Initial feedback on major sections: Interface bindings (HTTPS) #83
Comments
|
Yes. I think this a mandatory-to-implement https binding in order to achieve cross-method interoperability. |
|
This was discussed during the WG meeting on 2024-08-22: |
|
I agree. https should be mandatory to implement and used in all of the examples. However, I was researching how Apple handles the situation. In recent years, Apple has required https for all connections. However, they realize that there may be some isolated situations where insecure http may be required and have defined a key called 'NSAllowsArbitraryLoadsInWebContent', which can bypass standard protections in some instances. If insecure http connections are allowable, then I would propose it be handled explicitly with an exception designator. This way, whenever it's deemed necessary by implementors, it will be an overt decision and something that could be highlighted to users or other services. |
peacekeeper
added
the
discuss
|
Marking as pending-close, since this has been discussed on a high level. For now, one concrete issue has been identified related to this topic: |
peacekeeper
added
the
pending-close
peacekeeper
removed
the
discuss
During the 25th July 2024 DID WG call, I mentioned "Interface Bindings (HTTPS)" as one of four major topics for this spec. See here:
The idea of this section is to define the DID Resolution and DID URL Dereferencing functions not just in abstract way, but also a concrete binding for invoking those functions via an HTTPS API, including how parameters, headers, status codes, etc. are used.
Any feedback is welcome, and I'd be most interested in high-level opinions on whether this is indeed an important topic that should be covered by the spec, and in thoughts on the general direction of this topic.
The text was updated successfully, but these errors were encountered: