Did-core: PING Horizontal Review

Created on 22 May 2020 · 21Comments · Source: w3c/did-core

[x] fill out the Security and Privacy Questionnaire
[x] Contact the PING asking for review.

horizontal review pre-cr-p1

Source

brentzundel

Most helpful comment

PING response of "no blocking issues": https://lists.w3.org/Archives/Public/public-privacy/2021JanMar/0021.html

burnburn on 24 Feb 2021

👍2

All 21 comments

@jonathan-consensyshealth volunteered to fill out the questionairre

brentzundel on 16 Jun 2020

Will forward to my friend and colleague @jonathan-consensysHealth. Would someone please forward me the submission from the VC working group. Also, I'll need help with the threat model section.

jonnycrunch on 14 Jul 2020

@agropper and myself have volunteered to help draft the responses

wyc on 14 Jul 2020

https://www.eff.org/document/2020-08-04-letter-eff-and-aclu-opposing-ab-2004
seems related.

On Tue, Jul 14, 2020 at 11:44 AM wyc notifications@github.com wrote:

@agropper https://github.com/agropper and myself have volunteered to
help draft the responses

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/w3c/did-core/issues/291#issuecomment-658255412, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AABB4YKOZ7EIKMTEQ4JO6ITR3R4NVANCNFSM4NHZSC3Q
.

agropper on 10 Aug 2020

@agropper @jonnycrunch due to the time passed, would you like to reconvene later this week or early next week in an open-to-did-wg/public meeting and prepare a working item for comments? hopefully there has been some progress on the service endpoint discussions

wyc on 12 Aug 2020

yep, how is Monday again? I'll send an invite.

jonnycrunch on 12 Aug 2020

+1, probably a good idea to inform the public did wg list after we figure out where/when.

We can use the CCG Jitsi instance here: https://meet.w3c-ccg.org/DIDSecurityPrivacyReview

wyc on 12 Aug 2020

+1 for 2PM EST?

On Wed, Aug 12, 2020 at 3:27 PM wyc notifications@github.com wrote:

+1, probably a good idea to inform the public did wg list after we figure
out where/when.

We can use the CCG Jitsi instance here:
https://meet.w3c-ccg.org/DIDSecurityPrivacyReview

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/w3c/did-core/issues/291#issuecomment-673065191, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AABB4YKFEEKWCFUNLHVM3PTSALUJHANCNFSM4NHZSC3Q
.

agropper on 12 Aug 2020

👍1

@agropper @wyc @jonathan-consensysHealth what is the status of the security and privacy questionnaire?

brentzundel on 27 Aug 2020

@brentzundel and those following, the latest response is here:
https://docs.google.com/document/d/13qLCZcks3OAb2V7GHcrSs8s9drA5OaqEPYPI1knmodc/edit#

My apologies, I think I was supposed to write an update to the list and forgot. We are preparing to begin work on sections 3 and 4, but we there were 2 major concerns around scope that would impact the models in those sections significantly:

DID methods can vary wildly in their function, side effects, and privacy implications. To what point do we address this in the response? Based on his comments in the doc, Orie seems to think that we should focus only on the data models described and not delve too far into these.
Same concern and question for service endpoints.

wyc on 27 Aug 2020

We need to have the Security Questionnaire done for this issue to be closed. We cannot close this issue until PING does a review on the specification.

msporny on 25 Nov 2020

I am adding myself to track contributing to the questionnaire.

OR13 on 25 Nov 2020

I added a few changes. Reviewed until 2.16.

shigeya on 26 Nov 2020

We're getting closer on the security questionaire with sections covering all of the security parts (section 3 - might need additional points added as well but solid set in there already), but it appears that section 4 needs to be added still. Also, who is currently handling editorship of this document so that we can get the comments merged/resolved? If no one has time to do this I'm happy to step in and carry this to the end, but I'll need editor rights to the document.

@OR13 @wyc @agropper @jonnycrunch

kdenhartog on 29 Nov 2020

@kdenhartog I added some details, but IMO this needs an editorial merging session, and then we should focus on the weakest parts.

OR13 on 30 Nov 2020

👍2

I think the first checkbox is done now?

OR13 on 12 Dec 2020

PING has been contacted for review.
Leaving this issue open to track horizontal review efforts.

brentzundel on 16 Dec 2020

PING response of "no blocking issues": https://lists.w3.org/Archives/Public/public-privacy/2021JanMar/0021.html

burnburn on 24 Feb 2021

👍2

I'm reminded of the compiler message: "None of the errors detected."

Adrian

On Wed, Feb 24, 2021 at 5:56 PM Daniel Burnett notifications@github.com
wrote:

PING response of "no blocking issues":
https://lists.w3.org/Archives/Public/public-privacy/2021JanMar/0021.html

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/w3c/did-core/issues/291#issuecomment-785439265, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AABB4YP3HJQX7YOZMQCQ3K3TAV7YLANCNFSM4NHZSC3Q
.

agropper on 25 Feb 2021

😄1

Link to invitation for Security review of Decentralized Identifier Specification v1.0: https://lists.w3.org/Archives/Public/public-web-security/2020Dec/0003.html

No response was received and no issues were raised.

brentzundel on 26 Feb 2021

Horizontal review is complete, closing

brentzundel on 4 Mar 2021

Was this page helpful?

0 / 5 - 0 ratings

Related issues

[Public Keys] re: referenced keys: Is multiple level recursion allowed?

brentzundel · 7Comments

Restrict the number of key representation members

OR13 · 8Comments

Verification method block should be a first citizen like public keys

awoie · 8Comments

Encrypted serviceEndpoint values?

dmitrizagidulin · 8Comments

Statement on stable DID Registries not actionable

selfissued · 3Comments