DID Operations

All Sidtree-based DID operations require DID owners to generate specific data values and cryptographic material. These operations are:

• Create: Used to generate a side tree based DID. More information

• Update: Used to update the state of a DID. More information

• Recover: Used to recover a DID. More information

• Deactivate: Used to deactivate a DID. More information

Signing

Sidetree relies on JSON Web signatures(JWS)( RFC7515) for authentication and integrity protections of all DID operations, except with create operations which contain key material and are self certifying. More information on key singing can be found here.

Verification

Sidetree operations are only valid when the JWS can be verified with the correct key pair for the type of operation that is invoked(with the exception of the create operation). These operations and associated key pairs keys are:

• Update: must be signed by a valid Update Key Pair.

• Recovery: must be signed by a valid Recovery Key Pair.

• Deactivate: must be signed by a valid Recovery Key Pair.