specs icon indicating copy to clipboard operation
specs copied to clipboard

Published 20 hours ago verified publisher icon uport-project

Clarify relation between target system and DID for https method

Open friedger opened this issue 6 years ago • 6 comments

In the current specification of the https/web method, the target system is described as the host of the domain. This means that there is a different target system for each domain.

This makes sense because the spec of DIDs does not specify anything specific about the target system. The discussion about centralized DNS is taken out of the spec of the DID method.

However, for the target system w3c-ccg.github.io

  • the method name should be something like https-w3c-ccg.github.io
  • a DID on this target system should be something like
    • did:https-w3c-ccg.github.io:0xb9c5714089478a327f09197987f16f9e5d936e8a or even
    • did:https-w3c-ccg.github.io:eth:0xb9c5714089478a327f09197987f16f9e5d936e8a

The current spec for the https method needs to be updated to clarify the relation between target system and the DID. In the current spec, there is only one single DID for each target system.

friedger avatar Apr 29 '19 07:04 friedger

In the current spec, there is only on single DID for each target system.

@friedger Yes I would say this is by design. If you want to specify an ethereum address as your DID then you could simply use did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a or similar. Same goes for any other type of identifier. The https-did is intended to be used for a single DID per domain.

oed avatar Apr 29 '19 07:04 oed

@oed Then the DID should look something like did:https-w3c-ccg.github.io:1 for the first registered DID on this domain, or did:https-w3c-ccg.github.io:2 for the second after the domain name was transferred ?

friedger avatar Apr 29 '19 07:04 friedger

No, the domain should be the identifier, not a part of the method. For example you could have did:https:1.example.com and did:https:2.example.com to achieve the same thing you are suggesting.

oed avatar Apr 29 '19 08:04 oed

@oed But then the target system is wrongly specified. The DID method name should describe the target system. And you run into problems how a DID client can create a domain name, that proof of control is equal to access to the web host and the DNS registrars can delete your ID.

Currently, it says:

The target system of the HTTPS DID method is the web host that the domain name described by the DID resolves to when queried through the Domain Name System (DNS).

By that specification the target system is the web host of example.com.

Following your argument, the target system is the DNS system.

friedger avatar Apr 29 '19 08:04 friedger

Following your argument, the target system is the DNS system.

Yeah I think that's exactly what is intended with this DID method.

oed avatar Apr 29 '19 08:04 oed

@friedger @oed I agree, the target system would be the DNS system.

awoie avatar Apr 29 '19 15:04 awoie