From a9ac0545494bff7b9086cedde6261c7cd53533be Mon Sep 17 00:00:00 2001 From: Jan Christoph Ebersbach Date: Fri, 31 May 2024 17:46:10 +0200 Subject: [PATCH] chore: update docs --- api/index.html | 4 +- api/operations/deactivatedid/index.html | 10 +- api/operations/registerdid/index.html | 10 +- api/operations/resolvedid/index.html | 10 +- api/operations/updatedid/index.html | 10 +- configuration/index.html | 13 ++- congratulations/index.html | 4 +- deployment/hosted-service/index.html | 2 +- deployment/local-test-server/index.html | 20 ++-- deployment/self-hosting/index.html | 41 +++++++- did-management/deactivate-a-did/index.html | 42 --------- did-management/deactivate-did/index.html | 79 ++++++++++++++++ did-management/register-a-did/index.html | 51 ---------- .../index.html | 9 +- did-management/resolve-did/index.html | 42 +++++++++ did-management/update-a-did/index.html | 53 ----------- did-management/update-did/index.html | 89 ++++++++++++++++++ getting-started/index.html | 33 ++++--- index.html | 2 +- openapi.yaml | 16 ++-- pagefind/fragment/en_176334b.pf_fragment | Bin 3336 -> 0 bytes pagefind/fragment/en_22424b6.pf_fragment | Bin 0 -> 1605 bytes pagefind/fragment/en_2282baf.pf_fragment | Bin 0 -> 1628 bytes pagefind/fragment/en_2427f16.pf_fragment | Bin 1574 -> 0 bytes pagefind/fragment/en_26d69ea.pf_fragment | Bin 1444 -> 0 bytes pagefind/fragment/en_2afa1c1.pf_fragment | Bin 1549 -> 0 bytes pagefind/fragment/en_432169c.pf_fragment | Bin 0 -> 1000 bytes pagefind/fragment/en_44616c8.pf_fragment | Bin 556 -> 0 bytes pagefind/fragment/en_4d2c752.pf_fragment | Bin 0 -> 2220 bytes pagefind/fragment/en_5d13959.pf_fragment | Bin 0 -> 1002 bytes pagefind/fragment/en_5e5b29f.pf_fragment | Bin 159 -> 0 bytes pagefind/fragment/en_61a463c.pf_fragment | Bin 920 -> 0 bytes pagefind/fragment/en_6399f35.pf_fragment | Bin 0 -> 1519 bytes pagefind/fragment/en_6a15462.pf_fragment | Bin 619 -> 0 bytes pagefind/fragment/en_6bc1707.pf_fragment | Bin 0 -> 1488 bytes pagefind/fragment/en_73d6c69.pf_fragment | Bin 0 -> 1620 bytes pagefind/fragment/en_86eb19d.pf_fragment | Bin 1602 -> 0 bytes pagefind/fragment/en_976f827.pf_fragment | Bin 0 -> 1594 bytes pagefind/fragment/en_99961ca.pf_fragment | Bin 0 -> 284 bytes pagefind/fragment/en_9cb08a6.pf_fragment | Bin 165 -> 0 bytes pagefind/fragment/en_a0d3b54.pf_fragment | Bin 1000 -> 0 bytes pagefind/fragment/en_a63e2d3.pf_fragment | Bin 0 -> 3331 bytes pagefind/fragment/en_aa26959.pf_fragment | Bin 1584 -> 0 bytes pagefind/fragment/en_caccd71.pf_fragment | Bin 0 -> 347 bytes pagefind/fragment/en_d9acdd9.pf_fragment | Bin 0 -> 1869 bytes pagefind/fragment/en_fff58ca.pf_fragment | Bin 508 -> 0 bytes pagefind/index/en_5457be4.pf_index | Bin 17254 -> 0 bytes pagefind/index/en_5fd3ccd.pf_index | Bin 0 -> 20924 bytes pagefind/pagefind-entry.json | 2 +- pagefind/pagefind.en_83a6c5a519.pf_meta | Bin 222 -> 0 bytes pagefind/pagefind.en_9dffcc179c.pf_meta | Bin 0 -> 228 bytes reference/example/index.html | 2 +- sitemap-0.xml | 2 +- 53 files changed, 326 insertions(+), 220 deletions(-) delete mode 100644 did-management/deactivate-a-did/index.html create mode 100644 did-management/deactivate-did/index.html delete mode 100644 did-management/register-a-did/index.html rename did-management/{resolve-a-did => register-did}/index.html (55%) create mode 100644 did-management/resolve-did/index.html delete mode 100644 did-management/update-a-did/index.html create mode 100644 did-management/update-did/index.html delete mode 100644 pagefind/fragment/en_176334b.pf_fragment create mode 100644 pagefind/fragment/en_22424b6.pf_fragment create mode 100644 pagefind/fragment/en_2282baf.pf_fragment delete mode 100644 pagefind/fragment/en_2427f16.pf_fragment delete mode 100644 pagefind/fragment/en_26d69ea.pf_fragment delete mode 100644 pagefind/fragment/en_2afa1c1.pf_fragment create mode 100644 pagefind/fragment/en_432169c.pf_fragment delete mode 100644 pagefind/fragment/en_44616c8.pf_fragment create mode 100644 pagefind/fragment/en_4d2c752.pf_fragment create mode 100644 pagefind/fragment/en_5d13959.pf_fragment delete mode 100644 pagefind/fragment/en_5e5b29f.pf_fragment delete mode 100644 pagefind/fragment/en_61a463c.pf_fragment create mode 100644 pagefind/fragment/en_6399f35.pf_fragment delete mode 100644 pagefind/fragment/en_6a15462.pf_fragment create mode 100644 pagefind/fragment/en_6bc1707.pf_fragment create mode 100644 pagefind/fragment/en_73d6c69.pf_fragment delete mode 100644 pagefind/fragment/en_86eb19d.pf_fragment create mode 100644 pagefind/fragment/en_976f827.pf_fragment create mode 100644 pagefind/fragment/en_99961ca.pf_fragment delete mode 100644 pagefind/fragment/en_9cb08a6.pf_fragment delete mode 100644 pagefind/fragment/en_a0d3b54.pf_fragment create mode 100644 pagefind/fragment/en_a63e2d3.pf_fragment delete mode 100644 pagefind/fragment/en_aa26959.pf_fragment create mode 100644 pagefind/fragment/en_caccd71.pf_fragment create mode 100644 pagefind/fragment/en_d9acdd9.pf_fragment delete mode 100644 pagefind/fragment/en_fff58ca.pf_fragment delete mode 100644 pagefind/index/en_5457be4.pf_index create mode 100644 pagefind/index/en_5fd3ccd.pf_index delete mode 100644 pagefind/pagefind.en_83a6c5a519.pf_meta create mode 100644 pagefind/pagefind.en_9dffcc179c.pf_meta diff --git a/api/index.html b/api/index.html index 77bf648..7d97a64 100644 --- a/api/index.html +++ b/api/index.html @@ -34,9 +34,9 @@ Skip to content
did-web-server

Overview

did-web-server API documentation (0.2.0)

This is the Open API specification for did-web-server.

  • Open API specifcation download
  • Source code
    • diff --git a/api/operations/deactivatedid/index.html b/api/operations/deactivatedid/index.html index 006770d..79c27f7 100644 --- a/api/operations/deactivatedid/index.html +++ b/api/operations/deactivatedid/index.html @@ -34,11 +34,11 @@ Skip to content
    did-web-server

    Deactivate DID

    DELETE
    /{id}/did.json

    This endpoint can only be called by the owner of the service. +Corresponds to the Deactivate (Revoke) method speficied at https://w3c-ccg.github.io/did-method-web/#deactivate-revoke.

    did:web method specification

    Parameters

    Path Parameters

    id
    required

    ID: An identifier.

    string
    person

    Query Parameters

    proofParameters
    string

    Only valid for GET requests

    Request Body

    VerifiablePresentation: W3C Verifiable Presentation, see https://w3c.github.io/vc-data-model/.

    object
    type
    required
    Array<string>
    [
      "VerifablePresentation"
    ]
    verifiableCredential
    required

    VerifiableCredential: W3C Verifiable Credential, see https://w3c.github.io/vc-data-model/.

    object
    type
    required
    Array<string>
    [
      "VerifableCredential"
    ]
    credentialSubject
    required

    DID Document: W3C DID Document, see https://w3c.github.io/did-core/.

    object
    id
    required

    DID: W3C Decentralized Identifier (DID), see https://w3c.github.io/did-core/.

    string
    did:web:example.com:person
    {
      "@context": [
        "https://www.w3.org/ns/did/v1",
        "https://w3id.org/security/suites/jws-2020/v1"
      ],
      "id": "did:web:example.com",
      "verificationMethod": [
        {
          "id": "did:web:example.com#key-0",
          "type": "JsonWebKey2020",
          "controller": "did:web:example.com",
          "publicKeyJwk": {
            "kty": "OKP",
            "crv": "Ed25519",
            "x": "0-e2i2_Ua1S5HbTYnVB0lj2Z2ytXu2-tYmDFf8f5NjU"
          }
        },
        {
          "id": "did:web:example.com#key-1",
          "type": "JsonWebKey2020",
          "controller": "did:web:example.com",
          "publicKeyJwk": {
            "kty": "OKP",
            "crv": "X25519",
            "x": "9GXjPGGvmRq9F6Ng5dQQ_s31mfhxrcNZxRGONrmH30k"
          }
        },
        {
          "id": "did:web:example.com#key-2",
          "type": "JsonWebKey2020",
          "controller": "did:web:example.com",
          "publicKeyJwk": {
            "kty": "EC",
            "crv": "P-256",
            "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8",
            "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"
          }
        }
      ],
      "authentication": [
        "did:web:example.com#key-0",
        "did:web:example.com#key-2"
      ],
      "assertionMethod": [
        "did:web:example.com#key-0",
        "did:web:example.com#key-2"
      ],
      "keyAgreement": [
        "did:web:example.com#key-1",
        "did:web:example.com#key-2"
      ]
    }
    proof
    required
    object 
    {}
    {
      "type": [
        "VerifiableCredential"
      ],
      "credentialSubject": {
        "id": "did:web:example.com"
      },
      "proof": {}
    }
    proof
    required
    object 
    {
      "type": [
        "VerifiablePresentation"
      ],
      "verifiableCredential": {
        "type": [
          "VerifiableCredential"
        ],
        "credentialSubject": {
          "id": "did:web:example.com"
        },
        "proof": {}
      },
      "proof": {}
    }

    Responses

    200

    Identifier deactivated.

    ProofParameters: Proof parameters define properties that need to be present +in the next submitted Verifiable Presentation for PUT, POST and DELETE requests.

    object
    did
    required

    DID: W3C Decentralized Identifier (DID), see https://w3c.github.io/did-core/.

    string
    did:web:example.com:person
    challenge
    required

    Challenge computed by the current state of the DID document, according to proofs.

    string
    f8e9a33856ec54be26d62689a73809713d803344bd0f522709bd0a5e0b0832b5
    domain
    required

    Domain name of the service, according to proofs.

    string
    example.com
    proof_purpose
    required

    Proof purpose according to verification relationship -and proofs.

    string
    authentication
    {
      "did": "did:web:example.com:user1",
      "challenge": "f8e9a33856ec54be26d62689a73809713d803344bd0f522709bd0a5e0b0832b5",
      "domain": "example.com",
      "proof_purpose": "assertion"
    }

    400

    Bad Request. Requested path not supported.

    401

    Unauthorized. Authorization failed due to missing or broken proof signature.

    404

    Not Found. DID of issuer could not be resolved or DID that is being updated does not exist.

    500

    Internal Server Error.

    \ No newline at end of file +and proofs.

string
authentication
{
  "did": "did:web:example.com:person",
  "challenge": "afd96f3ee6a8cb00f983e54819ab53466fe825b9d749b5b4eb6d12f09331d440",
  "domain": "example.com",
  "proof_purpose": "authentication"
}

400

Bad Request. Requested path not supported.

401

Unauthorized. Authorization failed due to missing or broken proof signature.

404

Not Found. DID of issuer could not be resolved or DID that is being updated does not exist.

500

Internal Server Error.

\ No newline at end of file diff --git a/api/operations/registerdid/index.html b/api/operations/registerdid/index.html index 2f2e59c..6f21d98 100644 --- a/api/operations/registerdid/index.html +++ b/api/operations/registerdid/index.html @@ -34,11 +34,11 @@ Skip to content
did-web-server

Register DID

POST
/{id}/did.json

This endpoint can only be called by the owner of the service. +Corresponds to the Create (Register) method speficied at https://w3c-ccg.github.io/did-method-web/#create-register.

did:web method specification

Parameters

Path Parameters

id
required

ID: An identifier.

string
person

Query Parameters

proofParameters
string

Only valid for GET requests

Request Body

VerifiablePresentation: W3C Verifiable Presentation, see https://w3c.github.io/vc-data-model/.

object
type
required
Array<string>
[
  "VerifablePresentation"
]
verifiableCredential
required

VerifiableCredential: W3C Verifiable Credential, see https://w3c.github.io/vc-data-model/.

object
type
required
Array<string>
[
  "VerifableCredential"
]
credentialSubject
required

DID Document: W3C DID Document, see https://w3c.github.io/did-core/.

object
id
required

DID: W3C Decentralized Identifier (DID), see https://w3c.github.io/did-core/.

string
did:web:example.com:person
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/jws-2020/v1"
  ],
  "id": "did:web:example.com",
  "verificationMethod": [
    {
      "id": "did:web:example.com#key-0",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "0-e2i2_Ua1S5HbTYnVB0lj2Z2ytXu2-tYmDFf8f5NjU"
      }
    },
    {
      "id": "did:web:example.com#key-1",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "X25519",
        "x": "9GXjPGGvmRq9F6Ng5dQQ_s31mfhxrcNZxRGONrmH30k"
      }
    },
    {
      "id": "did:web:example.com#key-2",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8",
        "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"
      }
    }
  ],
  "authentication": [
    "did:web:example.com#key-0",
    "did:web:example.com#key-2"
  ],
  "assertionMethod": [
    "did:web:example.com#key-0",
    "did:web:example.com#key-2"
  ],
  "keyAgreement": [
    "did:web:example.com#key-1",
    "did:web:example.com#key-2"
  ]
}
proof
required
object 
{}
{
  "type": [
    "VerifiableCredential"
  ],
  "credentialSubject": {
    "id": "did:web:example.com"
  },
  "proof": {}
}
proof
required
object 
{
  "type": [
    "VerifiablePresentation"
  ],
  "verifiableCredential": {
    "type": [
      "VerifiableCredential"
    ],
    "credentialSubject": {
      "id": "did:web:example.com"
    },
    "proof": {}
  },
  "proof": {}
}

Responses

201

Identifier created / DID document stored.

ProofParameters: Proof parameters define properties that need to be present +in the next submitted Verifiable Presentation for PUT, POST and DELETE requests.

object
did
required

DID: W3C Decentralized Identifier (DID), see https://w3c.github.io/did-core/.

string
did:web:example.com:person
challenge
required

Challenge computed by the current state of the DID document, according to proofs.

string
f8e9a33856ec54be26d62689a73809713d803344bd0f522709bd0a5e0b0832b5
domain
required

Domain name of the service, according to proofs.

string
example.com
proof_purpose
required

Proof purpose according to verification relationship -and proofs.

string
authentication
{
  "did": "did:web:example.com:user1",
  "challenge": "f8e9a33856ec54be26d62689a73809713d803344bd0f522709bd0a5e0b0832b5",
  "domain": "example.com",
  "proof_purpose": "assertion"
}

400

Bad Request. DID document missing or not valid.

401

Unauthorized. Authorization failed due to missing or broken proof signature.

404

Not Found. DID of issuer could not be resolved.

409

Conflict. DID document already exists on server.

500

Internal Server Error.

\ No newline at end of file +and proofs.

string
authentication
{
  "did": "did:web:example.com:person",
  "challenge": "afd96f3ee6a8cb00f983e54819ab53466fe825b9d749b5b4eb6d12f09331d440",
  "domain": "example.com",
  "proof_purpose": "authentication"
}

400

Bad Request. DID document missing or not valid.

401

Unauthorized. Authorization failed due to missing or broken proof signature.

404

Not Found. DID of issuer could not be resolved.

409

Conflict. DID document already exists on server.

500

Internal Server Error.

\ No newline at end of file diff --git a/api/operations/resolvedid/index.html b/api/operations/resolvedid/index.html index 8f3ba05..39f6e5f 100644 --- a/api/operations/resolvedid/index.html +++ b/api/operations/resolvedid/index.html @@ -34,15 +34,15 @@ Skip to content
did-web-server

Resolve DID / Get Proof Parameters

GET
/{id}/did.json

This endpoint can only be called by anyone without authentication.

  1. Corresponds to the Read (Resolve) method speficied at https://w3c-ccg.github.io/did-method-web/#read-resolve.
  2. With the proofParameters query parameter present, proof parameters are returned that are required for registering, updating, and deleting DID.
    3. -

did:web method specification

Parameters

Path Parameters

id
required

ID: An identifier.

string
user1

Query Parameters

proofParameters
string

Only valid for GET requests

Responses

200

Returns DID Document.

One of:

DID Document: W3C DID Document, see https://w3c.github.io/did-core/.

object
id
required

DID: W3C Decentralized Identifier (DID), see https://w3c.github.io/did-core/.

string
did:web:example.com:user1
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/jws-2020/v1"
  ],
  "id": "did:web:example.com",
  "verificationMethod": [
    {
      "id": "did:web:example.com#key-0",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "0-e2i2_Ua1S5HbTYnVB0lj2Z2ytXu2-tYmDFf8f5NjU"
      }
    },
    {
      "id": "did:web:example.com#key-1",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "X25519",
        "x": "9GXjPGGvmRq9F6Ng5dQQ_s31mfhxrcNZxRGONrmH30k"
      }
    },
    {
      "id": "did:web:example.com#key-2",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8",
        "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"
      }
    }
  ],
  "authentication": [
    "did:web:example.com#key-0",
    "did:web:example.com#key-2"
  ],
  "assertionMethod": [
    "did:web:example.com#key-0",
    "did:web:example.com#key-2"
  ],
  "keyAgreement": [
    "did:web:example.com#key-1",
    "did:web:example.com#key-2"
  ]
}
\ No newline at end of file +and proofs.

string
authentication
{
  "did": "did:web:example.com:person",
  "challenge": "afd96f3ee6a8cb00f983e54819ab53466fe825b9d749b5b4eb6d12f09331d440",
  "domain": "example.com",
  "proof_purpose": "authentication"
}

400

Bad Request. Requested path not supported.

404

Not Found. DID document not found on server.

500

Internal Server Error.

\ No newline at end of file diff --git a/api/operations/updatedid/index.html b/api/operations/updatedid/index.html index 0ff50f7..886d483 100644 --- a/api/operations/updatedid/index.html +++ b/api/operations/updatedid/index.html @@ -34,11 +34,11 @@ Skip to content
did-web-server

Update DID

PUT
/{id}/did.json

This endpoint can only be called by the owner of the DID. +Corresponds to the Update method speficied at https://w3c-ccg.github.io/did-method-web/#update.

did:web method specification

Parameters

Path Parameters

id
required

ID: An identifier.

string
person

Query Parameters

proofParameters
string

Only valid for GET requests

Request Body

VerifiablePresentation: W3C Verifiable Presentation, see https://w3c.github.io/vc-data-model/.

object
type
required
Array<string>
[
  "VerifablePresentation"
]
verifiableCredential
required

VerifiableCredential: W3C Verifiable Credential, see https://w3c.github.io/vc-data-model/.

object
type
required
Array<string>
[
  "VerifableCredential"
]
credentialSubject
required

DID Document: W3C DID Document, see https://w3c.github.io/did-core/.

object
id
required

DID: W3C Decentralized Identifier (DID), see https://w3c.github.io/did-core/.

string
did:web:example.com:person
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/jws-2020/v1"
  ],
  "id": "did:web:example.com",
  "verificationMethod": [
    {
      "id": "did:web:example.com#key-0",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "0-e2i2_Ua1S5HbTYnVB0lj2Z2ytXu2-tYmDFf8f5NjU"
      }
    },
    {
      "id": "did:web:example.com#key-1",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "X25519",
        "x": "9GXjPGGvmRq9F6Ng5dQQ_s31mfhxrcNZxRGONrmH30k"
      }
    },
    {
      "id": "did:web:example.com#key-2",
      "type": "JsonWebKey2020",
      "controller": "did:web:example.com",
      "publicKeyJwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8",
        "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4"
      }
    }
  ],
  "authentication": [
    "did:web:example.com#key-0",
    "did:web:example.com#key-2"
  ],
  "assertionMethod": [
    "did:web:example.com#key-0",
    "did:web:example.com#key-2"
  ],
  "keyAgreement": [
    "did:web:example.com#key-1",
    "did:web:example.com#key-2"
  ]
}
proof
required
object 
{}
{
  "type": [
    "VerifiableCredential"
  ],
  "credentialSubject": {
    "id": "did:web:example.com"
  },
  "proof": {}
}
proof
required
object 
{
  "type": [
    "VerifiablePresentation"
  ],
  "verifiableCredential": {
    "type": [
      "VerifiableCredential"
    ],
    "credentialSubject": {
      "id": "did:web:example.com"
    },
    "proof": {}
  },
  "proof": {}
}

Responses

200

Identifier updated.

ProofParameters: Proof parameters define properties that need to be present +in the next submitted Verifiable Presentation for PUT, POST and DELETE requests.

object
did
required

DID: W3C Decentralized Identifier (DID), see https://w3c.github.io/did-core/.

string
did:web:example.com:person
challenge
required

Challenge computed by the current state of the DID document, according to proofs.

string
f8e9a33856ec54be26d62689a73809713d803344bd0f522709bd0a5e0b0832b5
domain
required

Domain name of the service, according to proofs.

string
example.com
proof_purpose
required

Proof purpose according to verification relationship -and proofs.

string
authentication
{
  "did": "did:web:example.com:user1",
  "challenge": "f8e9a33856ec54be26d62689a73809713d803344bd0f522709bd0a5e0b0832b5",
  "domain": "example.com",
  "proof_purpose": "assertion"
}

400

Bad Request. DID document missing or not valid.

401

Unauthorized. Authorization failed due to missing or broken proof signature.

404

Not Found. DID of issuer could not be resolved or DID that is being updated does not exist.

500

Internal Server Error.

\ No newline at end of file +and proofs.

string
authentication
{
  "did": "did:web:example.com:person",
  "challenge": "afd96f3ee6a8cb00f983e54819ab53466fe825b9d749b5b4eb6d12f09331d440",
  "domain": "example.com",
  "proof_purpose": "authentication"
}

400

Bad Request. DID document missing or not valid.

401

Unauthorized. Authorization failed due to missing or broken proof signature.

404

Not Found. DID of issuer could not be resolved or DID that is being updated does not exist.

500

Internal Server Error.

\ No newline at end of file diff --git a/configuration/index.html b/configuration/index.html index 77186a4..5af6129 100644 --- a/configuration/index.html +++ b/configuration/index.html @@ -29,9 +29,9 @@ Skip to content
did-web-server

Configuration

The following configuration options are available:

@@ -128,4 +128,11 @@ -
Environment Variable NameDescriptionRequiredDefaultExample
DWS_OWNERDID of the server’s owneryesdid:key:z6MkrAvU5DpYtUjpJpohoKyKvWdbrQ1yyZcgM5TodLowsahP
DWS_ADDRESSAddress that the service listens atno127.0.0.10.0.0.0
DWS_BACKEND_FILE_STOREPath to the directory that holds the JSON DID filesno$PWD/did_store/usr/web-id/did_store
DWS_BACKENDStorage backend, currently mem and file are implementednomemfile
DWS_EXTERNAL_HOSTNAMEExternal DNS domain name that the server can be reached atnolocalhostexample.com
DWS_EXTERNAL_PATHExternal path that the DIDs shall be served atno//dids
DWS_EXTERNAL_PORTExternal port that the server can be reached atno$DWS_PORT if $HOSTNAME == "localhost", otherwise 443 as required by the specifiction3000
DWS_PORTPort that the service listens atno30003000
DWS_RESOLVER_OVERRIDEDID HTTP Resolver compatible with https://w3c-ccg.github.io/did-resolution/ that’s used as the first resolver, before the built-in resolvernohttp://uni-resolver-web:8080/1.0/identifiers/
DWS_RESOLVERDID HTTP Resolver compatible with https://w3c-ccg.github.io/did-resolution/ that’s used after the built-in resovlernohttp://uni-resolver-web:8080/1.0/identifiers/
DWS_TLSKey and certificate for serving a HTTPS/TLS secured serviceno{certs="my.crt", key="private.key"}
DWS_<more>Rocket offers more configuration settings, see https://rocket.rs/v0.5-rc/guide/configuration/#environment-variables - prefix is DWS_no
\ No newline at end of file + + + + + + + +
Environment Variable NameDescriptionRequiredDefaultExample
DWS_OWNERDID of the server’s owner.yesdid:key:z6MkrAvU5DpYtUjpJpohoKyKvWdbrQ1yyZcgM5TodLowsahP
DWS_ADDRESSIP address that the service binds to.no127.0.0.10.0.0.0 (IPv4) or :: (IPv6)
DWS_PORTPort that the service binds to.no80003000
DWS_BACKEND_FILE_STOREPath to the directory that contains the DID documents files when DWS_BACKEND=file is used.no$PWD/did_store/run/dws/did_store
DWS_BACKENDStorage backend, currently mem and file are implemented.nomemfile
DWS_EXTERNAL_HOSTNAMEExternal DNS domain name of the service. The value becomes part of the DIDs.nolocalhostexample.com
DWS_EXTERNAL_PATHExternal path that the DIDs will be served at. The value becomes part of the DIDs.no//dids
DWS_EXTERNAL_PORTExternal service port. The value becomes part of the DIDs.no8000 if $DWS_EXTERNAL_HOSTNAME == "localhost" otherwise 443 as required by the specifiction3000
DWS_RESOLVER_OVERRIDEDID resolver compatible with https://w3c-ccg.github.io/did-resolution/ that’s used before the built-in resolver.nohttp://uni-resolver-web:8080/1.0/identifiers/
DWS_RESOLVERDID resolver compatible with https://w3c-ccg.github.io/did-resolution/ that’s used after the built-in resovler.nohttp://uni-resolver-web:8080/1.0/identifiers/
DWS_TLSKey and certificate for serving a HTTPS/TLS secured service.no{certs="cert.pem", key="private.key"}
DWS_LOG_LEVELLog level.nonormaloff, normal, debug, or critical
DWS_<more>Rocket offers more configuration settings, see https://rocket.rs/v0.5/guide/configuration/#environment-variables. Use prefix DWS_.no
\ No newline at end of file diff --git a/congratulations/index.html b/congratulations/index.html index bca5e47..cf11c91 100644 --- a/congratulations/index.html +++ b/congratulations/index.html @@ -29,7 +29,7 @@ Skip to content
did-web-server
\ No newline at end of file diff --git a/deployment/hosted-service/index.html b/deployment/hosted-service/index.html index 8af9396..3824c86 100644 --- a/deployment/hosted-service/index.html +++ b/deployment/hosted-service/index.html @@ -29,6 +29,6 @@ Skip to content
did-web-server
\ No newline at end of file diff --git a/deployment/self-hosting/index.html b/deployment/self-hosting/index.html index a895aaf..56511a3 100644 --- a/deployment/self-hosting/index.html +++ b/deployment/self-hosting/index.html @@ -29,6 +29,43 @@ Skip to content
did-web-server

Self-Hosting

First, follow the instructions in the Getting Started guide. Then continue with this guide.

+

Add TLS certificate

+

With the completion of the Getting Started guide, the server is functional to create, update and +delete DIDs. However, when operating did-web-server under a DNS name other than localhost the did:web + specification +requires resolvers to only accept encrypted traffic. Therefore, a certificate needs to be added to the server.

+

If possible, obtain a valid certificate from a known Certificate Authority (CA) like Let’s Encrypt and continue with +section Install Certifcation. If this is not possible, +create a local CA and with a self-issued certificate.

+

Create local Certificate Authority

+

The excellent mkcert tool simplifies the creation and operating system +integration of a local Certificate Authority. Follow these steps to set up the Certificate Authority:

+
    +
  1. Install mkcert following the instructions on +https://github.com/FiloSottile/mkcert
    2. +
  2. Setup and install local CA:
    3. +
+
Terminal window
mkcert -install
+

Ensure that the previous command completed successfully before proceeding to the next step.

+

Issue self-signed Certificate for Server

+

To issue the certificate, first determine the DNS name of the server. example.com is assumed in the following steps.

+

Create private key and issue certificate:

+
Terminal window
mkcert example.com
+

Install Certificate

+
    +
  1. Now, let’s enable the certificate in the configuration:
    2. +
+
.env
# Put the created or an existing DID here.
DWS_OWNER=did:key:xxxx
# Set DWS_ADDRESS to bind to all IPv4 and IPv6 addresses so the service can be exposed to the local computer.
DWS_ADDRESS=::
# Hostname and port determine the DIDs that are managed by this server, e.g. did:web:id.localhost%3A8000:xyz.
DWS_EXTERNAL_HOSTNAME=example.com
# Store DIDs on the local file system.
DWS_BACKEND=file
# DIDs will be stored in the `dids` folder below your current directory.
DWS_BACKEND_FILE_STORE=/run/dws/did_store
DWS_LOG_LEVEL=normal
# For compatibilty with DID resolvers, a certificate is required. It will be added later.
DWS_TLS={certs="example.com.pem",key="example.com-key.pem"}
+
    +
  1. With the updated configuration in place, let’s restart the server:
    2. +
+
Terminal window
docker run -it --rm -p 8000:443 --env-file .env -u "$(id -u):$(id -g)" -v "$PWD:/run/dws" identinet/did-web-server:0.2.0
+

Test Functionality

+

The validity of the test server’s certificate can be tested by either visiting +https://example.com/person/did.json in the browser or running the following +command:

+
Terminal window
curl --fail-with-body https://example.com/person/did.json
+

Congratulations, you have a fully operational did-web-server instance! 🎉

\ No newline at end of file diff --git a/did-management/deactivate-a-did/index.html b/did-management/deactivate-a-did/index.html deleted file mode 100644 index 8c78e61..0000000 --- a/did-management/deactivate-a-did/index.html +++ /dev/null @@ -1,42 +0,0 @@ - Deactivate a DID | did-web-server - - Skip to content
did-web-server

Deactivate a DID

Docusaurus creates a page for each blog post, but also a blog index -page, a tag system, an RSS feed…

-

Create your first Post

-

Create a file at blog/2021-02-28-greetings.md:

-
blog/2021-02-28-greetings.md
---
slug: greetings
title: Greetings!
authors:
  - name: Joel Marcey
    title: Co-creator of Docusaurus 1
    url: https://github.com/JoelMarcey
    image_url: https://github.com/JoelMarcey.png
  - name: SĂ©bastien Lorber
    title: Docusaurus maintainer
    url: https://sebastienlorber.com
    image_url: https://github.com/slorber.png
tags: [greetings]
---

-
Congratulations, you have made your first post!

-
Feel free to play around and edit this post as much as you like.
-

A new blog post is now available at -http://localhost:3000/blog/greetings.

\ No newline at end of file diff --git a/did-management/deactivate-did/index.html b/did-management/deactivate-did/index.html new file mode 100644 index 0000000..a95ef5e --- /dev/null +++ b/did-management/deactivate-did/index.html @@ -0,0 +1,79 @@ + Deactivate DID | did-web-server + + Skip to content
did-web-server

Deactivate DID

Deactivating a DID is a resverved operation for the server’s owner. The steps for registering a DID are described in the +Getting Started guide.

+

Deactivate did:web + DID

+

did-web-server uses DIDs, Verifiable Credentials (VCs) and Verfiable Presentations (VPs) to verify access and encode +data. The following diagram depicts the preparation process for removing a DID document from the server:

+
    +
  1. The DID document is reqiured and can be fetched from the server.
    2. +
  2. A Verifiable Credential is created that includes the DID document. The VC is signed by an authorized key.
    3. +
  3. A Verifiable Presentation is created that includes the VC. The VP is signed by an authorized key. To mitigate replay +attacks, the VP must also contain specific proof parameters that can be retrieved from did-web-server.
    4. +
  4. If the submitted VP and VC are successfully verfied, the included DID document is removed from the server.
    5. +
+

Component diagram for creating and updating a DID document

+

Retrieve DID document

+

Execute the following command to create the DID document that includes both public keys:

+
person-did.json
curl --fail-with-body -o person-did.json http://localhost:8000/person/did.json
+

Place DID document in Verifiable Credential

+

Since did-web-server uses Verifiable Credentials for authentication and authorization, and DID documents as data, the +created DID document needs to be placed within a Verifiable Credential. Execute the following command to create and sign +the credential:

+
person-vc-did.json
cat > person-vc-did.json <<EOF
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "uuid:49387f58-c0d9-4b14-a4f4-bc31a021d925",
  "type": ["VerifiableCredential"],
  "issuer": "$(cat owner.did)",
  "issuanceDate": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
  "credentialSubject": $(cat person-did.json)
}
EOF
+

Sign credential:

+
person-vc-did-signed.json
VERIFICATION_METHOD="$(docker run --rm --network=host identinet/didkit-cli:0.3.2-4 did resolve "$(cat owner.did)" | jq -r '.assertionMethod.[0]')"
docker run -i --rm -u "$(id -u):$(id -g)" -v "$PWD:/run/didkit" --network=host identinet/didkit-cli:0.3.2-4 credential issue \
  -k owner.jwk -p assertionMethod -t Ed25519Signature2018 -v "$VERIFICATION_METHOD" < person-vc-did.json > person-vc-did-signed.json
+

Place Verifiable Credential in Verifiable Presentation

+

The last step in preparing the data for submission is to place the signed Verifiable Credential within a Verifiable +Presentation and secure the registration against replay attacks. did-web-server prevents reply attacks i.e. the +observation and resubmission of a valid presentation with the goal of overwriting the current configuration of the DID, +by expecting the hash of the current DID document to be present as a +challenge in the proof section of the Verifiable Presentation, +alongside other parameters.

+

The first step of placing the Verifiable Credential inside a Verifiable Presentation is to retrieve the proof parameters +for the DID:

+
person-vp-proof-parameters.json
curl --fail-with-body -o person-vp-proof-parameters.json http://localhost:8000/person/did.json?proofParameters
+

With the proof parameters in place, the next step is to create the presentation:

+
person-vp.json
cat > person-vp.json <<EOF
{
  "@context": "https://www.w3.org/2018/credentials/v1",
  "type": ["VerifiablePresentation"],
  "holder": "$(cat owner.did)",
  "verifiableCredential": $(cat person-vc-did-signed.json)
}
EOF
+

Finally, sign the presentation with the correct proof parameters:

+
person-vp-did-signed.json
VERIFICATION_METHOD="$(docker run --rm --network=host identinet/didkit-cli:0.3.2-4 did resolve "$(cat owner.did)" | jq -r '.assertionMethod.[0]')"
DOMAIN="$(jq -r .domain person-vp-proof-parameters.json)"
CHALLENGE="$(jq -r .challenge person-vp-proof-parameters.json)"
PROOF_PURPOSE="$(jq -r .proof_purpose person-vp-proof-parameters.json)"
docker run -i --rm -u "$(id -u):$(id -g)" -v "$PWD:/run/didkit" --network=host identinet/didkit-cli:0.3.2-4 presentation issue \
  -k owner.jwk -p "$PROOF_PURPOSE" -t Ed25519Signature2018 -v "$VERIFICATION_METHOD" -d "$DOMAIN" -C "$CHALLENGE" \
< person-vp.json > person-vp-signed.json
+

Deactivate DID on server

+

The last step is to submit the signed presentation to the server:

+
Terminal window
curl --fail-with-body -X DELETE -d @person-vp-signed.json http://localhost:8000/person/did.json
+

Let’s verify that the DID document doesn’t exist anymore:

+
Terminal window
curl --fail-with-body http://localhost:8000/person/did.json
+

Congratulations, you’ve deleted the DID document! 🎉

\ No newline at end of file diff --git a/did-management/register-a-did/index.html b/did-management/register-a-did/index.html deleted file mode 100644 index 42ea6a3..0000000 --- a/did-management/register-a-did/index.html +++ /dev/null @@ -1,51 +0,0 @@ - Register a DID | did-web-server - - Skip to content
did-web-server

Register a DID

Add Markdown or React files to src/pages to create a standalone page:

-
    -
  • src/pages/index.js → localhost:3000/
    • -
  • src/pages/foo.md → localhost:3000/foo
    • -
  • src/pages/foo/bar.js → localhost:3000/foo/bar
    • -
-

Create your first React Page

-

Create a file at src/pages/my-react-page.js:

-
src/pages/my-react-page.js
import React from "react";
import Layout from "@theme/Layout";

-
export default function MyReactPage() {
  return (
    <Layout>
      <h1>My React page</h1>
      <p>This is a React page</p>
    </Layout>
  );
}
-

A new page is now available at -http://localhost:3000/my-react-page.

-

Create your first Markdown Page

-

Create a file at src/pages/my-markdown-page.md:

-
src/pages/my-markdown-page.md
# My Markdown page

-
This is a Markdown page
-

A new page is now available at -http://localhost:3000/my-markdown-page.

\ No newline at end of file diff --git a/did-management/resolve-a-did/index.html b/did-management/register-did/index.html similarity index 55% rename from did-management/resolve-a-did/index.html rename to did-management/register-did/index.html index 54d5449..f4f8022 100644 --- a/did-management/resolve-a-did/index.html +++ b/did-management/register-did/index.html @@ -1,4 +1,4 @@ - Resolve a DID | did-web-server Skip to content
did-web-server

Register DID

Registering a DID is a resverved operation for the server’s owner. The steps for registering a DID are described in the +Getting Started guide.

+

DID controllers are only permitted to update their DID or +resolve DIDs.

\ No newline at end of file diff --git a/did-management/resolve-did/index.html b/did-management/resolve-did/index.html new file mode 100644 index 0000000..446cc0f --- /dev/null +++ b/did-management/resolve-did/index.html @@ -0,0 +1,42 @@ + Resolve DID | did-web-server + + Skip to content
did-web-server

Resolve DID

Resolve a DID is an operation available without prior authentication. did-web-server implements the +did:web + method specification for resolving DIDs.

+

Example:

+
    +
  • Given DID did:web:localhost#3A8000:person
    • +
  • Execute this command to resolve it:
    • +
+
Terminal window
curl --fail-with-body http://localhost:8000/person/did.json | jq
\ No newline at end of file diff --git a/did-management/update-a-did/index.html b/did-management/update-a-did/index.html deleted file mode 100644 index c802eff..0000000 --- a/did-management/update-a-did/index.html +++ /dev/null @@ -1,53 +0,0 @@ - Update a DID | did-web-server - - Skip to content
did-web-server

Update a DID

Documents are groups of pages connected through:

-
    -
  • a sidebar
    • -
  • previous/next navigation
    • -
  • versioning
    • -
-

Create your first Doc

-

Create a Markdown file at docs/hello.md:

-
docs/hello.md
# Hello

-
This is my **first Docusaurus document**!
-

A new document is now available at -http://localhost:3000/docs/hello.

-

Configure the Sidebar

-

Docusaurus automatically creates a sidebar from the docs folder.

-

Add metadata to customize the sidebar label and position:

-
docs/hello.md
---
sidebar_label: 'Hi!'
sidebar_position: 3
---

-
# Hello

-
This is my **first Docusaurus document**!
-

It is also possible to create your sidebar explicitly in sidebars.js:

-
sidebars.js
export default {
  tutorialSidebar: [
    "intro",
    // highlight-next-line
    "hello",
    {
      type: "category",
      label: "Tutorial",
      items: ["tutorial-basics/create-a-document"],
    },
  ],
};
\ No newline at end of file diff --git a/did-management/update-did/index.html b/did-management/update-did/index.html new file mode 100644 index 0000000..0eef01c --- /dev/null +++ b/did-management/update-did/index.html @@ -0,0 +1,89 @@ + Update DID | did-web-server + + Skip to content
did-web-server

Update DID

Updating a DID document is a reserved operation for the DID’s controller. As described in the +Getting Started guide, the prerequisite for managing a DID document is access to the DID’s +cryptographic privat key. In the following sections, the private key is assumed to be stored in file person.jwk.

+

Update did:web + DID

+

Let’s add a second key to the DID: did:web:localhost%3A8000:person

+

did-web-server uses DIDs, Verifiable Credentials (VCs) and Verfiable Presentations (VPs) to verify access and encode +data. The following diagram depicts the preparation process for an updated DID document to be sent to and stored on the +server:

+
    +
  1. First, another cryptographic key is created.
    2. +
  2. The DID document is updated to include the second key.
    3. +
  3. A Verifiable Credential is created that includes the DID document. The VC is signed by an authorized key.
    4. +
  4. A Verifiable Presentation is created that includes the VC. The VP is signed by an authorized key. To mitigate replay +attacks, the VP must also contain specific proof parameters that can be retrieved from did-web-server.
    5. +
  5. If the submitted VP and VC are successfully verfied, the included DID document is stored on the server.
    6. +
+

Component diagram for creating and updating a DID document

+

Create second key

+

Every DID requires a public private key pair. We can reuse the previous command to create another key pair for the new +DID:

+
person.jwk
docker run --rm identinet/didkit-cli:0.3.2-4 key generate ed25519 > person.jwk2
+

Let’s store the DID in a file for quick access:

+
"person.did
echo "did:web:localhost%3A8000:person" > person.did
+

Update DID document

+

Execute the following command to create the DID document that includes both public keys:

+
person-did.json
cat > person-did.json <<EOF
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/jws-2020/v1"
  ],
  "id": "did:web:localhost%3A8000:person",
  "verificationMethod": [
    {
      "id": "did:web:localhost%3A8000:person#key1",
      "type": "JsonWebKey2020",
      "controller": "did:web:localhost%3A8000:person",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "$(jq -r .x person.jwk)"
      }
    },
    {
      "id": "did:web:localhost%3A8000:person#key2",
      "type": "JsonWebKey2020",
      "controller": "did:web:localhost%3A8000:person",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "$(jq -r .x person.jwk2)"
      }
    }
  ],
  "authentication": ["did:web:localhost%3A8000:person#key1", "did:web:localhost%3A8000:person#key2"],
  "assertionMethod": ["did:web:localhost%3A8000:person#key1",  "did:web:localhost%3A8000:person#key2"]
}
EOF
+

Place DID document in Verifiable Credential

+

Since did-web-server uses Verifiable Credentials for authentication and authorization, and DID documents as data, the +created DID document needs to be placed within a Verifiable Credential. Execute the following command to create and sign +the credential:

+
person-vc-did.json
cat > person-vc-did.json <<EOF
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "uuid:49387f58-c0d9-4b14-a4f4-bc31a021d925",
  "type": ["VerifiableCredential"],
  "issuer": "$(cat person.did)",
  "issuanceDate": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
  "credentialSubject": $(cat person-did.json)
}
EOF
+

Sign credential:

+
person-vc-did-signed.json
VERIFICATION_METHOD="$(docker run --rm --network=host identinet/didkit-cli:0.3.2-4 did resolve "$(cat person.did)" | jq -r '.assertionMethod.[0]')"
docker run -i --rm -u "$(id -u):$(id -g)" -v "$PWD:/run/didkit" --network=host identinet/didkit-cli:0.3.2-4 credential issue \
  -k person.jwk -p assertionMethod -t Ed25519Signature2018 -v "$VERIFICATION_METHOD" < person-vc-did.json > person-vc-did-signed.json
+

Place Verifiable Credential in Verifiable Presentation

+

The last step in preparing the data for submission is to place the signed Verifiable Credential within a Verifiable +Presentation and secure the registration against replay attacks. did-web-server prevents reply attacks i.e. the +observation and resubmission of a valid presentation with the goal of overwriting the current configuration of the DID, +by expecting the hash of the current DID document to be present as a +challenge in the proof section of the Verifiable Presentation, +alongside other parameters.

+

The first step of placing the Verifiable Credential inside a Verifiable Presentation is to retrieve the proof parameters +for the DID:

+
person-vp-proof-parameters.json
curl --fail-with-body -o person-vp-proof-parameters.json http://localhost:8000/person/did.json?proofParameters
+

With the proof parameters in place, the next step is to create the presentation:

+
person-vp.json
cat > person-vp.json <<EOF
{
  "@context": "https://www.w3.org/2018/credentials/v1",
  "type": ["VerifiablePresentation"],
  "holder": "$(cat person.did)",
  "verifiableCredential": $(cat person-vc-did-signed.json)
}
EOF
+

Finally, sign the presentation with the correct proof parameters:

+
person-vp-did-signed.json
VERIFICATION_METHOD="$(docker run --rm --network=host identinet/didkit-cli:0.3.2-4 did resolve "$(cat person.did)" | jq -r '.assertionMethod.[0]')"
DOMAIN="$(jq -r .domain person-vp-proof-parameters.json)"
CHALLENGE="$(jq -r .challenge person-vp-proof-parameters.json)"
PROOF_PURPOSE="$(jq -r .proof_purpose person-vp-proof-parameters.json)"
docker run -i --rm -u "$(id -u):$(id -g)" -v "$PWD:/run/didkit" --network=host identinet/didkit-cli:0.3.2-4 presentation issue \
  -k person.jwk -p "$PROOF_PURPOSE" -t Ed25519Signature2018 -v "$VERIFICATION_METHOD" -d "$DOMAIN" -C "$CHALLENGE" \
< person-vp.json > person-vp-signed.json
+

Update DID on server

+

The last step is to submit the signed presentation to the server:

+
Terminal window
curl --fail-with-body -X PUT -d @person-vp-signed.json http://localhost:8000/person/did.json
+

Let’s retrieve the DID document from did-web-server for inspection:

+
Terminal window
curl --fail-with-body http://localhost:8000/person/did.json | jq
+

Congratulations, you’ve updated the DID document! 🎉

\ No newline at end of file diff --git a/getting-started/index.html b/getting-started/index.html index 4123a72..16bb6a4 100644 --- a/getting-started/index.html +++ b/getting-started/index.html @@ -29,7 +29,7 @@ Skip to content
did-web-server