h2>

      <p class="note">
These examples are for information purposes only, it is considered a best
practice to avoid dislosing unnecessary information in JWE headers.
      </p>

      <pre class="example" title="JWE linked to a verification method via kid">
{
  "ciphertext": "3SHQQJajNH6q0fyAHmw...",
  "iv": "QldSPLVnFf2-VXcNLza6mbylYwphW57Q",
  "protected": "eyJlbmMiOiJYQzIwUCJ9",
  "recipients": [
    {
      "encrypted_key": "BMJ19zK12YHftJ4sr6Pz1rX1HtYni_L9DZvO1cEZfRWDN2vXeOYlwA",
      "header": {
        "alg": "ECDH-ES+A256KW",
        "apu": "Tx9qG69ZfodhRos-8qfhTPc6ZFnNUcgNDVdHqX1UR3s",
        "apv": "ZGlkOmVsZW06cm9wc3RlbjpFa...",
        "epk": {
          "crv": "X25519",
          "kty": "OKP",
          "x": "Tx9qG69ZfodhRos-8qfhTPc6ZFnNUcgNDVdHqX1UR3s"
        },
        "kid": "did:example:123#zC1Rnuvw9rVa6E5TKF4uQVRuQuaCpVgB81Um2u17Fu7UK"
      }
    }
  ],
  "tag": "xbfwwDkzOAJfSVem0jr1bA"
}
      </pre>
    </section>
  </section>

  <section class="appendix">
    <h1>Current Issues</h1>

    <p>
The list of issues below are under active discussion and are likely to
result in changes to this specification.
    </p>

<div class="issue" data-number="506">Correct the serviceEndpoint property to allow for a string or array of strings</div>
<div class="issue" data-number="505">The definition of "the topmost" of the abstract data model is unclear </div>
<div class="issue" data-number="504">Issues in "Note on Persistence" in DID Syntax section</div>
<div class="issue" data-number="502">`Decentralized extension` is not discussed</div>
<div class="issue" data-number="499">Metadata properties don't define data model and serialization format</div>
<div class="issue" data-number="498">Datetime data type missing timezone and precision</div>
<div class="issue" data-number="496"> Inconsistent definition/name of DID Document (or abstract data model?)</div>
<div class="issue" data-number="495">`updated` property's initial value is not defined clearly</div>
<div class="issue" data-number="494">Discussion on "localized rules for handling properties" not described anywhere</div>
<div class="issue" data-number="483">Issue with using `version-id` and key revocation</div>
<div class="issue" data-number="479">Provide better service.type examples</div>
<div class="issue" data-number="468">Should "deactivated" be an error code?</div>
<div class="issue" data-number="463">Naming classes of properties and syntax</div>
<div class="issue" data-number="453">The relationship between Verifiable Data Registry and DID Document haven't shown in Figure 1</div>
<div class="issue" data-number="452">Compound key is not clear and points to wikipedia not a normative definition</div>
<div class="issue" data-number="447">Differentiate external properties in examples</div>
<div class="issue" data-number="432">Restrictions on `@context` property values in DID Documents</div>
<div class="issue" data-number="425">DID Spec Registries needs terminolgical criteria</div>
<div class="issue" data-number="417">How should resolvers handle the accept header?</div>
<div class="issue" data-number="404">Precise specification of the DID Core Vocabulary</div>
<div class="issue" data-number="399">DID Fragment semantics cleanup needed</div>
<div class="issue" data-number="391">Section "Authentication and Verifiable Claims": Add subsection about key security</div>
<div class="issue" data-number="390">Section "Authentication and Verifiable Claims": Add language about legal identity</div>
<div class="issue" data-number="386">need to clarify revocation vs. rotation</div>
<div class="issue" data-number="384">Normative statements review</div>
<div class="issue" data-number="382">Service Endpoints in the DID Doc might be an anti-pattern</div>
<div class="issue" data-number="380">Why DID Document streaming (`resolveStream`)?</div>
<div class="issue" data-number="373">Proposed Appendices on DID Identification Architecture</div>
<div class="issue" data-number="370">Consider EFF / ACLU objections by distinguaishing accountable vs. voluntary DIDs</div>
<div class="issue" data-number="478">How should contributors register the same DID Method on multiple networks?</div>
<div class="issue" data-number="363">Clarify Authorization requirements.</div>
<div class="issue" data-number="340">Add COSE key format example into CBOR section</div>
<div class="issue" data-number="337">When should did parameters be dropped?</div>
<div class="issue" data-number="324">Privacy Considerations for service endpoints</div>
<div class="issue" data-number="292">Horizontal Review Tracking</div>
<div class="issue" data-number="291">PING Horizontal Review</div>
<div class="issue" data-number="208">IETF did+ld+json media type registration</div>
<div class="issue" data-number="199">Clarification on what DIDs might identify</div>
<div class="issue" data-number="170">Public key "id" and "type" members duplicate JWK "kid" and "kty" members</div>
<div class="issue" data-number="163">Uses of terms defined in the specification should be links to their definitions</div>
<div class="issue" data-number="119">Horizontal Review: offer review opportunity to TAG</div>
<div class="issue" data-number="118">Specification needs to be compliant with WCAG 2.0</div>
<div class="issue" data-number="105">Horizontal Review: Accessibility self test</div>
<div class="issue" data-number="104">Horizontal Review: Internationalization self test</div>
<div class="issue" data-number="72">Privacy Considerations - Specifically call out GDPR</div>
<div class="issue" data-number="58">Registry handling</div>

  </section>

<section class="appendix">
    <h1>
IANA Considerations
    </h1>

    <p>
This section will be submitted to the Internet Engineering Steering Group
(IESG) for review, approval, and registration with IANA when this specification
becomes a W3C Proposed Recommendation.
    </p>

    <section>
      <h2>application/did+json</h2>
      <dl>
        <dt>Type name:</dt>
        <dd>application</dd>
        <dt>Subtype name:</dt>
        <dd>did+json</dd>
        <dt>Required parameters:</dt>
        <dd>None</dd>
        <dt>Optional parameters:</dt>
        <dd>None</dd>
        <dt>Encoding considerations:</dt>
        <dd>
See <a data-cite="RFC8259#section-11">RFC&nbsp;8259, section 11</a>.
        </dd>
        <dt>Security considerations:</dt>
        <dd>
See <a data-cite="RFC8259#section-12">RFC&nbsp;8259, section 12</a> [[RFC8259]].
        </dd>
        <dt>Interoperability considerations:</dt>
        <dd>Not Applicable</dd>
        <dt>Published specification:</dt>
        <dd>http://www.w3.org/TR/did-core/</dd>
        <dt>Applications that use this media type:</dt>
        <dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify W3C Verifiable Credentials.
        </dd>
        <dt>Additional information:</dt>
        <dd>
          <dl>
            <dt>Magic number(s):</dt>
            <dd>Not Applicable</dd>
            <dt>File extension(s):</dt>
            <dd>.did</dd>
            <dt>Macintosh file type code(s):</dt>
            <dd>TEXT</dd>
          </dl>
        </dd>
        <dt>Person &amp; email address to contact for further information:</dt>
        <dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
        <dt>Intended usage:</dt>
        <dd>Common</dd>
        <dt>Restrictions on usage:</dt>
        <dd>None</dd>
        <dt>Author(s):</dt>
        <dd>
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen
        </dd>
        <dt>Change controller:</dt>
        <dd>W3C</dd>
      </dl>

      <p>
Fragment identifiers used with
<a href="#application-did-json">application/did+json</a> are treated
according to the rules defined in <a href="#fragment"></a>.
      </p>
    </section>

    <section>
      <h2>application/did+ld+json</h2>

      <p class="issue atrisk" data-number="208">
Use of the media type <code>application/did+ld+json</code> is pending
clarification over the registration of
<a href="https://datatracker.ietf.org/doc/html/draft-w3cdidwg-media-types-with-multiple-suffixes">
media types with multiple suffixes</a>. The alternative will be to use
<code>application/ld+json</code> with an expected profile parameter of
<code>https://www.w3.org/ns/did/json-ld-profile</code> if multiple suffixes
cannot be registered by the time the rest of DID Core is ready for W3C
Proposed Recommendation. Discussion is happening in the
<a href="https://mailarchive.ietf.org/arch/msg/media-types/Sv8oT38p1nWHPYZQmnL_9GPjeic/">
IETF media-types mailing list</a>.
      </p>

      <dl>
        <dt>Type name:</dt>
        <dd>application</dd>
        <dt>Subtype name:</dt>
        <dd>did+ld+json</dd>
        <dt>Required parameters:</dt>
        <dd>None</dd>
        <dt>Optional parameters:</dt>
        <dd>None</dd>
        <dt>Encoding considerations:</dt>
        <dd>
See <a data-cite="RFC8259#section-11">RFC&nbsp;8259, section 11</a>.
        </dd>
        <dt>Security considerations:</dt>
        <dd>
See <a data-cite="JSON-LD11#security">JSON-LD 1.1, Security Considerations</a>
[[JSON-LD11]].
        </dd>
        <dt>Interoperability considerations:</dt>
        <dd>Not Applicable</dd>
        <dt>Published specification:</dt>
        <dd>http://www.w3.org/TR/did-core/</dd>
        <dt>Applications that use this media type:</dt>
        <dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify W3C Verifiable Credentials.
        </dd>
        <dt>Additional information:</dt>
        <dd>
          <dl>
            <dt>Magic number(s):</dt>
            <dd>Not Applicable</dd>
            <dt>File extension(s):</dt>
            <dd>.did</dd>
            <dt>Macintosh file type code(s):</dt>
            <dd>TEXT</dd>
          </dl>
        </dd>
        <dt>Person &amp; email address to contact for further information:</dt>
        <dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
        <dt>Intended usage:</dt>
        <dd>Common</dd>
        <dt>Restrictions on usage:</dt>
        <dd>None</dd>
        <dt>Author(s):</dt>
        <dd>
Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen
        </dd>
        <dt>Change controller:</dt>
        <dd>W3C</dd>
      </dl>

      <p>
Fragment identifiers used with
<a href="#application-did-ld-json">application/did+ld+json</a> are treated
according to the rules associated with the
<a data-cite="JSON-LD11#iana-considerations">JSON-LD 1.1: application/ld+json
media type</a> [[JSON-LD11]].
      </p>
    </section>

    <section>
      <h2>application/did+cbor</h2>
      <dl>
        <dt>Type name:</dt>
        <dd>application</dd>
        <dt>Subtype name:</dt>
        <dd>did+cbor</dd>
        <dt>Required parameters:</dt>
        <dd>None</dd>
        <dt>Optional parameters:</dt>
        <dd>None</dd>
        <dt>Encoding considerations:</dt>
        <dd>
See <a data-cite="RFC7049#section-3.9">RFC&nbsp;7049, section 4.2</a>.
        </dd>
        <dt>Security considerations:</dt>
        <dd>
See <a data-cite="RFC7049#section-10">RFC&nbsp;7049, section 10</a> [[RFC7049]].
        </dd>
        <dt>Interoperability considerations:</dt>
        <dd>Not Applicable</dd>
        <dt>Published specification:</dt>
        <dd>http://www.w3.org/TR/did-core/</dd>
        <dt>Applications that use this media type:</dt>
        <dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify W3C Verifiable Credentials.
        </dd>
        <dt>Additional information:</dt>
        <dd>
          <dl>
            <dt>Magic number(s):</dt>
            <dd>Not Applicable</dd>
            <dt>File extension(s):</dt>
            <dd>.did</dd>
            <dt>Macintosh file type code(s):</dt>
            <dd>TEXT</dd>
          </dl>
        </dd>
        <dt>Person &amp; email address to contact for further information:</dt>
        <dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
        <dt>Intended usage:</dt>
        <dd>Common</dd>
        <dt>Restrictions on usage:</dt>
        <dd>None</dd>
        <dt>Author(s):</dt>
        <dd>Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen</dd>
        <dt>Change controller:</dt>
        <dd>W3C</dd>
      </dl>

       <p>
Fragment identifiers used with
<a href="#application-did-cbor">application/did+cbor</a> are treated
according to the rules defined in <a href="#fragment"></a>.
      </p>
    </section>

     <section>
      <h2>application/did+dag+cbor</h2>
      <dl>
        <dt>Type name:</dt>
        <dd>application</dd>
        <dt>Subtype name:</dt>
        <dd>did+dag+cbor</dd>
        <dt>Required parameters:</dt>
        <dd>None</dd>
        <dt>Optional parameters:</dt>
        <dd>None</dd>
        <dt>Encoding considerations:</dt>
        <dd>
See <a data-cite="RFC7049#section-4.2">RFC&nbsp;7049, section 4.2</a>.
        </dd>
        <dt>Security considerations:</dt>
        <dd>
See <a data-cite="RFC7049#section-10">RFC&nbsp;7049, section 10</a> [[RFC7049]].
        </dd>
        <dt>Interoperability considerations:</dt>
        <dd>Not Applicable</dd>
        <dt>Published specification:</dt>
        <dd>http://www.w3.org/TR/did-core/</dd>
        <dt>Applications that use this media type:</dt>
        <dd>
Any application that requires an identifier that is decentralized, persistent,
cryptographically verifiable, and resolvable. Applications typically consist of
cryptographic identity systems, decentralized networks of devices, and
websites that issue or verify W3C Verifiable Credentials.
        </dd>
        <dt>Additional information:</dt>
        <dd>
          <dl>
            <dt>Magic number(s):</dt>
            <dd>Not Applicable</dd>
            <dt>File extension(s):</dt>
            <dd>.did</dd>
            <dt>Macintosh file type code(s):</dt>
            <dd>TEXT</dd>
          </dl>
        </dd>
        <dt>Person &amp; email address to contact for further information:</dt>
        <dd>Ivan Herman &lt;ivan@w3.org&gt;</dd>
        <dt>Intended usage:</dt>
        <dd>Common</dd>
        <dt>Restrictions on usage:</dt>
        <dd>None</dd>
        <dt>Author(s):</dt>
        <dd>Drummond Reed, Manu Sporny, Markus Sabadello, Dave Longley, Christopher Allen</dd>
        <dt>Change controller:</dt>
        <dd>W3C</dd>
      </dl>

       <p>
Fragment identifiers used with
<a href="#application-did-dag-cbor">application/did+dag+cbor</a> are treated
according to the rules defined in <a href="#fragment"></a>.
      </p>
    </section>

  </section>

</body>
</html>