identity.rs
identity.rs copied to clipboard
iotaledger
Add Domain Name Verification Service
Implement and standardize a service endpoint called DomainNameVerification. It links to a domain that is owned by the identity, such as the website of the organization. This domain can be queried, which should resolve in a standardized JSON response that lists the DID(s) used to represent the domain owner. If the DID that lists the service is also listed in the returning query, we have proof that the DID is in control over the domain. This URL may be displayed to a Verifier to add additional trust to an identity.
Resources:
- Presentation (2019) that explains the concept on a high-level.
- DIF Domain Linkage Credentials.
TODO: Find other resources of other projects
- [ ] Write a specification for the DomainNameVerification service endpoint
- [ ] Implement service
- [ ] Create a test / example
While domain querying with http can be useful, I would recommend considering something like proof at the DNS layer. Something like how a DMARC TXT record can be used.
Interesting @nothingismagick, that would remove some weaknesses in the design. Some quick research from my end shows we would have to use TXT records which allows a maximum of 255 characters and is used for Verification of Domain Ownership by Google and Facebook. It seems you can even bypass the 255 character limit by splitting records, which would allow an array of multiple DIDs associated with an organization. This does of course create linkability between those DIDs but would allow an organization to be represented with multiple DID methods.
I would suggest to generalize the service endpoint: If the resolved query contain a list of DID, the service will return it, otherwise it should return the content with the appropriate content type (JSON, HTML, ... ).
The service point can be used for many different use cases.
If I'm not wrong it should be also possibile to use the message type protocol (https://github.com/iotaledger/protocol-rfcs/blob/master/text/0001-protocol-messages/0001-protocol-messages.md)
We can define a new type of message specifically designed to certify an DID
In answering to the query and reading the message from the tangle the service endpoint will understand that the message contains a list of DID.
In this case I'd like to add a second message type that allow to store an html script in the message to be returned to the requester with the appropriate header. So if the caller is a web browser, the page can be showed and process the parameter passed to whit the request.
