DID Ownership

Purpose

It is useful to be able to prove ownership over DIDs other than the one currently being used for a DIDComm relationship. This protocol allows disclosure of DID ownership between two parties.

Example uses:

Proving ownership of a DID when being issued a credential with the subject being a DID.
Proving ownership of a DID present in a Machine Readable Governance document.

Request

Allows requesting disclosure, optionally of some specific DID(s).

{
    "@id": "12345678",
    "@type": "https://didcomm.org/didownership/0.1/request",
    "~goalcode":  "optional",
    "challenge": "string to sign",
    "dids": ["did:example:xyz"]
}

Disclosure

Discloses DID ownership with signature proof.

{
    "@id": "12345678",
    "@type": "https://didcomm.org/didownership/0.1/disclosure",
    "challenge": "string to sign",
    "challenge_mode": "[provided|connection]"
    "dids": [{
        "did": "did:example:xyz"
        "signature": "<JWT>"
    }]
}

Alternative using attachments with jws instead of jwt:

{
    "@id": "12345678",
    "@type": "https://didcomm.org/didownership/0.1/disclosure",
    "challenge": "string to sign",
    "challenge_mode": "[provided|connection]"
    "~attach": [{
        "data":{
            "base64":"{iat: "", "sub":""}"
        } 
        "signature": "<JWS sig>"
    }]
}

if Disclosure sent independent from a request, a strategy is indicated via the challenge_mode attribute.

JWT Formulation

Claims:

iss: did of prover
sub: did being proven
aud: did of party being proven to
iat: datetime

The JWT must be signed with a key associated with sub: did being proven.

Challenge Mode

Provided

This uses the challange provided in the request message, and MUST NOT be used if no request message has been provided.

Connection Challange Mode

The challenge is formed as follows:

<discloser_did> <otherparty_did> <ISO8601 DateTime>
Example:
did:example:alice did:example:bob 2022-04-01 10:27:53

This will be valid within some threshold.

Questions

is JWT sufficient for non-replay, or do we need a challenge?
Leverage Signed Attachments for each DID, to reuse code?
Leverage JWT structure?

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.