Document/user guide on determining the legitimacy of a DID-party
Opened this issue · 1 comments
decentralgabe commented
There's a gap not covered by the specification(s): how do I know someone is who they claim they are?
Here are some potential strategies:
- By credentials they are issued, you can get a sense of who they are (e.g. a business license from a government)
- Tie to an existing trust establishment (e.g. using a ./well-known file to tie control to a website)
- A reputation system, which may include attestations and/or proof by others
I do not believe this needs to be an independent specification, though it may be worth coming up with a guiding document outlining possible approaches for determining the authenticity of a DID-party.
decentralgabe commented
Alternative: a specification or formal manner for a DID-party to say "this is how you should trust me" -- and they can surface any of the above.