Universal Resolver driver

[clehner]

We could add a driver for Universal Resolver, like this: https://github.com/decentralized-identity/universal-resolver/pull/100/files
It looks like there is already a Universal Resolver driver using ghcr.io, so I think we could use our existing Docker image ghcr.io/spruceid/didkit-http. DIDKit's HTTP interface already supports the DID Resolution HTTP(S) binding which is what Universal Resolver uses for the interface to drivers.

Universal Resolver already has drivers for did:key, did:web, and did:ethr. DID Methods that we could add in our driver are did:tz, did:pkh, did:sol, and did:onion. Additional work may be needed to enable did:onion since it depends on an external network, Tor: #137

[peacekeeper]

I think this sounds great. BTW there is also nothing wrong with having multiple drivers that implement the same DID method. Maybe DIDKit's support for did:key and did:web is better than the existing UR drivers for those methods; in that case people can configure their UR instance to use whichever driver they prefer for any given DID method!

[clehner]

@peacekeeper great. It appears that DIDKit's support for did:key:zQ3s (Secp256k1) and did:key:zru (P-256) would be novel. But these are not currently enabled in our Docker image... I am opening another issue about that. Edit: fixed in #140

[clehner]

Adding the driver, for did:tz and some did:key prefixes, is happening here: decentralized-identity/universal-resolver#222.

Enabling more DID resolvers from DIDKit can be done by updating the regex for the didkit driver's entry in config.json.

Example resolution result

$ curl -s http://localhost:8080/1.0/identifiers/did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x | jq
{
  "didResolutionMetadata": {
    "pattern": "^did:(?:tz:|web:|key:(?:z6Mk|zQ3s|zDna)).+$",
    "driverUrl": "http://driver-didkit:8080/identifiers/$1",
    "duration": 396,
    "contentType": "application/did+ld+json",
    "did": {
      "methodSpecificId": "tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x",
      "method": "tz"
    }
  },
  "didDocumentMetadata": {},
  "didDocument": {
    "@context": [
      "https://www.w3.org/ns/did/v1",
      {
        "Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021": "https://w3id.org/security#Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021",
        "blockchainAccountId": "https://w3id.org/security#blockchainAccountId"
      }
    ],
    "id": "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x",
    "verificationMethod": [
      {
        "id": "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x#blockchainAccountId",
        "type": "Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021",
        "controller": "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x",
        "blockchainAccountId": "tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x@tezos:mainnet"
      }
    ],
    "authentication": [
      "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x#blockchainAccountId"
    ],
    "assertionMethod": [
      "did:tz:tz1YwA1FwpgLtc1G8DKbbZ6e6PTb1dQMRn5x#blockchainAccountId"
    ]
  }
}

For development purposes, the other drivers can be disabled, to reduce resource use, by removing them from docker-compose.yml. To update config.json without having to rebuild the uni-resolver-web image each time, a volumes entry can be added to use the local config.json. The resulting docker-compose.yml is as follows:

docker-compose.yml for developing/testing DIDKit's Universal Resolver Driver

version: "3.5"
networks:
  default:
    name: universal-resolver
services:
  uni-resolver-web:
    image: universalresolver/uni-resolver-web:latest
    ports:
      - "8080:8080"
    volumes:
      - ./config.json:/var/lib/jetty/config.json
  driver-didkit:
    image: ghcr.io/spruceid/didkit-http:latest
    environment:
      PORT: 8080
      HOST: 0.0.0.0
    ports:
      - "8121:8080"

Thanks @sbihel for helping with Docker/docker-compose.

[clehner]

Universal Resolver driver using DIDKit (didkit-http), enabling did:tz and some did:key prefixes, is merged in decentralized-identity/universal-resolver#224. Keeping this issue open though, to track enabling more of DIDKit's DID methods in the Universal Resolver config. i.e. did:onion (may blocked by #137), did:pkh and did:webkey (I think UR prefers methods be added to the DID Specification Registries first)

[clehner]

did:pkh using DIDKit in Universal Resolver was added in decentralized-identity/universal-resolver#231;

did:key RSA in decentralized-identity/universal-resolver#277.

did:ion was added to DIDKit in #255, but Universal Resolver already has a did:ion driver.

DIDKit's regex in Universal Resolver is currently this: ^did:(?:tz:|pkh:|web:|key:(?:z6Mk|zQ3s|zDna|z.{200,})).+$
https://github.com/decentralized-identity/universal-resolver/blob/6425f8b3b1d2523bf14c922ca575a2253920e62c/config.json#L180

webkey remains a DID method that could be added. It needs a specification: spruceid/ssi#205.

onion could also be added if we figure out where to put Tor and how to access it from DIDKit container (#137).

[peacekeeper]

@clehner thanks for the update. I think adding support for onion would be great. You could make the address of the Tor node configurable with an environment variable, and leave it up to a particular deployment to configure it correctly so that the container can reach Tor.