@Context Processing #558
Comments
|
That statement does not say that it is recommended that verification software perform dereferencing. It recommends that if the URI is dereferenced, the result should be a document that contains machine-readable information about the context (as opposed to something else or nothing at all). |
|
@dlongley Should not RECOMMEND any dereferencing, this should be able to be just treated as a string as there is no reason to expect that URI is dereferenced, the result should be a document that contains machine-readable information. |
|
Dereferencing is not being recommended. No statement is being made encouraging that the URI be dereferenced nor is a statement made about the process by which that "dereferencing" would occur. For example, a "dereferencing process" could involve a URI The spec merely recommends that a context URI should be understandable as a reference to some document that a machine could read with information about the context. |
|
@dlongley My point is that goes too far in the recommendation, it should just be treated as a sting value |
|
From VCWG call on April 30, 2019: |
|
@stonematt Totally disagree, should just be a sting value and no dereferencing should be in the description |
|
@nadalin - Have you read the reworded text? I just want to be sure we're all working from the same base. As seen in the rendered doc, it is now --
Do you have any suggestions of how to make this more clearly a guidance for VC issuers, about how to choose the URIs they include in the |
|
PR has been in for a long time, no dereferencing is recommended in the text. Closing. |
"It is RECOMMENDED that dereferencing the URIs results in a document containing machine-readable information about the context"
This should be removed, this can be a very large security attack vector
The text was updated successfully, but these errors were encountered: