Define the controller property in the Authz & Delegation section, tow…

…ards #2 and #3
w3c · Nov 25, 2019 · 9c19aa9 · 9c19aa9
1 parent 189e5bd
commit 9c19aa9
Showing 1 changed file with 29 additions and 11 deletions.
diff --git a/index.html b/index.html
@@ -1264,6 +1264,19 @@ <h2>
 controller of the corresponding private key, MUST be a valid DID.
       </p>
 
+      <p class="note" title="This is not the DID Controller">
+The <code>controller</code> property denotes a <a>DID controller</a>
+only when it appears at the <em>top level</em> of the <a>DID document</a>.
+The <code> controller</code> property when it appears as part of a <a>public
+key description</a> denotes the controller of the <em>corresponding
+private key</em> only, which may or may not be described in another
+<a>DID document</a>. A default <code>controller</code> field cannot
+be inferred by using a key's position in a tree, and so is explicitly
+included for each key. Linked Data Proof libraries typically expect the
+<code>controller</code> field to always exist and may throw an exception
+if it is missing.
+      </p>
+
       <p>
 All public key properties MUST be from the Linked Data Cryptographic Suite Registry.
 A registry of key types and formats is available in Appendix <a href="#registries"></a>
@@ -1388,17 +1401,6 @@ <h2>
         </li>
       </ol>
 
-      <p class="note">
-While the <code>controller</code> field may seem redundant in some of the
-examples above, keys may be expressed in a <a>DID document</a> where the
-controller is described in another <a>DID document</a>. Linked Data Proof
-libraries typically expect the <code>controller</code> field to always
-exist and may throw an exception if it is missing. Furthermore, per
-the requirement that <a>DID documents</a> be interpretable as either a graph
-or a tree, a default <code>controller</code> field cannot be inferred by
-using a key's position in a tree.
-      </p>
-
       <p class="note">
 Caching and expiration of the keys in a <a>DID document</a> is entirely the
 responsibility of <a>DID resolvers</a> and other clients. See Section
@@ -1483,6 +1485,22 @@ <h2>
 Section <a href="#security-considerations"></a>.
       </p>
 
+      <p>
+A DID document MAY include a <code>controller</code> property to indicate
+that there are <a>DID controller(s)</a> other than the <a>DID subject</a>.
+If so:
+      </p>
+
+      <dl>
+          <dt><dfn>controller</dfn></dt>
+          <dd>
+The value of the <code>controller</code> property MUST be a valid <a>DID</a>
+or an array of valid <a>DIDs</a>. The corresponding <a>DID document</a>(s)
+SHOULD contain authorization relations that explicitly permit the use of
+certain verification methods for specific purposes.
+          </dd>
+      </dl>
+
       <p>
 Each <a>DID method</a> MUST define how authorization and delegation are
 implemented, including any necessary cryptographic operations.