Comments (3)
I think the designers of the git:did method need to decide where the DID Doc/keys/etc. are going to exist. That is, in the .git directory? As a top-level file called something like SECURITY.md, or something else?
If it's in the .git directory, and you're going to modify the git binary, you have a ton of options.
If you are going to use something like SECURITY.md, then you can always make that the second commit and thus it's clear what to put in id
(the initial commit).
from did-git-spec.
@msporny we went back and forth on this for a long time but we think we came to a well-reasoned conclusion. We decided that all of the files must be stored in the repo itself and not in the .git directory. Here are a bunch of reasons:
-
We want to support
git clone --depth=1
and still be able to authenticate. We figured that if the did:git string was anchored somewhere else (e.g. btcr or sov) we could 1) verify that the did:git string matches what is anchored and 2) verify the signature on the HEAD commit. The idea was to give some measure of authenticity without having to do a full clone although I have to admit we haven't gamed this out fully yet and it may not be sufficient. -
The DID documents are only valid between the commit in which they are added to the repo until the commit where they are removed or renamed. They have to always be valid between those commits, inclusive, and having them tracked in the history means a checkout at any point in history gives you all of the DID documents required to validate the commit.
-
The same can be said for all of the repo-wide files as well. They existing in a specific state at a specific point in history and tracking their provenance in the repo history makes the most sense. The envisioned
git-did
porcelain will be aware of this temporal "flow" of identity and governance through the history of the repo. -
We didn't want to require a squash commit to a new repo to imbue a project with did:git authentication and governance. By having the files in the repo itself, it makes it possible to preserve the history and still imbue it with a commit that establishes did:git governance and forms the checkpoint where we can make a legal declaration about all of the code that came before it. This is important to the Linux Foundation use case where existing projects are donated to the org more often than projects are started from scratch.
I originally envisioned all of these documents going into a .did/
hidden subdir in the repo root to avoid cluttering up the root. However as we have moved forward, I began thinking of this stuff as the next generation of the README.md + LICENSE + CONTRIBUTORS boilerplate that we all use now. The new boilerplate being a README.md, LICENSE, GOVERNANCE.json (not .md, see here ), and a DIDDir named did/
containing the DID documents and aliases.
from did-git-spec.
See also #16
from did-git-spec.
Related Issues (11)
- Call the DID Document a DID Doc Template and use `$commit` as placeholder HOT 4
- Use SHA1 of commit for generating a contributor DID as well? HOT 7
- Some maybe relevant code from the start of GitHub DID HOT 3
- Progress? Group signing?
- Questions re applicability in fully distributed settings HOT 2
- Can committer id be replaced with alias? HOT 3
- Are there any feasible security concerns for this method because of SHA-1 collision? HOT 5
- Security Considerations should mention git forking and history rewrite attacks. HOT 3
- I think `governance.md` should be `governance.json` HOT 5
- Should we use Linked Data Proofs for signatures? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from did-git-spec.