Subject Identifiers (IETF SECEVENT) from Justin Richer on 2021-04-09 (public-did-wg@w3.org from April 2021)

From: Justin Richer <jricher@mit.edu>
Date: Fri, 9 Apr 2021 15:35:23 -0400
To: public-did-wg@w3.org
Message-Id: <9F70813E-8452-405F-AE45-A50C776F7E57@mit.edu>

The Security Events working group in the IETF (SECEVENT) has a standards-track draft for describing “subject identifiers” in various contexts.

https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html <https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html>

In short, it’s a way to say “this item is an email and here’s its value”, or “this item is an issuer/subject pair, here are those values”. This is useful in a variety of contexts where you want to identify someone but might have a variety of ways to do so.

I spoke with the editor of the draft to propose that we add a “did” format into this document, now that DID core is reasonably stable and the CR is published. She agreed that it would make sense but would rather have the experts in the DID community propose the actual text for the added section. For comparison, this is the current text for the “acct:” URI scheme:

The Account Identifier Format identifies a subject using an account
at a service provider, identified with an "acct" URI as defined in
[RFC7565 <https://datatracker.ietf.org/doc/html/rfc7565>]. Subject Identifiers in this format MUST contain a "uri"
member whose value is the "acct" URI for the subject. The "uri"
member is REQUIRED and MUST NOT be null or empty. The Account
Identifier Format is identified by the name "account".

Below is a non-normative example Subject Identifier for the Account
Identifier Format:

{
"format": "account",
"uri": "acct:example.user@service.example.com",
}

Figure 4: Example: Subject Identifier for the Account Identifier
Format

I’m willing to coordinate the pull request against the IETF spec to get this included, but I’d like to get feedback on what we include. Should the format be “did”? Should it include just the bare DID, or should it be a DID URL? Do we need two identifiers? I have a gut instinct for all of these answers, but I welcome input on the list here and I’d like to take a few minutes to discuss this on the upcoming Tuesday call.

Thanks,

— Justin

Received on Friday, 9 April 2021 19:35:37 UTC