W3C home > Mailing lists > Public > public-did-wg@w3.org > August 2020

Re: DID WG Special Topic Call (Service Endpoints)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 27 Aug 2020 10:28:44 -0400
To: public-did-wg@w3.org
Message-ID: <389c3d70-9427-288e-4854-6dd24f07b8af@digitalbazaar.com>
On 8/21/20 5:56 PM, Brent Zundel wrote:
> The topic of this call will be *service endpoints*[2]

Sending a few PROPOSALs for debate during the DID Special Topic call
today so folks can think about them before the call:

PROPOSAL: Remove Service Endpoints from the specification and rely on
Verifiable Credentials (e.g., transmitted during DID Auth) to
communicate Service Endpoints.

Rationale: Service Endpoints pose a significant privacy risk to people
and organizations. Certain ledger-based DID Method implementers can be
held liable under GDPR-like regimes (e.g. CCPA) for publishing PII onto
their ledger.

PROPOSAL: Define a Service Endpoint for a GDPR-compliant service that
supports Right to be Forgotten and is under the control of the DID

Rationale: We can provide service endpoints via a set of DID Method
specified, GDPR-compliant "seeAlso" mechanisms. This enables the
self-sovereign publication of service endpoints (people can choose among
an acceptable subset) without the potential to run afoul of GDPR-like

PROPOSAL: Strongly RECOMMEND the use of GDPR-compliant service endpoints.

Rationale: Providing and option and strongly recommending that option
are two different things. The first proposal on the topic says we should
specify a GDPR-compliant option. The second proposal on the topic says
that we should strongly recommend the use of that for the publication of
service endpoints.

-- manu

Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
Received on Thursday, 27 August 2020 14:28:58 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:27:50 UTC