...
- The following MUST have public DIDs compliant with the ToIP Technology Technical Architecture Specification:
- Governing authorit(ies).
- Administering authority (if any).
- Primary document.
- All governed parties fulfilling roles defined in the GF (e.g., issuers, verifiers, trust registries).
- The following SHOULD have public DIDs or DID URLs compliant with the ToIP Technology Technical Architecture Specification:
- Each controlled document.
- Each policy, rule or other normative subcomponent of a controlled document.
- All DIDs and DID URLs specified in this section are subject to the following policies:
- The DID for a GF document MUST remain the same for all versions of the document it identifies.
- A new
versionId
parameter value MUST be assigned for every version of the identified document.
- The GF MUST include one or more policies specifying the format for version identifier values and the process for assigning them.
- These policies SHOULD be the same for all versions of all documents in the GF.
- It is RECOMMENDED to use sequential integers for every version starting with "1".
- The use of minor version numbers (e.g., "1.1", "1.2", "1.3") is NOT RECOMMENDED.
- A DID URL that includes a
resource
parameter with a value oftrue
MUST return the identified document directly.- If this DID URL does not include a
versionId
parameter value, it MUST return the current version of the identified document - If this DID URL includes a
versionId
parameter value, it MUST return the identified version of the identified document. - If this DID URL includes a
versionId
parameter value for a version that does not exist, it MUST return a "Resource Not Found" error.
- If this DID URL does not include a
...
- The governing authority SHOULD publish a digital signature in its current DID document a digital signature over over the hash of the current version of its primary document.
- The governing authority or administering authority SHOULD:
- Register the public DID and all authorized roles for a governed party in a trust registry.
- Issue verifiable credentials to all governed parties serving in a role defined by the GF.
- Issue Store those same verifiable credentials to in a publicly-available credential registry as specified by the GF.
- If the GF includes certification policies, the qualified certifying parties SHOULD:
- Issue certification credentials to governed parties as directed by the GF.
- Issue Store those same verifiable credentials to in a publicly-available credential registry as specified by the GF.
...
To support the transparency needed for transitive trust, a publicly-available ToIP-compliant GF:
- MUST be published, addressible on the Webpublic Internet.
- MUST publish its DID URL in its DID document.
- MUST publish its public keys in its DID document.
- MUST publish its public service endpoints in its DID document.
- SHOULD be translated localized into all human languages spoken within as required by its trust community.
- SHOULD be accessible under the W3C Accessibility Guidelines.
...
To support the interoperability needed for transitive trust, a publicly-available ToIP-compliant GF:
- MUST specify technical interoperability interoperability requirements using ToIP specifications and recommendations whenever possible.
- SHOULD specify any additional technical interoperability requirements using publicly available open standard specifications or specification profiles if needed.