Method specs need further scrutiny or review after re-charter #907
Description
This was something I came across during the PING review:
I went through all the class-3 tagged issues and none of them raise privacy concerns to me. This aligns with the same privacy model as what was reviewed in w3cping/privacy-request#30. It's worth noting this comment from the previous review still stands and is likely something that should be looked into further when this WG can make class 4 changes too:
Joe: The DID spec authors wave their hands and sidestep privacy/security and leave it up to the subspec authors to deal with it. Does leave a big section to discuss this, but doesn’t deal with it exhaustively. We in the working group should scrutinize subspecs, because the current CORE spec leaves a big, open hole.
I think practically while most of these method specs are non-normative and unendorsed by W3C what it means is more strict requirements should be set on registration in the in the next iteration of the spec. However, these changes can't be made by a WG with only class 3 changes IIRC, so it's best left for after the re-charter.
This will likely be something the WG should address later given it's in maintenance mode right now and can't make Class 4 changes which would be needed for this.
In particular, I think the registry should be defining more a more stringent review process in order to register a method in order to improve the security and privacy of the ecosystem. Otherwise, the spec should aim to restrict further what's allowed within a DID document.