scouten-adobe
commented
1 week ago @Tweeddalex I know the CAWG meeting times are not APAC friendly. Do you know of somebody who could speak on this in an upcoming CAWG meeting?
Open Tweeddalex opened 1 week ago
scouten-adobe
commented
1 week ago @Tweeddalex I know the CAWG meeting times are not APAC friendly. Do you know of somebody who could speak on this in an upcoming CAWG meeting?
Tweeddalex
commented
1 week ago Hi Eric, I'd be more than happy to present this (even though it will be a late night). Please could you send me across the CAWG meeting invite, happy to present in a meeting after IIW.
On Sat, 19 Oct 2024 at 03:42, Eric Scouten @.***> wrote:
@Tweeddalex https://github.com/Tweeddalex I know the CAWG meeting times are not APAC friendly. Do you know of somebody who could speak on this in an upcoming CAWG meeting?
— Reply to this email directly, view it on GitHub https://github.com/creator-assertions/identity-assertion/issues/194#issuecomment-2422859910, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATCJTES3YU33S7IWUURJEPLZ4E26HAVCNFSM6AAAAABQE7XDNGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRSHA2TSOJRGA . You are receiving this because you were mentioned.Message ID: @.***>
Currently, the v1.1 draft limits the allowed list of
issuerDID methods of a claims aggregation to onlydid:web. Given the importance of the claims aggregator in establishing trust for identity assertions, this could result in a point of weakness for the entire trust model.Last year, myself, Markus Sabadello (Danube Tech), Alen Horvat (EBSI) and Carsten Stoecker (Spherity), highlighted some of the potential issues arising with reliance on did:web in a blog called "Moving Beyond the Limitations of did:web". This blog highlights a series of issues that might arise from sole reliance on did:web, including issues with provenance and versioning; data integrity; privacy and tamper resistance.
There is currently ongoing work at DIF to standarize a set of "DID Traits" that can be used to determine the most effective DID methods for specific purposes. Moreover, in the EU, the CEN/CENELEC is beginning to explore which DID methods are best placed to operate for within EU Digital Identity framework. Both of these initiaties should be followed closely to expand the CAWG's list of supported DID Methods.
At present I believe that:
Would be strong additions to the list of supported DIDs, as they provide much stronger technical controls around DID Document versioning, provenance and tampering.