Re: Subject Identifiers (IETF SECEVENT)

Hey Justin,

Some comments below

> Should the format be “did”?

This makes the most sense to me.

> Should it include just the bare DID, or should it be a DID URL? Do we
need two identifiers?

I think it should be just the bare DID too. I'm unsure what a second
identifier would indicate? Are you assuming if it existed this second
identifier would be a DID URL?

Thanks,
[image: Mattr website] <https://mattr.global>
*Tobias Looker*
Mattr
+64 (0) 27 378 0461
tobias.looker@mattr.global
[image: Mattr website] <https://mattr.global> [image: Mattr on LinkedIn]
<https://www.linkedin.com/company/mattrglobal> [image: Mattr on Twitter]
<https://twitter.com/mattrglobal> [image: Mattr on Github]
<https://github.com/mattrglobal>
This communication, including any attachments, is confidential. If you are
not the intended recipient, you should not read it - please contact me
immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the
purposes of the Electronic Transactions Act 2002.


On Sun, Apr 11, 2021 at 4:32 AM Dmitri Zagidulin <dzagidulin@gmail.com>
wrote:

> Justin,
>
> Thanks for bringing this to this group's attention -- that seems super
> important, and like a great opportunity for DID adoption and interop!
>
> As for what the format should be - great question. It seems to me that
> having just a bare did be sufficient. But of course I'm curious to see the
> discussion on this topic.
>
> Dmitri
>
> On Fri, Apr 9, 2021 at 3:36 PM Justin Richer <jricher@mit.edu> wrote:
>
>> The Security Events working group in the IETF (SECEVENT) has a
>> standards-track draft for describing “subject identifiers” in various
>> contexts.
>>
>> https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html
>>
>> In short, it’s a way to say “this item is an email and here’s its value”,
>> or “this item is an issuer/subject pair, here are those values”. This is
>> useful in a variety of contexts where you want to identify someone but
>> might have a variety of ways to do so.
>>
>> I spoke with the editor of the draft to propose that we add a “did”
>> format into this document, now that DID core is reasonably stable and the
>> CR is published. She agreed that it would make sense but would rather have
>> the experts in the DID community propose the actual text for the added
>> section. For comparison, this is the current text for the “acct:” URI
>> scheme:
>>
>>    The Account Identifier Format identifies a subject using an account
>>    at a service provider, identified with an "acct" URI as defined in
>>    [RFC7565 <https://datatracker.ietf.org/doc/html/rfc7565>].  Subject Identifiers in this format MUST contain a "uri"
>>    member whose value is the "acct" URI for the subject.  The "uri"
>>    member is REQUIRED and MUST NOT be null or empty.  The Account
>>    Identifier Format is identified by the name "account".
>>
>>    Below is a non-normative example Subject Identifier for the Account
>>    Identifier Format:
>>
>>    {
>>      "format": "account",
>>      "uri": "acct:example.user@service.example.com",
>>    }
>>
>>      Figure 4: Example: Subject Identifier for the Account Identifier
>>                                   Format
>>
>>
>>
>>
>> I’m willing to coordinate the pull request against the IETF spec to get
>> this included, but I’d like to get feedback on what we include. Should the
>> format be “did”? Should it include just the bare DID, or should it be a DID
>> URL? Do we need two identifiers? I have a gut instinct for all of these
>> answers, but I welcome input on the list here and I’d like to take a few
>> minutes to discuss this on the upcoming Tuesday call.
>>
>> Thanks,
>>
>>  — Justin
>>
>>
>>
>>

-- 
This communication, including any attachments, is confidential. If you are 
not the intended recipient, you should not read it - please contact me 
immediately, destroy it, and do not copy or use any part of this 
communication or disclose anything about it. Thank you. Please note that 
this communication does not designate an information system for the 
purposes of the Electronic Transactions Act 2002.

Received on Sunday, 11 April 2021 20:57:25 UTC