- From: Alen Horvat <horvat.alen@yahoo.com>
- Date: Wed, 30 Aug 2023 08:02:29 +0200
- To: ステファニー タン(SBIホールディングス) <tstefan@sbigroup.co.jp>
- Cc: Markus Sabadello <markus@danubetech.com>, "public-credentials@w3.org" <public-credentials@w3.org>
- Message-Id: <56D215A3-71A1-4AFD-81F9-9B884CB26131@yahoo.com>
Hi, Very timely question. What about putting DID information in x509, if that’s possible? Issuer Alternative Name and Subject Alternative Name support URI value, which DID is. Binding x509 certs to DIDs can be also done via public keys. Questions are: - do you have the freedom to add additional information to the x509 cert? - is binding a public key to a DID sufficient? Related question is: does a Legal Entity have multiple x509 certs? - do you need a link from the DID to the certificate, vice versa or both? BR, Alen > On 30 Aug 2023, at 05:20, ステファニー タン(SBIホールディングス) <tstefan@sbigroup.co.jp> wrote: > > Hi Markus, > > Thank you for the prompt response! > Please let me clarify, we are considering using both DID/VC and X509 authentication (RFC 5280). We assume a world wherein X509 trust roots mutually authenticate each other using DID/VC. > > In order to achieve the above, we are thinking of embedding the Issuer (Distinguished Name) in X509 into the DID method-specific-id or the issuer id of the VC. > > However, the ABNF pattern allowed by the VC standard is more restrictive than X509 Issuer (DN), so we cannot transcribe it as is. > > One suggestion is to use base-percent-encoding, but the processing is complicated and heavy and lacks readability, so we are currently seeking a better solution. > > Thank you for any further advice you or any member can provide! > > Best, > Stefannie > From: Markus Sabadello <markus@danubetech.com> > Sent: Tuesday, August 29, 2023 4:53 PM > To: public-credentials@w3.org <public-credentials@w3.org> > Subject: Re: Question regarding DID method-specific-id > > Hello Stefannie, > > From that documentation page I can't really tell what a "CordaX500Name" looks like when expressed as a single string, do you have an example? > > But basically a method-specific-id can be anything that matches this ABNF pattern: > > method-specific-id = *( *idchar ":" ) 1*idchar > idchar = ALPHA / DIGIT / "." / "-" / "_" / pct-encoded > > So it can consist of letters, digits, and the . - _ characters as well as percent-encoding such as %20 > > You say the name is base encoded and then percent-encoded, but from a DID syntax perspective, this feels unnecessary. > > If the "CordaX500Name" can be expressed using only characters from the list above, then there may be no need to base- or percent-encode anything, and readability can be preserved. > > Markus > > On 8/29/23 09:33, ステファニー タン(SBIホールディングス) wrote: >> Hi everyone, >> >> I am seeking community support/advice regarding DID method-specific-id in the syntax. If the DID Name is a CordaX500Name (https://docs.r3.com/en/api-ref/corda/4.8/open-source/javadoc/net/corda/core/identity/CordaX500Name.html) that has been base encoded, and then percent-encoded: >> >> will there be any potential issues if we use the above method? (technically speaking, is it possible?) >> is there a way to preserve readability? >> >> Thank you! >> >> Stefannie
Received on Wednesday, 30 August 2023 06:02:57 UTC