Add text clarifying where group controllers might be listed. #883
Conversation
msporny
requested review from
BigBlueHat,
ChristopherA,
dlongley,
jandrieu,
pchampin,
dmitrizagidulin,
tminard,
danpape,
TallTed,
philarcher,
KDean-Dolphin and
kdenhartog
| @@ -4025,7 +4025,15 @@ <h3>Group Control</h3> | |||
| In the case of group control, the [=DID controllers=] are expected to act | |||
| together in some fashion, such as when using a cryptographic algorithm that | |||
| requires multiple digital signatures ("multi-sig") or a threshold number of | |||
| digital signatures ("m-of-n"). From a functional standpoint, this option is | |||
| digital signatures ("m-of-n"). The expression of these additional thresholds for | |||
There was a problem hiding this comment.
| digital signatures ("m-of-n"). The expression of these additional thresholds for | |
| digital signatures ("m-of-n"). These additional thresholds for |
| digital signatures ("m-of-n"). The expression of these additional thresholds for | ||
| verifying a proof can be expressed in a [=verification method=] as described in | ||
| Section [[[#verification-methods]]] or can be an intrinsic part of the | ||
| [=verification method=] where the number of [=DID controllers=] that |
There was a problem hiding this comment.
| [=verification method=] where the number of [=DID controllers=] that | |
| verification material of the [=verification method=], where the number of [=DID controllers=] that |
There was a problem hiding this comment.
I also am hesitant at the use of DID controllers here.
Definition:
An entity that has the capability to make changes to a DID document. A DID might have more than one DID controller. The DID controller(s) can be denoted by the optional controller property at the top level of the DID document. Note that a DID controller might be the DID subject.
If we substitute for the definition I don't think it makes sense:
verification material of the [=verification method=], where the number of "entities that have the capability to make changes to a [DID document]" that participated in the generation of a particular digital signature are hidden for privacy reasons.
This is really the number of signing parties/entities that participated in the generation of a particular digital signature ...
Or something like that.
|
Reading over the section referenced in issue #839 - https://www.w3.org/TR/did-1.0/#group-control. I think I would add another sentence:
Just because a DID document expresses a verificationMethod, does not automatically mean that those who can create proofs associated with that verificationMethod have the ability to control the content of the DID document. Sometimes, even often, these are completely separated by the DID method. |
|
Maybe? |
This PR is an attempt to address issue #839 by adding text clarifying where group controllers might be listed.
Preview | Diff