- From: Bob Wyman <bob@wyman.us>
- Date: Fri, 12 Nov 2021 11:38:59 -0500
- To: Kerri Lemoie <klemoie@concentricsky.com>
- Cc: Credentials Community Group <public-credentials@w3.org>, public-vc-edu@w3.org
- Message-ID: <CAA1s49Vek3s9fVzceKimnvO_S_P1Zy+OWBzhhmEuUCijkgjh1Q@mail.gmail.com>
Kerri, My did:tag proposal is, I believe, the only proposed DID Method that addresses the use of email addresses and email as a resolution method: See: https://github.com/bobwyman/did_method_tag There are quite a number of issues with using email addresses as identifiers, or parts of identifiers, and I'm hoping that discussion and development of the did:tag method will illuminate those issues and potentially find solutions for them. Some of these issues include: - How are DID documents resolved? (In did:tag, I propose that they should be resolved asynchronously by sending an email message to the indicated address and receiving a DID Document as an attachment to a response. The response could be generated manually, or with the assistance of a wallet that monitors incoming email messages. Alternatively, the DID Document could specify an "AltResolution" service that could be used to provide resolution via non-email methods.) - What happens when the assignment of the email address is changed? (i.e. if "bob@example.com" is now a different "bob" than the Bob that created the DID. In this case, did:tag adopts the tagURI syntax of mixing a date with the email address to indicate a date during which the DID creator had control of the email address. Thus, did:tag:bob@example.com ,2021:living_room_tv and did.tag:bob@example.com ,2021-11-12:living_room_tv could be recognized as being distinct.) - In general, email as a transport creates many opportunities for man-in-the-middle attacks unless some form of secure email is being used. However, since "email" addresses are the most widely used identifiers today, it is important to work out the issues in order to expand the range of people who are able to create and manage DIDs. - etc. Please take a look at did:tag and provide whatever comments, issues, etc. that you might be able or willing to provide. The proposal is still very fresh and needs a great deal of work. Your assistance will be appreciated. bob wyman On Fri, Nov 12, 2021 at 11:08 AM Kerri Lemoie <klemoie@concentricsky.com> wrote: > Hello all, > > There’s been an ongoing discussion in the Open Badges community about > using email addresses as an identifier when a wallet is not being used. > This is a dilemma particularly in the Open Badges community because it has > been using email addresses as recipient identifiers. Over the years using > emails as identifiers has been problematic in numerous ways especially > considering that the recipients don’t have control over their email > addresses and in the past has led to lost badges. Even still, it’s a > challenging topic especially because DIDs are a new concept and not as easy > to understand as email yet. > > The VC spec indicates that if an identifier is used in the > credentialSubject that it should be a URI. An email could be described by a > URI and also, from what I can tell, it wouldn’t be a huge stretch to use > did:web to point to an account that has an email address associated with it. > > Please note that I personally don’t support using email addresses or even > references to email addresses as identifiers (on the fence about the > did:web accounts approach as a bridge) but I’m curious to hear the > community's thoughts on this and wonder if there are any wallets that would > consider supporting email identifiers in some form should Open Badges > recipients want to move their badges to a wallet at a later time? > > Thanks, > > K. > > -------- > Kerri Lemoie, PhD > Director, Digital Credentials Research & Innovation > badgr.com <https://info.badgr.com/> | concentricsky.com > she/her/hers > > > > > > >
Received on Friday, 12 November 2021 16:40:26 UTC