W3C home > Mailing lists > Public > public-credentials@w3.org > October 2020

did:web based Identifier for an Issuer, Holder/Subject, Verifier - What is In Scope / Out of Scope or Appropriate / Not Appropriate?

From: John, Anil <anil.john@hq.dhs.gov>
Date: Tue, 20 Oct 2020 13:42:04 +0000
To: Credentials Community Group <public-credentials@w3.org>
Message-ID: <BLAPR09MB728483B2E3F7F6D9FC561FACC51F0@BLAPR09MB7284.namprd09.prod.outlook.com>

The use of did:web based identifiers assigned to Authoritative Issuers (especially when the issuer is a Sovereign which needs to be public and transparent and visible in identifying itself in digital transactions) such that they can bootstrap from existing infrastructure they already own, operate and trust (DNS and Web) looks to be important for both adoption as well as legitimacy and transparency i.e. Authoritative issuers of credentials and attestations should not, and do not have the luxury of hiding behind pseudonymous or anonymous identifiers; they need to be visible to be held accountable.

However, there may be potential privacy/tracking/correlation concerns in using the did:web method to assign a DID to a holder/subject or a verifier (when that verifier is a person and not an organization).

Does it make sense to limit and constrain the use of did:web to Non-Person Entities (NPEs) i.e. Organizations, Devices etc. ONLY given the ability of an organization to assert control over their Web and DNS infrastructure, and deliberately make the use of did:web for use by as an identifier for a person to be out of scope?

Best Regards,


Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Email Response Time - 24 Hours


(image/png attachment: image003.png)

Received on Tuesday, 20 October 2020 13:43:01 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:04 UTC