Add alsoKnownAs property #355
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1238,27 +1238,25 @@ <h1>Core Properties</h1> | |
| including whether these properties are required or optional. | ||
| </p> | ||
|
|
||
| <p class="note"> | ||
| Identifiers are used in the data model to identify specific instances of people, | ||
| organizations, devices, keys, services, and things in general. Identifiers are | ||
| typically URLs, or more generally, <a>URIs</a> (and in some cases specifically | ||
| <a>DIDs</a>). Non-<a>URI</a>-based identifiers are not advised because, while | ||
| the data model supports them, they are not easy to use with other Internet-based | ||
| identifiers. | ||
| </p> | ||
|
|
||
| <section> | ||
| <h2>DID Subject</h2> | ||
|
|
||
| <section> | ||
| <h2>id</h2> | ||
|
|
||
| <p> | ||
| The <a>DID subject</a> is denoted with the <code>id</code> property. The | ||
| <a>DID subject</a> is the entity identified by the <a>DID</a> and described by | ||
| the <a>DID document</a>. | ||
| </p> | ||
|
|
||
| <p> | ||
|
|
@@ -1288,6 +1286,55 @@ <h2>DID Subject</h2> | |
| property. The value of <code>id</code> in the resolved <a>DID document</a> is | ||
| expected to match the <a>DID</a> that was resolved. | ||
| </p> | ||
| </section> | ||
|
|
||
| <section> | ||
| <h2>alsoKnownAs</h2> | ||
| <p> | ||
| A <a>DID controller</a> MAY assert that two or more <a>DIDs</a> identify | ||
| the same <a>DID subject</a> using the <code>alsoKnownAs</code> property. | ||
| This property is OPTIONAL. | ||
| </p> | ||
|
|
||
| <dl> | ||
| <dt>alsoKnownAs</dt> | ||
| <dd> | ||
| The value of <code>alsoKnownAs</code> MUST be a | ||
| <a data-cite="INFRA#lists">list</a> where each item in the list is a | ||
| <a>DID</a> that conforms to the rules in Section <a href="#did-syntax"></a>. | ||
|
There was a problem hiding this comment. Do we want to allow non-DID URLs as well? There was a problem hiding this comment. It was discussed that we might want There was a problem hiding this comment. Wouldn't that be weird from a (semantic) web perspective, saying that you have to use a different predicate just because the object identifiers are different? There was a problem hiding this comment. yes... it would... thats an argument against using something other than |
||
| </dd> | ||
| </dl> | ||
| <p> | ||
| From a semantic standpoint, the <a>DID controller</a> is asserting that | ||
| each <a>DID</a> in the list identifies the same <a>DID subject</a> as | ||
| the <a>DID</a> described by the <a>DID document</a> (i.e., the value of | ||
| the <code>id</code> property). | ||
| </p> | ||
| <p class="note"> | ||
| WARNING: An <code>alsoKnownAs</code> assertion that two or more <a>DIDs</a> | ||
| identify the same <a>DID subject</a> does not prove this assertion is | ||
| true. A malicious <a>DID controller</a> might attempt to impersonate a | ||
| <a>DID subject</a> by making a false <code>alsoKnownAs</code> assertion. | ||
| Therefore it is strongly advised that a requesting party obtain | ||
| independent verification of a <code>alsoKnownAs</code> assertion. One | ||
| method for doing this is to resolve the <code>alsoKnownAs</code> <a>DID</a> | ||
| to its own <a>DID document</a> and then verify that it contains the | ||
| inverse <code>alsoKnownAs</code> assertion, also known as a backpointer. | ||
| See the <a href="#security-considerations"></a> and | ||
|
There was a problem hiding this comment. We'll want to point to a specific item in security/privacy considerations. Just generally pointing there isn't very useful. |
||
| <a href="#privacy-considerations"></a> sections for more information. | ||
| </p> | ||
| <p class="note"> | ||
| A <code>alsoKnownAs</code> assertion is not the same as an | ||
| <code>owl:sameAs</code> assertion. In other words, it does not assert | ||
| that two or more RDF graphs represented as <a>DID documents</a> can be | ||
| merged. It only asserts that two or more <a>DIDs</a> identify the same | ||
| <a>DID subject</a>. Implementers are strongly advised against the use of | ||
|
There was a problem hiding this comment. I'm having some trouble with the phrasing of this last bit.... perhaps we mean to more generally warn against the use of OWL in any form with DID Documents? ... should this warning be applied to all non did core semantic vocabularies? Is there any version of There was a problem hiding this comment.
I do not have the right experience with DID documents in practice, but I could imagine cases when some OWL statement may be useful. RDFS+OWL is huge, so such a blank statement may go too far. We are hooked upon Note that, however, OWL is really used for the definitions of the ontologies and not the instance data (and a DID document is an instance data). Again,
I do not understand the question. There are no different "versions" of However I also have some trouble with the phrasing of the last bit.
Strictly speaking, That being said, I do not really know how to express that succinctly in the text. Maybe the best is to remove that sentence; people who understand There was a problem hiding this comment. By versions of here is an example, I believe is valid and safe:
I created both of these identifiers, and per the
Both DIDs are for the same subject... I as that subject created the triple above to express it... If what I just did is valid OWL, and safe from a DID Core purpose... the text MUST be removed :) There was a problem hiding this comment.
I believe, at first glance, that this is valid and probably safe because (I presume) you deliberately regenerated a DID for the same subject twice (or something like that). You, as the creator of the DID, know that they are safe and OWL cannot do harm. The Note is just a warning against relying on this feature, I do not think this invalidates the existence of the note itself... There was a problem hiding this comment. Yes, i created 2 identifiers... I might create more, I should be able to use owl to communicate facts like the one above to a system I control. If thats the case, and there is no argument, we can address the warning with the following proposed text: There was a problem hiding this comment. In other words... if you are sure you don't want to process RDF statements related to OWL... thats for you to do in your application, not for DID Core to recommend against.... DID Core normative / informative statements are not a solution to input validation. There was a problem hiding this comment. @msporny ^ perhaps this last comment better describes your objection... You intend to rely directly on There was a problem hiding this comment.
I am fine with that. Not being an expert I cannot judge whether the reference to the owasp cheatsheet is the right one; I leave this decision to those who know more about this than I do. |
||
| <code>owl:sameAs</code> when processing <a>DID documents</a> as its use | ||
| could expand the attack surface in a way that was not considered by the | ||
| Working Group. | ||
| </p> | ||
| </section> | ||
|
|
||
| </section> | ||
|
|
||
| <section> | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this section is being cleaned up a bit, it seems we should say that "identifiers SHOULD be URIs" instead of this other non-enforceable language around "identifiers are typically URLs". And then we can give the advice that follows. Also, we may want to say that if an identifier is not a URI, then globally unambiguous interop is not possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree... identifiers should be URIs.