Comments (7)
I think the top level JWT should be sign-able by non DIDs.
from .well-known.
Implemented a demo: #2
decided not to sign the top level object.
from .well-known.
Nice! I reviewed the implementation and I was able to run the demo locally
What do you mean by the following?
The demo opens up more questions about what "verification" of claims mean.
from .well-known.
awesome!
The claim in the JWT has a domain field. here is some pseudo code explaining how verification should work.
config = GET JSON ( https://example.com/.well-known/did-configuration )
For each claim in config:
- verify claim was signed by did listed in config (use resolver to get public keys)
- verify that domain in claim matches "example.com"
In the demo provided, there is no check for the last bit.
I would expect the demo to fail or warn when running on localhost.
What should the behavior be?
from .well-known.
Oh I see. What if on the client side it just checked if verified.domain matches window.location.hostname?
from .well-known.
Thats a good idea for self requests, but the client is always going to need to trust its own web server, and this spec should theoretically support CORs, where:
example.com has DIDs and can trust api.example2.com's DIDs.
the origin of a well-known did config should be present in each of the claims as the domain field.
That way 2 servers can use this for mutual auth if they wanted to.
from .well-known.
I'm gonna close this now that the example is merged. Feel free to open new issues with concerns / questions/
from .well-known.
Related Issues (20)
- The JWT in example 2 uses "domain" in place of "origin" HOT 3
- Relax body size limit (16 kilobytes or more) HOT 4
- Demo / Reference Implementation is nonfunctional HOT 5
- Add order concept to Service Endpoint origin array HOT 1
- editorial - assertionMethod link broken HOT 6
- Definition of Origin HOT 2
- Make expirationDate in Domain Linkage Credential optional HOT 2
- Should well known did configuration support issuer styling HOT 3
- Move equivalent credential out of this spec HOT 2
- Fix Context Hosting for DID Configuration HOT 1
- Minor Editorial tweaks: Update Status to "Approved Deliverable" and add "Known Implementations"
- Add Path Based Option for DID Config HOT 4
- Sample code or library to create DID Configuration (VP) from VC? HOT 9
- JWT inconsistencies: .json file extension and spec wording HOT 3
- Spec should not be hosted under https://identity.foundation/.well-known HOT 1
- introductory texts
- did-key does not support services HOT 2
- what is the purpose of DID.configuration.json? HOT 2
- Require email address for editors HOT 1
- example link 404 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from .well-known.