Update concepts_did.md

input/pagecontent/concepts_did.md

@@ -9,7 +9,7 @@ The common trust list specification defines the lowest common denominator format
 4. SHALL be mergeable (trust list operators can integrate each other's entries)
 5. SHALL be usable by all stakeholders required to verify health credentials in their operations
 
-#### DID Document
+#### DID Document v1.0
 The unified format is based on the [Decentralized Identifiers (DIDs) v1.0](https://www.w3.org/TR/did-core/) specification. DIDs are globally unique identifier in the form of URIs. The URI scheme includes a method name which corresponds to a standard method by which a DID Document can be resolved. This DID Document is a structured JSON-LD which captures each existing public key (regardless of X.509 or JWK format used) by the members of a trust network in a common format. It allows additional metadata (such as intended purpose and key identifiers) to be added to existing keys with changing the underlying keys themselves​. It provides means to publish and cryptographically sign a master lists of keys recognized used by a trust network.
 
 The unified format DID method selected is did:web, a method to retrieve DID Documents via existing web (https) infrastructure​. ​The did:web identifiers have the form `<DOMAIN NAME>:<PATH COMPONENT 1>:...: <PATH COMPONENT N>`​. Resolution is accomplished by https GET against the URL which is formed from this identifier by​ `https://​DOMAIN NAME/PATH COMPONENT 1/.../PATH COMPONENT N/did.json`. For example did:web:example.com:my:path would resolve a DID Document from the URL `https://example.com/my/path/did.json`​. Additional did methods may be supported in the future.
@@ -27,3 +27,56 @@ The verificationMethod array represents the individual signing keys associated w
 The DID Document itself can be signed with addition of a ‘proof’ block containing signature details and key used for verification.
 
 For more information regarding the DID Document format for a Trust List specification, see [WHO DDCC Trust List Specification documentation](https://github.com/WorldHealthOrganization/ddcc-trust/blob/main/TrustListSpecification.md#leading-contender-did-document). For an example of a signed DID Document, see [Appendix A](https://github.com/WorldHealthOrganization/ddcc-trust/blob/main/TrustListSpecification.md#appendix-a-signed-did-document-for-x509-enabled-trust-lists-of-leaf-keys) of the documentation.
+
+#### DID Document v2.0
+In version 2.0 of the WHO GDHCN DID publication specification, multiple DID files are created depending on your key needs. 
+
+
+There are types  trust lists - embedded and by reference.  The embedded trust list contains all key material.  The reference trust list contains reference to keys.   
+
+There are "root" trust list contains all keys available on the TNG (either embedded or by reference).
+* https://tng-cdn.who.int/v2.0.0/trustlist/did.json
+* https://tng-cdn.who.int/v2.0.0/trustlist-ref/did.json
+for the embedded and reference lists respectively 
+
+Additionally there are trust lists generated which you can filter by one or more of the Domain, the Paricipant Code or the Key Usage.   The URLs follow the following DID Path Structure:
+* tng-cdn.who.int/v2.0.0/trustlist/<DOMAIN>/<PARTICIPANT_CODE> matches all key usages (DSC, SCA, etc) for a specific domain or participant code
+* tng-cdn.who.int/v2.0.0/trustlist/<DOMAIN>/<PARTICIPANT_CODE>/<USAGE> matches all keys for a specific usage for a specific domain or participant code
+* tng-cdn.who.int/v2.0.0/trustlist/-/<PARTICIPANT_CODE> matches all domains for a specific participant for all usage codes
+* tng-cdn.who.int/v2.0.0/trustlist/-/<PARTICIPANT_CODE>/<USAGE> matches all domains for a specific participant and usage code
+* tng-cdn.who.int/v2.0.0/trustlist/<DOMAIN>/-/<USAGE> matches all participants for a specific domain
+
+DEV and UAT versions of the DID trust lists are available under tng-cdn-dev.who.int and tng-cdn-uat.who.int following the same DID Path Structure.
+
+
+Repository Folder structure (under a version folder):
+
+* trustlist  
+  * did.json contains all keys embedded  
+  * DDCC  
+    * did.json contains all keys for DDCC domain embedded  
+    * FRA  
+      * did.json contains all keys for France for DDCC Domain embedded  
+      * DSC  
+        * did.json contains DSCs for France for DDCC Domain  
+      * SCA  
+        * did.json contains DSCs for France for DDCC Domain  
+    * IND  
+      * did.json contains all keys for Indonesia for DDCC Domain  
+  * PH4H   
+    * did.json contains all keys for IPS domain embedded  
+    * FRA   
+      * did.json contains all keys for France for IPS Domain embedded  
+      * DSC  
+        * did.json contains DSCs for France for IPS Domain  
+      * SCA  
+        * did.json contains DSCs for France for IPS Domain  
+  * \-  
+    * FRA  
+      * did.json contains all keys for France for all domains embedded  
+    * IND  
+      * did.json contains all keys for Indonesia for all domain embedded
+* trustlist-ref  
+  * contains all keys by reference  
+  * \<same structure as above\>
+