The future of developer provenance in Git repos is being implemented using authentic data provenance logs instead of DID documents. DID documents do not support history and DID methods conflate identification with location and it has resulted in siloing and politics; don't use DIDs. The signing tools used for this will all communicate with Git using a new protocol under development.
This repo is the central coordination point for work on the W3C DID method specification for Git repositories. If you would like to participate, we encourage you to join the mailing list and make sure you're familiar with decentralized identifiers (DID) and the problem we're trying to solve by reading the DID primer. This work is broken up into three major areas: defining the specification, modifying Git, and creating a new signing tool. Bellow are the outstanding TODO's for each area.
- Add version to
did-git-spec.md
see method registry requirement 2. - Request that the spec be include in the DID method registry.
- Add terminology section to the spec to define repo ID, committer ID, etc.
- Complete the sections on motivation.
- Finish the CRUD operations for both repo and committer DID strings.
- Reconcile difference between
did-dir-spec.md
anddid-git-spec.md
to create standard for on-disk DID documents as keyring.
- Create a fork of git.git.
- Create a
did-git-impl-signing
branch off of git.gitmaint
branch for signing infrastructure changes. - Rebase patches for signing infrastructure changes.
- Rebase documentation changes.
- Rebase signing interface abstraction.
- Rebase GPG and GPGSM "drivers".
- Verify that all existing GPG unit tests pass.
- Rebase documentation changes.
- Submit signing fix patches to git.git mailing list.
- Follow up on changes and discussion until it gets landed.
- Create BetterSign "driver".
- Create BetterSign unit tests.
- Submit BetterSign patches to git.git mailing list.
- Follow up on changes and discussion until it gets landed.
- Create a
did-git-impl-porcelain
branch off of git.gitmaint
branch for creating git-did porcelain. - Define the format of DID signatures in commit records. Proposal to use Linked Data Proofs.
- Create a simple
git-did
porcelain command from the Python examples in the git.git repo. - Add initial unit tests for
git-did
porcelain. - Implement CRUD operations for repo DID strings.
- Implement CRUD operations for committer DID strings.
- Define and document the "meat-space" protocol for doing multiple signatures on a single commit. This is likely to be a threshold signature and the git-did porcelain should automate it as much as possible.
- Create a public repo for BetterSign signing tool.
- Upload existing bs code.
- Create a public repo for the DIDDir library.
- Upload existing diddir code.
- BetterSign
- Refactor sign/verify functions to use background-jobs
- Add DID string parser.
- Add linked data structure (LDS) output format.
- Add JSON web signature (JWS) output format.
- Refactor sign/verify functions to use background-jobs
- DIDdir
- Add JSON-LD parser for DID documents.
- Add Base58 crate for naming DID documents.
- Add code to find DIDdir in local dir and ancestors.
- Add git2 crate to handle Git commands for CRUD operations on DID docs.
- Add JSON-LD parser for DID documents.