Comments (8)
samuelgoto
commented on July 17, 2024
2
Thinking more about this, I am not sure it makes sense to create a registry at all.
The other thing that I think is worth considering is that the more protocols we have, the fewer interoperable implementations we'll have, and fragment the ecosystem. So, more here isn't necessarily better.
from digital-credentials.
marcoscaceres
commented on July 17, 2024
1
Thanks @OR13! Adding for reference:
https://www.w3.org/2021/Process-20211102/#registries
Which defines the W3C requirements for a Registry.
We can copy/🍝 and adapt the text from the Permissions Registry, which should be similar enough.
from digital-credentials.
OR13
commented on July 17, 2024
For some inspiration: https://datatracker.ietf.org/doc/html/rfc8126#section-4.6
I would suggest assigning some experts, and writing advice for them directly into the spec for the registry.
The advice can be simple, or complicated. I would recommend not allowing "links to expired drafts, or drafts from SDOs that do not represent consensus", this would exclude CG reports, and I-Ds.
from digital-credentials.
marcoscaceres
commented on July 17, 2024
Just from call on Feb 8:
- selective disclosure
- encrypted response
- Structure that is "Web IDL" compatible.
from digital-credentials.
npdoty
commented on July 17, 2024
Protocol needs to provide detail in the query such that the browser can understand what is a compatible credential and what are the specific data elements being requested, such that the UA can help the user to understand the request prior to selecting a wallet/credential.
from digital-credentials.
npdoty
commented on July 17, 2024
Protocol needs to enable passing an indication to the user to explain the context of the request (who is requesting it, why, with what privacy protections, etc.), and/or the elements in the webpage that provided that information.
from digital-credentials.
tplooker
commented on July 17, 2024
To expand on the last point from @marcoscaceres here which I believe was related to a point I raised. It would be a failure if say the response from the .get() API for a specific protocol expected additional out of band steps for the relying party to actually get the response, such as following a redirect or calling an API etc. I'm unsure how to articulate that as a crisp registry requirement at the moment though.
from digital-credentials.
OR13
commented on July 17, 2024
Thinking more about this, I am not sure it makes sense to create a registry at all.
Instead it might be better to internalize a fixed set of supported protocols, and require a full document update in order to add further support.
If there is more than 1 protocol listed, there MUST be a single mandatory to implement.
from digital-credentials.
Related Issues (20)
- Threat Modeling for Decentralized Identities HOT 18
- Should we have a common and interoperable definition of request types and their privacy properties? HOT 4
- Web Platform Tests: refactoring digitial-credentials.tentative.https.html HOT 2
- What should be the data type for the response? HOT 3
- Are iframes supported by the Digital Credential API? HOT 2
- Should requests be assumed to be linkable by the browser? HOT 4
- Access to an Open Global Web Reduced HOT 1
- [spec] add statement about responses with PII MUST be encrypted HOT 1
- [spec] Add JSON (de)serialization methods
- Digital credential API should support requests for directed identifiers HOT 8
- Digital credential API should support identity verification HOT 3
- Define error handling
- Define WebDriver integration HOT 1
- Consider requiring mitigation of script injection attacks. HOT 3
- Consider requiring a strong signal of user intent. HOT 5
- Explainer: Expand alternatives considered section
- define a well-known way for a verifier to indicate registration, validation, trustmark assurances or other necessary info HOT 3
- Add placeholder security and privacy considerations section
- Issuer identity in selective disclosure cases HOT 3
- Disallow multiple types via navigator.credentials's methods HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from digital-credentials.