From fc5e1964aab66c4c8983413d80ad0f23b941e662 Mon Sep 17 00:00:00 2001
From: Manu Sporny Notification of DID Document Changes
addresses on file.
-In the case of a [=DID=], there is no intermediary registrar or account -provider to generate such notifications. However, if the [=verifiable data -registry=] on which the [=DID=] is registered directly supports change -notifications, a subscription service can be offered to [=DID controllers=]. -Notifications could be sent directly to the relevant [=service endpoints=] -listed in an existing [=DID=]. +In the case of a [=DID=], there is no intermediary registrar or account provider +to generate such notifications. However, if the [=verifiable data registry=] on +which the [=DID=] is registered directly supports change notifications, or a +monitoring service is used, a subscription service can be offered to [=DID +controllers=]. Notifications could be sent directly to the relevant [=service +endpoints=] listed in an existing [=DID document=].
If a [=DID controller=] chooses to rely on a third-party monitoring service (other than the [=verifiable data registry=] itself), this introduces another vector of attack.
++Any sort of change notification service is expected to be hardened against +spoofing, denial of service, linkability, and other attacks to security or +privacy. Mitigations such as integrity-protecting change notification messages +and their sources, binding notifications to previous cryptographic hashes of the +[=DID document=], and rate limits are expected to be documented and be a core +part of change notification service specifications. +
Any sort of change notification service is expected to be hardened against -spoofing, denial of service, linkability, and other attacks to security or +spoofing, denial of service, linkability, and other attacks on security or privacy. Mitigations such as integrity-protecting change notification messages and their sources, binding notifications to previous cryptographic hashes of the -[=DID document=], and rate limits are expected to be documented and be a core -part of change notification service specifications. +[=DID document=], and enforcement of rate limits are expected to be documented +and be a core part of change notification service specifications.
-One mitigation against unauthorized changes to a [=DID document=] is -monitoring and actively notifying the [=DID subject=] when there are changes. -This is analogous to helping prevent account takeover on conventional -username/password accounts by sending password reset notifications to the email -addresses on file. -
--In the case of a [=DID=], there is no intermediary registrar or account provider -to generate such notifications. However, if the [=verifiable data registry=] on -which the [=DID=] is registered directly supports change notifications, or a -monitoring service is used, a subscription service can be offered to [=DID -controllers=]. Notifications could be sent directly to the relevant [=service -endpoints=] listed in an existing [=DID document=]. -
--If a [=DID controller=] chooses to rely on a third-party monitoring service -(other than the [=verifiable data registry=] itself), this introduces another -vector of attack. -
--Any sort of change notification service is expected to be hardened against -spoofing, denial of service, linkability, and other attacks on security or -privacy. Mitigations such as integrity-protecting change notification messages -and their sources, binding notifications to previous cryptographic hashes of the -[=DID document=], and enforcement of rate limits are expected to be documented -and be a core part of change notification service specifications. -
-