Overview[1]#
DID descriptor objects (DDO) is the index key in a key-value pair, then the DDO is the value to which the index key points. The combination of a DID and its associated DDO forms the root identity record for a Decentralized Identity.DID descriptor objects MUST be a single JSON Object conforming to RFC 7159. For purposes of this version of the DID specification, the format of this JSON object is specified in JSON-LD, a format for mapping JSON data into the RDF semantic graph model as defined by the W3C JSON-LD 1.0 specification. Future versions of this specification MAY specify other semantic graph formats for a DDO such as JXD (JSON XDI Data), a serialization format for the XDI graph model.
DID descriptor objects follow the following rules:
- Context (REQUIRED) - JSON objects in JSON-LD format must include a JSON-LD context statement. The rules for this statement are:
- A DDO MUST have exactly one top-level context statement. This statement MUST be the first line in the JSON object. (This is not strictly necessary under JSON-LD but required for DDOs.) The key for this property MUST be @context.
- Primary DID (Required) - The primary DID is the primary index key for the DDO, i.e., it is DID described by DDO. The rules for a primary DID are:
- Guardian (Required If No Proof of Ownership) - A guardian is an identity owner who creates and maintains an identity record for a dependent who is not in a position to hold or control the necessary cryptographic keys (e.g., a parent creating an identity record for a child). In this case, there are no owner keys to represent the ultimate identity owner. So the DDO needs to assert the identity of the guardian. The rules for a guardian are:
- A DDO that includes an owner MAY have a guardian.
- A DDO that does not include an owner MUST have a guardian.
- The key for this property MUST be guardian.
- The value of this key MUST be a valid DID.
- The guardian DID MUST resolve to a DDO that has an owner property, i.e., guardian relationships must not be nested.
- Proof of Ownership (REQUIRED If No Guardian)- Proof of Ownership is the mechanism by which an identity owner can cryptographically prove ownership of a DID and DDO by virtue of publishing a set of Public Key or verification key descriptions.
- A DDO that includes a guardian MAY have exactly one owner.
- A DDO that does not include a guardian MUST have exactly one owner.
- The key for this property MUST be owner.
- The value of this key MUST be an array where each member of the array is a key description of a valid public key or verification key.
- If this array contains more than one key description, each key description MUST include a property with the key id whose value is a DID reference consisting of the primary DID and a DID fragment.
- This DID reference uniquely identifies this key description.
DID descriptor objects contains a set of key descriptions— machine-readable descriptions of the identity owner’s Public Keys and a set of service endpoints—resource pointers necessary to initiate trusted interactions with the identity owner. Each DID uses a specific DID method, defined in a separate DID method specification, to define how the DID is registered, resolved, updated, and revoked on a specific Distributed Ledger Technology or network.
More Information#
There might be more information for this subject on one of the following:- [#1] - DID (Decentralized Identifier) Data Model and Generic Syntax 1.0
- based on information obtained 2016-12-01-