Swiss Profile Anchor
Status: draft - technically complete, but might to be reformulated
Summary
This profile concerns itself with how an public ecosystem actor can be identified by other actors and how they can exchange basic cryptographic details to verify integrity and authenticity of exchanged data.
All underlying specifications referenced by the included standards are considered fully supported unless explicitly noted otherwise.
| Contained Specifications | Version | Link to referenced Specification |
|---|---|---|
| DID Core | 1.0 | Decentralized Identifiers (DIDs) v1.0 |
| did:webvh DID Method | 1.0 | did:web + Verifiable History v1.0 |
Cryptography
To decrease complexity, initially the cryptographic options are limited to following algorithms.
- JWS algorithm used is ES256.
As per did:webvh:1.0 specification:
- Permitted hash algorithms: SHA-256
- Permitted Data Integrity cryptosuites: eddsa-jcs-2022
Decentralized Identifiers (DIDs) v1.0
The specification is fully supported by this profile (and components adhering to it) except for the specific cases mentioned in the following subsections.
3 Identifier
3.2 DID Syntax
3.2.1 DID Parameters
DID Parameters MUST NOT be used.
3.2.2 Relative DID URLs
Relative DID URLs is NOT SUPPORTED.
5. Core Properties
DID Document properties
The following properties MUST NOT be used:
- alsoKnownAs
- service
The property controller SHOULD NOT be used, if it is it MUST point to the DID itself.
5.1 Identifiers
5.1.2 DID Controller
While the Base Register supports setting the controller property, it always needs to point to the DID itself.
5.1.3 Also Known As
The Base Register does not support alsoKnownAs in the DIDDoc.
5.2 Verification Methods
Field controller MUST point to the DID itself.
5.2.1 Verification Material
publicKeyMultibase MUST NOT be used
publicKeyJwk is REQUIRED
5.3 Verification Relationships
5.3.3 Key Agreement
The verification relationship keyAgreement MUST NOT be used.
5.3.4 Capability Invocation
The verification relationship capabilityInvocation MUST NOT be used.
5.3.5 Capability Delegation
The verification relationship capabilityDelegation MUST NOT be used.
5.4 Services
The property service MUST NOT be used.
6 Representations
6.2 JSON
The JSON Representation MUST be used.
6.3 JSON-LD
The JSON-LD Representation MUST NOT be used.
7 Resolution
7.1 DID Resolution
DID Resolution MUST be used.
7.2 DID URL Dereferencing
DID URL Dereferencing is not supported by the swiyu DIDResolver.
DID Method did:webvh
The specification is fully supported by this profile (and components adhering to it) except for the specific cases mentioned in the following subsections.
2 Overview
2.1 The /whois Use Case
The /whois Use Case is not supportet in the Base Register.
Instead use the Trust Protocol mechanisms to validate trustworthiness of the DID.
3 DID Method Specification
3.7 DID Method Processes
3.7.1 did:webvh DID Method Parameters
The Base Register does not support DID Portability.
- The parameter
portableMUST be set to false.
The Base Register does not support Witnesses. - The parameter
witnessMUST be set to {}.
The Base Register does not support Watchers. - The parameter
watchersMUST be set to []
Swiss Profile version indication with propertyprofile_versionin first DID Log entry body is REQUIRED.
{
"portable": true,
"updateKeys": ["z82LkqR25TU88tztBEiFye"],
"nextKeyHashes": ["enkkrohe5ccxyc7zghic6qux5iny"],
"method": "did:webvh:1.0",
"profile_version": "swiss-profile-anchor:1.0.0",
"scid": "{SCID}"
}
3.7.5 Authorized Keys
We do recommend to utilize Pre-rotation of keys.
3.7.6 DID Portability
The Base Register does not support DID Portability.
3.7.8 DID Witnesses
The Base Register does not support Witnesses.
3.7.9 DID Watchers
The Base Register does not support Watchers.
3.7.10 Publishing a Parallel did:web DID
The Base Register does not support publishing a parallel did:web.
3.8 DID URL Resolution
The DIDResolver and Base Registry does not support the did:web fallback.
We do recommend to NOT utilize a did:web fallback.
3.9 DID URL Path Resolution
DID URL Path Resolution is not supported
3.10 WHOIS Resolution
The Base Register and Wallets do not support WHOIS resolution.
Instead use the mechanisms defined in the swiss-profile-trust to validate trustworthiness of the DID.