From 8b6f3b3764f5426ae6a9bc0fcba9c87b9d686927 Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Sun, 13 Oct 2024 21:05:16 -0400 Subject: [PATCH 1/2] Explain that references to external verification methods is allowed. --- index.html | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/index.html b/index.html index 4eca92c..09fac02 100644 --- a/index.html +++ b/index.html @@ -258,6 +258,10 @@ color: rgb(199, 73, 0); font-weight: bold; } +pre.highlight { + font-weight: bold; + color: green; +} pre.nohighlight { overflow-x: auto; white-space: pre-wrap; @@ -2316,6 +2320,32 @@

Retrieve Verification Method

} +

+[=Verification methods=] are identified via the `id` property, whose value is a +URL. It is possible for a [=controller document=] to specify a [=verification +method=], through a [=verification relationship=], that exists in a place that +is external to the [=controller document=]. As described in Section +[[[#integrity-protection-of-controllers]]], specifying a [=verification method=] +that is external to a [=controller document=] is a valid usage of this +specification. When retrieving any [=verification method=], especially when the +[=verification method=] might be cached, it is vital that the algorithm above is +used to ensure that there is a bi-directional reference from the [=controller +document=] to the [=verification method=] (via a [=verification relationship=]) +and from the [=verification method=] to the [=controller document=] (via the +[=verification method=]'s `controller` property). Not ensuring this +bi-directional relationship exists can lead to security compromises where an +attacker poisons a cache by claiming control of a [=verification method=] +without the consent (that is, without a bi-directional reference) of the victim. +

+ + 
+{
+  "id": "https://controller.example/123",
+  "capabilityInvocation": ["https://external.example/xyz#key-789"]
+}
+
+ +
From 1376386d0f3fde55e7152ba2df6e60382dca8eff Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Sat, 19 Oct 2024 12:54:28 -0400 Subject: [PATCH 2/2] Fix grammar related to external verification methods. Co-authored-by: Ted Thibodeau Jr --- index.html | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index 09fac02..0ef2c7e 100644 --- a/index.html +++ b/index.html @@ -2326,16 +2326,17 @@

Retrieve Verification Method

method=], through a [=verification relationship=], that exists in a place that is external to the [=controller document=]. As described in Section [[[#integrity-protection-of-controllers]]], specifying a [=verification method=] -that is external to a [=controller document=] is a valid usage of this +that is external to a [=controller document=] is a valid use of this specification. When retrieving any [=verification method=], especially when the [=verification method=] might be cached, it is vital that the algorithm above is -used to ensure that there is a bi-directional reference from the [=controller -document=] to the [=verification method=] (via a [=verification relationship=]) -and from the [=verification method=] to the [=controller document=] (via the -[=verification method=]'s `controller` property). Not ensuring this -bi-directional relationship exists can lead to security compromises where an -attacker poisons a cache by claiming control of a [=verification method=] -without the consent (that is, without a bi-directional reference) of the victim. +used to confirm that the [=controller document=] refers to the +[=verification method=] (via a [=verification relationship=]) +and that the [=verification method=] refers to the [=controller document=] +(via the [=verification method=]'s `controller` property). Failure to +confirm that these reciprocal relationships exist can lead to security +compromises where an attacker poisons a cache by claiming control of a +[=verification method=] without the consent (that is, without a reciprocal +reference) of the victim.