Since our DID method is a single, public key, always on the Edwards curve, the DID document itself may be reconstructed from a public key at any time. This layer exists purely for compatibility purposes.
DID documents of this type always follow this exact format:
{"@context": "https://w3id.org/did/v1","id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH","publicKey": [{"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey","type": "Ed25519VerificationKey2018","controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH","publicKeyBase58": "B12NYF8RrR3h41TDCTJojY59usg3mbtbjnFs7Eud1Y6u"}],"authentication": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"],"assertionMethod": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"],"capabilityDelegation": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"],"capabilityInvocation": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"],"keyAgreement": [{"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#kakey","type": "X25519KeyAgreementKey2019","controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH","publicKeyBase58": "JhNWeSVLMYccCk7iopQW4guaSJTojqpMEELgSLhKwRr"}]}
​Example Source​
The @context
key simply states which version of the spec this DID conforms to.
For example: 'https://w3id.org/did/v1'
The id
is the concatenation of the method did:key:
with the public key.
For example
'did:nacl:Md8JiMIwsapml_FtQ2ngnGftNP5UmVCAUuhnLyAsPxI'
The publicKey
array MUST:
Contain EXACTLY one key record
The public keys MUST be identical
MUST use the index #pubkey
MUST have the type ED25519SignatureVerification2018
Be encoded in base64 (for transmission and consistency)
"publicKey": [{"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey","type": "Ed25519VerificationKey2018","controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH","publicKeyBase58": "B12NYF8RrR3h41TDCTJojY59usg3mbtbjnFs7Eud1Y6u"}]
This contains a lot of redundant information, but is required to be compatible with other DID services
Unlike many other DID methods, a Fission Identity MUST contain exactly one key. Fission treats identity as pseudonymous at best, and thus relegates access control to the realm of verifiable claims.
There is a need for non updateable DID's for use in IOT and other applications, where lack of network, size of code base and other such concerns are paramount to adoption. These concerns need to be addressed while not lowering the overall security guarantees.
~The uPort NaCL README​
Our motivation is focused primarily on universality. Rather than updating a document over time, the DID is minimal, immutable, and may be reconstructed from a key pair at any time.
The authentication
array MUST:
Contain EXACTLY one key record
The key MUST be identical to #pubkey
"authentication": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"]
The assertionMethod
array must contain EXACTLY the public key referenced in publicKey.id
"assertionMethod": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"]
The capabilityDelegation
array must contain EXACTLY the public key referenced in publicKey.id
"capabilityDelegation": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"]
The capabilityInvocation
array must contain EXACTLY the public key referenced in publicKey.id
"capabilityInvocation": ["did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#pubkey"]
The keyAgreement
array MUST
Include EXACTLY one key record
The id
MUST match the public key, but indexed with #kakey
The type
MUST set to X25519KeyAgreementKey2019
The controller
MUST exactly match the public key
Include a base58-encoded public key
"keyAgreement": [{"id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#kakey","type": "X25519KeyAgreementKey2019","controller": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH","publicKeyBase58": "JhNWeSVLMYccCk7iopQW4guaSJTojqpMEELgSLhKwRr"}]