|
314 | 314 | <h2>Introduction</h2> |
315 | 315 |
|
316 | 316 | <p> |
317 | | -The use of shared secrets for [=authentication=] and [=authorization=], such as |
318 | | -the use of passwords, has resulted in a variety of security failures over the |
319 | | -past several decades. To address these security failures, systems can upgrade to |
320 | | -the use of |
321 | | -<a href="https://en.wikipedia.org/wiki/Public-key_cryptography"> |
322 | | -asymmetric cryptography</a>, which uses digital signatures that are far more |
323 | | -difficult to compromise. However, one shortcoming of digital signatures is |
324 | | -the difficulty in disseminating the information, such as public cryptographic |
325 | | -keys, to those that would need to verify the security of the digital signature. |
| 317 | +[=Controller documents=] enable the verification of proofs created by the |
| 318 | +controller of an identifier. They provide [=verification methods=] that express |
| 319 | +public cryptographic material, such as public keys, for verifying proofs created |
| 320 | +by the controller of the identifier for specific purposes, such as |
| 321 | +authentication, attestation, key agreement (for encryption), and capability |
| 322 | +invocation and delegation. [=Controller documents=] also provide [=services=] |
| 323 | +related to the identifier, for example to request additional information for |
| 324 | +verification. |
326 | 325 | </p> |
327 | 326 |
|
328 | 327 | <p> |
329 | | -A [=controller document=] contains cryptographic material and identifies |
330 | | -service endpoints that can be used to verify proofs from, and interact |
331 | | -with, the [=controller=] of an identifier. |
332 | | - </p> |
333 | | - <p> |
334 | | -[=Controller documents=] enable the verification of proofs created |
335 | | -by the controller of an identifier. They provide [=verification methods=] |
336 | | -that express public cryptographic material, such as public keys, for |
337 | | -verifying proofs created by the controller of the |
338 | | -identifier for specific purposes, such as |
339 | | -authentication, attestation, key agreement (for encryption), and capability invocation |
340 | | -and delegation. |
341 | | - </p> |
342 | | - <p> |
343 | | -Controller Documents also provide [=services=] related to the identifier, |
344 | | -for example to request additional information for verification. |
345 | | - </p> |
346 | | - <p> |
347 | | -In other words, the |
348 | | -controller document contains the information necessary to communicate |
349 | | -with, and/or prove that specific actions were taken by, the controller |
350 | | -of an identifier, |
351 | | -including material for |
352 | | -cryptographic proofs and service endpoints for additional |
353 | | -communications. |
| 328 | +In other words, the controller document contains the information necessary to |
| 329 | +communicate with, and/or prove that specific actions were taken by, the |
| 330 | +controller of an identifier, including material for cryptographic proofs and |
| 331 | +service endpoints for additional communications. |
354 | 332 | </p> |
355 | 333 |
|
356 | 334 | <p> |
|
0 commit comments