w3c/did-extensions

sec:authenticationMethod != sec:authentication

Closed this issue Β· 13 comments

OR13 commented

IRIs for verification methods in did core context are not correct.... https://w3c-ccg.github.io/security-vocab/#authentication

Yeah, it should be "sec:authenticationMethod". The simple term "authentication" maps to "sec:authenticationMethod" (this is how it's been in software and contexts for years).

@dlongley for the current (RDF) vocabularies and constraint files (in #183) I only used sec:authenticationMethod. The only place where authentication term appears is in the context file. In other words, at least in those vocabulary files, sec:authentication does not exist (nor does did:authentication). That is then correct, isn't it?

@iherman, that's right. It looks like the only problem is with the draft security vocab document here:

https://w3c-ccg.github.io/security-vocab/#authentication

Which should be simple enough to fix and is unrelated to #183.

OR13 commented

@iherman @dlongley what do I need to do to close this?

@OR13, open an issue on the security-vocab repo and link to this one. Then this one can be closed.

+1 to @dlongley. There are, I believe, serious issues with the security vocab document*, but that is not the responsibility of this WG and/or the registry document. I believe the DID vocabulary files and context files are all right and this issue should be closed.


* Formally, the security vocab document is a misnomer. It does not define a vocabulary, it specifies, essentially, the JSON-LD context file. For DID the context file and the vocabulary specification are separate, and the same should be done with the security vocabulary. The discrepancy between authentication and sec:authenticationMethod is just a visible tip of the iceberg.

OR13 commented

Cross linked, but unclear how to resolve: w3c-ccg/security-vocab#91

Tell me what to do.

Cross linked, but unclear how to resolve: w3c-ccg/security-vocab#91

Tell me what to do.

From my point of view: the same work should be done as what we did for DID. Ie, conceptually:

  1. specify a vocabulary document with a proper RDF specification in RDF(S), with serializations in JSON-LD and in Turtle, and an HTML file that describes the vocabulary items. That vocabulary contains sec:authenticationMethod and only that.
  2. specify a separate JSON-LD context file and, possibly, a human-readable short description thereof, that defines a mapping from the JSON-LD terms to their equivalents in the formal vocabulary. That contains sec:authentication and only that.

Obviously, bits and pieces are already in the current document, so the human-readable part can be done by re-engineering the current document. The context file itself is also present, of course. The vocabulary files must be created.

Caveat: I speak with my (former) Semantic Web hat on...

I think I'm running into a problem related to this, but I'm really not that knowledgeable on JSON-LD and how it works under the hood so I'm not sure.

A controller object is created from a resolved did document, but the authentication keyword is resolved to sec:authenticationMethod by the linked data processor (while the others keep their simple term)

Due to this the controller proof purpose check I wrote (read: copied from vc.js ☺️) is failing because it can't find any authentication keys. Is it correct that this is related to this issue?

Commenting the line from the local DID context I use for testing solves the issue:

    "authentication": "sec:authenticationMethod",
OR13 commented

@TimoGlastra the problem you are reporting is likely due to the way frame uses the context to find the correct verification method. this example works for me:

https://did.key.transmute.industries/did:key:z6MktZ82N6qNh8ocwFpZvdSoM4X3871cg4v4PoDVAPnBXNvg

https://github.com/w3c/did-spec-registries/blob/master/vocabs/v1/context.jsonld#L34

I used the wrong context. Sigh...

Thanks!