Closed csuwildcat closed 4 years ago
This is interesting from a privacy perspective, but I worry about the optics.
With the DID in the URL, it feels like that's My Hub that exists there. With a header specifying the DID, it feels like I'm talking to Hub Host, and that they are a necessary proxy to get to My Hub.
Alternatively, how about a non-DID hub identifier issued by the Hub Host in the URL? And does that solve the optics problem?
In this instance, would the hub be able to identify the header format?
Resolved on 07/05/2020 call
Given DIDs can be rather long, and that we're trying to use a payload format that can more easily flex to non-HTTP API variants, we should consider passing the DID target as a HEADER value.