...

This document is a Draft Deliverable of 'TBC'the Utility Foundry Working Group.

The current version is Working Draft 01.

...

This is a specification for an extension to the W3C Decentralized Identifiers (DIDs) 1.0 specification to support the use of on-ledger resourcesidentification of digital resources, as listed in the W3C DID Specification Registries 1.0, using DID URLs. This specification is also intended to act as a Version 2.0 iteration of supersede the DID URL Resource Parameter Specification.

...

All other terms are linked to their definitions in the W3C Decentralized Identifiers (DIDs) 1.0 specification.

Purpose

...

The purpose aim of this specification is to specify how:

...

define how DID URLs SHOULD act as persistent identifiers for referencing and retrieving digital resources (such as data schemas, interface definitions, governance or policy definitions). Through using DID URLs which remain conformant with W3C Decentralized Identifiers (DIDs) 1.0 specification

...

, existing DID Resolvers will be able to dereference these DID URLs to retrieve the identified resource using the specified Query Syntax for DID URLs.

Context

This specification builds on two existing concepts for processing a DID URL:

1. DID Resolution; and
2. DID URL Dereferencing.

DID Resolution

DID Resolution is the process of resolving the plain DID (defined by the ABNF from section 3.1 of the DID spec) to a DID document.

...

The path, query or fragment within the DID URL provides a DID Resolver additional specific information regarding the exact object within the DID Document that should be returned. 

Normal dereferencing can be conceived in two steps:

...

An example is processing a DID fragment to return a specific public key from the DID Document. Or alternatively, processing a DID query to return a specific service endpoint, specified in the service section of the DID Document. (Note: the process for how a DID Document is dereferenced is left to each DID Method implementation.)

This flow is shown by figure 2, below:

...

Figure 2: The normal DID URL Dereferencing process

(Note: The specifics of how dereferencing operates depends on the DID URL and the DID method.)

Motivations

The aim of this specification is to create a more resilient, tamper-resistant, highly available and standardized way of storing, referencing and retrieving resources (such as data schemas, interface definitions, governance or policy definitions), using DID URLs. 

On-ledger Resources identifiable via DID URLs

Central to this specification is the idea of a DID URL dereferencing directly to a resource, rather than first dereferencing to a DID Document. 

DID URLs for Digital Resources

DID URLs SHOULD be able to dereference directly to a resource, rather than first dereferencing to a DID Document. 

This is an exception to the normal 2-step This is an exception to the normal 2-step resolution/dereferencing process, enabling the DID itself to directly identify a digital resource that can be returned directly by the VDR of the associated DID method. This behavior may be desirable:

...

1. The DID document is not retrieved by the resolver as part of the dereferencing process. Rather the resolver makes a call to the VDR with the DID URL including a resource parameter conformant with this specification. The VDR then follows the specification of the associated DID method to retrieve the identified digital resource and return that resource to the resolver directly.
2. The resource is still associated with a DID Document. A DID URL that includes the resource parameter does still have an associated DID document like any other DID. However if the DID URL includes the resource parameter, the associated DID document is not involved in the combined resolution/dereferencing step to fetch the resource specified. If the DID alone is resolved (without the resource parameter), it will still return the associated DID document.
   1. If the DID document contains only an id property (whose value must be the DID) and no verification methods, then the DID document cannot be updated and the identified digital resource is a static resource that cannot be versioned.
   2. If the DID document contains one or more verification methods, the same verification methods may be used for authenticating/versioning/updating the identified digital resource and/or the DID document.
3. The DID Document refers to the associated resource via linked resource metadata. Through associating the resource with a DID Document, the DID Document may generate associated metadata about the resource, defined further below. 

Query Syntax for Resource DID URLs

To enable this combined resolution/dereferencing behavior, this specification defines multiple DID URL parameters to fetch resource. If a DID method specification supports these parameters, and if a DID URL using that method includes the parameter with a valid value, then when a resolver calls the associated VDR using that DID URL, the VDR returns the identified digital resource, not the DID document.

IMPORTANT: DID URL queries should be fully qualified so that they uniquely identify a single resource, or single resource version. 

Common and standardized resource parameters:

...

"versionTime"

...

Motivations

This specification is intended to improves the way resources are stored and retrieved through the use of DID URLs, in the following ways:

1. Highly available and easily retrievable
   1. Resources MUST be identified by a DID URL which allows them to be retrieved easily from a distributed ledger using existing DID Resolvers.
   2. Using a Verifiable Data Registry to store and index resources removes the problem identified by centralized systems creating single points of failure, which is a common problem in the way schemas, trust registries and revocation statuses are often stored.
2. Controllable and self-attestable
   1. Resources MUST be tied to DID Documents and control over resources SHOULD be exerted via the same verification method keys as those written into an associated DID Document.
   2. This allows persons to authenticate with a DID Document to update or prove control of a resource, which addresses the problem of tamper-proofing identified around centralized cloud providers (which resources are currently commonly stored on).
3. Built to be consumed by client applications
   1. Resources MUST specify a name, and resource type and compile into a media type, which provides specific information to any client application about what data format and syntax the data are expected to be retrieved in.
   2. This allows client applications to apply business rules to what types of resources are expected, and which should be accepted, making resources far easier to be consumed by third-party software. This differs from existing Hyperledger Indy resources, which require the client applications to be familiar with Indy in order to process and consume Indy resources.
4. Indexable
   1. Resources SHOULD be versioned with unique identifiers, allowing previous versions to be archived within a collection, and retrieved through querying a unique ID or a version time.
   2. This mitigates the problem identified of link rot when using centralized storage systems since each version is archived immutably.

Verifiable Data Registry (VDR) and DID Method Requirements

A Verifiable Data Registry (VDR) and DID Method conforming to this specification to include support for resources identifiable via DID URLs MUST define:

1. A method to write a resource to the VDRwhich isreferenceable via an immutable and uniquely identifiable using DID URLs.
2. A method to write a resource to the VDR which either directly includes or is mapped to the Resource Parameters.
3. A method to write a resource to the VDR which is linked-to and referenced within an associated DID Document, whilst remaining conformant with W3C Decentralized Identifiers (DIDs) 1.0 specification. 
4. A method to version resources, with each current and old version easily accessible in the future.
5. A method to map the individual fields of the resource metadata to the Query Syntax Resource Parameters.
6. A method to dereference directly to a resource using a DID URL with the Query Syntax Resource Parameters.

A Verifiable Data Registry (VDR) and DID Method conforming to this specification to include support for resources identifiable via DID URLs SHOULD define:

1. A method to update/manage the resource using the verification method relationships and keys within the associated DID Document. 
2. A method to authenticate resource transactions using the verification method relationships and keys within the associated DID Document. 

A Verifiable Data Registry (VDR) and DID Method conforming to this specification to include support for resources identifiable via DID URLs MAY define:

1. A method to organize resources associated with a DID Document into a collection of resources. 
2. A method to mark resources as deprecated or superseded by new versions.
3. A method to dereference directly to a resource using DID URL paths '/'. 

Resource Parameters

The following list of Resource Parameters defines a common and detailed set of fields and parameters which an on-ledger resource SHOULD be 

Error messages

There MAY be instances where the resolver has not been provided enough specific information to process the request and fetch a single resource. 

In these cases, the error messages should follow the Error section in the DID Resolution specification here. 

Verifiable Data Registry (VDR) and DID Method Requirements

A Verifiable Data Registry (VDR) and DID Method conforming to this specification to include support for resources identifiable via DID URLs:

...

A method to map the individual fields of the resource metadata to the resource parameters listed above.

...

MAY include in the associated DID document an alsoKnownAs property containing at least one value that is a hashlink to the identified digital resource. This provides additional cryptographic verification of the binding between the DID and the identified digital resource. This approach MAY be used when there is ONLY one resource associated with a DID and DID Document.

MAY include references to the associated on-ledger resources within the didDocumentMetadata property, for example:

"didDocumentMetadata": {
  "created": "2022-07-19T08:29:07Z",
  "versionId": "57543FA1D9C56033BABBFA3A438E0A149E01BBB89E6D666ACE1243455AA6F2BC",
  "linkedResourceMetadata": [
    {
      "resourceURI": "did:cheqd:mainnet:46e2af9a-2ea0-4815-999d-730a6778227c/resources/0f964a80-5d18-4867-83e3-b47f5a756f02",
      "resourceCollectionId": "46e2af9a-2ea0-4815-999d-730a6778227c",
      "resourceId": "0f964a80-5d18-4867-83e3-b47f5a756f02",
      "resourceName": "DegreeLaw",
      "resourceType": "CL-Schema",
      "mediaType": "application/json",
      "created": "2022-07-19T08:40:00Z",
      "checksum": "7b2022636f6e74656e74223a202274657374206461746122207d0ae3b0c44298",
      "previousVersionId": null, // null if no previous version, otherwise, resourceId of previous version
      "nextVersionId": null, // null if no new version, otherwise, resourceId of new version
    }
  ]
}

...

DID Resolver Requirements

1. If a DID URL includes the resource parameter with a value of true, a conforming DID resolver MUST return the default media type of the digital resource identified by the DID from the VDR specified by the associated DID method provided such resource is available. 
   1. If the DID resolver is unable to return the identified resource, the resolver MUST return the error "Resource not found".
2. If a DID URL includes the resource parameter with a value of a valid media type name, a conforming DID resolver MUST return the requested media type of the digital resource identified by the DID from the VDR specified by the associated DID method provided such resource is available. 
   1. If the DID resolver is unable to return the identified resource in the requested media type, the resolver MUST return the error "Resource not found".
3. If a DID URL includes the resource parameter with a value of false, a conforming DID resolver SHOULD ignore the parameter.
4. If the DID alone is resolved without the resource parameter, it MUST return the authoritative DID document as defined in W3C Decentralized Identifiers (DIDs) 1.0. This specification adds no additional requirements to a conforming DID document.

Query Syntax for Resource DID URLs

To enable this combined resolution/dereferencing behavior, this specification defines multiple DID URL parameters to fetch resource. If a DID method specification supports these parameters, and if a DID URL using that method includes the parameter with a valid value, then when a resolver calls the associated VDR using that DID URL, the VDR returns the identified digital resource, not the DID document.

IMPORTANT: DID URL queries should be fully qualified so that they uniquely identify a single resource, or single resource version. 

Common and standardized resource parameters:

Error messages

There MAY be instances where the resolver has not been provided enough specific information to process the request and fetch a single resource. 

In these cases, the error messages should follow the Error section in the DID Resolution specification here. 

1. 1. MAY include in the associated DID document an alsoKnownAs property containing at least one value that is a hashlink to the identified digital resource. This provides additional cryptographic verification of the binding between the DID and the identified digital resource. This approach MAY be used when there is ONLY one resource associated with a DID and DID Document.

Linked Resource Metadata

MAY include references to the associated on-ledger resources within the didDocumentMetadata property, for example:

"didDocumentMetadata": {
  "created": "2022-07-19T08:29:07Z",
  "versionId": "57543FA1D9C56033BABBFA3A438E0A149E01BBB89E6D666ACE1243455AA6F2BC",
  "linkedResourceMetadata": [
    {
      "resourceURI": "did:cheqd:mainnet:46e2af9a-2ea0-4815-999d-730a6778227c/resources/0f964a80-5d18-4867-83e3-b47f5a756f02",
      "resourceCollectionId": "46e2af9a-2ea0-4815-999d-730a6778227c",
      "resourceId": "0f964a80-5d18-4867-83e3-b47f5a756f02",
      "resourceName": "DegreeLaw",
      "resourceType": "CL-Schema",
      "mediaType": "application/json",
      "created": "2022-07-19T08:40:00Z",
      "checksum": "7b2022636f6e74656e74223a202274657374206461746122207d0ae3b0c44298",
      "previousVersionId": null, // null if no previous version, otherwise, resourceId of previous version
      "nextVersionId": null, // null if no new version, otherwise, resourceId of new version
    }
  ]
}

1. 1. 1. How the VDR shall determine the default media type for the resource written to the VDR.
      2. How the VDR shall return the resource in response to a request from a conforming DID resolver.
      3. Important: If the DID alone is resolved without a resource parameter, it MUST return the authoritative DID document as defined in W3C Decentralized Identifiers (DIDs) 1.0. This specification adds no additional requirements to a conforming DID document. To enable this combined resolution/dereferencing behavior, this specification defines multiple new DID URL parameters for retrieving resources. If a DID method specification supports this specification, and if a DID URL using that method includes a parameter with a valid value, then when a resolver calls the associated VDR using that DID URL, the VDR returns the identified digital resource, or metadata associated with the resource.

...

Resource fields

...

A string or a map that conforms to the rules of [RFC3986] for URIs which SHOULD directly lead to a location where the resource can be accessed from. 

For example: did:example:46e2af9a-2ea0-4815-999d-730a6778227c/resources/0f964a80-5d18-4867-83e3-b47f5a756f02, or, https://gateway.ipfs.io/ipfs/bafybeihetj2ng3d74k7t754atv2s5dk76pcqtvxls6dntef3xa6rax25xe

...

"resourceCollectionId"

...

A string that conforms to a method specific unique identifier format.

For example: 46e2af9a-2ea0-4815-999d-730a6778227c

...

A string that conforms to a method specific unique identifier format.

For example: 0f964a80-5d18-4867-83e3-b47f5a756f02

...

A string that uniquely names and identifies a resource. This property, along with the resourceType below, can be used to track version changes within a resource.

For example: degreeLaw

...

A string that identifies the type of resource. This property, along with the resourceName above, can be used to track version changes within a resource. Not to be confused with media type. (TBC to add to DID Spec Registries)

For example: JSONSchema2020

...

A string that uniquely identifies the version of the resource provided by the resource creator as a tag.

For example: 1.3.1

...

A string that identifies the IANA-registered Media Type for a resource.

For example: application/json

...

A JSON String serialized as an XML Datetime normalized to UTC 00:00:00 and without sub-second decimal precision.

For example: 2020-12-20T19:17:47Z

...

A string that provides a checksum (e.g. SHA256, MD5) for the resource to facilitate data integrity.

For example: 7b2022636f6e74656e74223a202274657374206461746122207d0ae3b0c44298

...

For example: 67618cfa-7a1d-4be3-b9b2-3a9ea52af305

...