Add "proof" property in DID Document Metadata

[thobson88]

We're building a network of DIDs and are looking to include the controller proof (JWS) as part of the DID Document Metadata.

Previous discussions (here, here and here) rightly concluded that such proofs do not belong in the DID Document itself, and the property was removed from DID core in PR #305.

However, while it was also agreed that the proper place for controller proofs is in the DID Document Metadata, this is currently not supported.

We therefore propose adding a proof property in the DID Document Metadata.

Our aim is to be consistent with the VC data model (and aligned with the outcomes of the working group). Using a snippet from the current VC documentation we've arrived at the following example of Document Metadata containing a controller proof:

{
  "proof": {
    "type": "JsonWebSignature2020",
    "id": "did:ion:test:EiAwnxk01PDoERb--VTEHkPMNXXxxNUqCf4s0iv0k6Ngag",
    "proofValue": "eyJhbGciOiJFUzI1NksifQ.IkVpRGNQWjNyMXFrMmF1RG1PRzdkWmE5LWNNNm5GQzhYRGZ0LUhRaUxudVkzeUEi.sT392TkLZ_u-xNF7u7kropwNZMPCZF5JXcp2sXeprjEpfwWeEIcWlatMnr2aZbaMdAamYrY8C4D4ixSgeZ8JUQ"
  },
  "canonicalId": "did:ion:test:EiA8yZGuDKbcnmPRs9ywaCsoE2FT9HMuyD9WmOiQasxBBg",
  "method": {
    "updateCommitment": "EiDcxLyK0QlEwgEVMBTd6YATquaxRLUozaRnVm3kbKbv7g",
    "published": true,
    "recoveryCommitment": "EiAInhzWGQqBGh8fpQKKdy1xck_Rhs8OvCb65y-D9mqxwQ"
  }
}

In this example the proof property has three sub-properties:

• type: the type of cryptographic signature
• id: an identifier (the DID) of the signing party (controller)
• proofValue: the actual signature, where the message being signed is the hash digest of the resolved (and canonicalized) DID Document. The signature is verifiable using a public key obtained by resolving the DID given in the id field.

An optional verificationMethod property could also be included to specify the id of an assertionMethod inside the signer's DID Document, to make it easier to locate the correct key for verification.