From 4a552c2d4575c8f694a26a88fd85b0af974a374d Mon Sep 17 00:00:00 2001 From: Daniel Buchner Date: Wed, 7 Aug 2019 17:22:39 -0700 Subject: [PATCH 1/2] make top-level a plain JSON object --- did-configuration.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/did-configuration.md b/did-configuration.md index 2f49478..c1457c2 100644 --- a/did-configuration.md +++ b/did-configuration.md @@ -19,9 +19,7 @@ The format of the resource located at `/.well-known/did-configuration` shall be ```js { - "typ": "jwt", - "iat": 1565117957841, - "claims": { + "entries": { "did:btcr:123...": { "jwt": BASE_64_ENCODED_JWT }, @@ -39,11 +37,9 @@ The format of the resource located at `/.well-known/did-configuration` shall be ##### Top-Level Object -The top-level object MUST be a JWT with the list of DID linkage assertions included under the `claims` field, wherein each entry is a DID the domain owner is claiming to control. Each entry MUST contain the following properties and values: +The top-level object MUST be a JSON object with the list of DID linkage assertions included under the `claims` field, wherein each entry is a DID the domain owner is claiming to control. Each entry MUST contain the following properties and values: -**`typ`** - Specifies the type of object, and MUST be of the value `jwt`. -**`iat`** - The time of publication, in epoch numeric datetime. -**`claims`** - An object of DID linkage entries, wherein the keys are the DID being linked to the domain via the assertion. +**`entries`** - An object of DID linkage entries, wherein the keys are the DID being linked to the domain via the assertion. ##### DID Linkage Entries @@ -60,8 +56,8 @@ Each DID linkage entry under the `claims` property of the resource's top-level J Validation of the claimed linkages between the domain and the DIDs present in the resource MUST proceed as follows: 1. Download the resource from the subdomain -2. Validate that the resource is a JWT -3. Iterate through each of the DID linkage assertions in the `claims` field +2. Parse the resource as a JSON object +3. Iterate through each of the DID linkage assertions in the `entries` field 4. Process each DID linkage assertion as follows: 1. Decode the JWT value of the linkage assertion 2. Ensure the `claims` property value within the linkage assertion matches the same domain at which the resource is located. From 29549c6277269f1ee1fc5295becdec9cc35c591f Mon Sep 17 00:00:00 2001 From: Daniel Buchner Date: Wed, 7 Aug 2019 21:56:53 -0700 Subject: [PATCH 2/2] wip --- did-configuration.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/did-configuration.md b/did-configuration.md index c1457c2..a9e3fad 100644 --- a/did-configuration.md +++ b/did-configuration.md @@ -37,13 +37,13 @@ The format of the resource located at `/.well-known/did-configuration` shall be ##### Top-Level Object -The top-level object MUST be a JSON object with the list of DID linkage assertions included under the `claims` field, wherein each entry is a DID the domain owner is claiming to control. Each entry MUST contain the following properties and values: +The top-level object MUST be a JSON object with the list of DID linkage assertions included under the `entries` field, wherein each entry is a DID the domain owner is claiming to control. Each entry MUST contain the following properties and values: **`entries`** - An object of DID linkage entries, wherein the keys are the DID being linked to the domain via the assertion. ##### DID Linkage Entries -Each DID linkage entry under the `claims` property of the resource's top-level JWT object must contain the following properties and values: +Each DID linkage entry under the `entries` property of the resource's top-level JWT object must contain the following properties and values: **`jwt`** - Base64 encoded JWT signed by currently valid keys from the claimed DID. This object MUST include the following sub-properties: - `iss`: the DID unique ID string of the claimed DID @@ -60,7 +60,7 @@ Validation of the claimed linkages between the domain and the DIDs present in th 3. Iterate through each of the DID linkage assertions in the `entries` field 4. Process each DID linkage assertion as follows: 1. Decode the JWT value of the linkage assertion - 2. Ensure the `claims` property value within the linkage assertion matches the same domain at which the resource is located. + 2. Ensure the `domain` property value within the linkage assertion matches the same domain at which the resource is located. 3. Ensure the `exp` property's specified expiry time has not passed. 3. Resolve the DID specified in linkage assertion's `iss` value. 4. Validate the JWT signature using the keys in the DID's resolved DID Document.