W3C home > Mailing lists > Public > public-did-wg@w3.org > June 2020

Re: The DID service endpoint privacy challenge

From: Adrian Gropper <agropper@healthurl.com>
Date: Mon, 29 Jun 2020 10:22:29 -0400
Message-ID: <CANYRo8iy70BNFC+e+=WGBZjFVE59qHVqxTmNj-N2=f3j79-Ltw@mail.gmail.com>
To: Oliver Terbu <oliver.terbu@consensys.net>
Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C DID Working Group <public-did-wg@w3.org>
On Mon, Jun 29, 2020 at 10:11 AM Oliver Terbu <oliver.terbu@consensys.net>
wrote:

> @Manu: Could you provide an example for "X"? If X ==
> some.agency.com/users/my-user-id/more-info, then you would get no
> benefit.
>

I don't see the difference either.

>
> I do think that service endpoints can be extremely useful for public DIDs
> of companies. So, I don't know if this counts as an objection because I
> feel that we are more or less on the same page because I do believe that
> service endpoints should be avoided for end users if there is no way to
> fully anonymise the data that is stored on an immutable storage medium.
>

@Oliver, "public DIDs of companies" are useful but are they that much
better than SSL certificates? In a more general case, we work with the
public DIDs of licensed professionals who's VC are also public by design
but where related info, like a mobile number is often private.

In the more general case, we can expect discovery service providers that
link metadata to what @Manu maybe calls X and I would call an authorization
server.

- Adrian
Received on Monday, 29 June 2020 14:22:54 UTC

This archive was generated by hypermail 2.4.0 : Monday, 29 June 2020 14:22:54 UTC