forked from w3c/did-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
terms.html
244 lines (189 loc) · 8.89 KB
/
terms.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
<p>
This document attempts to communicate the concepts outlined in the
<a>decentralized identifier</a> space by using specialized terms to discuss
specific concepts. This terminology is included below and linked to throughout
the document to aid the reader:
</p>
<dl class="termlist">
<dt><dfn data-lt="blockchains|blockchain technology">blockchain</dfn></dt>
<dd>
A specific type of <a>distributed ledger technology</a> (DLT) that stores ledger
entries in blocks of transactions, which are grouped together and hashed into a
cryptographic chain. Because this type of <a>DLT</a> was introduced by
<a href="https://en.wikipedia.org/wiki/Bitcoin">Bitcoin</a>, the term
<em>blockchain</em> is sometimes used to refer specifically to the Bitcoin
ledger.
</dd>
<dt><dfn data-lt="decentralized identifiers|DID|DIDs">decentralized identifier</dfn> (DID)</dt>
<dd>
A globally unique identifier that does not require a centralized registration
authority because it is registered with <a>distributed ledger technology</a>
(DLT) or other form of decentralized network. The generic format of a DID is
defined in this specification. A specific <a>DID scheme</a> is defined in a
<a>DID method</a> specification.
</dd>
<dt><dfn>decentralized identity management</dfn></dt>
<dd>
<a href="https://en.wikipedia.org/wiki/Identity_management">Identity
management</a> based on <a>decentralized identifiers</a>. Decentralized identity
management extends the identifier creation authority beyond the traditional
roots of trust required by
<a href="https://en.wikipedia.org/wiki/X.500">X.500 directory services</a>,
the <a href="https://en.wikipedia.org/wiki/Domain_Name_System">Domain Name System</a>,
and most national identification systems.
</dd>
<dt><dfn>decentralized public key infrastructure</dfn> (DPKI)</dt>
<dd>
Public key infrastructure based on <a>decentralized identifiers</a> and identity
records (for example, <a>DID documents</a>) containing verifiable
<a>public key descriptions</a>.
</dd>
<dt><dfn data-lt="did controllers|did controller(s)">DID controller</dfn></dt>
<dd>
The entity that has the ability to make changes to a <a>DID document</a>.
A <a>DID</a> can have more than one controller. The <a>DID controller(s)</a>
are denoted by the `controller` property on the top level of the <a>DID
document</a>. Note that the <a>DID controller(s)</a> might include the
<a>DID subject</a>.
</dd>
<dt><dfn>DID delegate</dfn></dt>
<dd>
An entity that the <a>DID controller</a> has approved to use cryptographic
material associated with the <a>DID document</a>. For example, a parent
that controls a child's <a>DID document</a> might approve the child
to use their personal device for authentication purposes. In this case, the
child is the <a>DID delegate</a> and their personal device contains
private cryptographic material to enable the child to authenticate as the DID,
but not to add new personal devices without the parent's approval.
</dd>
<dt><dfn data-lt="DID documents">DID document</dfn></dt>
<dd>
A set of data describing the <a>DID subject</a>, including mechanisms, such as
public keys and pseudonymous biometrics, that the <a>DID subject</a> can use to
authenticate itself and prove their association with the <a>DID</a>. A DID
document might also contain other
<a href="https://en.wikipedia.org/wiki/Attribute_(computing)">attributes</a> or
<a href="https://en.wikipedia.org/wiki/Claims-based_identity">claims</a>
describing the subject. These documents are graph-based data structures that
are typically expressed using [[JSON-LD]], but can be expressed using other
compatible graph-based data formats.
</dd>
<dt><dfn data-lt="DID fragments">DID fragment</dfn></dt>
<dd>
The portion of a <a>DID URL</a> that follows the first hash sign character
(<code>#</code>). DID fragment syntax is identical to the URI fragment syntax.
</dd>
<dt><dfn data-lt="DID methods">DID method</dfn></dt>
<dd>
A definition of how a specific <a>DID scheme</a> can be implemented on a
specific <a>distributed ledger</a> or network, including the precise methods by
which <a>DIDs</a> are resolved and deactivated and <a>DID documents</a> are
written and updated.
</dd>
<dt><dfn data-lt="DID paths">DID path</dfn></dt>
<dd>
The portion of a <a>DID URL</a> that begins with and includes the first forward
slash character (<code>/</code>). DID path syntax is identical to the URI path
syntax.
</dd>
<dt><dfn data-lt="DID queries">DID query</dfn></dt>
<dd>
The portion of a <a>DID URL</a> that follows the first question mark character
(<code>?</code>). DID query syntax is identical to the URI query syntax.
</dd>
<dt><dfn data-lt="decentralized identifier registry|decentralized identifier registries|DID registries">DID registry</dfn></dt>
<dd>
A role a system performs to mediate the creation, verification, updating, and
deactivation of <a>decentralized identifiers</a>. A DID registry is a type of
verifiable data registry. For more information, see [[VC-DATA-MODEL]].
</dd>
<dt><dfn data-lt="DID resolvers">DID resolver</dfn></dt>
<dd>
A system that is capable of retrieving a <a>DID document</a> for a given
<a>DID</a>. These systems are specified in the DID Resolution specification
[[DID-RESOLUTION]].
</dd>
<dt><dfn data-lt="DID schemes">DID scheme</dfn></dt>
<dd>
The formal syntax of a <a>decentralized identifier</a>. The generic DID scheme
is defined in this specification. Separate <a>DID method</a> specifications
define a specific DID scheme that works with that specific <a>DID method</a>.
</dd>
<dt><dfn data-lt="DID subjects">DID subject</dfn></dt>
<dd>
The entity the <a>DID document</a> is about. That is, the entity identified by
the <a>DID</a> and described by the <a>DID document</a>.
</dd>
<dt><dfn data-lt="DID URLs">DID URL</dfn></dt>
<dd>
A <a>DID</a> plus an optional <a>DID path</a>, optional <code>?</code> character
followed by a <a>DID query</a>, and optional <code>#</code> character followed
by a <a>DID fragment</a>.
</dd>
<dt><dfn data-lt="distributed ledger technology|DLT">distributed ledger</dfn> (DLT)</dt>
<dd>
A <a href="https://en.wikipedia.org/wiki/Distributed_database">distributed database</a>
in which the various nodes use a
<a href="https://en.wikipedia.org/wiki/Consensus_(computer_science)">consensus protocol</a>
to maintain a shared ledger in which each transaction is cryptographically
signed and chained to the previous transaction.
</dd>
<dt><dfn data-lt="XDI">extensible data interchange</dfn> (XDI)</dt>
<dd>
A semantic graph format and semantic data interchange protocol defined by the
<a href="https://www.oasis-open.org/committees/xdi/">OASIS XDI Technical Committee</a>.
</dd>
<dt><dfn data-lt="identity owners">identity owner</dfn></dt>
<dd>
The natural person, party, organization, or thing whose identity is represented
by a <a>DID</a> and who directly controls the private keys to control the
<a>DID document</a>. Note that this specification avoids the term <em>user</em>
since a <a>DID subject</a> is not always an individual person.
</dd>
<dt><dfn data-lt="proofPurpose">proof purpose</dfn></dt>
<dd>
The specific intent for a proof, the reason why an entity created it.
Acts as a safeguard to prevent the proof from being misused for a purpose
other than the one it was intended for.
</dd>
<dt><dfn>JSON Pointer</dfn></dt>
<dd>
Defines a string syntax for identifying a specific value within a JavaScript
Object Notation (JSON) document, as defined in [[RFC6901]].
</dd>
<dt><dfn>public key description</dfn></dt>
<dd>
A JSON object contained inside a <a>DID document</a> that contains all the
metadata necessary to use a public key or verification key.
</dd>
<dt><dfn data-lt="resource">resource</dfn></dt>
<dd>
The term resource is used in the same way as defined for HTTP in [[RFC7231]];
that is, a resource is the target of a request and is identified by a URI.
This specification does not limit the nature of a resource, but defines an
interface that might be used to interact with resources when identified by
a <a>DID</a>.
</dd>
<dt><dfn data-lt="service endpoints">service endpoint</dfn></dt>
<dd>
A network address at which a service operates on behalf of a <a>DID subject</a>.
Examples of specific services include discovery services, social networks, file
storage services, and verifiable claim repository services. Service endpoints
might also be provided by a generalized data interchange protocol, such as
<a>extensible data interchange</a>.
</dd>
<dt><dfn data-lt="URI|URIs">Uniform Resource Identifier</dfn> (URI)</dt>
<dd>
An identifier, as defined by [[RFC3986]].
</dd>
<dt><dfn data-lt="">verification method</dfn></dt>
<dd>
A set of parameters required to independently verify a proof, such
as an identifier for a public/private key pair that would be used in the
proof.
</dd>
<dt><dfn data-lt="UUID|UUIDs">Universally Unique Identifier</dfn> (UUID)</dt>
<dd>
An identifier, as defined by [[RFC4122]].
</dd>
</dl>