RE: Subject Identifiers (IETF SECEVENT) from Joosten, H.J.M. (Rieks) on 2021-04-12 (public-did-wg@w3.org from April 2021)

From: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
Date: Mon, 12 Apr 2021 08:41:29 +0000
To: Tobias Looker <tobias.looker@mattr.global>, Dmitri Zagidulin <dzagidulin@gmail.com>
CC: Justin Richer <jricher@mit.edu>, W3C DID Working Group <public-did-wg@w3.org>
Message-ID: <ec2de289f67c4e0e89a7972a3fe357d8@tno.nl>
> Should it include just the bare DID, or should it be a DID URL?

I would say that DID URL makes sense because it allows specific, perhaps different/multiple kinds of authentications that a bare DID would not. But a bare DID would be nice to have too. Why not have both? The format could be “did” for both cases, but could also be “didurl” and “did” respectively.

Rieks


From: Tobias Looker <tobias.looker@mattr.global>
Sent: zondag 11 april 2021 22:57
To: Dmitri Zagidulin <dzagidulin@gmail.com>
Cc: Justin Richer <jricher@mit.edu>; W3C DID Working Group <public-did-wg@w3.org>
Subject: Re: Subject Identifiers (IETF SECEVENT)

Hey Justin,

Some comments below

> Should the format be “did”?

This makes the most sense to me.

> Should it include just the bare DID, or should it be a DID URL? Do we need two identifiers?

I think it should be just the bare DID too. I'm unsure what a second identifier would indicate? Are you assuming if it existed this second identifier would be a DID URL?

Thanks,
[Image removed by sender. Mattr website]<https://mattr.global/>



Tobias Looker

Mattr

+64 (0) 27 378 0461
tobias.looker@mattr.global<mailto:tobias.looker@mattr.global>

[Image removed by sender. Mattr website]<https://mattr.global/>

[Image removed by sender. Mattr on LinkedIn]<https://www.linkedin.com/company/mattrglobal>

[Image removed by sender. Mattr on Twitter]<https://twitter.com/mattrglobal>

[Image removed by sender. Mattr on Github]<https://github.com/mattrglobal>




This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.


On Sun, Apr 11, 2021 at 4:32 AM Dmitri Zagidulin <dzagidulin@gmail.com<mailto:dzagidulin@gmail.com>> wrote:
Justin,

Thanks for bringing this to this group's attention -- that seems super important, and like a great opportunity for DID adoption and interop!

As for what the format should be - great question. It seems to me that having just a bare did be sufficient. But of course I'm curious to see the discussion on this topic.

Dmitri

On Fri, Apr 9, 2021 at 3:36 PM Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:
The Security Events working group in the IETF (SECEVENT) has a standards-track draft for describing “subject identifiers” in various contexts.

https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html


In short, it’s a way to say “this item is an email and here’s its value”, or “this item is an issuer/subject pair, here are those values”. This is useful in a variety of contexts where you want to identify someone but might have a variety of ways to do so.

I spoke with the editor of the draft to propose that we add a “did” format into this document, now that DID core is reasonably stable and the CR is published. She agreed that it would make sense but would rather have the experts in the DID community propose the actual text for the added section. For comparison, this is the current text for the “acct:” URI scheme:


   The Account Identifier Format identifies a subject using an account

   at a service provider, identified with an "acct" URI as defined in

   [RFC7565<https://datatracker.ietf.org/doc/html/rfc7565>].  Subject Identifiers in this format MUST contain a "uri"

   member whose value is the "acct" URI for the subject.  The "uri"

   member is REQUIRED and MUST NOT be null or empty.  The Account

   Identifier Format is identified by the name "account".



   Below is a non-normative example Subject Identifier for the Account

   Identifier Format:



   {

     "format": "account",

     "uri": "acct:example.user@service.example.com<mailto:example.user@service.example.com>",

   }



     Figure 4: Example: Subject Identifier for the Account Identifier

                                  Format






I’m willing to coordinate the pull request against the IETF spec to get this included, but I’d like to get feedback on what we include. Should the format be “did”? Should it include just the bare DID, or should it be a DID URL? Do we need two identifiers? I have a gut instinct for all of these answers, but I welcome input on the list here and I’d like to take a few minutes to discuss this on the upcoming Tuesday call.

Thanks,

 — Justin






This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.
Attachments

image/jpeg attachment: image001.jpg
image/jpeg attachment: image002.jpg
Received on Monday, 12 April 2021 08:41:49 UTC