HIP-945: Improvements to Hedera DID Method
Author | Keith Kowal |
---|---|
Working Group | Keith Kowal, Derek Munneke |
Requested By | [email protected] |
Discussions-To | https://github.com/hashgraph/did-method/pull/4 |
Status | Accepted ⓘ |
Needs Council Approval | No ⓘ |
Review period ends ⓘ | Mon, 06 May 2024 07:00:00 +0000 |
Type | Standards Track ⓘ |
Category | Application ⓘ |
Created | 2024-04-01 |
Updated | 2024-05-08 |
Requires | 27 |
Table of Contents
Abstract
This HIP describes additional features building on HIP-27 The main feature addition allows DID documents to be anchored on IPFS and enables the lookup of a DID document from IPFS via a CID reference in the DID Document HCS message(s).
Motivation
Additional functionality to improve the utility of the DID:Hedera method for the community.
Rationale
The primary added feature is the ability of the DID:Hedera method to create a DID referencing a DID document that is anchored on IPFS via a CID reference. The method also then enables the lookup of a DID document from IPFS from the CID reference.
The addition of this capability to HIP-27 supports alignment with the Guardian approach to creating DIDs.
User stories
As a user I want to create a DID:Hedera identity where the DID document is anchored on IPFS.
As an identity verifier I want to lookup with the DID document that is anchored on IPFS for verification of a received identity object.
Specification
The following additions were made to the updated DID:Hedera method.
DID Document
A Hedera DID MAY be created by creating a reference to a DID document available in IPFS.
DIDDocument
event value must have a JSON structure defined by a DIDDocument-schema and contains the following properties:
DIDDocument
- The DIDOwner event with the following attributes:id
- The DID idtype
- The document type, MAY include the DID document serialisation representation.cid
- The Content Identifiers to point to DID document in IPFS.url
- A URL to the IPFS document MAY be included for convenience.
{
"DIDDocument": {
"id": "did:hedera:testnet:z6MknSnvSESWvijDEysG1wHGnaiZSLSkQEXMECWvXWnd1uaJ_0.0.1723780",
"type": "DIDDocument",
"cid": "bafybeifn6wwfs355md56nhwaklgr2uvuoknnjobh2d2suzsdv6zpoxajfa/did-document.json",
"url": "https://ipfs.io/ipfs/bafybeifn6wwfs355md56nhwaklgr2uvuoknnjobh2d2suzsdv6zpoxajfa/did-document.json"
}
}
Updates to CRUD Operations
Read
Read, or Resolve, occurs by reading messages from the HCS topic set in the did-topic-id
element of the DID namestring, and processing messages as below:
- If the most recent valid message has
operation
set todelete
, the DID document returned MUST be empty. 2. If the most recent valid message hasoperation
set tocreate
, and event object isDIDDocument
, the DID document returned is the document resolve from the IPFS CID reference. - Otherwise
- Read valid message until one has
operation
set tocreate
, and event object isDIDOwner
. - Construct DID document by applying message
update
andrevoke
operations in order. - Return constructed DID document.
- Read valid message until one has
Backwards Compatibility
These changes are part of the updates to the DID:Hedera method and not backwards compatible with previous DID:Hedera method versions.
Security Implications
Individual implementers of the DID:Hedera method can decide if they wish to anchor DID documents on IPFS vs messages on Hedera Consensus Service. As part of this evaluation users should have a comprehensive understanding of IPFS, its security weaknesses, and the fact that documents on IPFS are not permanant.
How to Teach This
Documentation for updated DID Method.
Reference Implementation
The implementation for this functionality can be found in the updated DID:Hedera method
References
Copyright/license
This document is licensed under the Apache License, Version 2.0 – see LICENSE or (https://www.apache.org/licenses/LICENSE-2.0)
Citation
Please cite this document as: