Authentication & Permissions: User, Service, Method

Hello All,

I have been looking around for some clarity on this but have not yet found
anything concrete.

Imagine a scenario where we have a user, who wants to grant access to their
DID Doc to a third party service.

The first step is they prove they are the owner via a signature or some
decryption with the secret key.

After this point, what are the options/flows which are likely to happen.
Specifically:

   - The service is not the DID method owner - how would it prove they have
   permission to write to the DID doc?
   - What sorts of protections (if any) will be in place for users who
   grant access voluntarily but to malicious services?

Thanks!
Dennis

-- 
[image: Vital Design] <http://www.mediaiqdigital.com/>
Dennis Yurkevich
5th Floor | High Holborn House | 52-54 High Holborn | London | WC1V 6RL
dennis@mediaiqdigital.com
tel +44 (0)20 700 0420 | mobile +44 (0) 7794 597783
[image: Twitter] <http://www.mediaiqdigital.com> [image: Blog]
<https://www.facebook.com/MediaiQDigital> [image: Facebook]
<https://twitter.com/mediaiqdigital> [image: LinkedIn]
<https://www.instagram.com/mediaiqdigital> [image: Foursquare]
<https://www.linkedin.com/company/media-iq-digital-ltd> [image: Pinterest]
<http://www.mediaiqdigital.com/inspirethroughinsights>
*Disclaimer: *This email and its attachments may be confidential and are
intended solely for the use of the individual to whom it is addressed. Any
views or opinions expressed are solely those of the author and do not
necessarily represent those of Media iQ Digital Limited. If you are not the
intended recipient of this email and its attachments, you must take no
action based upon them, nor must you copy or show them to anyone. No
contracts or official orders shall be concluded by means of this email.
Please contact the sender if you believe you have received this e-mail in
error.

Media iQ Digital Limited is a company registered in England and Wales |
Company Number 07321732 | VAT No: GB995910763