Controller Documents v1.0

[msporny]

The Verifiable Credentials Working Group is requesting a TAG review of Controller Documents by the end of summer 2024 (ideally, sooner). Controller Documents are a generalization of DID Documents and some content from VC Data Integrity. All this to say, the TAG has reviewed most of this content before when it reviewed DID Core, and then again when it reviewed Verifiable Credential Data Integrity. The Working Group recently decided that it would rather have this content in a separate specification than embed it in DID Core or VC Data Integrity.

A Controller Document is a generalization of a DID Document that enables one to use more than just DIDs as identifiers. It also standardizes some data structures and algorithms that we were unable to standardize during the DID Core v1.0 work. Almost all of the normative content that exists in the specification was approved by the TAG before VC Data Integrity entered the Candidate Recommendation phase (so, a light review is probably all that is needed).

• Explainer:
  • DID Core Explainer
  • Data Integrity Explainer
  • Let us know if you would like us to write another explainer for this spec: The spec is basically just "DID Documents, but you can now use other types of URLs in them (like HTTPS-based ones)". The spec exists so we can establish spec text, separate from DID Core and Data Integrity, that we can then normatively reference from other specs in the VCWG that don't have anything to do with DIDs, like generalized public key discovery algorithms.
• Specification URLs:
  • Controller Document
• Tests:
  • Controller Documents are being tested via the VC Data Integrity test suites (when verifying digital signatures, cryptographic key material is fetched from Controller Documents).
  • VC Data Integrity Test Suites
• User research: Jobs for the Future Interoperability Results using VC Data Integrity
• Security and Privacy self-review: Security and Privacy Self-Review Questionnaire  w3c/vc-data-integrity#98
• GitHub repo (if you prefer feedback filed there):
  • https://github.com/w3c/controller-document/issues/
• Primary contacts (and their relationship to the specification):
  • Manu Sporny (@msporny), Editor, Digital Bazaar
  • Mike Jones (@selfissued), Editor, Independent
  • Brent Zundel (@brentzundel), VCWG Chair, Mesur.io
  • Ivan Herman (@iherman), VCWG Staff Contact, W3C
• Organization(s)/project(s) driving the specification: W3C Verifiable Credentials Working Group
• Key pieces of existing multi-stakeholder review or discussion of these specifications:
  • Inclusion of the work in the VCWG Charter
  • Jobs for the Future Interoperability Plugfest #2 using Controller Documents
• External status/issue trackers for these specification (publicly visible, e.g. Chrome Status):
  • https://github.com/w3c/controller-document/issues/

Further details:

• I have reviewed the TAG's Web Platform Design Principles
• Relevant time constraints or deadlines: The VCWG is planning to take this specification to Candidate Recommendation in September 2024 (at W3C TPAC), reviews before that time frame (ideally, by the end of July 2024) would be ideal.
• The group where the work on this specification is currently being done: W3C Verifiable Credentials Working Group
• Major unresolved issues with or opposition to this specification:
  • None
• This work is being funded by: The members of the W3C VCWG that are actively participating in the development of these specifications including funding from the US Federal Government, the European Commission, and the Canadian Federal Government.

You should also know that...

• The TAG has reviewed and approved 90%+ of the content in the specification before once when it reviewed DID Core and then again when it reviewed Data Integrity.

We'd prefer the TAG provide feedback as:

☂️ open a single issue in our GitHub repo for the entire review