Needs auth
rhiaro opened this issue · comments
There is no authentication or authorization mechanism applied to the DID Document, leaving it unprotected from modification by an attacker.
I think this is a duplicate of issue #13?
Auditability (being able to check historical changes) is completely different to having a mechanism to decide who is allowed to do those changes in the first place, isn't it (this issue being about the latter)?
@rhiaro ah, I see. In that case, no, the spec cannot dictate that - the auth policies differ for each individual site (much like the update/delete/etc operations).
Agree, this issue should be closed, this will be at the discretion of the web service provider / hosting company... I'll suggest using GitHub / version control, but I don't think its appropriate to call this an "issue" with the method... its actually a "feature" of the method... that comes from its legacy facing interoperability design considerations.