Update note about controller value #371
Conversation
index.html
Outdated
| changed is by consulting the relevant <a>DID method</a>. If no <a>verification | ||
| methods</a> are present in the <a>DID Document</a>, then a | ||
| <code><a>controller</a></code> property MUST be present, otherwise the | ||
| the <a>DID document</a> can no longer be changed beyond whatever its present |
There was a problem hiding this comment.
This doesn't seem accurate, in that the DID Method can provide a means to update the did document without specifying a controller property. In particular, I believe BTCR defers all change properties to BTC, without regard to what is in the DID Document.
index.html
Outdated
| <code><a>controller</a></code> property MUST be present, otherwise the | ||
| the <a>DID document</a> can no longer be changed beyond whatever its present | ||
| value is. |
There was a problem hiding this comment.
@jandrieu -- would this address your concern?
| <code><a>controller</a></code> property MUST be present, otherwise the | |
| the <a>DID document</a> can no longer be changed beyond whatever its present | |
| value is. | |
| <code><a>controller</a></code> property MUST be present, otherwise it | |
| is possible that the <a>DID document</a> can no longer be changed beyond | |
| whatever its present value is. This can be determined by consulting the | |
| applicable <a>DID method</a> specification. |
There was a problem hiding this comment.
It seems that the "MUST" is misplaced. If "MUST" is used, that's a normative requirement, which means the following phrase of "otherwise it is possible" is not actually possible with a conformant implementation.
Are you intending to say that, as a requirement,
- DID Methods MUST return DID Documents that either have a verification method or a controller property.
- DID Methods MUST respect the controller property
That's what this language suggests to me.
However, I don't believe BTCR does either of this today (I could be wrong), which makes me wonder if this particular use is actually in sync with a minimal set of capability for DIDs as envisioned to date.
There was a problem hiding this comment.
I thought this while I was drafting it and then apparently completely forgot: we can't use normative language in a note block, so this MUST needs to come out anyway.
There was a problem hiding this comment.
I'm fine if this is reworded to remove the "MUST" since it's in a note. The language I'm looking for here is an indication to DID-method agnostic consumers (such as verification software) such that it can understand the root of authority over what is expressed in the DID Document. This should either be the controller (if present) or the subject, IMO. Whether or not DID methods have implementation specific details for updating DID Documents is a separate matter to me. I want consuming software to be able to be structured/layered such that it only need to decide whether or not it trusts a given DID method/resolver for that method and then from there, once it has a DID Document, it can assume the root authority is as stated above (thereby allowing consistent verification code).
index.html
Outdated
| If the <code><a>controller</a></code> property is present, its value expresses | ||
| the root of authority for information expressed in the <a>DID Document.</a> If | ||
| the <code><a>controller</a></code> property is not present, the value can be | ||
| inferred to be the same as that of the <code><a>id</a></code> property of the | ||
| <a>DID document</a>. The way to determine how the <a>DID Document</a> can be | ||
| changed is by consulting the relevant <a>DID method</a>. If no <a>verification | ||
| methods</a> are present in the <a>DID Document</a>, then a | ||
| <code><a>controller</a></code> property MUST be present, otherwise the | ||
| the <a>DID document</a> can no longer be changed beyond whatever its present | ||
| value is. |
There was a problem hiding this comment.
Latest suggestion, as of 26 Aug 2020:
| If the <code><a>controller</a></code> property is present, its value expresses | |
| the root of authority for information expressed in the <a>DID Document.</a> If | |
| the <code><a>controller</a></code> property is not present, the value can be | |
| inferred to be the same as that of the <code><a>id</a></code> property of the | |
| <a>DID document</a>. The way to determine how the <a>DID Document</a> can be | |
| changed is by consulting the relevant <a>DID method</a>. If no <a>verification | |
| methods</a> are present in the <a>DID Document</a>, then a | |
| <code><a>controller</a></code> property MUST be present, otherwise the | |
| the <a>DID document</a> can no longer be changed beyond whatever its present | |
| value is. | |
| A <a>DID method</a> may allow <a>DID Documents</a> to express a | |
| <code><a>controller</a></code> property. When a | |
| <code><a>controller</a></code> property is present in a | |
| <a>DID Document</a>, its value expresses one or more <a>DIDs</a>. Any | |
| <a>verification methods</a> contained in the <a>DID Documents</a> for those | |
| <a>DIDs</a> SHOULD be accepted as authoritative, such that proofs that satisfy | |
| those verification methods are to be considered equivalent to proofs provided by | |
| the <a>DID Subject</a>. |
There was a problem hiding this comment.
@brentzundel -- How does one write DID-method agnostic verification software if we can't assume that the controller is the subject when controller is not present? It's one thing to say that it might not be clear who can further makes changes to the document (or not) when there's no controller and no verification methods present, but that's a matter left to DID methods. The problem, I believe, with your suggestion is that it affects DID Document consumers like DID-method agnostic verification software.
There was a problem hiding this comment.
If there is no controller property and no verification methods, what should DID-method agnostic software assume about the DID Document?
There was a problem hiding this comment.
@brentzundel, that the root of authority is the DID subject. Unless the software is for updating the DID Document, it doesn't care about whether or not the DID Document can be further changed (again, this can be DID method specific), it just cares about what is presently in the DID Document.
There was a problem hiding this comment.
That makes sense, I have adjusted my suggestion accordingly.
I think it is cleaner if this note doesn't also attempt to address whether or not a DID Document can be further changed.
There was a problem hiding this comment.
+1 to the above text. Thanks!
There was a problem hiding this comment.
Thanks for working through this all! My only quibble is the normative language, as this is a note. I could just lowercase the SHOULD when I update the PR, or we could alter it to not say may and should at all - any preference?
There was a problem hiding this comment.
Could we change it from a note to a regular paragraph?
There was a problem hiding this comment.
+1 to the above text AND to change it from a not to a regular paragraph.
There was a problem hiding this comment.
+1 to the text and to change it from a note to a regular paragraph.
|
Is my comment
#373 (comment) relevant
to this issue (#371) ?
…On Wed, Aug 12, 2020 at 3:44 PM Dave Longley ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In index.html
<#371 (comment)>:
> +<code><a>controller</a></code> property MUST be present, otherwise the
+the <a>DID document</a> can no longer be changed beyond whatever its present
+value is.
I'm fine if this is reworded to remove the "MUST" since it's in a note.
The language I'm looking for here is an indication to DID-method agnostic
consumers (such as verification software) such that it can understand the
root of authority over what is expressed in the DID Document. This should
either be the controller (if present) or the subject, IMO. Whether or not
DID methods have implementation specific details for updating DID Documents
is a separate matter to me. I want consuming software to be able to be
structured such that it only need to decide whether or not it trusts a
given DID method/resolver for that method and then from there, once it has
a DID Document, it can assume the root authority is as stated above
(thereby allowing consistent verification code).
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#371 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABB4YLEMYDKFT6YMJSOPUTSALWJRANCNFSM4P22OHJQ>
.
|
index.html
Outdated
| If the <code><a>controller</a></code> property is present, its value expresses | ||
| the root of authority for information expressed in the <a>DID Document.</a> If | ||
| the <code><a>controller</a></code> property is not present, the value can be | ||
| inferred to be the same as that of the <code><a>id</a></code> property of the | ||
| <a>DID document</a>. The way to determine how the <a>DID Document</a> can be | ||
| changed is by consulting the relevant <a>DID method</a>. If no <a>verification | ||
| methods</a> are present in the <a>DID Document</a>, then a | ||
| <code><a>controller</a></code> property MUST be present, otherwise the | ||
| the <a>DID document</a> can no longer be changed beyond whatever its present | ||
| value is. |
There was a problem hiding this comment.
@jandrieu and @brentzundel -- what about this? I'm trying to cover all of the concerns here at once: ensuring we're speaking clearly to what controller enables verifiers to consider in a DID-method-agnostic way and indicating that DID methods may say whatever they want about what a verifier actually needs to accept for a DID Document update.
| If the <code><a>controller</a></code> property is present, its value expresses | |
| the root of authority for information expressed in the <a>DID Document.</a> If | |
| the <code><a>controller</a></code> property is not present, the value can be | |
| inferred to be the same as that of the <code><a>id</a></code> property of the | |
| <a>DID document</a>. The way to determine how the <a>DID Document</a> can be | |
| changed is by consulting the relevant <a>DID method</a>. If no <a>verification | |
| methods</a> are present in the <a>DID Document</a>, then a | |
| <code><a>controller</a></code> property MUST be present, otherwise the | |
| the <a>DID document</a> can no longer be changed beyond whatever its present | |
| value is. | |
| If the <code><a>controller</a></code> property is present, its value expresses | |
| the root of authority for information expressed in the <a>DID Document</a>. | |
| Expressing a <code><a>controller</a></code> property in a <a>DID Document</a> | |
| enables <a>verifiers</a> to consider proofs generated by a | |
| <a>DID controller</a> on behalf of a <a>DID subject</a>, even when the same | |
| <a>DID Document</a> expresses no <a>verification methods</a>. Note that | |
| whether any proofs will ultimately be accepted for some purpose is within the | |
| purview of the <a>verifier</a>. DID methods, for example, may require | |
| <a>verifiers</a> use a mechanism totally unrelated to <a>verification | |
| methods</a> for validating DID Document updates. |
There was a problem hiding this comment.
This text is fine for me, except the last sentence. I keep trying to parse it and failing, so I'm not sure what you're trying to say there.
|
I'm not following all of the subtleties of this discussion, but I hope we
end up with clarity, ideally an example, around a non-repudiable signature.
In the prescription use-case, the DID subject is able to sign a
prescription for a controlled substance under DEA regs. What does this mean:
- the DID method will need to be "certified" by a federal agency or their
delegate?
- the DID document will need to be co-controlled by a federal agent?
- changes to the DID document will need to be logged and audited?
- the use of the DID by the doctor will need to be logged and audited?
- all of the above?
- Adrian
…On Tue, Aug 18, 2020 at 4:46 PM Dave Longley ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In index.html
<#371 (comment)>:
> +If the <code><a>controller</a></code> property is present, its value expresses
+the root of authority for information expressed in the <a>DID Document.</a> If
+the <code><a>controller</a></code> property is not present, the value can be
+inferred to be the same as that of the <code><a>id</a></code> property of the
+<a>DID document</a>. The way to determine how the <a>DID Document</a> can be
+changed is by consulting the relevant <a>DID method</a>. If no <a>verification
+methods</a> are present in the <a>DID Document</a>, then a
+<code><a>controller</a></code> property MUST be present, otherwise the
+the <a>DID document</a> can no longer be changed beyond whatever its present
+value is.
@jandrieu <https://github.com/jandrieu> -- please see my tweak to your
above below. Let me know what you think.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#371 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABB4YP2L5KWF6V5B7KA6Z3SBLSDFANCNFSM4P22OHJQ>
.
|
|
I think it would make sense to concisely enumerate the options. The current text reads as if the controller property is required to verify proofs. I realize it doesn't say that, but opening with the statement that the controller allows XX, even when YY, doesn't clearly illuminate the fact that one may use either controller or verification methods (or both) to verify proofs and that for DID Documents with neither, a Requesting Party cannot rely upon the DID Document for proof verification.
We should probably also clarify whether or not Requesting Parties MUST also resolve all controller properties of secondary DID Documents. Namely, I'm fairly sure the "controller" property requires supporting arbitrary depth trees and should have language defining how to handle circular references. |
|
@jandrieu -- I approve of the direction, but things are a little inverted in the actual suggested language with respect to how proofs/verification methods are handled. I'll discuss with you offline a bit and see if we can resolve it. |
|
I'm looking, perhaps, for language that is more like:
|
|
We're still waiting for this conversation thread to converge on something. There remain a number of outstanding questions, IIUC. What do we need to move this PR forward? |
|
Still waiting for this discussion to converge. I believe everyone is waiting on @rhiaro to note if she's ok with @brentzundel's text (but I may have my PRs confused). |
rhiaro
force-pushed
the
rhiaro-122-controller
branch
from
4645042 to
330a828
Compare
|
I have updated the section to use @brentzundel's wording here ... however (sorry!) I'm now not satisfied this answers my original question, which is basically what is a DID doc consumer expected to think/do/understand if there is no (The answer I think was concluded to be "consult the DID method" but we seem to have lost that wording.) It also duplicates to some extent, I think, text that is already in the definition of the
|
Well, we intentionally described what the presence of the |
|
Okay, I'm fine to go with the most recent changes and close the issue. |
|
Normative, multiple reviews, changes requested and made, no objections, merging. |
following feedback from @dlongley and @jandrieu in #122
Preview | Diff