Resolver Refactor

[JelleMillenaar]

Note: Discussion timeboxed until Wednesday 5th of October, after which it will be converted to an issue. Discussion will still be possible, but implementation will get started.

The did module contains a resolution module that has two functions: resolve and dereference. These follow the suggested API format as suggested inside the W3C DID standard. The DID standard is generally a JSON format standard rather then forcing an API design on the implementers, this is different with DID Resolution, where they enforce functionalities in a certain way. I propose to deviate from the DID Resolution standard making our framework a confirming DID, DID Document, producer, consumer and method but not a conforming DID resolver or URL dereferencer. As these are split, it doesn't break our DID compatibility and I still think we can return the data-structures as they require them, just with a different API. This means a second-layer solution on top of the IOTA Identity framework CAN be a conforming DID resolver and URL dereferencer.

Motivation

DID Resolution is a resource intense operation. It produces a lot of network traffic as many API requests are send too the IOTA node and every resulting IOTA message must be parsed and validated. Caching and resolving old versions of a DID Document is currently not supported in the framework and we have a separate DID History API to at least have access to the history of a DID Document.

In addition, the DID Resolution already requires a lot of work to follow the proposed data structures from the DID standard, add support of DID parameters and move several fields from the DID Document to the didDocumentMetadata. This is a good time to review how it works and refactor if necessary.

Proposal

As such I would like to propose a design for the DID resolver for within the IOTA Identity framework. Feel free to disagree or provide a counter proposal. Data formats that follow the W3C DID Resolution spec are tagged with "(W3C)" after it.

The resolution module would contain a ResolverFactory that developers can use to set the application settings such as a ClientMap or resolutionOptions (W3C). In addition it has a function to resolve given a DID URL, returning a resolver object. This `resolver object has done the requires DID Resolution or URL dereferencing during its creation.

The resolver object has the following functions:

• getResult: Returns the expected value of type DID Document or varied depending if a DID or DID URL was provided.
• getDocument: Returns the DID Document from the resolved DID. This could take in a parameter to also return older states of the DID Document.
• getResolutionMetadata: Return resolutionMetadata (W3C) to allow compliance with DID standard.
• getDocumentMetadata: Return didDocumentMetadata (W3C) to allow compliance with DID standard. This could also take in a parameter to return the metadata of an older DID message.
• dereference: Given a DID URL returns a "part of" the DID Document.

It might also need to inherit more functionalities from DID History API, but I am not familiar enough with it to determine if all functionality is properly included here.

Advantages

Given the above object, we now simplify the API from resolve, resolution and DID History into one single powerful API call. It still is able to generate all required metadata to allow the development of a W3C compliant Resolver and a single resolve action can be reused throughout an application. A major optimization that is now possible, is too allow the verification of Verifiable Credential (VC) or Verifiable Presentation (VP) to now take an existing resolver object, removing duplicated DID resolution actions and at the same time allowing a VC or VP to verify given an "outdated" DID Document. This allows application developers to check if a VC/VP was valid during a certain time.

Additional Required Changes

Move the following fields over from DID Document to didDocumentMetadata as suggested in the spec, keep in mind that they stay on-tangle in the DID Messages:

• created and updated
• previousMsgId (inside a method object (As suggested in the example)
• proof (inside a method object)

Rename a few fields and parameters that are named differently (e.g. InputMetadata should be resolutionOptions), that should follow the spec.

Inside the ResolutionMetadata we should probably remove resolved (no purpose?) and introduce a boolean field cached that can if true, caches the entire history. To support caching, it would need to be part of resolutionOptions.

Add support for versionId, versionTime, service and relativeRef DID Parameters.

Resources

Link to any resources relevant for the task such as Issues, PRs, reference implementations, or specifications.

• W3C DID Resolution standard
• W3C dedicated article on Resolution
• [Task] Implement JSON-LD output format for DID Documents #196
• [Task] Disambiguate message_id in IotaDocument #361
• [Request] Allow Account to resolve remote DIDs #387

Open Questions

• Should resolutionOptions be part of the Resolver settings instead of being passed into the Resolver Factory?
• Should the Account resolve functionality be removed? ([Request] Allow Account to resolve remote DIDs #387)
• What other functions should the resolver have to completely replace the DID History API?
• Is the suggested API sufficient to support a second-layer DID resolver that is compliant with the DID standard?

[eike-hass]

I really like the idea of caching for future resolutions. I wonder if we need to expose the possibility to to specify the TTL of the cache. I guess with the current proposal implementers can choose when to reuse the resolver or create a new one, but maybe we could build in support for configurable caches (see https://github.com/decentralized-identity/did-resolver#caching for thoughts on that).

[eike-hass]

Where would that theoretical standard compliant resolver live? It sounds that would be external to identity.rs? Would that be external to the IF?
I am a bid hesitant to remove the goal on being compliant in lib without a clear solution. It weakens the claim of being a standard compliant implementation.

[JelleMillenaar]

We could add it, but it would just be another API for the sake of being compliant, IMO cluttering the repository. Historically, it has shown that those kinds of decisions only lead to confusion. I would rather commit something to the Universal Identity Resolver and claim compliance through that and reference it as a "reference implementation for following the spec".

[m-renaud]

I'd also like to voice some hesitation for removing a standard compliant resolver from the identity.rs repository (or even further, external to the IF). In no particular order:

• Clutter: The 'clutter' of one additional directory that wraps the "new API" seems minimal
  • Since the standards compliant API should in theory only need to depend on the "new API", and thus shouldn't introduce any bloat to the repo's dependencies
  • This repo is not large, and thus build and deployment times are not of concern (at least at this point in time or for the foreseeable future)
• Immediate Feedback: The creation of such a standards compliant wrapper API would give immediate feedback on the usability of the API
  • If the API truly is an improvement, it should be easy to implement and maintain this wrapper. If it's not, that probably points to an issue in the new API surface or ergonomics
• Maintenance: Breaking changes to the new API or implementation will now require coordination across repositories and versions
  • I posit this would actually increase the maintenance burden of maintaining a standards compliant API.
  • In all likelihood it will be the IF or someone from the Identity X-Team building and maintaining such a wrapper, leaving it in the identity.rs repo makes it easier in either case
  • This doesn't stop someone from building another standard compliant wrapper, but imho there should be a "default" one
• Universal Resolver: While this is an important integration, it seems orthogonal to being standards compliant
• Testing: There is a DID Core Spec Test Suite that identity.rs should utilize
  • Implementing the wrapper in identity.rs allows us to validate that changes in the new API don't violate the spec in an automated way

[JelleMillenaar]

Good points, thanks @m-renaud :) I am very happy to have you respond here!

Clutter: The wrapper would indeed be minimal, so that is good, but inside the API reference it will be mentioned on a similar level as the preferred and cleaner non-standard resolver, making it difficult to follow "what do I need to use"? I already find the repo quite large, as we are the largest framework in the IOTA Foundation, but we also have a LOT more planned.

Immediate Feedback: Agreed, it would be nice. But as long as our API returns all compliant data structures, we already know we can provide compatibility. Honestly, I am tempted to just PR the DID standard with a request to focus on this data structure compliance, rather than an API.

Maintenance & Universal Resolver: No counter-arguments =D

Testing: That Test Suite was a big disappointment tbh. It's not really automated at all :/

[m-renaud]

Clutter: ...inside the API reference it will be mentioned on a similar level as the preferred and cleaner non-standard resolver

I think this could be resolved with documentation structure and formatting. The low-level and "standard" API reference pages could include at the top a: "TIP: Prefer to use the high-level API (link)".

Clutter: ...we are the largest framework in the IOTA Foundation

It looks like there's only a few tens of thousands of lines of code across everything, including examples and tests. Are there specifics about the current code base organization that are tricky to navigate? I've been using a combination of ag, VSCode's built-in "Quick Open", and RLS with pretty good success. I haven't had to reach for ctags yet :)

Testing: That Test Suite was a big disappointment tbh. It's not really automated at all :/

Awe darn, I'm sorry to hear that :( Do you have any specific issues/annoyances you ran into written down? It would be nice to be like: "See! The implementation complies with the spec!"

[JelleMillenaar]

The annoyance was that you don't implement your framework, but rather copy paste your resulting DID Document into their test and they just check the data structure.

[PhilippGackstatter]

In general, this seems like a step in the right direction 👍. I agree with @eike-hass on the standard compliance. We can offer this better interface for our users, but should probably also provide a compliant resolve function.

This resolver object has done the required DID Resolution or URL dereferencing during its creation.

I don't fully understand the idea here. If the resolve_factory.resolve(did) method is actually resolving the document during its creation, then the messages used to generate that document are discarded, and getDocument returning an older state wouldn't be possible. So I assume what you mean is that the resolver just holds on to all the messages of a DID, and when you call getResult it combines all of them into the latest did document, while getDocument(5) would return the document at sequence 5.

I also don't get why the resolve function would take a DIDUrl and not a DID? If the retuned resolver object can provide either the document or a part of it, then calling resolve("did:iota:1234567890#key-1") is weird, because it implies to only return a part of the document, the #key-1. But we can still call getResult() on the returned resolver.

So unless I misunderstand, I would let resolve take a Did and dereference either a DidUrl or just a query, path or segment. (Also changed the names a bit).

let did: IotaDid = "did:iota:Gh9LYviikgCnakMtrLcCCk7F4zUsjKzZGwikRi5gMvCr".parse().unwrap();
let resolver_factory: ResolverFactory = ResolverFactory::new(client_map, resolution_options);
let resolver: Resolver = resolver_factory.resolve(did).await?;
let full_document: CoreDocument = resolver.document(); // instead of getResult()
let older_document: CoreDocument = resolver.document_at(5); // instead of getDocument()
let verification_method: DocumentProperty = resolver.dereference("#key-1")?;
// Match and see what we got
match verification_method {
  DocumentProperty::VerificationMethod(method) => {},
  DocumentProperty::Service(service) => {}, 
}

dereference will return an enum, because it can return at least a Service and a VerificationMethod. Alternatively, we can provide dereference_method and dereference_service or similar. This is probably inaccurate for services, though, since dereferencing them is pretty involved.

[PhilippGackstatter]

Strings are fine, it's just another variant in the enum. What I still dislike about this API is the need for getResult. The reason we have it, is a level of indirection we don't really need I think. Also, we want to get rid of the factory, since it's not really a factory. I think we could just name this top level type the Resolver, and have the API be:

let did: IotaDid = "did:iota:Gh9LYviikgCnakMtrLcCCk7F4zUsjKzZGwikRi5gMvCr".parse().unwrap();
let resolver: Resolver = Resolver::new(client_map, resolution_options);
let result: ResolutionResult = resolver.resolve(did).await?;

match result {
  // `resolve` returned a document
  ResolutionResult::Document(document) => {
    // Now we may want to additionally dereference a specific verification method in that document
    let method: IotaVerificationMethod = document.dereference("#key-1").method()?;
  }
  // We "resolved" a verification method inside a document
  ResolutionResult::DocumentProperty(DocumentProperty::VerificationMethod(method)) => {},
  // Anything else...
  _ => ()
}

This gets rid of one level while we could still cache the result of reading a particular did inside the Resolver, and then subsequently resolve the document at an older state or even a particular property of a document, without requiring additional network calls.

let older_doc: ResolutionResult = resolver.resolve_at(did, VersionTime::new("2021-09-29")?).await?;

// Suppose we have a DidUrl that points to a service endpoint
let did_url: DidUrl = did.to_url().set_fragment("#my-service");
// Can also resolve to strings...
let service_endpoint: String = resolver
  .resolve(did_url)
  .await?
  .property()?
  .string()?;

Seems like a nicer API which should be able to do the same as the original proposal, but with one less level of indirection.

[JelleMillenaar]

Mhm, I think my API is still misunderstood which shows it has some problems but your example has the same complexity and function calls as I suggest. I suggested that the resolving is actually done during the construction of the Resolver object, which ends up with the very similar same API:

let did: IotaDid = "did:iota:Gh9LYviikgCnakMtrLcCCk7F4zUsjKzZGwikRi5gMvCr".parse().unwrap();
let resolver: Resolver = Resolver::new(did, resolution_options).await?;
let result: ResolutionResult = resolver.getResult();

match result {
  // `resolve` returned a document
  ResolutionResult::Document(document) => {
    // Now we may want to additionally dereference a specific verification method in that document
    let method: IotaVerificationMethod = document.dereference("#key-1").method()?;
  }
  // We "resolved" a verification method inside a document
  ResolutionResult::DocumentProperty(DocumentProperty::VerificationMethod(method)) => {},
  // Anything else...
  _ => ()
}

I did just realize that a lot of languages don't like async constructor calls (aka make it impossible), so I am not sure if mine even works. Although if we have a factory object, it would be possible again. The advantage of what I propose is that the other functions such as retrieving metadata always return something that makes sense, since the resolve is done during creation. In your API, the developer must always first call resolve before the other functions return useful data.

[m-renaud]

I did just realize that a lot of languages don't like async constructor calls...if we have a factory object

I don't think we need a factory object, just a factory function (aka. any function which constructs an object):

pub async fn resolve_document(did, resolution_options) -> ResolutionResult {
  // Create the RelolutionResult here, but the async part lives outside the constructor.
}

My understanding of motivation for the API change is to avoid having to re-resolve a document every time you want the document or want to dereference something else in the same document; not to minimize the amount of code you need to write to dereference one thing. I'm thinking of something like:

let result: ResolutionResult = resolve_document(did, resolution_options).await?;
do_something_with(result.document());
do_something_with_method(result.dereference("#verification"));
do_something_else_with(result.dereference("#some-other-key"));
and_finally(result.dereference("/some/resource?key=val"));

This ignores the complexities of dereference being able to return multiple things, but separates just the document() out, and illustrates how the same result can be used for multiple follow-up dereference operations.

[PhilippGackstatter]

I'm not fundamentally convinced that we need this generic API that can return a full document or a part of it at the same time. I think it's fine if you need to resolve the document first, and then dereference something on it. We should be able to only allow relative DIDs on the dereference method, to avoid the case where a DIDUrl is just a DID and would thus point to the document itself.

It's two operations instead of one (resolve, dereference) which is acceptable, follows the standard, and you have stronger typing, since you know what you're getting instead of having to match on the result. It feels sensible to me because it follows the typical pattern of nesting, i.e. methods are nested in a document, so you first need a document to get to the method.

@m-renaud's approach is also nice, it seems similar to what I proposed. The main difference seems to be whether we want to pre-configure a resolver with a client map and resolution options once, or pass them every time.

[HenriqueNogara]

I agree with @PhilippGackstatter here. I believe that having to match every time we call resolve would be a bit annoying. I think that resolving to a document, from a DID, would be the best approach, and we could get the properties from there.

[m-renaud]

First off, I love the idea of designing and building an API that is specialized for the languages that developers are going to be using to build applications, and not only providing a JSON constrained spec-compliant API. Thank you for starting this discussion!

As a caveat to the below, I spend way less time in this code base and using the APIs then you all do, and wrote this at the end of a long day so please forgive any misunderstandings :)

What I like about the proposal:

• The ability to perform multiple resolution/dereference operations with only a single network read
• The ability to connect timestamp/TTL data directly to the resolution/dereference response, simplifying freshness management
• Moving metadata from the DID Document to didDocumentMetadata (should definitely do this regardless of what happens here)

What I find confusing and/or have questions about:

A. The spec is VERY specific about the difference between "resolution" and "dereferencing" (I've read several long threads about this in various forums), especially what the allowed inputs and outputs are. The current proposal conflates these two definitions which is confusing at best, and at worst could lead to an entirely incorrect understanding of the API by someone familiar with the spec

• Counter proposal: Rename the ResolverFactory and Resolver to something that is not ambiguous
  • Strawman: QueryFactory and Query, probably too vague, but no longer confusing or ambiguous
  • QueryFactory::new(client_map, query_options).query(did|didUrl)?.document() reads fine to me
  • Alternatives: DocumentManager, BikeShedGreenNumberFour, AnythingButResolver

B. One API to rule them all is not always what it's cracked up to be

• TL;DR; Code is write once, read/debug many times. Optimize for clarity, not terseness.
• getResult()
  • This is similar to @PhilippGackstatter's feedback
  • There is a real difference between a DID and a DIDUrl in terms of what can be returned when performing operations on them, having a single ::getResult() function make it really ambiguous what you get out.
  • It moves type checking from the API surface (via unique function calls) to the return value, causing a proliferation of pattern matching (https://lexi-lambda.github.io/blog/2019/11/05/parse-don-t-validate/)
  • For these reasons, I'm 👎 on a generic getResult(). If the results were the same type in both cases, I could see an argument, but as is the return types get worse to work with.
• resolver_factory.resolve(did_url)
  • The overhead from going from resolver_factory.resolve(did_url) to resolver_factory.resolve(did_url.did()) is minimal and reduces confusion of what it would mean to "resolve a DID Url" and then later "dereference a different path/fragement etc" (aka. does it append?)
  • eg. What does resolve_factory.resolve("iota:did:abc/xyz").dereference("#key") mean? Is it:
    • throw away the path/queryfragment: ".resolve only resolves the document, and all calls to .dereference operate on the document" (iota:did:abc#key), OR
    • append/replace: ".resolve resolves the document and stores the current path/query/fragment with subsequent .dereference calls adding to it" (iota:did:abc/xyz#key)
  • ^^^^^^ IMHO better to avoid this confusion entirely and only take a DID
• The set of standard core properties is relatively small, so I wouldn't throw away the idea of having dedicated functions for each of these
  • Of course a generic API will still be needed/useful for non-standard schema
  • A plain DID can never be dereferenced, having the ability to call dereference on a DID introduces a failure case into the API that users must handle, instead of making that state not representable.

C. MEGA-NIT!! Is "Factory" the right term here?

Usually "factory" is used in a context when you aren't specifying the type of object being created. There's nothing magical or generic going on here so another term would probably be better :)

Responses to (some of) your open questions:

Should resolutionOptions be part of the Resolver settings instead of being passed into the Resolver Factory?

Since it's only needed during the resolver_factory.resolve(did) step (and could change across calls to resolve), it seems natural to add it as a param to resolve.

As an additional option, the ResolverFactory could have two constructors, one with resolutionOptions which will apply as the default to .resolve() calls that don't specify it. Also, I'm assuming there's a reasonable "default resolutionOptions". Then you'd have:

• ResolutionFactory::new(ClientMap) - Will use the "default resolutionOptions" for all .resolve() calls that don't specify one
• ResolutionFactory::new(ClientMap, ResolutionOptions) - Will use the specified resolutionOptions for all .resolve() calls that don't specify one
• .resolve(did) - Will use the "default" or "already specified" resolution options
• resolve(did, resolutionOptions) - Use the specified resolutionOptions for this resolution (ignoring the factory)

Is the suggested API sufficient to support a second-layer DID resolver that is compliant with the DID standard?

Building one ourselves would answer this for us 🙃 (see my other response)

Okay, that's enough for now, I have more thoughts but this is already WAY too long for this format!

[PhilippGackstatter]

Even though I've proposed the API in the other thread, I share the concerns about the spec being specific on the resolve/dereference distinction, as well as (the more important point) the ambiguity in the resolve return type.

It moves type checking from the API surface (via unique function calls) to the return value, causing a proliferation of pattern matching

This is a great point. We're just moving the "problem" from the input to the output. It's not too much to ask someone wanting to dereference a verification method, to first resolve the document and then dereference on that. It's a two-step instead of a one-step process. That's okay. Collapsing everything into a single method might be too much. The dereference operation will still return a number of possible outputs, so there's already enough pattern matching to do here, I guess. Curious to hear other opinions on this as well.

[JelleMillenaar]

Alright, those are excellent points. But my problem with the differentation between resolve and dereference is that dereference includes the logic and return type of resolve. Submitting a DID instead of a DID URL into a dereference makes it act as a resolve. So what is the point of the additional function? This is not a hill I am willing to die on ;)

[m-renaud]

Submitting a DID instead of a DID URL into a dereference makes it act as a resolve.

Sure, the same way that passing identity() into map() gives you the same thing out 🙃

So what is the point of the additional function?

The point of the additional function (dereference) is to separate multiple follow-up dereference operations on the same DID Document from the document resolution. Also, if you just need the DID Document, you use the same resolution code, and simply call .document() instead of .dereference() and get a constrained return type: DIDDocument.

[abdulmth]

In case this API is going to replace the History API:

• It's a little bit confusing to me that there is no distinction between a document (which does represent a state (?) ) and a message which is the message stored on the tangle since this is important to know which is which for Diff messages.

• I'm also concerned about how this new API would deal older Diff messages, since these are not requested from the Tangle when a normal resolution is done (?). Also how these and their metadata can be requested (which function and which parameter). For now the history API requires a Document object to be constructed from the parent integration message.

• Also we should keep in mind to include the invalid messages on the DID index and on the indices of diff messages.

[JelleMillenaar]

Excellent points, we will need to include this features in the final design.

[PhilippGackstatter]

We would like to come to a conclusion on this discussion and have converged on two options that we would like some final thoughts on, before we make a decision.

In the team, we voted on being spec-compliant, but that doesn't mean we can't expose a separate API that we feel is better. So with both options we will have a resolve method that is compliant with the resolution spec. It will internally delegate to whatever option we choose to implement.

Option 1

// did is of type did, not did_rul
let resolution: Resolution = resolve(did, resolution_options);
let document: IotaDocument = resolution.document();
let metadata: DocumentMetadata = resolution.metadata();
let history: DocumentHistory = resolution.history();
let old_document: IotaDocument = history.document_at("2021-10-01");
// ResolutionResult is an enum that wraps IotaDocument, and all kinds of properties on the document
let service: ResolutionResult = document.dereference("key-1");
let service2: ResolutionResult = old_document.dereference("key-1");
// Additionally, we have a high-level dereference method that takes a DidUrl
let dereference: ResolutionResult = dereference(did_url, resolution_options);

Here we have freestanding functions resolve and dereference. The Resolution object represents the resolution result of a concrete did. It acts like a cache such that the latest document, the metadata of the document, as well as the history of the document can be retrieved, without requiring additional network calls. It would be trivial for someone who wants such a deference function to write it, given this API.

Option 2

// did is of type did, not did_rul
let document: IotaDocument = resolve(did, resolution_options);
// DocumentMetadata is an IotaDocument + imetadata
let metadata: DocumentMetadata = resolve_with_metadata(did, resolution_options);
// DocumentHistory is a wrapper around an array of DocumentMetadata, so it includes metadata & document
let history: DocumentHistory = resolve_with_history(did, resolution_options);
let old_document: IotaDocument = history.document_at("2021-10-01");
let service: ResolutionResult = document.dereference(did_url);

Here, we have three distinct functions, with the same functionality as option 1. Each function returns more data than the method before, in the sense that DocumentHistory can also return the latest document with metadata, in addition to the history. In this option, there is no high-level dereference function. To dereference something, we require developers to first resolve the document and then call dereference on that.

Notes on both options

We want to have the ability to resolve documents at some point in the past, for example, to check if a credential together with an older document state was valid. In the presented approaches, the entire history needs to be computed, to then call history.document_at. It's also reasonable to add a document_at method directly on the Resolution object, while in option 2, a new freestanding function would have to be added.

A side discussion: In both examples, it's also imaginable to have a Resolver object which takes some resolutionOptions and then has resolve_* methods, so the options don't need to be passed every time. We can decide on that independently of the presented options.

IotaDocument gains a method to dereference any did url. This could be in addition to specialized methods, like verification_method(did_url) -> IotaVerificationMethod or service(did_url) -> Service, some of which already partly exist. It might make sense to have the IotaDocument::dereference only take a relative DID, which would simplify the return type, as it could not return a document.

I hope that includes any points raised before, if not, feel free to point them out.

[cycraig]

1. I would honestly prefer resolutions_options.full_history = true. It's not unreasonable for developers to be explicit in the API if they want to query past documents or not.
2. We could shove the document_at option into the resolution_options too if we want. Each diff chain is on a separate index so fetching all of them can be slow, if we specify an exact datetime it would be easier to resolve just one.

I think the design decision here is whether the resolution API should be allowed to make more calls to the Tangle after the initial resolution or if everything should be specified up-front.

[PhilippGackstatter]

1. If you pass the option as false, and call history() you get an error, right? If so, it would also make sense to do the same for metadata. If you specify true, then all spam messages are retained, but not every diff chain ever is retrieved, right?
2. Should it be possible to pass multiple dates to resolution_options so multiple past documents can be retrieved at the same time?

I think I still prefer a solution that takes advantage of the type system, rather than the possibility of calling history() or metadata() but getting an error, because the wrong options were passed. Also, does it really make sense to combine the resolution API with the history API? Are these not fairly separate use cases?

Maybe I'm still missing something, but how about something like this then:

async fn main() {
  let iota_did: IotaDID = "did:iota:...".parse().unwrap();
  // Build a resolver that caches calls to the tangle for this specific did
  let resolver = Resolver::new(iota_did);
  // resolve is a convenience method that calls resolve_at(VerstionTime::now()). Also fetch metadata.
  let doc_with_metadata: MetadataDocument = resolver.resolve().with_metadata().fetch().await;

  let latest_document: IotaDocument = doc_with_metadata.document();
  let latest_metadata: Metadata = doc_with_metadata.metadata();

  // Fetch an older document, without metadata. Metadata could be fetched if `with_metadata` is added.
  let doc: IotaDocument = Resolver::resolve_at(VersionTime::at("2021-10-01T00:00:00"))
    .fetch()
    .await;

  // Separate API, but can share the network cache of the created resolver instance
  // Perhaps this should take a VersionTime parameter?
  let history: DocumentHistory = resolver.resolve_history().await;
}

In short: Similar to option 1, except that 1) it can make more network calls as necessary and 2) only fetches metadata when explicitly asked for. I was thinking about adding with_history on top of metadata, but not convinced it's useful. Not sure if there's a need for resolutionOptions, but can be a parameter to Resolver::new(). Dereference not shown here, as we could go with the existing methods on IotaDocument.

[cycraig]

If you pass the option as false, and call history() you get an error, right? If so, it would also make sense to do the same for metadata.

1. Which metadata? The difference is that both the resolution metadata and document metadata are part of the DID resolution specification, while the history is not.

Should it be possible to pass multiple dates to resolution_options so multiple past documents can be retrieved at the same time?

2. No idea, I would think not unless that's a common use case? Retrieving a specific date seems less necessary than a specific version, but they amount to the same operations I guess. If efficiency is an objective then it really only requires querying the integration chain history once and then retrieving the diff chain of the desired point in time. This again relates to whether or not the resolution API should be allowed to make more calls to the Tangle after the initial resolution or not per your example.

I don't think metadata should be part of the discussion on being optional. From my understanding it will be a necessary part of the documents on the Tangle post-refactor that is always retrieved.

[PhilippGackstatter]

Which metadata? [...] I don't think metadata should be part of the discussion on being optional.

We can decide what to do for our own API, as long as it is somehow accessible to build the spec-compliant resolve function on top, right? One approach would be to just combine both metadata into the Metadata type in the latest example which can be destructured for the spec-compliance. Our users might care about metadata or not, so our API should reflect that.

No idea, I would think not unless that's a common use case?

Yeah, agreed. I was mainly asking because I wanted to shoehorn everything into the original API idea of having everything retrieved upfront. But as I showed in the example, I'm definitely not insisting on that. It seems to make a lot more sense to be efficient in caching the integration chain, as you mentioned, but not in network calls.

@JelleMillenaar would you be okay with that?

[PhilippGackstatter]

Quick update on this. @JelleMillenaar is fine with additional network calls, to avoid having to fetch everything upfront.

Given the time constraints of finishing this for 1.0, we should start to implement this soon. Even if we haven't agreed on an exact API, it seems option 1 is the direction we want to go in, which should be good enough to get started. We can hand that over to whoever is implementing it, and request additional changes during code review.

[cycraig]

Opened #486 to address the required metadata changes. Might need another issue/PR for the resolver refactor proper.

Resolver API issue: #493