From 7fd9d271394b19c5c7ff5bc94f7a5ee9a09b25af Mon Sep 17 00:00:00 2001 From: Jan Christoph Ebersbach Date: Tue, 26 Nov 2024 18:01:53 +0100 Subject: [PATCH] feat: add additional traits - cryptography_privacy_preserving: #16 - cryptography_government-approved: #15 - gdpr-compliant: #14 --- schemas/traits.json | 17 ++++++++++++++++- spec/spec.md | 45 ++++++++++++++++++++++++--------------------- 2 files changed, 40 insertions(+), 22 deletions(-) diff --git a/schemas/traits.json b/schemas/traits.json index 0e5bbf5..fbd7a3d 100644 --- a/schemas/traits.json +++ b/schemas/traits.json @@ -103,7 +103,22 @@ "hosted_decentrally": { "type": "boolean", "title": "Decentrally Hosted", - "description": "the DID document is stored, managed, and resolved through a distributed infrastructure, typically implemented using decentralized ledger technologies (DLT) or peer-to-peer networks." + "description": "The DID document is stored, managed, and resolved through a distributed infrastructure, typically implemented using decentralized ledger technologies (DLT) or peer-to-peer networks." + }, + "cryptography_privacy_preserving": { + "type": "boolean", + "title": "Privacy Preserving Cryptography", + "description": "A DID method's ability to use cryptographic techniques that enable identity verification and authentication while minimizing the disclosure of sensitive personal information. Example: BBS." + }, + "cryptography_government-approved": { + "type": "boolean", + "title": "Government-approved Cryptography", + "description": "A DID method that implements cryptographic algorithms and protocols explicitly validated and recommended by national cryptographic standards bodies. Example: FIPS 186-4." + }, + "gdpr-compliant": { + "type": "boolean", + "title": "GDPR-compliant", + "description": "A DID method's ability to fully adhere to the European Union's General Data Protection Regulation (GDPR) requirements, ensuring comprehensive protection of personal data and individual privacy rights." } }, "required": [ diff --git a/spec/spec.md b/spec/spec.md index afb14de..9ea0060 100644 --- a/spec/spec.md +++ b/spec/spec.md @@ -76,27 +76,30 @@ Contribute here: https://github.com/decentralized-identity/did-traits/blob/main/ Generated with ../generate-markdown-table.nu --> -| Trait | Definition | -| ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Modifiable | DID Documents are modifiable, see https://w3c.github.io/did-core/#method-operations. | -| Service Endpoints | Service endpoints are modifiable, see https://w3c.github.io/did-core/#services. | -| Deactivatable | DIDs are deactivatable, see https://w3c.github.io/did-core/#method-operations. | -| Deletable | DID method's capability to permanently remove a DID and its associated DID document from the underlying system, rendering the identifier and its historical metadata irrecoverable. | -| Explicit Fees | Indicates whether a DID method imposes mandatory transactional costs for creating, updating, or deactivating identifiers. These fees are typically associated with blockchain or distributed ledger-based methods, where computational resources and network consensus mechanisms necessitate economic compensation. | -| Self-Certifying | DID method where the cryptographic material used to generate the DID is embedded within the identifier itself, creating an inherent and verifiable cryptographic binding between the DID, its initial DID document, and the associated cryptographic keys. This approach eliminates the need for external verification infrastructure, as the identifier's authenticity can be cryptographically validated through its own intrinsic key material. | -| Rotatable Keys | Verification methods are modifiable, allowing cryptographic keys can be replaced or updated, see https://w3c.github.io/did-core/#verification-methods. | -| Pre-rotation of Keys | Cryptographic mechanism that enables a DID controller to securely commit to a future key rotation without revealing the actual replacement public key. This technique creates a verifiable, one-way commitment to the next cryptographic key pair, preventing malicious actors who compromise the current private key from arbitrarily rotating to a new key of their choosing. | -| Multi-Signature Modifiable | A DID method that supports distributed control of a decentralized identifier through a cryptographic mechanism requiring multiple independent signatures to authorize critical identity operations such as updating or deactivating the DID. | -| Human-readable | A DID method's ability to generate identifiers that are cognitively accessible and memorable to humans, typically incorporating meaningful, domain-specific, or intuitive components. | -| Enumerable | A DID method where all identifiers within the system can be comprehensively discovered and listed through a publicly accessible registry, typically implemented using a distributed ledger technology (DLT) or similar transparent infrastructure. | -| Locally Resolvable | A DID method where identifiers and their associated DID documents are valid only within a specific, transient local context. | -| Globally Resolvable | A DID method where identifiers can be resolved from any network location, enabling universal access to the associated DID document across diverse computational environments and geographic boundaries. | -| Document Hosting | A DID method's capability to store and retrieve supplementary documents directly associated with the primary DID document through a standardized dereferencing mechanism using DID paths. | -| DID Document History | A DID method's capability to preserve and retrieve previous versions of a DID document, enabling comprehensive historical traceability of identity metadata and modifications. | -| Cryptograhpically signed DID Document History | A DID method's capability to record all modifications to the DID document in an append-only, cryptographically verifiable data structure that prevents retroactive alteration or deletion of historical states. | -| Not Hosted | dID document is generated and verified entirely through cryptographic mechanisms, without requiring persistent storage or external hosting infrastructure. | -| Centrally Hosted | The DID document is stored and managed through a single, centralized service infrastructure, typically implemented using a web server or controlled repository. | -| Decentrally Hosted | the DID document is stored, managed, and resolved through a distributed infrastructure, typically implemented using decentralized ledger technologies (DLT) or peer-to-peer networks. | +| Trait | Definition | +| ----------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Modifiable | DID Documents are modifiable, see https://w3c.github.io/did-core/#method-operations. | +| Service Endpoints | Service endpoints are modifiable, see https://w3c.github.io/did-core/#services. | +| Deactivatable | DIDs are deactivatable, see https://w3c.github.io/did-core/#method-operations. | +| Deletable | DID method's capability to permanently remove a DID and its associated DID document from the underlying system, rendering the identifier and its historical metadata irrecoverable. | +| Explicit Fees | Indicates whether a DID method imposes mandatory transactional costs for creating, updating, or deactivating identifiers. These fees are typically associated with blockchain or distributed ledger-based methods, where computational resources and network consensus mechanisms necessitate economic compensation. | +| Self-Certifying | DID method where the cryptographic material used to generate the DID is embedded within the identifier itself, creating an inherent and verifiable cryptographic binding between the DID, its initial DID document, and the associated cryptographic keys. This approach eliminates the need for external verification infrastructure, as the identifier's authenticity can be cryptographically validated through its own intrinsic key material. | +| Rotatable Keys | Verification methods are modifiable, allowing cryptographic keys can be replaced or updated, see https://w3c.github.io/did-core/#verification-methods. | +| Pre-rotation of Keys | Cryptographic mechanism that enables a DID controller to securely commit to a future key rotation without revealing the actual replacement public key. This technique creates a verifiable, one-way commitment to the next cryptographic key pair, preventing malicious actors who compromise the current private key from arbitrarily rotating to a new key of their choosing. | +| Multi-Signature Modifiable | A DID method that supports distributed control of a decentralized identifier through a cryptographic mechanism requiring multiple independent signatures to authorize critical identity operations such as updating or deactivating the DID. | +| Human-readable | A DID method's ability to generate identifiers that are cognitively accessible and memorable to humans, typically incorporating meaningful, domain-specific, or intuitive components. | +| Enumerable | A DID method where all identifiers within the system can be comprehensively discovered and listed through a publicly accessible registry, typically implemented using a distributed ledger technology (DLT) or similar transparent infrastructure. | +| Locally Resolvable | A DID method where identifiers and their associated DID documents are valid only within a specific, transient local context. | +| Globally Resolvable | A DID method where identifiers can be resolved from any network location, enabling universal access to the associated DID document across diverse computational environments and geographic boundaries. | +| Document Hosting | A DID method's capability to store and retrieve supplementary documents directly associated with the primary DID document through a standardized dereferencing mechanism using DID paths. | +| DID Document History | A DID method's capability to preserve and retrieve previous versions of a DID document, enabling comprehensive historical traceability of identity metadata and modifications. | +| Cryptograhpically signed DID Document History | A DID method's capability to record all modifications to the DID document in an append-only, cryptographically verifiable data structure that prevents retroactive alteration or deletion of historical states. | +| Not Hosted | dID document is generated and verified entirely through cryptographic mechanisms, without requiring persistent storage or external hosting infrastructure. | +| Centrally Hosted | The DID document is stored and managed through a single, centralized service infrastructure, typically implemented using a web server or controlled repository. | +| Decentrally Hosted | The DID document is stored, managed, and resolved through a distributed infrastructure, typically implemented using decentralized ledger technologies (DLT) or peer-to-peer networks. | +| Privacy Preserving Cryptography | A DID method's ability to use cryptographic techniques that enable identity verification and authentication while minimizing the disclosure of sensitive personal information. Example: BBS. | +| Government-approved Cryptography | A DID method that implements cryptographic algorithms and protocols explicitly validated and recommended by national cryptographic standards bodies. Example: FIPS 186-4. | +| GDPR-compliant | A DID method's ability to fully adhere to the European Union's General Data Protection Regulation (GDPR) requirements, ensuring comprehensive protection of personal data and individual privacy rights. | ## JSON Schema Data Model