EBIP: Align EBSI with DID-Linked Resources (Draft)
Summary
This EBIP proposes the adoption of DID-Linked Resources (DLRs), as an extension of the did:ebsi
DID method, to identify, retrieve and dereference to existing EBSI schemas, status lists, trust chains or other resources on EBSI with a unified and common syntax. While EBSI does currently support storing many of these types of files directly on ledger, alignment with DLRs will:
- Allow existing DID resolvers and infrastructure like the Universal Resolver to fetch schemas, trust chains, status lists, etc., using a consistent method.
- Enable greater interoperability with other DID Methods and verifiable data registries that support DLRs.
- Establish clear and unified query parameters for retrieving specific versions or groups of resources, including historical versions and deprecated versions.
- Provide a robust standard for chronological and sequential ordering of digital resources on Electronic Ledgers, in line with eIDAS 2.0 Article 45i(1).
- Attribute greater value to DIDs than simple resolution of DIDs to DID Documents.
What are DID-Linked Resources?
DID-Linked Resources (DLRs) is an emerging standard that acts as an extension to the W3C DID Core Recommendation and DID Resolution Specification. This extension enables DID Controllers (those with the verification keys controlling the DID and associated DID Document) to append digital files (Resources) to their DID, which are sequentially ordered and chronologically versioned, historically resolvable and indexable. Each DID-Linked Resource can be retrieved and referenced using a persistent and unique DID URL or via query-based syntax.
When these Resources are created, the DID Controller signs the transaction with the same verification method keys that are contained in the DID Document, establishing cryptographically signed "DID-Linked Resources". DID Controllers may also create "Collections" of Linked Resources, for example, a DID may have associated with it a "chain" of credential schemas, another chain of "verifiable attestations" within the same DID. When a DID has many Resources associated with it, it can act as a directory of information related to the DID Subject.
Applying DLRs to EBSI
EBSI is very forward thinking with regards to storing its schemas and trust chains on the EBSI ledger directly. However, the current implementation of files on EBSI is specific for the EBSI chain, rather than something that is DID method agnostic. The use of DLRs takes similar concepts that EBSI already implements, but standardises the response formats for how information is stored on-ledger and the query parameters for how resources are retrieved. This can be applicable for:
- Trust Chains: including DID resolvable Verifiable Accreditations, Attestations and Authorisations and associated metadata.
- Schemas: enabling DID resolvable JSON Schemas.
- Status Lists: across either Status List 2021 or via the use of EBSI Bloom Filters.
- (Optional) Organisation metadata: additional organisation metadata, such as TrustFrameworkPolicies, AccreditationPolicies or even company logos.
- (Optional) Overlay Capture Architecture (OCA): enabling visual schemas / designs for issued credentials.
If implemented in a standarised format using DLRs, this will enable existing DID resolvers and projects such as the Universal Resolver to be able to retrieve both DIDs and DID-Linked Resources across any supported DID Method.
Alignment with eIDAS 2.0
DLRs enable resources to be grouped by resource "name" and "type" into "chains", with fully traversable version history. Each version can be individually resolved, or whole groups are able to be queried through DID URL dereferencing. This architecture aligns very closely with Article 45i(1) of the eIDAS amendment, which specifies that:
-
Qualified electronic ledgers shall meet the following requirements:
-
(a) they are created by one or more qualified trust service provider or providers;
-
(b) they ensure the uniqueness, authenticity and correct sequencing of data entries recorded in the ledger;
-
(c) they ensure the correct sequential chronological ordering of data in the ledger and the accuracy of the date and time of the data entry;
-
(d) they record data in such a way that any subsequent change to the data is immediately detectable.
At present, Electronic Ledgers have no standardised mechanism for easily recording sequential chains of data required for digital identity ecosystems, particularly because most electronic ledgers focus on financial transaction data. This EBIP can help set a framework and standard for conformant qualified electronic ledgers going forward, while attributing much more weight for the adoption of DIDs than simple DID resolution.
External links
DID-Linked Resources was initially pioneered by the team at cheqd, please see relevant documentation for the technical approach below:
- cheqd Architecture Decision Record on DID-Linked Resources
Discussion
It would be good to get the EBSI community's feedback on this proposed EBIP, and I am happy to explain any concepts in more detail. Note that this is a summarised version and if there is sufficient interest in the proposal, I am happy to publish a more technically detailed version on how DID-Linked Resources work.