search

decentralized-identity / confidential-storage

Confidential Storage Specification and Implementation
https://identity.foundation/confidential-storage/
Apache License 2.0
79 stars 23 forks source link

Consider moving DID string from REST URL path to request HEADER #12

Closed csuwildcat closed 4 years ago

csuwildcat commented 6 years ago

Given DIDs can be rather long, and that we're trying to use a payload format that can more easily flex to non-HTTP API variants, we should consider passing the DID target as a HEADER value.

TelegramSam commented 6 years ago

This is interesting from a privacy perspective, but I worry about the optics.

With the DID in the URL, it feels like that's My Hub that exists there. With a header specifying the DID, it feels like I'm talking to Hub Host, and that they are a necessary proxy to get to My Hub.

Alternatively, how about a non-DID hub identifier issued by the Hub Host in the URL? And does that solve the optics problem?

kdenhartog commented 6 years ago

In this instance, would the hub be able to identify the header format?

tplooker commented 4 years ago

Resolved on 07/05/2020 call