DID Document Property Extensions

Known Extensions for DID Document properties and values

W3C Group Note

More details about this document
This version:
https://www.w3.org/TR/2024/NOTE-did-extensions-properties-20241119/
Latest published version:
https://www.w3.org/TR/did-extensions-properties/
Latest editor's draft:
https://w3c.github.io/did-extensions/properties/
History:
https://www.w3.org/standards/history/did-extensions-properties/
Commit history
Editors:
Manu Sporny (Digital Bazaar) (2017-present)
Markus Sabadello (Danube Tech) (2020-present)
Former editors:
Orie Steele (Transmute) (2020-2022)
Amy Guy (Digital Bazaar) (2020-2022)
Author:
The Decentralized Identifier Working Group (W3C)
Feedback:
GitHub w3c/did-extensions (pull requests, new issue, open issues)
public-did-wg@w3.org with subject line [did-extensions-properties] … message topic … (archives)
Related Documents
DID Core
DID Core Implementation Report
DID Use Cases and Requirements

Abstract

This document serves as a collection of known DID Document properties and property values.

Status of This Document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

Comments regarding this document are welcome. Please file issues directly on GitHub, or send them to public-did-wg@w3.org ( subscribe, archives).

Portions of the work on this specification have been funded by the United States Department of Homeland Security's Science and Technology Directorate under contracts HSHQDC-16-R00012-H-SB2016-1-002, 70RSAT20T00000010, and HSHQDC-17-C-00019. The content of this specification does not necessarily reflect the position or the policy of the U.S. Government and no official endorsement should be inferred.

Work on this registry has also been supported by the Rebooting the Web of Trust community facilitated by Christopher Allen, Shannon Appelcline, Kiara Robles, Brian Weller, Betty Dhamers, Kaliya Young, Kim Hamilton Duffy, Manu Sporny, Drummond Reed, Joe Andrieu, and Heather Vescent, Dmitri Zagidulin, and Dan Burnett.

This document was published by the Decentralized Identifier Working Group as a Group Note using the Note track.

This Group Note is endorsed by the Decentralized Identifier Working Group, but is not endorsed by W3C itself nor its Members.

This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

The W3C Patent Policy does not carry any licensing requirements or commitments on this document.

This document is governed by the 03 November 2023 W3C Process Document.

1. Introduction

This section is non-normative.

This document serves as a collection of known DID Document properties and property values.

1.1 The Registration Process

The registration process is described in the Decentralized Identifier Extensions.

1.2 Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key word MUST in this document is to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

2. Property Names

The following section defines the properties available for use in a DID document. Note that some of these properties are defined in the DID Core Specification, and others are defined elsewhere and may be method- or domain-specific. Please read the associated specifications to ensure that the properties you use are appropriate for your implementation. The properties are arranged here according to the purpose they serve.

Issue

This registry is a work in progress and some properties are missing normative definitions. We are working on this! This does NOT mean that in future it will be possible to submit items to the registry without normative definitions (see 1.1 The Registration Process).

2.1 DID document properties

These properties are foundational to DID documents, and are expected to be useful to all DID methods.

2.1.1 id

Normative Definition JSON-LD
DID Core DID Core
Example 1: Example of id property
{
  "id": "did:example:123",
  ...
}

2.1.2 alsoKnownAs

Normative Definition JSON-LD
DID Core DID Core
Example 2: Example of alsoKnownAs property
{
  "alsoKnownAs": "https://example.com/",
  ...
}

2.1.3 controller

Normative Definition JSON-LD
DID Core DID Core
Example 3: Example of controller property
{
  "controller": "did:example:123",
  ...
}

2.1.4 verificationMethod

Normative Definition JSON-LD
DID Core Terminology DID Core
Example 4: Example of verificationMethod property
{
  "id": "did:example:123",
  "verificationMethod": [
    {
      "id": "did:example:123#key-1",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    },
    {
      "id": "did:example:123#key-2",
      "type": "JsonWebKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "r7V8qmdFbwqSlj26eupPew1Lb22vVG5vnjhn3vwEA1Y"
      },
    }
  ]
}

2.1.5 publicKey

Deprecated

This property has been deprecated, use verificationMethod instead.

Normative Definition JSON-LD
security-vocab security-vocab context
Example 5: Example of publicKey property
{
  "id": "did:example:123",
  "publicKey": [
    {
      "id": "did:example:123#ZC2jXTO6t4R501bfCXv3RxarZyUbdP2w_psLwMuY6ec",
      "type": "Ed25519VerificationKey2018",
      "controller": "did:example:123",
      "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    },
    {
      "id": "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q",
      "type": "EcdsaSecp256k1VerificationKey2019",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "crv": "secp256k1",
        "x": "NtngWpJUr-rlNNbs0u-Aa8e16OwSJu6UiFf0Rdo1oJ4",
        "y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo",
        "kty": "EC",
        "kid": "WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
      }
    }
  ]
}

2.1.6 service

Normative Definition JSON-LD
DID Core DID Core
Example 6: Example of service and serviceEndpoint properties
{
  ...
  "service": [{
    "id": "did:example:123#edv",
    "type": "EncryptedDataVault",
    "serviceEndpoint": "https://edv.example.com/"
  }]
}

2.1.7 linkedResource

Normative Definition JSON-LD
DID Cosmos Linked Resources Cosmos JSON-LD Context
Example 7: Example of linked resource properties
{
    ...
    "linkedResource" : [{
      "id": "did:cosmos:1:impacthub:nft:abc123#resourceHashgraph",
      "path": "did:cosmos:1:impacthub:nft:abc123/resourceHashgraph",
      "type": "hashgraph",
      "proof": "afybeiemxf5abjwjbikoz4mcb3a3dla6ual3jsgpdr4cjr3oz",
      "endpoint" : "did:cosmos:1:impacthub:nft:abc123?service=mediator"
  }]
}

2.1.8 dnsValidationDomain

Normative Definition JSON-LD
High Assurance DIDs with DNS dnsValidationDomain JSON-LD Context
Example 8: Example of dnsValidationDomain property
{
  "dnsValidationDomain": "mydomain.example"
  ...
}

2.2 Verification relationships

These are properties that express the relationship between the DID subject and a verification method using a verification relationship.

2.2.1 assertionMethod

Normative Definition JSON-LD
DID Core DID Core
Example 9: Example of assertionMethod property
{
  ...
  "verificationMethod": [{
    "id": "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q",
    "type": "EcdsaSecp256k1VerificationKey2019",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "crv": "secp256k1",
      "x": "NtngWpJUr-rlNNbs0u-Aa8e16OwSJu6UiFf0Rdo1oJ4",
      "y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo",
      "kty": "EC",
      "kid": "WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
    }
  }],
  "assertionMethod": [{
    "id": "did:example:123#z6MkpzW2izkFjNwMBwwvKqmELaQcH8t54QL5xmBdJg9Xh1y4",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123",
    "publicKeyBase58": "BYEz8kVpPqSt5T7DeGoPVUrcTZcDeX5jGkGhUQBWmoBg"
  },
  "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
  ]
}

2.2.2 authentication

Normative Definition JSON-LD
DID Core DID Core
Example 10: Example of authentication property
{
  ...
  "verificationMethod": [{
    "id": "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q",
    "type": "EcdsaSecp256k1VerificationKey2019",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "crv": "secp256k1",
      "x": "NtngWpJUr-rlNNbs0u-Aa8e16OwSJu6UiFf0Rdo1oJ4",
      "y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo",
      "kty": "EC",
      "kid": "WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
    }
  }],
  "authentication": [{
    "id": "did:example:123#z6MkpzW2izkFjNwMBwwvKqmELaQcH8t54QL5xmBdJg9Xh1y4",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123",
    "publicKeyBase58": "BYEz8kVpPqSt5T7DeGoPVUrcTZcDeX5jGkGhUQBWmoBg"
  },
  "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
  ]
}

2.2.3 capabilityDelegation

Normative Definition JSON-LD
DID Core DID Core
Example 11: Example of capabilityDelegation property
{
  ...
  "verificationMethod": [{
    "id": "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q",
    "type": "EcdsaSecp256k1VerificationKey2019",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "crv": "secp256k1",
      "x": "NtngWpJUr-rlNNbs0u-Aa8e16OwSJu6UiFf0Rdo1oJ4",
      "y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo",
      "kty": "EC",
      "kid": "WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
    }
  }],
  "capabilityDelegation": [{
    "id": "did:example:123#z6MkpzW2izkFjNwMBwwvKqmELaQcH8t54QL5xmBdJg9Xh1y4",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:example:123",
    "publicKeyMultibase": "z6MkpzW2izkFjNwMBwwvKqmELaQcH8t54QL5xmBdJg9Xh1y4"
  },
  "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
  ]
}

2.2.4 capabilityInvocation

Normative Definition JSON-LD
DID Core DID Core
Example 12: Example of capabilityInvocation property
{
  ...
  "verificationMethod": [{
    "id": "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q",
    "type": "EcdsaSecp256k1VerificationKey2019",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "crv": "secp256k1",
      "x": "NtngWpJUr-rlNNbs0u-Aa8e16OwSJu6UiFf0Rdo1oJ4",
      "y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo",
      "kty": "EC",
      "kid": "WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
    }
  }],
  "capabilityInvocation": [{
    "id": "did:example:123#z6MkpzW2izkFjNwMBwwvKqmELaQcH8t54QL5xmBdJg9Xh1y4",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:example:123",
    "publicKeyMultibase": "z6MkpzW2izkFjNwMBwwvKqmELaQcH8t54QL5xmBdJg9Xh1y4"
  },
  "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
  ]
}

2.2.5 keyAgreement

Normative Definition JSON-LD
DID Core DID Core
Example 13: Example of keyAgreement property
{
  ...
  "keyAgreement": [
    {
      "id": "did:example:123#zC9ByQ8aJs8vrNXyDhPHHNNMSHPcaSgNpjjsBYpMMjsTdS",
      "type": "X25519KeyAgreementKey2019",
      "controller": "did:example:123",
      "publicKeyMultibase": "zC9ByQ8aJs8vrNXyDhPHHNNMSHPcaSgNpjjsBYpMMjsTdS"
    }
  ]
}

2.3 Verification method properties

Note

These properties are for use on a verification method object, in the value of verificationMethod. An implementer is expected to not be relying directly on the linked contexts registered below in nearly every case and instead should be including the context definitions registered by the verificationMethod.

2.3.1 publicKeyJwk

Normative Definition JSON-LD
security-vocab https://w3id.org/security/suites/jws-2020/v1
Example 14: Example of publicKeyJwk property
{
  "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
  "type": "JsonWebKey2020",
  "controller": "did:example:123",
  "publicKeyJwk": {
    "crv": "Ed25519",
    "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
    "kty": "OKP",
    "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
  }
},

2.3.2 publicKeyBase58

Deprecated

This property is deprecated in favor of publicKeyMultibase or publicKeyJwk. It's generally expected that this term will still be used in older suites and therefore needs be supported for legacy compatibility, but is expected to not be used for newly defined suites.

Normative Definition JSON-LD
security-vocab https://w3id.org/security/v2

2.3.3 publicKeyHex

Deprecated

This property is deprecated in favor of publicKeyMultibase or publicKeyJwk. It's generally expected that this term will still be used in older suites and therefore needs be supported for legacy compatibility, but is expected to not be used for newly defined suites.

Normative Definition JSON-LD
security-vocab https://w3id.org/security/v3-unstable
Example 15: Example of publicKeyHex property
{
  "@context":[
    "https://www.w3.org/ns/did/v1",
    "https://identity.foundation/EcdsaSecp256k1RecoverySignature2020#"
  ],
  "id":"did:example:123",
  "verificationMethod":[{
    "id": "did:example:123#vm-2",
    "controller": "did:example:123",
    "type": "EcdsaSecp256k1RecoveryMethod2020",
    "publicKeyHex": "027560af3387d375e3342a6968179ef3c6d04f5d33b2b611cf326d4708badd7770"
  }]
}

2.3.4 publicKeyMultibase

Normative Definition JSON-LD
security-vocab https://w3id.org/security/v3-unstable

2.3.5 blockchainAccountId

Normative Definition JSON-LD
security-vocab https://w3id.org/security/v3-unstable
Example 16: Example of blockchainAccountId property
{
  "@context":[
    "https://www.w3.org/ns/did/v1",
    "https://identity.foundation/EcdsaSecp256k1RecoverySignature2020#"
  ],
  "id":"did:example:123",
  "verificationMethod":[{
    "id": "did:example:123#vm-3",
    "controller": "did:example:123",
    "type": "EcdsaSecp256k1RecoveryMethod2020",
    "blockchainAccountId":"eip155:1:0xab16a96d359ec26a11e2c2b3d8f8b8942d5bfcdb"
  }]
}

2.3.6 ethereumAddress

Deprecated

This property is deprecated in favor of blockchainAccountId. It's generally expected that this term will still be used in older suites and therefore needs be supported for legacy compatibility, but is expected to not be used for newly defined suites.

Normative Definition JSON-LD
security-vocab https://w3id.org/security/v3-unstable
Example 17: Example of ethereumAddress property
{
  "@context":[
    "https://www.w3.org/ns/did/v1",
    "https://identity.foundation/EcdsaSecp256k1RecoverySignature2020#"
  ],
  "id":"did:example:123",
  "verificationMethod":[{
    "id": "did:example:123#vm-3",
    "controller": "did:example:123",
    "type": "EcdsaSecp256k1RecoveryMethod2020",
    "ethereumAddress": "0xF3beAC30C498D9E26865F34fCAa57dBB935b0D74"
  }]
}

2.4 Service properties

These properties are for use on a service object, in the value of service.

2.4.1 serviceEndpoint

Normative Definition JSON-LD
DID Core DID Core
Example 18: Example of service and serviceEndpoint properties
{
  ...
  "service": [{
    "id": "did:example:123#edv",
    "type": "EncryptedDataVault",
    "serviceEndpoint": "https://edv.example.com/"
  }]
}

3. Property Values

3.1 Verification method types

These are values to be used for the type in a verification method object.

3.1.1 JsonWebKey2020

Do not include private or extraneous information in verification methods. The class of private information related to JWKs is defined here. Please review the DID Core specification for additional details on this topic.

Normative Definition JSON-LD
JSON Web Signature 2020 https://w3id.org/security/suite/jws-2020/v1
Example 19: Example of JsonWebKey2020 class
{
  "id": "did:example:123#_TKzHv2jFIyvdTGF1Dsgwngfdg3SH6TpDv0Ta1aOEkw",
  "type": "JsonWebKey2020",
  "controller": "did:example:123",
  "publicKeyJwk": {
    "crv": "P-256",
    "x": "38M1FDts7Oea7urmseiugGW7tWc3mLpJh6rKe7xINZ8",
    "y": "nDQW6XZ7b_u2Sy9slofYLlG03sOEoug3I0aAPQ0exs4",
    "kty": "EC",
    "kid": "_TKzHv2jFIyvdTGF1Dsgwngfdg3SH6TpDv0Ta1aOEkw"
  }
}

3.1.2 EcdsaSecp256k1VerificationKey2019

Normative Definition JSON-LD
Ecdsa Secp256k1 Signature 2019 https://w3id.org/security/suites/secp256k1-2019/v1
Example 20: Example of EcdsaSecp256k1VerificationKey2019 class
{
  "id": "did:example:123#WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q",
  "type": "EcdsaSecp256k1VerificationKey2019",
  "controller": "did:example:123",
  "publicKeyJwk": {
    "crv": "secp256k1",
    "x": "NtngWpJUr-rlNNbs0u-Aa8e16OwSJu6UiFf0Rdo1oJ4",
    "y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo",
    "kty": "EC",
    "kid": "WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
  }
}

3.1.3 Ed25519VerificationKey2018

Normative Definition JSON-LD
Ed25519 Signature 2018 https://w3id.org/security/suites/ed25519-2018/v1
Example 21: Example of Ed25519VerificationKey2018 class
{
  "id": "did:example:123#ZC2jXTO6t4R501bfCXv3RxarZyUbdP2w_psLwMuY6ec",
  "type": "Ed25519VerificationKey2018",
  "controller": "did:example:123",
  "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}

3.1.4 Bls12381G1Key2020

Normative Definition JSON-LD
BBS+ Signatures 2020 https://w3id.org/security/suites/bls12381-2020/v1
Example 22: Example of Bls12381G1Key2020 class
{
  "id": "did:example:123#z3tEGVtEKzdhJB2rT5hLVjwQPis8k7bTM16t7vDZrQaoddk6wZ7or6xPPs1P8H9U16Xe75",
  "type": "Bls12381G1Key2020",
  "controller": "did:example:123",
  "publicKeyBase58": "7bXhTVonHPizXP72AE92PPmRiaXipC519yU7F6NxUFExWpyQo57LuKKBoTyuZ3uWm9",
}

3.1.5 Bls12381G2Key2020

Normative Definition JSON-LD
BBS+ Signatures 2020 https://w3id.org/security/suites/bls12381-2020/v1
Example 23: Example of Bls12382G2Key2020 class
{
  "id": "did:example:123#zUC7K51WYEsj8y6KPVa1XfwdW5ZJrW5kSbMV619j128T6atCLLXJjjovMZsJ3Ay4STdngRkvM4ygT4qm1mk6HR8FvipSY435nLgYS1TTcaqJAzDWzM1iB9vh3hTL1DEKitwn56i",
  "type": "Bls12381G2Key2020",
  "controller": "did:example:123",
  "publicKeyBase58": "25ETdUZDVnME6yYuAMjFRCnCPcDmYQcoZDcZuXAfeMhXPvjZg35QmZ7uctBcovA69YDM3Jf7s5BHo4u1y89nY6mHiji8yphZ4AMm4iNCRh35edSg76Dkasu3MY2VS9LnuaVQ",

}

3.1.6 PgpVerificationKey2021

Normative Definition JSON-LD Additional Details
Linked Data Signatures for PGP https://w3id.org/security/suites/pgp-2021/v1 Use of this verification key should be in line with the OpenPGP Message Format as defined in RFC 4880
{
  "@context":[
    "https://www.w3.org/ns/did/v1",
    "https://gpg.jsld.org/contexts/lds-gpg2020-v0.0.jsonld"
  ],
  "id":"did:example:123",
  "verificationMethod":[{
    "id": "did:example:123#989ed1057a294c8a3665add842e784c4d08de1e2",
    "type": "PgpVerificationKey2021",
    "controller": "did:example:123",
    "publicKeyPgp": "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: OpenPGP.js v4.9.0\r\nComment: https://openpgpjs.org\r\n\r\nxjMEXkm5LRYJKwYBBAHaRw8BAQdASmfrjYr7vrjwHNiBsdcImK397Vc3t4BL\r\nE8rnN......v6\r\nDw==\r\n=wSoi\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n"
  }]
}

3.1.7 RsaVerificationKey2018

Issue

DID Specification Registries Issue 370 This property should be moved into a separate suite and linked to here rather than relying on the Verifiable Credentials vocabulary. There are known issues with the first version of the Security vocabulary JSON-LD context and the first version of the Verifiable Credentials JSON-LD context which will prevent these contexts from being listed in the same document. For now it's suggested that implementers rely upon the first version of the Verifiable Credentials JSON-LD context and not rely on the Security vocabulary JSON-LD context in the same document.

Normative Definition JSON-LD
RSA Signature Suite 2018 https://www.w3.org/2018/credentials/v1
{
  "id": "did:example:123#key-0",
  "type": "RsaVerificationKey2018",
  "controller": "did:example:123",
  "publicKeyJwk": {
    "kty":"RSA",
    "e":"AQAB",
    "use":"sig",
    "kid":"tNksV42EUs3Xct9AkgZyFWglItRGMxVZ1A1XM68SNq0
    "n":"kO2d_qQTEBjYFGcoY_da7ziFY4L2QX14K7snCee09n-cY2eP-oJXk8T2_lL20YnpYhf4i
    jhkWHGU8kY8-FWPRrzSeu3JUMVSZoqTgoAiKWdnSLNvPVxvGuD2CiA3T6AkwUC03D2AkOLCcJV
    8h_hxUEPeDawF7ArpuJW5DXzEJjE7gOjN4r6d7VB6sd5y-3la54H2ADz2amHLdBWs30fL4BRBH
    lVdx0YmF37V4u5yvnnb5Iyr3kBXJes8t0MUMPkjqEEXRmukpKUzZYNpWDXY0tVcXeK5sRx0DAn
    lNgNNf14-vsyjGkj2Rz0oGW73jjWa8dw-yVlDEHyIkQU9-UY4dFXbVjdIO8j_5ghh62o1T7Y4w
    5CWMc-FxPE3LHe-_teW97X__NN-ToYgfi42IvV2mYOdQMCbvnvY2oMdK3b9wmeVi0marToauL5
    LMg5xHDKopmIR7E3VyRtNYwDFAZ89kadcbSrZ8zTR5APaB7Tmp2L2ZfXKxqKQuxlFTTCcZtg4e
    5AN8QuYdI18DEDQn2umUU_Twj7k4CXvuIKVL8p4yRHC4CHAGIm9cH_t11dF3wXygaENVOGRXQu
    0g1iKq0mO2rWpOqkGJ5uXMFb5lx54i8uOjCdZ9y2el28xA55Ve95KCxeTHp997Bn3TIgbeQ-B_
    -3PBVTuuAAH8y9fFNKtu5E"
  }
}

3.1.8 X25519KeyAgreementKey2019

Issue 164: X25519KeyAgreementKey2019 has no normative definition

Normative definition in a suite is required for registration, this entry should be updated or removed.

Normative Definition JSON-LD
Normative definition pending https://w3id.org/security/suites/x25519-2019/v1
Example 26: Example of X25519KeyAgreementKey2019
{
  ...
  "keyAgreement": [
    {
      "id": "did:example:123#zC9ByQ8aJs8vrNXyDhPHHNNMSHPcaSgNpjjsBYpMMjsTdS",
      "type": "X25519KeyAgreementKey2019",
      "controller": "did:example:123",
      "publicKeyBase58": "9hFgmPVfmBZwRvFEyniQDBkz9LmV7gDEqytWyGZLmDXE"
    }
  ]
}

3.1.9 EcdsaSecp256k1RecoveryMethod2020

Normative Definition JSON-LD
ECDSA Secp256k1 Recovery Signature 2020 https://w3id.org/security/suites/secp256k1recovery-2020/v1
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://identity.foundation/EcdsaSecp256k1RecoverySignature2020#"
  ],
  "id":"did:example:123",
  "verificationMethod": [
    {
      "id": "did:example:123#vm-1",
      "controller": "did:example:123",
      "type": "EcdsaSecp256k1RecoveryMethod2020",
      "publicKeyJwk": {
        "crv": "secp256k1",
        "kid": "JUvpllMEYUZ2joO59UNui_XYDqxVqiFLLAJ8klWuPBw",
        "kty": "EC",
        "x": "dWCvM4fTdeM0KmloF57zxtBPXTOythHPMm1HCLrdd3A",
        "y": "36uMVGM7hnw-N6GnjFcihWE3SkrhMLzzLCdPMXPEXlA"
      }
    },
    {
      "id": "did:example:123#vm-2",
      "controller": "did:example:123",
      "type": "EcdsaSecp256k1RecoveryMethod2020",
      "publicKeyHex": "027560af3387d375e3342a6968179ef3c6d04f5d33b2b611cf326d4708badd7770"
    },
    {
      "id": "did:example:123#vm-3",
      "controller": "did:example:123",
      "type": "EcdsaSecp256k1RecoveryMethod2020",
      "ethereumAddress": "0xF3beAC30C498D9E26865F34fCAa57dBB935b0D74"
    }
  ]
}

3.1.10 VerifiableCondition2021

Normative Definition JSON-LD
Verifiable Conditions Verification Method Suite 2021 https://w3c-ccg.github.io/verifiable-conditions/contexts/verifiable-conditions-2021-v1.json
{
    "id": "did:example:123#1",
    "controller": "did:example:123",
    "type": "VerifiableCondition2021",
    "conditionAnd": [{
        "id": "did:example:123#1-1",
        "controller": "did:example:123",
        "type": "VerifiableCondition2021",
        "conditionOr": [{
            "id": "did:example:123#1-1-1",
            "controller": "did:example:123",
            "type": "EcdsaSecp256k1VerificationKey2019",
            "publicKeyBase58": "5JBxKqYKzzoHrzeqwp6zXk8wZU3Ah94ChWAinSj1fYmyJvJS5rT"
        }, {
            "id": "did:example:123#1-1-2",
            "controller": "did:example:123",
            "type": "Ed25519VerificationKey2018",
            "publicKeyBase58": "PZ8Tyr4Nx8MHsRAGMpZmZ6TWY63dXWSCzamP7YTHkZc78MJgqWsAy"
        }]
    }, {
        "id": "did:example:123#1-2",
        "controller": "did:example:123",
        "type": "Ed25519VerificationKey2018",
        "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }]
}

3.2 Service types

These are values to be used for the type property in a service object.

3.2.1 LinkedDomains

Issue 167: LinkedDomains IRI is not stable

https://identity.foundation/.well-known/resources/did-configuration/#LinkedDomains

^ if this link changes the term defintion registered in did core will need to change, we should be sure we like this URL as is... forever.

Normative Definition JSON-LD
Well Known DID Configuration Well Known DID Configuration
Example 29: Example of service and serviceEndpoint properties
{
  "@context": ["https://www.w3.org/ns/did/v1","https://identity.foundation/.well-known/did-configuration/v1"],
  "id": "did:example:123",
  "verificationMethod": [{
    "id": "did:example:123#456",
    "type": "JsonWebKey2020",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "kty": "OKP",
      "crv": "Ed25519",
      "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ"
    }
  }],
  "service": [
    {
      "id":"did:example:123#foo",
      "type": "LinkedDomains",
      "serviceEndpoint": {
        "origins": ["https://foo.example.com", "https://identity.foundation"]
      }
    },
    {
      "id":"did:example:123#bar",
      "type": "LinkedDomains",
      "serviceEndpoint": "https://bar.example.com"
    }
  ]
}

3.2.2 LinkedVerifiablePresentation

Normative Definition JSON-LD
Linked Verifiable Presentation Linked Verifiable Presentation
Example 30: Example of service and serviceEndpoint properties
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://identity.foundation/linked-vp/contexts/v1"
  ],
  "id": "did:example:123",
  "verificationMethod": [{
    "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
    "type": "JsonWebKey2020",
    "controller": "did:example:123",
    "publicKeyJwk": {
      "kty": "OKP",
      "crv": "Ed25519",
      "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ"
    }
  }],
  "service": [
    {
      "id": "did:example:123#foo",
      "type": "LinkedVerifiablePresentation",
      "serviceEndpoint": ["https://bar.example.com/verifiable-presentation.jsonld"]
    },
    {
      "id": "did:example:123#baz",
      "type": "LinkedVerifiablePresentation",
      "serviceEndpoint": "ipfs://bafybeihkoviema7g3gxyt6la7vd5ho32ictqbilu3wnlo3rs7ewhnp7lly/verifiable-presentation.jwt"
    }
  ]
}

3.2.3 DIDCommMessaging

Normative Definition JSON-LD
DIDComm Messaging A valid JSON-LD context needs to be published. DIDComm Messaging
Example 31: Example of service and serviceEndpoint properties
{
  "@context":[
      "https://www.w3.org/ns/did/v1",
      "https://didcomm.org/messaging/contexts/v2"
  ],
  "type":"DIDCommMessaging",
  "serviceEndpoint": {
    "uri": "http://example.com/path",
    "accept":[ "didcomm/v2", "didcomm/aip2;env=rfc587" ],
    "routingKeys":[ "did:example:somemediator#somekey" ]
  }
}

3.2.4 Web of Things (WoT) Discovery

The WotThing and WotDirectory endpoints allow publication of service endpoints in a DID document that can be used to fetch Web of Things (WoT) Thing Descriptions (TDs). The WotThing endpoint is a REST service that returns a TD when the GET method is used. This can be used for self-describing devices or services, or be a service separate from the actual device or service described by the TD. The WotDirectory is also a REST service that returns a TD, but this service is always a Web of Things (WoT) Thing Description Directory (TDD), and the TD returned by a GET always describes the TDD's interface. Details (including normative statements covering the above) are in the WoT Discovery specification.

Normative Definition JSON-LD
WoT Discovery WotThing
WoT Discovery WotDirectory
Example 32: Example of WotThing serviceEndpoint properties
{
  "@context":[
      "https://www.w3.org/ns/did/v1",
      "https://www.w3.org/2022/wot/discovery-did"
  ],
  ...
  "service": [{
      "id": "did:example:wotdiscoveryexample#td",
      "type": "WotThing",
      "serviceEndpoint":
          "https://wot.example.com/.well-known/wot"
  }]
  ...
}
Example 33: Example of WotDirectory serviceEndpoint properties
{
  "@context":[
      "https://www.w3.org/ns/did/v1",
      "https://www.w3.org/2022/wot/discovery-did"
  ],
  ...
  "service": [{
      "id": "did:example:wotdiscoveryexample#tdd",
      "type": "WotDirectory",
      "serviceEndpoint":
          "https://wot.example.com/tdd"
  }]
  ...
}

3.2.5 CredentialRegistry

The CredentialRegistry endpoint allows publication of a dedicated service endpoint in a DID document, through which verifiable credentials can be queried. Each registry endpoint is a REST endpoint. When a GET request is sent to the URI formed by appending the credentialSubject.id as a URL-encoded string to the given endpoint URI, the registry MUST return an array of verifiable credentials associated with the subject ID. A sample registry endpoint can be found here.

Note

Verifiable credential registries are supposed to hold credentials that are publicly accessible by default, e.g., for product passports on a product type level. An additional authentication for limiting access to certain credentials is currently under development.

Normative Definition JSON-LD
Verifiable Credential Registry Verifiable Credential Registry
Example 34: Example of service and serviceEndpoint properties
{
  ...
  "service": [
    {
      "id": "did:example:123#vcregistry-1",
      "type": "CredentialRegistry",
      "serviceEndpoint": {
        "registries": ["https://registry.example.com/{credentialSubject.id}", "https://identity.foundation/vcs/{credentialSubject.id}"]
      }
    },
    {
      "id": "did:example:123#vcregistry-2",
      "type": "CredentialRegistry",
      "serviceEndpoint": "https://ssi.eecc.de/api/registry/vcs/{credentialSubject.id}"
    }
  ]
}
Example 35: Example of a concrete call to the specified serviceEndpoint and example answer
$ curl 'https://ssi.eecc.de/api/registry/vcs/https%3A%2F%2Ftest.de%2Ftest1' -H 'accept: application/ld+json, application/json'

[
  {
    "@context": ["https://www.w3.org/2018/credentials/v1",... ],
    "type": ["VerifiableCredential",...],
    "credentialSubject": {...},
    "proof": {...},
    ...
  },
  ...
]

3.2.6 OpenID4 Verifiable Credential Issuance

The OID4VCI service allows publication of a credential issuer that conforms to the OpenID for Verifiable Credential Issuance (OID4VCI) specification.

The service endpoint id MUST be the Credential Issuer Identifier to get the Credential Issuer Metadata as described in Section Credential Issuer Metadata of OpenIDVCI.

Normative Definition JSON-LD
OpenID4VCI OpenID4VCI
Example 36: Example of service and serviceEndpoint properties
{
  ...
  "service": [
    {
      "id": "did:example:123#oid4vci",
      "type": "OID4VCI",
      "serviceEndpoint": "https://issuer.example.com/"
    }
  ]
}

3.2.7 OpenID4 Verifiable Presentation

The OID4VP service allows publication of how to interact with a credential wallet that conforms with the OpenID for Verifiable Presentation (OID4VP) specification.

The service endpoint id MUST be the Wallet (OAuth2) Issuer Identifier to obtain Wallet Metadata to invoke the wallet as described in section Wallet Invocation.

Normative Definition JSON-LD
OpenID4VP OpenID4VP
Example 37: Example of service and serviceEndpoint properties
{
  ...
  "service": [
    {
      "id": "did:example:123#oid4vp",
      "type": "OID4VP",
      "serviceEndpoint": "https://wallet.example.com"
    }
  ]
}

A. References

A.1 Normative references

[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174

A.2 Informative references

[DID-EXTENSIONS]
Decentralized Identifier Extensions. Manu Sporny. Decentralized Identifier Working Group. W3C Working Group Note. URL: https://www.w3.org/TR/did-extensions/