Address did:peer:2 spec changes

[FabioPinheiro]

The goal of this ticket is just to track the adoption of the community for the specs change.

There are some spec changes for did:peer:2... that are breaking changes for DID Comm.
In order to achieve interoperability. It's important to fix libraries that implement did:peer:2 and update all applications that depend on those libraries.

• ✅ did:peer method spec website - Github Pages not getting updated correctly #65
• ✅ lib - app.fmgp/did-method-peer - Address did:peer:2 spec changes FabioPinheiro/scala-did#162
  • ✅ app - Scala-did Live Demo
  • ✅ tool - GitHub action to send DID Comm message
  • ✅ app - Atala Mediator - Address did:peer:2 spec changes hyperledger-identus/mediator#158
• ✅ lib - sicpa-dlab/peer-did-jvm - fix: Update PeerDid resolver to support the multiple service individually encoded sicpa-dlab/peer-did-jvm#37 and Update peer-did creation and resolution inline with peer-did spec sicpa-dlab/peer-did-jvm#44 @mineme0110
  • app - open-enterprise-agent - Support for the latest versions of Atala Mediator hyperledger-identus/cloud-agent#876
  • ✅ Mediator Test Suite - Address did:peer:2 spec changes input-output-hk/didcomm-v2-mediator-test-suite#12
• app - DIDComm Browser Demo - Update did:peer:2 implementation to align with corrections didcomm-demo#63 and Double checking the structure of the encoded services didcomm-demo#2
• lib - Blocktrust PeerDID - (TODO open issue)
  • app - Blocktrust Identity Wallet - (TODO open issue)
• lib - sicpa-dlab/didcomm-python - Potential DIDComm did:peer:2 Spec Compliance Issue sicpa-dlab/didcomm-python#104
• lib - sicpa-dlab/peer-did-python - (TODO open issue)
• lib - evernym/pypeerdid - ?deprecated?
• lib - transmute-industries/did-peer.js - (TODO open issue)
• ✅ lib - decentralized-identity/did-peer-2 - ✅ It's already fixed by @dbluhm
• lib - beatt83/peerdid-swift - Address did:peer:2 spec changes beatt83/peerdid-swift#1
• lib - decentralized-identity/did-resolver - (TODO open issue)
  • docker - uni-resolver-driver-did-uport - (TODO open issue) - click here to see used lib
    • app - universal-resolver - fix(deps): bump did:peer resolver universal-resolver#395
      • lib - veramolabs/peer-did-resolver
        • ✅ lib - aviarytech/did-peer - Conform to did:peer:2 spec aviarytech/did-peer#3
• sdk - input-output-hk/atala-prism-wallet-sdk-ts - Address did:peer:2 spec changes hyperledger-identus/sdk-ts#126
• sdk - input-output-hk/atala-prism-wallet-sdk-kmm - Address did:peer:2 spec changes hyperledger-identus/sdk-kmp#108
• sdk - input-output-hk/atala-prism-wallet-sdk-swift - Address did:peer:2 spec changes hyperledger-identus/sdk-swift#105
• app - Indicio Mediator - [WIP] No link to issue
• lib - sicpa-dlab/didcomm-rust - Potential DIDComm did:peer:2 Spec Compliance Issue sicpa-dlab/didcomm-rust#130

I'm pretty sure this list is far from being complete.
Feel free to add to this list. Also, help us contact the maintainers by creating tickets on the respective libraries.

---

Context

The changes were merged in this commit a5eca6b
Both issues have possible mitigation solutions that allow a smoother migration.
Although previous implementations are considered faulty! Since DID methods have no version.

Issue 1

The first is to fix the encoding to follow the DID Document.
The DID Document's service example in did:peer looks like

"service":{
  ...
  "serviceEndpoint": "https://example.com/endpoint",
  "routingKeys": [...],
  "accept": [...]
}

But it should instead look like

"service":{
  ...
  "serviceEndpoint": {
    "uri":"https://example.com/endpoint",
    "routingKeys": [...],
    "accept": [...]
  }
}

We should make sure that our did:peer used on the applications are encoded correctly.
when decrypting you look for that key

Issue 2

The second problem is about the id of the keys (kid).
It was unspecified before. So each library generates the kid in its own way.

The major problem is that the kid is used on the DID Comm message itself. More specifically the field skid in the message's Protected Header is the kid of the sender and the recipients.header.kid is also the kid recipient. When decrypting you look for that key.
So the agent encrypting and the agent decrypting MUST have the same or an equivalent resolver (the key id needs to be deterministic).

[FabioPinheiro]

https://identity.foundation/peer-did-method-spec/
I was expecting the specs web pages to be updated by the GitHub job.
@dbluhm @swcurran do you know if the job failed or do we still need to do something?

[dbluhm]

https://identity.foundation/peer-did-method-spec/ I was expecting the specs web pages to be updated by the GitHub job. @dbluhm @swcurran do you know if the job failed or do we still need to do something?

It should have been updated... good catch, I'll investigate what went wrong!

[dbluhm]

Thanks for putting this issue together, by the way! This is excellent. We'll work on getting the didcomm-demo updated as well as the Indicio Mediator (no public repo to link to at the moment but feel free to add to your list). We will likely update those two projects in tandem.

[mineme0110]

For sicpa peer-did-jvm library
I have raised a PR which is an initiative to start the work required for the changes in PeerDID Spec
sicpa-dlab/peer-did-jvm#37
This PR doesn't handle all the PeerDID Spec changes required.

[TheTechmage]

• lib - decentralized-identity/did-resolver - (TODO open issue)
  • docker - uni-resolver-driver-did-uport - (TODO open issue) - click here to see used lib
    • app - universal-resolver - (TODO open issue)
      • lib - veramolabs/peer-did-resolver - (TODO open issue)

Looking at the list, there's a library under the uniresolver that is missing. The veramo labs depends on a library that handles the actual parsing of DIDs and here's a PR for the fixes aviarytech/did-peer#3

[FabioPinheiro]

Thanks @frostyfrog. So now we can update the version of @aviarytech/did-peer@0.0.24 in veramolabs/peer-did-resolver