diff --git a/did-configuration/README.md b/did-configuration/README.md index 2f49478..a9e3fad 100644 --- a/did-configuration/README.md +++ b/did-configuration/README.md @@ -19,9 +19,7 @@ The format of the resource located at `/.well-known/did-configuration` shall be ```js { - "typ": "jwt", - "iat": 1565117957841, - "claims": { + "entries": { "did:btcr:123...": { "jwt": BASE_64_ENCODED_JWT }, @@ -39,15 +37,13 @@ The format of the resource located at `/.well-known/did-configuration` shall be ##### Top-Level Object -The top-level object MUST be a JWT with the list of DID linkage assertions included under the `claims` field, wherein each entry is a DID the domain owner is claiming to control. Each entry MUST contain the following properties and values: +The top-level object MUST be a JSON object with the list of DID linkage assertions included under the `entries` field, wherein each entry is a DID the domain owner is claiming to control. Each entry MUST contain the following properties and values: -**`typ`** - Specifies the type of object, and MUST be of the value `jwt`. -**`iat`** - The time of publication, in epoch numeric datetime. -**`claims`** - An object of DID linkage entries, wherein the keys are the DID being linked to the domain via the assertion. +**`entries`** - An object of DID linkage entries, wherein the keys are the DID being linked to the domain via the assertion. ##### DID Linkage Entries -Each DID linkage entry under the `claims` property of the resource's top-level JWT object must contain the following properties and values: +Each DID linkage entry under the `entries` property of the resource's top-level JWT object must contain the following properties and values: **`jwt`** - Base64 encoded JWT signed by currently valid keys from the claimed DID. This object MUST include the following sub-properties: - `iss`: the DID unique ID string of the claimed DID @@ -60,11 +56,11 @@ Each DID linkage entry under the `claims` property of the resource's top-level J Validation of the claimed linkages between the domain and the DIDs present in the resource MUST proceed as follows: 1. Download the resource from the subdomain -2. Validate that the resource is a JWT -3. Iterate through each of the DID linkage assertions in the `claims` field +2. Parse the resource as a JSON object +3. Iterate through each of the DID linkage assertions in the `entries` field 4. Process each DID linkage assertion as follows: 1. Decode the JWT value of the linkage assertion - 2. Ensure the `claims` property value within the linkage assertion matches the same domain at which the resource is located. + 2. Ensure the `domain` property value within the linkage assertion matches the same domain at which the resource is located. 3. Ensure the `exp` property's specified expiry time has not passed. 3. Resolve the DID specified in linkage assertion's `iss` value. 4. Validate the JWT signature using the keys in the DID's resolved DID Document.