- From: Orie Steele <orie@transmute.industries>
- Date: Thu, 20 Jul 2023 08:24:14 -0500
- To: Vishwas Anand Bhushan <vishwas@hypermine.in>
- Cc: public-credentials@w3.org, pratap Mridha <pratap@hypermine.in>
- Message-ID: <CAN8C-_JUuRZGQyaM6U61OPBh--CBGm6Tc=znUf+KLYR_ES0U7g@mail.gmail.com>
Sounds like you are trying to prove a bi-directional link exists between 2 identifiers. You prove control over a DID by signing with keys registered to it. You prove control over an origin, by placing that signature at a well known location. This was inspired by how Lets Encrypt works: https://letsencrypt.org/docs/challenge-types/ OS On Thu, Jul 20, 2023 at 1:47 AM Vishwas Anand Bhushan <vishwas@hypermine.in> wrote: > Hi everyone, > > We are from hypersign.id and our DID method did:hid is approved in w3c > did registry. > > We are trying to figure out how can we link a DID with domain. Seems like > did:web is used for that where in domain owner can generate did.json to > keep their DID, and did-configuration.json to keep their self signed domain > linkage credential in their .well-known folder - as per spec > <https://identity.foundation/.well-known/resources/did-configuration/>. > But what I am unable to understand is, how does merely keeping some files > in .well-known folder will prove that you own that domain unless you do > ACME challenges (like DNS 01 challenge) verification. Say if you add TXT > record and verify that then how does this verification can be linked to > domain linkage credential since domain linkage credential seems to be a > self signed credential by nature (see 5.1 > <https://identity.foundation/.well-known/resources/did-configuration/#did-configuration-resource-verification>). > It's quite confusing to me. Could someone please clarify this or share any > documentation related to this use case? > > > Thanks, > Vishwas, CTO @ hypersign.id > > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
Received on Thursday, 20 July 2023 13:24:31 UTC