-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define a convention for using a did:tdw with a "plain" web domain #60
Comments
There are different specifications that apply here. According to the DID core spec we are limited to ASCII letters and numbers, According to the rules for valid host names in URIs, they must begin with a letter or number. This applies for punycode internationalized domain names and for each sub component. In DNS this rule is more relaxed, there aren't many restrictions on domain names (different from host names) and subdomains starting with an underscore are common, for example Given these restrictions I think |
I think we would also want to make it clear in the spec that |
I like the I don’t think the DNS rules come into play at all, because the whole point is to have the DIDDoc Log at the |
I think it's potentially a useful property that you can assign DNS records to the SCID subdomain, although it's not essential and I don't have a killer use case – I think services generally provide enough flexibility there. On further reflection we could also support the following syntax: This syntax would not conflict with currently valid |
Somewhat unrelated, but it occurred to me that wallet applications should make an effort to properly display internationalized domain names used in did:web/tdw identifiers. |
Oh, that’s nice. I like that. So we could |
One downside, if it is that, is that you can't maintain two different DIDs at the same path or keep an older one available while you start fresh with a new one. Security-wise it's probably a good thing to have one DID unambiguously associated with a path at a time, but it's something we've considered an option previously. |
So do we make it an option that you can still put the SCID in the path or subdomain if you really, really want to, but typically, you would just put it after the TLD with any of the three DID Web mappings. A later version could tighten up on the requirements if appropriate. Options:
What do you think — @brianorwhatever @andrewwhitehead ? |
I would prefer option 1, since we only have to look in one place for the SCID (no ambiguity, so less security risk), and it could open the door to simply merging with the did:web spec in a future version. Even though the SCID is attached to the host name and not the path component, I think it reads well in f.ex. |
In the current definition of
did:tdw
, the SCID must be in the DID (which will not change) and the resulting DID-to-HTTPS translation places the SCID in either a subdomain, or in a path off of the domain. We would like to define a convention such that the DID includes the SCID, but the HTTPS address is the "plain" domain, and the the JSONL file that is the DID Log is in the domain's.well-known
folder. Because the SCID is not required in adid:web
, this is possible, and we would like it to also be possible for adid:tdw
.For example, perhaps the convention of adding an "
_<SCID>
" to the domain TLD could be used. This means thatdid:twd:example.com_1234565123
has its DID Log file athttps://example.com/.well-known/DID.jsonl
. The "_" character is illegal in an HTTP TLD, so there is no ambiguity about what is the domain name, what is the SCID, and what is the mapping from DID to DID Log HTTPS URL.To be decided is what other options we have, and to pick one of them.
The text was updated successfully, but these errors were encountered: