aries-cloudagent-python icon indicating copy to clipboard operation
aries-cloudagent-python copied to clipboard
verified publisher icon hyperledger

Feature/didweb

Open domwoe opened this issue 4 years ago • 3 comments

Work in progress PR to add the did web capabilities to ACA-PY

  • Native did:web resolver
  • Serve did document under /.well-known/did.json
  • Create a did document from wallet content (uses public DID and endpoint) + additional keys (e.g.) BBS+ keys can be referenced
  • Connection/DID Exchange based on implicit invitation with public did:web

Multitenancy is currently not supported. Needs cleaning and tests. I'm not an experienced Python programmer so there might be stupid things I've done. Would be cool if someone could take a look.

Example usage: Assumption: ACA-Py has configured a public DID, admin interface with HTTPS (e.g. via ngrok) and a BBS+ did:key

POST:  /didweb​/create-from-wallet​/{did}

{
  "verification_methods": [{
"did":"did:key:zUC71v7BaQAEpNCN9wVetcqMWtWPygSuQ2t4MJ1H9654Aio3DypS8wCd253CZ29C1CiLSMmC8MrepFYvKrvdMHBatyEoQa5pffr8HMqvRR98Vb7NtEBkpN9Ld73jyeyAqYxg8Fy", "
verification_relationships": ["assertion_method"]
}]}

will produce:

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:web:478eb39f6464.ngrok.io",
  "verificationMethod": [
  {
    "id": "did:web:478eb39f6464.ngrok.io#key-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:web:478eb39f6464.ngrok.io",
    "publicKeyBase58": "DAwrZwgMwkTVHUQ8ZYAmuvzwprDmX8vFNXzFioxrWpCA"
  },
  {
     "id": "did:web:478eb39f6464.ngrok.io#key-2",
     "type": "Bls12381G2Key2020",
     "controller": "did:web:478eb39f6464.ngrok.io",
     "publicKeyBase58": 
"n5ZJWiW1TkL9jzpoig99Db9UjQ8hN4L8UuRTfEcFRqSEpNroSGoUDd5XQ2nwUuAhJ9MK5wzqSMzxNzCWC1qs51i5cEBii2ie1i9XXCWG1dyWXKr9jRyETJdmWUEHFzoodef"
}
],
"authentication": [
"did:web:478eb39f6464.ngrok.io#key-1"
],
"assertionMethod": [
"did:web:478eb39f6464.ngrok.io#key-1",
"did:web:478eb39f6464.ngrok.io#key-2"
],
"service": [
{
"id": "did:web:478eb39f6464.ngrok.io#did-communication",
"type": "did-communication",
"serviceEndpoint": "http://host.docker.internal:8000",
"recipientKeys": [
"did:web:478eb39f6464.ngrok.io#key-1"
],
"routingKeys": [],
"priority": 0
}
]
}

served under https:478eb39f6464.ngrok.io/.well-known/did.json

domwoe avatar May 04 '21 08:05 domwoe

This is looking good so far.

I think the did:web: serving support would probably have to wait until 0.7 is released. The resolver code should probably be a separate PR, as it's useful on its own (although I think there is some shared code).

There are some changes to the connections protocol which I'd rather not touch - that one is basically frozen, with new features going into did-exchange only. I think the update to accept non-sov DIDs was also merged independently.

andrewwhitehead avatar Jun 01 '21 16:06 andrewwhitehead

Thanks @andrewwhitehead

I guess it's a good idea to separate the resolver part out in a new PR. I'll have a look what has changed in the base resolver since I did my implementation tomorrow.

domwoe avatar Jun 01 '21 20:06 domwoe

@andrewwhitehead -- when you get a chance, please review and address -- close, merge or perhaps reimplement.

swcurran avatar Jan 11 '22 20:01 swcurran

Closing this as this is not moving forward and I think stuff has changed in the DID resolution part of the code.

swcurran avatar Aug 22 '22 20:08 swcurran