Comments (4)
I agree; in the sentence you quoted, equivalentId
is probably what we want, not alsoKnownAs
.
The other use of alsoKnownAs
that was posited at one point was to declare the did:web equivalent of a did:webs. I think this usage is an antipattern and should not be mentioned, let alone recommended, in the spec.
from tswg-did-method-webs-specification.
The other use of
alsoKnownAs
that was posited at one point was to declare the did:web equivalent of a did:webs. I think this usage is an antipattern and should not be mentioned, let alone recommended, in the spec.
Hmm why? I actually thought this was very useful, to use alsoKnownAs for listing the did:web, did:webs, and did:keri equivalents.
from tswg-did-method-webs-specification.
I don't think that it's necessary to specify did:keri equivalents, because they can be deduced trivially from the AID in did:webs. All DID methods, current and future, that declare a DID to be rooted in a given AID are by definition equivalents without declaring them so. That is, did:webs:abc.com:aid
and did:keri:aid
are equivalents by definition, and should be algorithmically deduced rather than depending on a declaration which may or may not be present. But maybe it's harmless; anyway, this wasn't really my concern.
My concern has to do with analyzing did:web and did:webs as "equivalents", because I think there are several ways to go wrong with that equivalence, semantically:
-
(This concern is only theoretical and could be hand waved around, maybe, since
alsoKnownAs
exposes only weak semantics. But I think we're encouraging pretty bad thinking...) Since did:web has no history, and did:webs does, I'm not sure how "equivalent" these two DID values really are. The did:web refers to a subject at the instant of resolution, and ONLY at the instant of resolution. You cannot reason about whether did:web referred to the same subject yesterday, or whether it will refer to the subject tomorrow, or what its key state ever has been or will be, since the same URL can be created and destroyed many times with different subjects (or with no subject at all, if it's used for a non-DID purpose) over the lifespan of the URL namespace. In other words,alsoKnownAs
between did:web and did:webs is only known to be true to the did:webs author at the moment the DID doc is written, and is only assumed to be true to the did:web user at the moment the did:web is resolved. Hackers can play all sorts of games with this. People already make a fundamental concept error re. temporality when they use did:web as an issuer or holder of VCs, which depend on a stable DID subject; I fear they will have this error reinforced by saying that the did:webs isalsoKnownAs
a did:web. -
(also possibly something we could hand wave around) In a similar vein, these two DIDs have different controllers (did:web is controlled by whoever controls DNS and web publication infrastructure, and did:webs is controlled by cryptographic keys). This distinction is especially stark if a did:webs uses multisig, because it means that the DID doc returned by did:web resolution will be invalid. However, I admit that two DIDs with different controllers can be known as one another, if they identify the same subject, so maybe this controller difference isn't crucial.
-
I think we're being imprecise in our thinking about which direction the assertion works in the
alsoKnownAs
. When we get precise, its apparent usefulness shrinks or vanishes.Suppose, for a moment, that we analyze
alsoKnownAs
not as a feature of did:web, but rather as a feature of did:webs. (That would be natural, if we write about it in this spec.) In that case, we're asking the controller of the did:webs to assert something to the resolver's impl of did:webs. That's fine -- except that if we're talking about a client's did:webs implementation, which must validate against the KEL and TEL, the aka information would be in the TEL already. The client's impl of did:webs doesn't need the assertion.On the other hand, if we say that the information is for did:web clients, then we are inviting a security vulnerability in the assertion. A did:web DID doc that contains an
alsoKnownAs
may appear to have a signed .kel published per did:webs rules. However, since the did:web impl won't walk the KEL/TEL to prove it, the correctness of that assertion stands or falls on the security of DNS and the TLS session, and NOT on KERI. ThealsoKnownAs
section may have been created by mechanisms with KERI knowledge, but since the client will not validate with that knowledge, it becomes possible to be a webmaster to lie about thealsoKnownAs
values in whatever did:webs their server hosts -- and unfairly tarnish the reputation of the did:webs in the process.
from tswg-did-method-webs-specification.
Per our meeting today:
Lance will update his PR to include equivalentIds in the alsoKnownAs superset. The equivalentIds will only be did:webs AID controlled identifiers, specified in the designated aliases attestation.
from tswg-did-method-webs-specification.
Related Issues (20)
- Reorder section 7 to emphasize the DID Method Operations and add Create/Update details HOT 5
- Security Characteristics are difficult to relate to did:webs HOT 2
- ABNF definition of method in section 6.2 not a full ABNF specification HOT 1
- Terminology needs to be aligned and KERI only question (related) HOT 10
- International and Unicode domain names
- Too much informative text; normative requirements not clear enough HOT 2
- Glossary Terms - ToIP & did:webs alignment HOT 3
- KERI Version strings all legacy in example jsons
- State document conventions regarding normative statements, informative statements, etc.
- Request to add did:webs to the DID method registry HOT 1
- Align blog post with Muggles session HOT 1
- attribute more contributors or editors HOT 2
- Direct mode AIDs are not the simplest, are they? HOT 1
- Discuss spec versioning and did document verification
- Spoofing did:webs didDocs HOT 7
- Cleanup defs and/or terminology.md HOT 4
- Remove the “Transformations” section, or at least the “did:peer” part of it HOT 2
- Full Example section paragraph is difficult for a newbie to parse and match with JSON HOT 2
- Can we shift or somehow de-emphasize the terminology section? HOT 4
- why must FQDN not include IP addresses? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tswg-did-method-webs-specification.