Needs auth #12
Comments
|
I think this is a duplicate of issue #13? |
|
Auditability (being able to check historical changes) is completely different to having a mechanism to decide who is allowed to do those changes in the first place, isn't it (this issue being about the latter)? |
|
@rhiaro ah, I see. In that case, no, the spec cannot dictate that - the auth policies differ for each individual site (much like the update/delete/etc operations). |
|
Agree, this issue should be closed, this will be at the discretion of the web service provider / hosting company... I'll suggest using GitHub / version control, but I don't think its appropriate to call this an "issue" with the method... its actually a "feature" of the method... that comes from its legacy facing interoperability design considerations. |
There is no authentication or authorization mechanism applied to the DID Document, leaving it unprotected from modification by an attacker.
The text was updated successfully, but these errors were encountered: