diff --git a/tests/integration/cli_diddoc_test.go b/tests/integration/cli_diddoc_test.go
index 564807e2f..7ed691798 100644
--- a/tests/integration/cli_diddoc_test.go
+++ b/tests/integration/cli_diddoc_test.go
@@ -423,12 +423,21 @@ var _ = Describe("cheqd cli - positive did", func() {
 		publicKeyMultibase := testsetup.GenerateEd25519VerificationKey2020VerificationMaterial(publicKey)
 		publicKeyBase58 := testsetup.GenerateEd25519VerificationKey2018VerificationMaterial(publicKey)
 
+		participantId := 123
+		paramsRef := "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:09b20561-7339-40ea-a377-05ea35a0e82a/resources/08f35fe3-bc2a-4666-90da-972a5b05645f"
+		curveType := "Bls12381BBSVerificationKeyDock2023"
+
 		assertionMethodJSONEscaped := func() string {
 			b, _ := json.Marshal(types.AssertionMethodJSONUnescaped{
 				Id:              keyID,
 				Type:            "Ed25519VerificationKey2018",
 				Controller:      did,
 				PublicKeyBase58: &publicKeyBase58, // arbitrarily chosen, loosely validated
+				Metadata: &types.AssertionMethodJSONUnescapedMetadata{
+					ParticipantId: &participantId,
+					ParamsRef:     &paramsRef,
+					CurveType:     &curveType,
+				},
 			})
 			return strconv.Quote(string(b))
 		}()
@@ -539,4 +548,302 @@ var _ = Describe("cheqd cli - positive did", func() {
 		// Check that the DID Doc is deactivated
 		Expect(resp2.Value.Metadata.Deactivated).To(BeTrue())
 	})
+
+	It("can create diddoc with empty controller, update it using the authentication key and query the result (Ed25519VerificationKey2020)", func() {
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can create diddoc with empty controller (Ed25519VerificationKey2020)"))
+		// Create a new DID Doc
+		did := "did:cheqd:" + network.DidNamespace + ":" + uuid.NewString()
+		keyID := did + "#key1"
+
+		publicKey, privateKey, err := ed25519.GenerateKey(nil)
+		Expect(err).To(BeNil())
+
+		publicKeyMultibase := testsetup.GenerateEd25519VerificationKey2020VerificationMaterial(publicKey)
+
+		keyID2 := did + "#key2"
+
+		publicKey2, _, err := ed25519.GenerateKey(nil)
+		Expect(err).To(BeNil())
+
+		publicKeyMultibase2 := testsetup.GenerateEd25519VerificationKey2020VerificationMaterial(publicKey2)
+
+		payload := didcli.DIDDocument{
+			ID:         did,
+			Controller: []string{},
+			VerificationMethod: []didcli.VerificationMethod{
+				map[string]any{
+					"id":                 keyID,
+					"type":               "Ed25519VerificationKey2020",
+					"controller":         did,
+					"publicKeyMultibase": publicKeyMultibase,
+				},
+				map[string]any{
+					"id":                 keyID2,
+					"type":               "Ed25519VerificationKey2020",
+					"controller":         did,
+					"publicKeyMultibase": publicKeyMultibase2,
+				},
+			},
+			Authentication: []string{keyID},
+		}
+
+		signInputs := []didcli.SignInput{
+			{
+				VerificationMethodID: keyID,
+				PrivKey:              privateKey,
+			},
+		}
+
+		versionID := uuid.NewString()
+
+		res, err := cli.CreateDidDoc(tmpDir, payload, signInputs, versionID, testdata.BASE_ACCOUNT_1, helpers.GenerateFees(feeParams.CreateDid.String()))
+		Expect(err).To(BeNil())
+		Expect(res.Code).To(BeEquivalentTo(0))
+
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can update diddoc with empty controller (Ed25519VerificationKey2020)"))
+		// Update the DID Doc, removing the second verification method
+		payload2 := didcli.DIDDocument{
+			ID: did,
+			VerificationMethod: []didcli.VerificationMethod{
+				payload.VerificationMethod[0],
+			},
+			Authentication: []string{keyID},
+		}
+
+		versionID2 := uuid.NewString()
+
+		res2, err := cli.UpdateDidDoc(tmpDir, payload2, signInputs, versionID2, testdata.BASE_ACCOUNT_1, helpers.GenerateFees(feeParams.UpdateDid.String()))
+
+		Expect(err).To(BeNil())
+		Expect(res2.Code).To(BeEquivalentTo(0))
+
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can query diddoc with empty controller (Ed25519VerificationKey2020)"))
+		// Query the DID Doc
+		resp, err := cli.QueryDidDoc(did)
+		Expect(err).To(BeNil())
+
+		didDoc := resp.Value.DidDoc
+		Expect(didDoc.Id).To(BeEquivalentTo(did))
+		Expect(didDoc.Controller).To(HaveLen(0))
+		Expect(didDoc.Authentication).To(HaveLen(1))
+		Expect(didDoc.Authentication[0]).To(BeEquivalentTo(keyID))
+		Expect(didDoc.VerificationMethod).To(HaveLen(1))
+		Expect(didDoc.VerificationMethod[0].Id).To(BeEquivalentTo(keyID))
+		Expect(didDoc.VerificationMethod[0].VerificationMethodType).To(BeEquivalentTo("Ed25519VerificationKey2020"))
+		Expect(didDoc.VerificationMethod[0].Controller).To(BeEquivalentTo(did))
+		Expect(didDoc.VerificationMethod[0].VerificationMaterial).To(BeEquivalentTo(publicKeyMultibase))
+
+		// Check that DIDDoc is not deactivated
+		Expect(resp.Value.Metadata.Deactivated).To(BeFalse())
+	})
+
+	It("can create diddoc with controller being another diddoc (Ed25519VerificationKey2020)", func() {
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can create diddoc with controller being another diddoc (Ed25519VerificationKey2020)"))
+		// Create a new DID Doc
+		did1 := "did:cheqd:" + network.DidNamespace + ":" + uuid.NewString()
+		keyID1 := did1 + "#key1"
+
+		publicKey1, privateKey1, err := ed25519.GenerateKey(nil)
+		Expect(err).To(BeNil())
+
+		publicKeyMultibase1 := testsetup.GenerateEd25519VerificationKey2020VerificationMaterial(publicKey1)
+
+		did2 := "did:cheqd:" + network.DidNamespace + ":" + uuid.NewString()
+		keyID2 := did2 + "#key1"
+
+		publicKey2, privateKey2, err := ed25519.GenerateKey(nil)
+		Expect(err).To(BeNil())
+
+		publicKeyMultibase2 := testsetup.GenerateEd25519VerificationKey2020VerificationMaterial(publicKey2)
+
+		payload1 := didcli.DIDDocument{
+			ID: did1,
+			VerificationMethod: []didcli.VerificationMethod{
+				map[string]any{
+					"id":                 keyID1,
+					"type":               "Ed25519VerificationKey2020",
+					"controller":         did1,
+					"publicKeyMultibase": publicKeyMultibase1,
+				},
+			},
+			Authentication: []string{keyID1},
+		}
+
+		signInputs1 := []didcli.SignInput{
+			{
+				VerificationMethodID: keyID1,
+				PrivKey:              privateKey1,
+			},
+		}
+
+		versionID1 := uuid.NewString()
+
+		res1, err := cli.CreateDidDoc(tmpDir, payload1, signInputs1, versionID1, testdata.BASE_ACCOUNT_1, helpers.GenerateFees(feeParams.CreateDid.String()))
+		Expect(err).To(BeNil())
+		Expect(res1.Code).To(BeEquivalentTo(0))
+
+		payload2 := didcli.DIDDocument{
+			ID:         did2,
+			Controller: []string{did1},
+			VerificationMethod: []didcli.VerificationMethod{
+				map[string]any{
+					"id":                 keyID2,
+					"type":               "Ed25519VerificationKey2020",
+					"controller":         did2,
+					"publicKeyMultibase": publicKeyMultibase2,
+				},
+			},
+			Authentication: []string{keyID2},
+		}
+
+		signInputs2 := []didcli.SignInput{
+			{
+				VerificationMethodID: keyID1,
+				PrivKey:              privateKey1,
+			},
+			{
+				VerificationMethodID: keyID2,
+				PrivKey:              privateKey2,
+			},
+		}
+
+		versionID2 := uuid.NewString()
+
+		res2, err := cli.CreateDidDoc(tmpDir, payload2, signInputs2, versionID2, testdata.BASE_ACCOUNT_1, helpers.GenerateFees(feeParams.CreateDid.String()))
+		Expect(err).To(BeNil())
+		Expect(res2.Code).To(BeEquivalentTo(0))
+
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can query diddoc with controller being another diddoc (Ed25519VerificationKey2020)"))
+		// Query the DID Doc
+		resp, err := cli.QueryDidDoc(did2)
+		Expect(err).To(BeNil())
+
+		didDoc := resp.Value.DidDoc
+		Expect(didDoc.Id).To(BeEquivalentTo(did2))
+		Expect(didDoc.Controller).To(HaveLen(1))
+		Expect(didDoc.Controller[0]).To(BeEquivalentTo(did1))
+		Expect(didDoc.Authentication).To(HaveLen(1))
+		Expect(didDoc.Authentication[0]).To(BeEquivalentTo(keyID2))
+		Expect(didDoc.VerificationMethod).To(HaveLen(1))
+		Expect(didDoc.VerificationMethod[0].Id).To(BeEquivalentTo(keyID2))
+		Expect(didDoc.VerificationMethod[0].VerificationMethodType).To(BeEquivalentTo("Ed25519VerificationKey2020"))
+		Expect(didDoc.VerificationMethod[0].Controller).To(BeEquivalentTo(did2))
+		Expect(didDoc.VerificationMethod[0].VerificationMaterial).To(BeEquivalentTo(publicKeyMultibase2))
+	})
+
+	It("can create diddoc with controller being another deactivated diddoc (Ed25519VerificationKey2020)", func() {
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can create diddoc with controller being another deactivated diddoc (Ed25519VerificationKey2020)"))
+		// Create a new DID Doc
+		did1 := "did:cheqd:" + network.DidNamespace + ":" + uuid.NewString()
+		keyID1 := did1 + "#key1"
+
+		publicKey1, privateKey1, err := ed25519.GenerateKey(nil)
+		Expect(err).To(BeNil())
+
+		publicKeyMultibase1 := testsetup.GenerateEd25519VerificationKey2020VerificationMaterial(publicKey1)
+
+		did2 := "did:cheqd:" + network.DidNamespace + ":" + uuid.NewString()
+		keyID2 := did2 + "#key1"
+
+		publicKey2, privateKey2, err := ed25519.GenerateKey(nil)
+		Expect(err).To(BeNil())
+
+		publicKeyMultibase2 := testsetup.GenerateEd25519VerificationKey2020VerificationMaterial(publicKey2)
+
+		payload1 := didcli.DIDDocument{
+			ID: did1,
+			VerificationMethod: []didcli.VerificationMethod{
+				map[string]any{
+					"id":                 keyID1,
+					"type":               "Ed25519VerificationKey2020",
+					"controller":         did1,
+					"publicKeyMultibase": publicKeyMultibase1,
+				},
+			},
+			Authentication: []string{keyID1},
+		}
+
+		signInputs1 := []didcli.SignInput{
+			{
+				VerificationMethodID: keyID1,
+				PrivKey:              privateKey1,
+			},
+		}
+
+		versionID1 := uuid.NewString()
+
+		res1, err := cli.CreateDidDoc(tmpDir, payload1, signInputs1, versionID1, testdata.BASE_ACCOUNT_1, helpers.GenerateFees(feeParams.CreateDid.String()))
+		Expect(err).To(BeNil())
+		Expect(res1.Code).To(BeEquivalentTo(0))
+
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can deactivate diddoc with controller being another deactivated diddoc (Ed25519VerificationKey2020)"))
+		// Deactivate the DID Doc
+		deactivatedPayload1 := types.MsgDeactivateDidDocPayload{
+			Id: did1,
+		}
+
+		versionIDDeactivated1 := uuid.NewString()
+
+		resDeactivated, err := cli.DeactivateDidDoc(tmpDir, deactivatedPayload1, signInputs1, versionIDDeactivated1, testdata.BASE_ACCOUNT_1, helpers.GenerateFees(feeParams.DeactivateDid.String()))
+		Expect(err).To(BeNil())
+		Expect(resDeactivated.Code).To(BeEquivalentTo(0))
+
+		// Query the DID Doc
+		respDeactivated, err := cli.QueryDidDoc(did1)
+		Expect(err).To(BeNil())
+
+		// Check that the DID Doc is deactivated
+		Expect(respDeactivated.Value.Metadata.Deactivated).To(BeTrue())
+
+		payload2 := didcli.DIDDocument{
+			ID:         did2,
+			Controller: []string{did1},
+			VerificationMethod: []didcli.VerificationMethod{
+				map[string]any{
+					"id":                 keyID2,
+					"type":               "Ed25519VerificationKey2020",
+					"controller":         did2,
+					"publicKeyMultibase": publicKeyMultibase2,
+				},
+			},
+			Authentication: []string{keyID2},
+		}
+
+		signInputs2 := []didcli.SignInput{
+			{
+				VerificationMethodID: keyID1,
+				PrivKey:              privateKey1,
+			},
+			{
+				VerificationMethodID: keyID2,
+				PrivKey:              privateKey2,
+			},
+		}
+
+		versionID2 := uuid.NewString()
+
+		res2, err := cli.CreateDidDoc(tmpDir, payload2, signInputs2, versionID2, testdata.BASE_ACCOUNT_1, helpers.GenerateFees(feeParams.CreateDid.String()))
+		Expect(err).To(BeNil())
+		Expect(res2.Code).To(BeEquivalentTo(0))
+
+		AddReportEntry("Integration", fmt.Sprintf("%sPositive: %s", cli.Green, "can query diddoc with controller being another deactivated diddoc (Ed25519VerificationKey2020)"))
+		// Query the DID Doc
+		resp, err := cli.QueryDidDoc(did2)
+		Expect(err).To(BeNil())
+
+		didDoc := resp.Value.DidDoc
+		Expect(didDoc.Id).To(BeEquivalentTo(did2))
+		Expect(didDoc.Controller).To(HaveLen(1))
+		Expect(didDoc.Controller[0]).To(BeEquivalentTo(did1))
+		Expect(didDoc.Authentication).To(HaveLen(1))
+		Expect(didDoc.Authentication[0]).To(BeEquivalentTo(keyID2))
+		Expect(didDoc.VerificationMethod).To(HaveLen(1))
+		Expect(didDoc.VerificationMethod[0].Id).To(BeEquivalentTo(keyID2))
+		Expect(didDoc.VerificationMethod[0].VerificationMethodType).To(BeEquivalentTo("Ed25519VerificationKey2020"))
+		Expect(didDoc.VerificationMethod[0].Controller).To(BeEquivalentTo(did2))
+		Expect(didDoc.VerificationMethod[0].VerificationMaterial).To(BeEquivalentTo(publicKeyMultibase2))
+
+		// Check that DIDDoc is not deactivated
+		Expect(resp.Value.Metadata.Deactivated).To(BeFalse())
+	})
 })
diff --git a/x/did/types/diddoc_diddoc_test.go b/x/did/types/diddoc_diddoc_test.go
index 673efc8e8..4e2fed24c 100644
--- a/x/did/types/diddoc_diddoc_test.go
+++ b/x/did/types/diddoc_diddoc_test.go
@@ -207,6 +207,24 @@ var _ = DescribeTable("DIDDoc Validation tests", func(testCase DIDDocTestCase) {
 			isValid:  false,
 			errorMsg: "controller: there should be no duplicates.",
 		}),
+	Entry(
+		"Controller empty, no authentication",
+		DIDDocTestCase{
+			didDoc: &DidDoc{
+				Id:         ValidTestDID,
+				Controller: []string{},
+				VerificationMethod: []*VerificationMethod{
+					{
+						Id:                     fmt.Sprintf("%s#fragment", ValidTestDID),
+						VerificationMethodType: "Ed25519VerificationKey2020",
+						Controller:             ValidTestDID,
+						VerificationMaterial:   ValidEd25519VerificationKey2020VerificationMaterial,
+					},
+				},
+			},
+			isValid:  true,
+			errorMsg: "",
+		}),
 	Entry(
 		"Verification method is duplicated",
 		DIDDocTestCase{