jandrieu
commented
3 weeks ago Yes. I think this a mandatory-to-implement https binding in order to achieve cross-method interoperability.
Open peacekeeper opened 1 month ago
jandrieu
commented
3 weeks ago Yes. I think this a mandatory-to-implement https binding in order to achieve cross-method interoperability.
pchampin
commented
3 weeks ago This was discussed during the WG meeting on 2024-08-22: https://www.w3.org/2024/08/22-did-minutes.html#t12
mccown
commented
4 days ago I agree. https should be mandatory to implement and used in all of the examples. However, I was researching how Apple handles the situation.
In recent years, Apple has required https for all connections. However, they realize that there may be some isolated situations where insecure http may be required and have defined a key called 'NSAllowsArbitraryLoadsInWebContent', which can bypass standard protections in some instances. If insecure http connections are allowable, then I would propose it be handled explicitly with an exception designator. This way, whenever it's deemed necessary by implementors, it will be an overt decision and something that could be highlighted to users or other services.
During the 25th July 2024 DID WG call, I mentioned "Interface Bindings (HTTPS)" as one of four major topics for this spec. See here:
The idea of this section is to define the DID Resolution and DID URL Dereferencing functions not just in abstract way, but also a concrete binding for invoking those functions via an HTTPS API, including how parameters, headers, status codes, etc. are used.
Any feedback is welcome, and I'd be most interested in high-level opinions on whether this is indeed an important topic that should be covered by the spec, and in thoughts on the general direction of this topic.