Controller Documents
This document explains Controller Documents (also known as Controlled Identifier Documents), a core concept in the W3C Controlled Identifier (CID) specification. Controller Documents serve as the foundation for verifiable cryptographic interactions in Vidos.
What are Controller Documents?
Section titled “What are Controller Documents?”Controller Documents are machine-readable documents containing cryptographic material and service endpoints used to verify proofs from, and interact with, the controller of an identifier. They establish trust anchors by providing verification methods to validate authority over identifiers.
Controller Documents are closely related to DID Documents but serve as a more generalized concept that DID Documents implement.
Core Components
Section titled “Core Components”A Controller Document consists of several key components:
Identifiers
Section titled “Identifiers”Every Controller Document includes:
- Subject: The entity described (the
idproperty) - Controller: Entity with authority to change the document
- Also Known As: Optional additional identifiers for the subject
Verification Methods
Section titled “Verification Methods”Verification methods provide cryptographic material to verify proofs. Each method has a unique identifier, type (cryptographic algorithm), verification material (e.g., public key), and controller reference.
Verification Relationships
Section titled “Verification Relationships”Verification relationships define how verification methods can be used:
- Authentication (proving identity)
- Assertion (issuing claims)
- Key Agreement (encrypted communications)
- Capability Invocation
- Capability Delegation
Services
Section titled “Services”Services define endpoints for interacting with the subject (e.g., credential issuers, messaging endpoints, data storage).
Controller Document Structure
Section titled “Controller Document Structure”Controller Documents follow a structured data model with standardized properties:
{ "@context": "https://www.w3.org/ns/cid/v1", "id": "https://controller.example", "controller": "https://controller.example", "verificationMethod": [ { "id": "https://controller.example#key-1", "type": "Multikey", "controller": "https://controller.example", "publicKeyMultibase": "z6MkmM42vxfqZQsv4ehtTjFFxQ4sQKS2w6WR7emozFAn5cxu" } ], "authentication": ["https://controller.example#key-1"], "assertionMethod": ["https://controller.example#key-1"], "service": [ { "id": "https://controller.example#messaging", "type": "MessagingService", "serviceEndpoint": "https://example.com/messages" } ]}How Controller Documents Function in Vidos
Section titled “How Controller Documents Function in Vidos”Within Vidos, Controller Documents play a crucial role in verification:
The resolver service takes an identifier as input, retrieves the associated Controller Document, and provides verification methods for cryptographic validation. This establishes trust without centralized identity providers, similar to DID Resolution.
Vidos Integration
Section titled “Vidos Integration”Controller Documents integrate with:
- Resolver (translates identifiers to documents)
- Verifier (validates signatures and credentials)
- Validator (ensures conformance)
- Authorizer (authenticates and authorizes)
- Library services
Use Cases
Section titled “Use Cases”Controller Documents enable identity verification (cryptographic proof without passwords), credential verification (validating signatures), secure communication (encrypted channels), service discovery (standardized interaction methods), and capability authorization (precise access control).
Related Resources
Section titled “Related Resources”W3C Specifications
Section titled “W3C Specifications”- W3C Controlled Identifier (CID) Specification
- W3C Decentralized Identifiers (DIDs) Specification
- W3C Verifiable Credentials Data Model