did-method-web icon indicating copy to clipboard operation
did-method-web copied to clipboard
verified publisher icon w3c-ccg

Needs auth

Open rhiaro opened this issue 5 years ago • 5 comments

There is no authentication or authorization mechanism applied to the DID Document, leaving it unprotected from modification by an attacker.

rhiaro avatar Oct 19 '20 16:10 rhiaro

I think this is a duplicate of issue #13?

dmitrizagidulin avatar Oct 19 '20 23:10 dmitrizagidulin

@rhiaro I propose this issue be closed as either duplicate of #13 or out of scope.

dmitrizagidulin avatar Oct 28 '20 00:10 dmitrizagidulin

Auditability (being able to check historical changes) is completely different to having a mechanism to decide who is allowed to do those changes in the first place, isn't it (this issue being about the latter)?

rhiaro avatar Oct 28 '20 12:10 rhiaro

@rhiaro ah, I see. In that case, no, the spec cannot dictate that - the auth policies differ for each individual site (much like the update/delete/etc operations).

dmitrizagidulin avatar Oct 28 '20 15:10 dmitrizagidulin

Agree, this issue should be closed, this will be at the discretion of the web service provider / hosting company... I'll suggest using GitHub / version control, but I don't think its appropriate to call this an "issue" with the method... its actually a "feature" of the method... that comes from its legacy facing interoperability design considerations.

OR13 avatar Jun 27 '22 19:06 OR13