Add dependency on CID spec.

[msporny]

This PR is an attempt to address issue #854 by normatively referencing the Controlled Identifiers specification.

WARNING: This is a BIG PR -- as was requested by the WG. Please keep discussions and change requests limited to editorial changes and suggestions and raise a separate issue, if needed, to track larger structural change requests.

---

Preview | Diff

[TallTed]

Small editorial tweaks

[TallTed]

I don't understand what the compatibility is, in order to rephrase to make the sentence say so. Is it each of the strings or the URL syntax that is compatible with Section <a href="#did-syntax">?

Suggested change

	<a data-cite="INFRA#string">strings</a>, each of which conforms to the URL
	syntax which are compatible with Section <a href="#did-syntax"></a>.
	<a data-cite="INFRA#string">strings</a>, each of which conforms to the URL
	syntax which are compatible with Section <a href="#did-syntax"></a>.

[TallTed]

Again, I don't understand what the compatibility is, in order to rephrase to make the sentence say so. Is it each of the strings or the URL syntax that is compatible with Section <a href="#did-syntax">?

[TallTed]

Suggested change

	A <a>DID document</a> can express <a>verification methods</a>, as defined
	A <a>DID document</a> can express <a>verification methods</a>, as defined in

[TallTed]

Suggested change

	<a data-cite="CID#verification-relationships">Section 2.3: Verification
	in <a data-cite="CID#verification-relationships">Section 2.3: Verification

[TallTed]

Suggested change

	A <a>DID document</a> can express <a>services</a>, as defined
	A <a>DID document</a> can express <a>services</a>, as defined in

[TallTed]

Suggested change

	For the resolved <a>DID document</a> metadata, the `updated` timestamp is
	In the resolved <a>DID document</a> metadata, the `updated` timestamp is

[TallTed]

Suggested change

	In systems that are willing to admit metadata other than those constituting
	cryptographic input, similar trust may be achieved -- but always on the
	same basis where a careful judgment is made about whether a
	<a>DID document</a>'s content at the moment of a signing event
	contained the expected content.
	Similar trust may be achieved in systems that are willing to accept metadata
	beyond that which constitutes cryptographic input -- but this always requires
	a careful judgment about whether a <a>DID document</a>'s content included the
	expected content at the moment of a signing event.

[TallTed]

Suggested change

	Performing recovery proactively on an infrequent but regular basis, can help to
	ensure that control has not been lost.
	Proactively performing recovery, on an infrequent but regular basis, can help to
	prevent loss of control.

[TallTed]

Suggested change

	Recovery is advised when a <a>controller</a> or services trusted to act on their
	behalf no longer have the exclusive ability to perform DID operations as
	described in <a href="#method-operations"></a>.
	Recovery is advised when a <a>controller</a> or any service trusted to act on
	their behalf no longer has the exclusive ability to perform DID operations as
	described in <a href="#method-operations"></a>.

[TallTed]

Suggested change

	not remedial, and is an embedded default. Readers are urged to read the
	<a data-cite="?CID#privacy-considerations">Privacy Considerations</a> section
	in the [[[CID]]] specification before reading this section is it contains
	more general privacy considerations that also apply to <a>DIDs</a>. The rest
	of this section covers privacy considerations that are specific to
	<a>decentralized identifiers</a> beyond the guidance provided in the
	[[[CID]]] specification.
	not remedial, and is an embedded default. Before reading this section, readers
	are urged to read the
	<a data-cite="?CID#privacy-considerations">Privacy Considerations</a> section
	of the [[[CID]]] specification, as it contains
	more general privacy considerations that also apply to <a>DIDs</a>. The rest
	of this section covers privacy considerations that are specific to
	<a>decentralized identifiers</a> and are in addition to the guidance provided
	in the [[[CID]]] specification.

[w3cbot]

This was discussed during the #did meeting on 09 January 2025.

View the transcript

w3c/did-core#877

wip: Manu has done a lot of work to align this with other spec.

manu: The group requested that we do this as a PR. Normally I try to do this as an editorial change, but it's a massive change.
… What this is trying to do is that over the last year decisions have been made, and there's a subset of people that wanted to see a controlled identifier specification but use the web platform. That's the CID spec.
… That was basically a copy/paste of the DID spec, but with the DID stuff taken out.
… So we are removing duplication from the DID spec.
… It defers to the CID spec, saying that if you want to do things like "also known as", go to the CID spec, with the modulo that DIDs are allowed as well.
… and makes DID a requirement for the document ID.
… The only other issue I ran into is that since the CID spec is not published yet and is in TR space, a subset of the terminology is not yet published.
… That will hopefully be fixed in the next month, which should fix it. The PR is ready for review.
… It's a massive PR to layer the specs correctly.

ivan: The CID spec is not published in the TR space under that name. It was published under the name of Controller Document, just to be clear.
… Manu, last time you sent an email saying that there's a PR there but don't review it yet. Is it now ready for review?

manu: I removed the draft state and it is now ready for review.

markus_sabadello: Can you comment what this means for the abstract data model and consumption and production of entries that are set for update?

manu: I tried to make those changes in this PR and it became complicated. Some of the sections are still useful, but I'm going to try to do those in a separate PR.
… This PR does not attempt to remove the abstract data model. There is still some misalignment between the CID and DID specs, so I expect to make those changes later.

---

[iherman]

This is a PR for a FPWD draft version, so the result will still undergo a multitude of reviews and changes; I did not look at all the details (it is way too complex to review it that way. I have spotted, however, two major and a minor issue; I think the major issues should be taken care of before merging.

• The PR still uses the "Controlled Identifiers Document" title for the CID specification, but the name has been changed (again) for "Controlled Identifier 1.0" by the VC WG. That should be used overall.

• In §5.1.1 Did Subject the new text does not make it clear that, in a DID document, the value of id MUST be a DID. It sounds obvious, but the previous version makes a stronger statement.

  It may be that this requirement is between the lines in other places of the document; I think re-enforcing here would still make sense

  The same comment applies to the DID controller section.

• Minor knit in §9 Privacy Consideration: "specification before reading this section is it contains more general privacy considerations" should say "specification before reading this section as it contains more general privacy considerations" ("is" -> "as")

[TallTed]

The PR still uses the "Controlled Identifiers Document" title for the CID specification, but the name has been changed (again) for "Controlled Identifier 1.0" by the VC WG. That should be used overall.

I think the new title is Controlled Identifiers 1.0 (with the pural), like Decentralized Identifiers, no?

[msporny]

I think the new title is Controlled Identifiers 1.0 (with the pural), like Decentralized Identifiers, no?

Yes, correct.