New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How does contact
column in registry relate to ongoing change privileges and governance?
#399
Comments
You may request changes of this file: https://github.com/w3c/did-spec-registries/blob/main/tooling/did-method-registry-entry.yml#L27 Its type is string, to account for Organization Names, or multiple folks. I don't like the idea of changing the range of contactEmail to an array, I like a clear responsibility and a single point of entry for inquiries. For most methods that many companies rely on, I would hope to see an SDO host the spec and a WG manage contact requests. |
An untyped, human-readable string? What is this, unprofiled JSON? The array idea was... just spitballing, who am I to define a data model. Mostly, I want to tease out what Kyle, in typical Kyle fashion, explained very crisply in the original PR, in response to Markus' apt alarm at semantic drift.
Should methods defined in an IPR-protected/governed pact have the option (or the requirement) to list an org (CCG, say, or DIF, or TOIP) as its controller or authorizer of new editors? This would be an important change for many DID Methods, including My other off-the-hook suggestion (equally presented as strawman for elaboration, not as ready for PR!) was to use a GH team/org instead of individual GH accounts, which would greatly simplify things operationally for orgs like CCG and DIF that want those kinds of privileges to be governed collectively rather than by individuals. |
contact
?contact
column in registry relate to ongoing change privileges and governance?
I also don't want us to lose or miss Phil's excellent observation, which might be a third strawman, and perhaps the closest of the three to being "ready for PR":
|
One approach could be to decide and explicitly say that "contactName == change controller", but also clarify the role of the contact:
Pros:
Cons:
|
+1 to what @peacekeeper has suggested above. I think it's clean and is (IMHO) what was originally intended. I think we should add a check mark to the registration checklist that says something to this effect: "A trademark review has been performed with respect to the DID Method identifier, there are no known trademark concerns with this DID Method registration, and the change controller accepts all liability for any trademark violations." |
I'm more in line with the RFC8126 approach of First Come First Serve where the contact name and the controller are not expected to be the same. The purposes of the contact information is additional optional information that we can utilize to request changes. I'd also prefer that the change controller be a required field that specifically names a github handle that is authorized to make changes. Or if we want to get fancy we could make it a DID that needs to sign with a verification method that we can resolve to verify the update request has been signed by a authorized VM controller of the DID. This would double as an interop use case we could cite, but I don't plan to write the code for this hence the "if we want to get fancy". |
The issue was discussed in a meeting on 2022-01-11
View the transcript5.
|
From #395 :
@msporny wrote:
My only additional thought is that perhaps it should be typed as an array and/or non-normative text added to recommend more than one individual account be listed as changeController, and that github orgs/teams should be valid entries as well as individuals, in cases like #395 where editorship or employment changes occur between updates to an entry.
The text was updated successfully, but these errors were encountered: