Skip to content

Spec proposal: recognize did:plc identity method for domainless publishers (§5.1 resolution + Appendix C URN branch) #47

Description

@yepgent

Context

Following the install-time consent envelope ask in #43 and the SOVP-v1 pre-execution attestation proposal in #41, this issue surfaces a gap that blocks a real class of publishers from participating in ARD as authoritative entries today: publishers whose stable cryptographic identity is a DID with no DNS anchor (e.g., did:plc via atproto's PLC directory, did:key, did:peer).

§5.1 already permits identityType: "did", but §5.1's "the cryptographic trust domain inside this identity MUST align with the authority domain root embedded in the discovery identifier namespace" combined with Appendix C #3's mechanism — "registries programmatically extract the domain from the URN and cross-reference it with the cryptographic claim in trustManifest.identity" — has no path that resolves a did:plc identifier, because did:plc by design has no DNS root.

Net: a domainless publisher today must either acquire a domain, fall back to a non-authoritative entry, or be rejected per Appendix C #3.

The friction, made concrete

A publisher operating an MCP server identified by did:plc:abc123… controls a stable Ed25519 keypair, the PLC directory binds that key to the DID, and the DID Document is resolvable at https://plc.directory/<did:plc:...>. They cannot:

This is a structural exclusion of an entire DID method family, not a §5.2 typing question. We initially scoped this filing as a §5.2 attestation-type extension; reading §5.1 + Appendix C closely, the gate is upstream of §5.2 and has to be addressed there to be useful.

Proposal (narrow, sanctioned-branch shape)

Two complementary normative additions, neither blocking the FQDN-anchored mainline:

A. Sanctioned DID-anchored URN branch (Appendix C). Define one additional URN form alongside urn:ai:<fqdn>:<namespace>:<agent>:

urn:ai:did:<did-method>:<did-identifier>:<namespace>:<agent>

Concrete example: urn:ai:did:plc:abc123def456:mcp:memory-server. The <did-method> is constrained to a registered set (initial: did:plc, did:web; the latter's DNS anchor works under both branches and serves as the migration on-ramp).

B. §5.1 normative resolution path. Specify the verification procedure for identityType: "did" in concrete steps:

  1. Resolve the DID to a DID Document per the relevant DID method's resolution protocol (for did:plc, GET https://plc.directory/<did>).
  2. Extract verificationMethod matching the signed envelope's kid (or the first acceptable method if kid is absent).
  3. Validate the §5.1 signature (detached JWS) over canonical Trust Manifest content using that public key.
  4. Authority-alignment per Appendix C feat: update URN name regex and updated media type specifications for MCP server card #3 is satisfied by control of the DID (proven by step 3), not by FQDN match.

Appendix C #5's "decentralized trust via DNS root" justification is preserved for the FQDN branch and replaced by DID method registry uniqueness for the DID branch — both globally unique by construction, just via different roots.

Why not just §5.2

§5.2 attestations carry verifiable claims about a publisher — SOC2, HIPAA, SOVP-v1 (#41), TRACE-v0.2 (#7). They presuppose a publisher identity already established at §5.1. Bolting did:plc onto §5.2 alone would smuggle identity into the evidence layer and bypass §5.1's authority-alignment without addressing it. We'd rather surface the §5.1 / Appendix C question honestly than route around it.

Worked example

A did:plc:abc123… publisher hosts:

  • ai-catalog.json entry: identifier: "urn:ai:did:plc:abc123def456:mcp:memory-server"
  • trustManifest.identity: "did:plc:abc123def456", identityType: "did", signature: "<detached JWS, alg: EdDSA, over canonical Trust Manifest>"
  • An install-manifest attestation (per Recognise application/install-manifest+json in the AI Catalog (install-time safety envelope) #43) at attestations[].uri, content-addressed by digest
  • DID Document at https://plc.directory/did:plc:abc123def456 with verificationMethod[0].publicKeyMultibase matching the signing key

Verification: resolve DID → validate JWS → cross-reference URN's did:plc:abc123def456 segment against verified identity → accept.

Relationship to neighbors

Companion on install-manifest-spec

Filing a companion ask on drknowhow/install-manifest-spec defining how an install-manifest carries a publisher DID and detached JWS signature (analogous to how #36 carries the media-type prereq for #43). Will cross-link once filed.

Discussion gating

Like #41 and #43, I'll hold for normative wording from @imran-siddique on the §5.1 / Appendix C amendment shape before drafting a PR. Happy to:

Concrete real-world ammunition available: a yepgent-published install-manifest at https://yepgent.com/.well-known/install-manifests/yep-memory.v0.4.json and a draft did:plc-mirrored variant, both resolvable for the conformance tool's first DID-anchored test case.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions