- From: John, Anil <anil.john@hq.dhs.gov>
- Date: Tue, 20 Oct 2020 13:42:04 +0000
- To: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <BLAPR09MB728483B2E3F7F6D9FC561FACC51F0@BLAPR09MB7284.namprd09.prod.outlook.com>
https://github.com/w3c-ccg/did-method-web/issues/16 The use of did:web based identifiers assigned to Authoritative Issuers (especially when the issuer is a Sovereign which needs to be public and transparent and visible in identifying itself in digital transactions) such that they can bootstrap from existing infrastructure they already own, operate and trust (DNS and Web) looks to be important for both adoption as well as legitimacy and transparency i.e. Authoritative issuers of credentials and attestations should not, and do not have the luxury of hiding behind pseudonymous or anonymous identifiers; they need to be visible to be held accountable. However, there may be potential privacy/tracking/correlation concerns in using the did:web method to assign a DID to a holder/subject or a verifier (when that verifier is a person and not an organization). Does it make sense to limit and constrain the use of did:web to Non-Person Entities (NPEs) i.e. Organizations, Devices etc. ONLY given the ability of an organization to assert control over their Web and DNS infrastructure, and deliberately make the use of did:web for use by as an identifier for a person to be out of scope? Best Regards, Anil Anil John Technical Director, Silicon Valley Innovation Program Science and Technology Directorate US Department of Homeland Security Washington, DC, USA Email Response Time - 24 Hours [https://www.dhs.gov/science-and-technology/svip]
Attachments
- image/png attachment: image003.png
Received on Tuesday, 20 October 2020 13:43:01 UTC