Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email Access Governance Framework #535

Merged
merged 7 commits into from
Oct 16, 2024
Merged

Email Access Governance Framework #535

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1493322
Initial Framework
TelegramSam Sep 16, 2020
c53a35f
number correction
TelegramSam Sep 16, 2020
af0ec07
add goal code and protocols
TelegramSam Sep 16, 2020
f0794ed
Updates from call
TelegramSam Sep 29, 2020
f738e63
Merge branch 'main' into email_access_gov_fwk
swcurran Dec 15, 2021
7f87323
Updated with reference to CTE work.
TelegramSam Oct 16, 2024
58e099d
Merge branch 'main' into email_access_gov_fwk
TelegramSam Oct 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions concepts/0535-email-access-governance-framework/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
# 0535: Email Access Governance Framework
- Authors: [Sam Curren]([email protected])
- Status: [PROPOSED](/README.md#proposed)
- Since: 2020-09-16
- Status Note: Proposed, but in need of specifics to put into action.
- Start Date: 2020-07-14
- Tags: feature, protocol

## Summary

This Governance Framework is community managed.

When making connections from one person to another over DIDComm, it is useful to be able to gain proof of something to verify that the connection is with the right person and has not been subject to a MITM attack. We expect this Governance Framework to be one of many used for the purpose of helping to verify identity attributes in the creation of trusted channels.

This is an early attempt at the creation and use of of a practical governance framework. As Governance Framework technology improves, we expect this particular framework to be replaced.

## Purpose

To facilitate the verification of email access between two parties over DIDComm and related technologies.

## Details

### Goal Codes

This Governance framework satisfies the following goal code(s):

`aries.receive.verifiable.identifier`

### Protocols

`https://didcomm.org/present-proof/2.0/`

### Roles

**issuer**: Responsible for issuing credentials according to the requirements of this governance framework.

### Schemas

<schemas listed here>

### Issuers

<list of issuers here>

### Issue Requirements

Issuers must validate email ownership by sending an email to the email address in question. The email MUST contain a link for the user to click, or a code to be entered in a verification step. After verifying that the clicked link or entered code matches, the credential may be issued.

Issued credentials should indicate an expiration date no longer than 6 months from the date of verification.

### Revocation

This framework does not currently use revocation, relying upon the expiration date to prevent widespread issues.

### Allowable Verification Purposes

Email addresses revealed in this manner may be used for the following purposes:

- Displaying to recipient.
- Checking against address book.

Use outside these purposes, including the following examples, violates the allowed uses as specified by this governance framework.

- Sending email to the address without explicit additional approval of the user.
- Sharing email address with any other party.

### Machine Readable Document

Located [here](data.json).

## Notes

- The machine readable document is as simple as possible by design. As related technology improves, the document will be updated to reflect these changes.
- Code for the indy email verification service: https://github.com/bcgov/indy-email-verification that could be used as a basis for an issuer.

## Unresolved questions

- Should redundant information be maintained between this human readable document and the machine readable file that accompanies it? More effort, but also more clear.
- Naming? Ownership/Control/Access?
- Which networks?
- Need Schemas and Issuers
- Does the Impl section below make sense for a governance framework?
## Implementations

The following lists the implementations (if any) of this RFC. Please do a pull request to add your implementation. If the implementation is open source, include a link to the repo or to the implementation within the repo. Please be consistent in the "Name" field so that a mechanical processing of the RFCs can generate a list of all RFCs supported by an Aries implementation.

*Implementation Notes* [may need to include a link to test results](README.md#accepted).

Name / Link | Implementation Notes
--- | ---
|

12 changes: 12 additions & 0 deletions concepts/0535-email-access-governance-framework/data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"@context": ["https://github.com/hyperledger/aries-rfcs/blob/master/0430-machine-readable-governance-frameworks/context.jsonld"],
"name": "Email Access"
"version": "0.1",
"description": "Proof of email access, useful for proving a common identifier and/or validating an email address without performing a live loop-back test."
"last_updated": "2020-09-16",
"docs_uri": "http://github.com/hyperledger/aries-rfcs/blob/master/",
"data_uri": "<uri to machine readable portion of this example>",
"schemas": ["schemaidhere"],
"roles": ["issuer"],
"rules": [ {"when": {"id": "did:example:abc123"}, "thus": "issuer"} ]
}