swcurran
commented
2 years ago You have several things here:
- Right now, the resolver only allows the resolution of public DIDs -- e.g. DIDs that have been published on a ledger. If you have a connection with a verifier, you likely are using a private DID for that -- a
did:peerthat is shared only between the verifier and you. At this time, you can't access that information as a DID (although you should be able to!!), but you can get the information from the connection record. - If the establishment of the connection started from a public DID, then that public DID should be in the connection record and you can get it from then resolve using the API call.
- The question of "how can I verify the verifier is legit" -- depends on what you trust as "legit" in your context. It may be that the connection started from a Public DID (see above) and that you have a list of DIDs you trust. Or, you could request a proof of a VC from the verifier. There is nothing inherent in the connection or the DID that lets you "trust" the verifier. DIDComm gives a secure channel, but does not tell you who it is with -- knowing that comes from other sources of information that you decide to trust.
Hope that helps. Closing assuming it does, but feel free to ask more questions or re-open.
I see the resolve DID endpoint: [/resolver/resolve/{did}]. But, I am trying to understand how I can resolve DIDDoc of verifier when holder gets a request from the verifier , they can verify if the verifier is legit. Or, holder can verify if a credential issuer is legit.