-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rewrite Authentication section - controller is wrong #2
Comments
The rules for how a DID Document can be updated (or how to establish the appropriate authority to do so) are method-specific. The This is an important statement for "authentication verifiers" whatever they may be. It does not make any statement about what type of verifier is requiring This statement is useful to any "authentication verifier" that needs to check to see if an entity that is attempting to authenticate is, in fact, presenting a valid proof of authentication. If a verifier receives some data (in some protocol-specific format) that contains a proof that was made for the purpose of "authentication" that says that an entity is identified by the DID, then that verifier should check to ensure that the proof can be verified using a verification method (e.g., public key) listed under This is how "proof purposes" with DID Documents work; the purpose of a proof must both be stated in a given proof and it must be expressed as a property of the DID Document that establishes a relationship between the entity identified by the DID and its authorized verification methods for that purpose. This enables verifiers, whatever they may be, to verify proofs for specific purposes. It is then up to the software that accepts these proofs to decide what authority they confer. Now, a particular DID method may use a simple Rather, Veres One requires an Authorization Capability to be presented that carries a proof that was created for the purpose of Other proof purposes presently in use include, at least, |
I agree that the spec should be improved, but I would emphasize a different aspect of incorrectness. I think the main gap is that we need to define what we mean by "DID Controller" far more carefully, and what the relationship is between the I agree with Dave's perspective on authentication and proof purposes. I would note that the peer DID method enumerates proof purposes in its |
I think I agree with everything @dlongley says, very helpful explanation as always. Yes, the rules for how a DID (Document) can be updated/deactivated are method-specific. A method may:
We also discussed the |
The A subject's controller, by default, is identified by its Similarly, when a So, when a verification method is expressed in a proof, it may be dereferenced to find its
I would not say it is coincidental, rather, the |
I think this is true whether or not there's a
Understood. You're talking about what's illustrated in Example 11 of the spec, right?
What is the antecedent of "its" in this sentence? Are you saying: A) A subject's controller, by default, is identified by the controller's id; or B) A subject's controller, by default, is identified by the subject's id? A makes sense to me. B is a head-scratcher. If B, are you saying that the default semantics of a controller are self-control--that is, any identified object is assumed to control itself unless otherwise specified? When a DID Document doesn't have a top-level |
Yes, a subject is always identified by the value of its I was speaking about the "subject" in the context of a "triple" -- specifically regarding the "controller" relationship between a subject and an object. I was trying to talk about the meaning of "controller" as a property by referring to a particular "triple" where it would appear. A triple is a combination of a subject, a property, and another object or value, which could be written in a sentence like this:
The property expresses a relationship between the subject and the object. Subjects are expressed in JSON-LD as JSON objects, properties as JSON terms (that map to globally unambiguous URIs), and objects as either other JSON embedded objects that form other subjects, URIs that refer to other subjects, or literal values like strings or numbers. The identifier of any given subject is expressed via a special term {
"@context": "...",
// the top-level subject
"id": "<a URI that is the ID of *this* subject>",
"someProperty": {
// some other subject that is related to the top-level one via "someProperty"
"id": "<a URI that is the ID of *this* other subject>",
"anotherProperty": "some literal value",
"aDifferentProperty": {
// a third subject related to the "other subject"
"id": "<a URI that is the ID of *this* third subject>",
"anotherProperty": "some other literal value"
}
},
// a property that references a subject that isn't embedded here
"yetAnotherProperty": "<some URI that expresses the ID of another subject>"
} The term Suppose that we have two DIDs: "did:example:123" and "did:example:456". If you want to express that the entity identified by "did:example:123" is controlled by the entity identified by "did:example:456" you can write this sentence:
You can write this using JSON-LD like this: {
"@context": "...",
"id": "did:example:123",
"controller": "did:example:456"
} The above would constitute a super minimal DID document. But note that you can also use "controller" on other subjects, as is done with, for example, verification methods (public keys).
Yes.
I am referring to B and the very semantics you indicate. The default semantics is "self-control"; software should generally assume that any object is in control of itself unless otherwise specified.
No, there is no other controller defined, so the default controller is the DID itself.
Correct, they are not "DID controllers" but controllers of whichever subject in which they appear. That subject need not be identified by a DID. But, if it is, then it is understood to more specifically refer to a "DID controller". |
@dlongley Thank you for the patient and detailed explanation. Clarity is emerging from the mists in my mind as a result; I appreciate it. :-) I am currently left with only one doubt, which is this: How can a DID have multiple controllers? The possibility of multiple controllers is implied by the current verbiage in section 5.4: "Authentication is the mechanism by which the controller(s) of a DID...and thus be able to impersonate the controllers..." I think this means something different from a group functioning as a single, aggregate controller; it seems to suggest that Alice can allow Bob and Carol, individually and not just as a pair, to control her DID. Is that accurate? If so, I can't use the same JSON-LD term (the |
Sure!
The way you express more than one relationship of the same type is by using two sentences or "triples":
The way you express this in JSON-LD is to simply use an array containing both objects for the same property: {
"@context": "...",
"id": "did:example:alice",
"controller": ["did:example:bob", "did:example:carol"]
} |
I can try to produce a PR to address this. The PR would say something to the effect that it is up to applications (including DID networks, per the associated DID method rules/protocol) to determine what kind of authority is conferred upon authenticated DID subjects. All an "authentication" verification method can do is verify a proof that was created for the purpose of authentication. What is done after that (including how the information on which the proof was attached is processed) is application specific. @burnburn -- can I have access to create branches in this repo to create PRs? |
It's clear that we also need to elaborate on how authorization relations and proof purposes work and that this is highly related to this issue and #22. I'm referencing another discussion on this matter that we can hopefully leverage to create spec text: |
As I mentioned on the issue @dlongley linked, there appears to be a lot of confusion around interoperability, and the top level properties defined in the did document. I created this gist to track some of the properties that are floating around but not defined in the spec, but sometimes defined in JSON-LD contexts... https://gist.github.com/OR13/36a68e10f3cd0c537f49f87b1a100950 I'm concerned about the potential lack of interoperability for properties like Since these properties don't appear in the did-core spec... though If everyone decides to implement their own purpose properties, we will end up with lots of methods implementing similar purposes differently, and things like key agreement and authorization will become borderline impossible to ensure across all DID Methods, or the implementation will contain switch logic for all possible combinations of representations that are compatible... so basically not useful. This appears to be a nontrivial problem to solve since there is already a lot of implementation concrete poured around choices. |
+1 to this being a non-trivial problem. Historical note: we spent 3 days at RWOT Boston debating The |
I'm upbeat about our ability as a community to come together and define a common set, even if some of us don't use all of them. Yes, there are implementations, but part of the standards-setting process is getting them aligned. Also, keep in mind that because of the base data model (JSON-LD), we can define things in a way that doesn't conflict given that people at least do a strcmp() on items in ... but I don't think it'll come to that... I think we'll end up reserving the things people are most concerned about in the core DID spec. We still have time to align and get interop. |
I agree, I think we have more than enough flexibility to accomplish interop, I'm worried that we have too much. I think its helpful to consider the JSON-LD model of extending contexts for method specific purposes, and make the did-core context more of a MUST support and less optional. Another thing we could consider is some JSON-Schema definition for did-core DID Documents, being able to validate a document against a known type might help reduce some of the complexity.
Sounds like the This section MUST be used when verifying cryptographic proofs associated with DID authentication. The interpretation of a proof by DID methods or other applications is outside the scope of this spec. |
One of the important requirements that I feel needs to be addressed differently is the need for multisig. All of the thinking/examples--in the spec, in public conversations, in design docs I have read in my own community and other communities--are about keys exercised individually: one key gets one or more privileges (authentication, keyAgreement, etc). Unless/until we have a way to specify that a privilege is associated with multiple keys acting together, rather than a key (possibly from a set) acting individually, we will not have a good answer to the question, "How can I prevent my DID from being co-opted when I lose my phone?" If I understand correctly, using Peer DIDs address this need not by creating new sections of the DID doc, but by placing any number of flexible rules in a single section, One of the reasons why I like this approach is that the intent in rules is likely to change far less often than the actual set members. Executives at Acme Corp come and go, and their keys can be swapped in an out of the DID doc as needed. But the general rule that it takes 2 of them to authenticate Acme Corp is stable. Recognizing this difference in data turnover allows peer DIDs to make smart choices about CRDT logic for replication, and may also be beneficial for some other DID methods. Another reason why I like this approach is that the nature of the rules -- the set of privileges they govern -- can change without adding new sections to the DID doc. If we collectively decide that there should be a special privilege associated with sorting out where a DID goes when its underlying ledger forks, we don't need to have a new section of a DID doc; we just need to name a new privilege, and the same old section of the doc, with the same old rules mechanisms, immediately becomes relevant. I think the privilege inventory that peer DIDs suggests and the privilege-oriented sections of a DID doc that DB and others are using are rough semantic equivalents and ought to be reconciled into a common set. I hope the peer DID choice of flexible rules combined with boolean operators, rather than the more constraining option of enumerating privileges in new sections of DID docs, is chosen as a feature of the standard. But I am not unwilling to go down a different route; what I really care about is: A) Having expressive power that lets me model M-of-N signature rules and boolean operators as I describe how keys map to privileges. B) Fixing the muddiness of the |
This is incorrect in a way that is vital to your concern about multiparty authorization. Terms like The DID spec, therefore, allows for far more expressiveness than your comment conveys. I think the main trouble here is that we need to elaborate more on this in the spec so that DID method authors/extension authors understand where they can put this information. The reason why we haven't laid out specific rules or examples of verification methods that do support things like multisig (or any arbitrary caveats via capabilities or "zcaps"!) is because we don't have buy in from multiple DID methods on a common set and this was punted. That does not, however, mean we haven't carved out a spot for it in the design; we have. |
@dlongley : Thank you for the clarification. Explaining your design carve-out in greater detail is of utmost importance. I truly did study the spec before I went a different way, and I didn't see any of the possibilities you allude to. For example, what is the exact definition of a "verification method?" The phrase appears 5 times in the current version of the spec, but is never defined, and an individual key is the only example that is given. |
On Thu, Oct 24, 2019 at 9:24 AM Daniel Hardman @ddh1128 wrote:
+100 — this is EXTREMELY important.
Yes, but there are many other use cases for multisig, for instance by entities that are controlled by multiple parties, issuers of various Verifiable Credentials, a variety of recokation scenarios, etc. In particular, anyone who has financial fiduciary responsibility may not be able to do a single key based signature and meet the minimum requirement for "separation of duties" that fiduciary law requires.
BEWARE — though the "set list" form of multisign is an acceptable form, it is only one form. We call what you describe above as an "accountable" multisignature, where you know exactly who signed it. However, there are many cases where you'll present a single "non-accountable" multisig (typically a Threshold Schnorr Signature), where you know that among the parties that the threshold has been met, but you don't know precisely who signed. The non-accountable forms of multisig are very important in two areas: where privacy/anti-correlation of the individual signer is important, or where the power difference between the individual signer and the group is large. So be careful when you are introducing methods to allow for multisig to support both, or even more forms. -- Christopher Allen P.S. for reference I talked about the future of #SmartSignatures at BPASE a few years ago: https://blockstream.com/2018/02/23/en-smart-signatures-bpase/ and have an older blog post about them at http://www.lifewithalacrity.com/2016/10/smarter-signatures-experiments-in-verifications/ |
@ChristopherA : thanks for the reminder about threshold signatures. I'm aware of the difference but had forgotten to account for it in my thinking, and I agree that it's important to support them. |
I'm bubbling this issue back up in the queue because I just read the transcript of the Key Representation ad-hoc meeting. I am concerned that, yet again, we are making the invalid mental simplification that a key = a verification method. Some of @dlongley 's comments preserved the distinction, but I still have never seen a definition of a verification method (including in the DID spec, which uses the term 5 times without definition), and the entire tenor of the meeting presupposes that these two concepts are equivalent. How do we propose, for example, to describe a multisig verification method that requires 3 different keys using 3 different types of crypto? The peer DID method solves this in a generic way, but I have not seen any meaningful alternatives documented anywhere. I don't want to have its solution invalidated by evolutions of the DID spec, so if we're going to do something important to fix this, let's do it now, while the peer DID method is still fluid. @kdenhartog @OR13 @msporny @peacekeeper @talltree @brentzundel |
I agree, but multisig needs to be formalized by people who use it. IMO, a JSON-LD Signature Suite / Context would help a lot with this. If there is no intention to use multisig with JSON-LD, then there needs to be some better examples of keys / signature suites that don't use JSON-LD, but that do use DID Documents, and ideally, this should not look like a JSON-LD signature suite... Regarding Here is a spanning example of some of the concepts that are floating around (I linked it above):
One issue we seem to be facing is that when answering the question of "where do I look for the authentication key or credential issuance key", we have 2 approaches:
I'm personally not a fan of having Seems like we could do a couple things. A. We could rewrite B. We could replace it with B seems like big deviation from what we have been doing so far. What I really want to avoid is a bunch of different ways of handling the concept of |
The following section in the spec is wrong, because it conflates authentication with the ability to update the DID Document:
The text was updated successfully, but these errors were encountered: