-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disclosable DID DHT Documents #147
Comments
Some general feedback for this thorough proposal (nice work!) Did you consider using a DID extension to solve the Large DID Documents use-case? If so, what tradeoffs did you find? I didn't quite understand the second use-case. Would you mind sharing an example? Re: the section named "Resolve a Disclosable DID DHT Document" has the first step as "Resolve the document from the DHT". In the latter statement, is Document used to mean something different from "DID Document"? If so, I would recommend using different terminology to avoid confusion. Another question, how would updates work? |
Hmm could you expand on what you mean by this?
Yeah, so for example if someone is using type indexing to advertise that they're a PFI they would still want to publish to the DHT so that gateways return their DID when they get queries for "show me all DIDs that have registered as a PFI type". They still might have a large document that's stored elsewhere, but would want to publish to the network. I updated to the language everywhere to say "DID Document" which was my intent.
As they do today, except an update would point to a new commit value. |
Something similar to what linkedResource. So if I have a DID Document that's too big, I can move most of the properties and values from the Document and into a linked resource. Can also attach proofs to the linkedResource. Another similar approach is what subresource integrity does. |
yes, both those approaches could work. I suppose it's a question of is this better to handle at the DHT layer or the DID Doc layer. |
Overview
tl;dr only publish signed commitments to DID Documents instead of encoded documents
There are two use-cases where this might be useful
The latter case is mostly useful for discover in the case of uses with type indexing or alias schemes (#77)
Proposal
The proposal is as follows:
Create a Disclosable DID DHT Document
Resolve a Disclosable DID DHT Document
...
Alternate proposal
There is a possible modification to this proposal that reduces the need for a holder to transmit the DID Document to a resolver, which is to rely on a secondary storage mechanism. Alongside the hash DNS record would be a record to a storage system to retrieve and verify the full DID Document. A nice property is that the storage does not need to be trusted as tamper evidence is still provided by the DHT.
Sample Code
This code is a bit contrived. In reality there is no reason to sign the hash separately from the BEP44 packet, unless there is utility in being able to share the document without publishing it to the network.
The text was updated successfully, but these errors were encountered: