Internet-Draft | SPICE GLUE: GLobal Unique Enterprise Ide | November 2024 |
Zundel & Dingle | Expires 6 May 2025 | [Page] |
This specification defines the glue
URI scheme and the rules for encoding
these URIs. It also establishes the registries necessary for management of this
scheme.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://mesur-io.github.io/draft-zundel-spice-glue-id/draft-zundel-spice-glue-id.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-zundel-spice-glue-id/.¶
Discussion of this document takes place on the Secure Patterns for Internet CrEdentials Working Group mailing list (mailto:spice@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/spice/. Subscribe at https://www.ietf.org/mailman/listinfo/spice/.¶
Source for this draft and an issue tracker can be found at https://github.com/mesur-io/draft-zundel-spice-glue-id.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 6 May 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Enterprise entity identifiers are myriad. With the increasing use of digitial credentials, there is a need for a common methodology for expressing these identifiers such that claims about and by such entities can be made in a consistent and interoperable manner.¶
This specification defines a URI scheme that standardizes the expression of existing company entity identifers by providing a common representation format. It also establishes a registry for managing how existing company entity identification mechanisms relate to this scheme.¶
Any company entity identifier whose identification mechanism has been registered as an authority identifier in the registry may be represented as a glue URI.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The term "glue URI" is used to refer to a URI that uses the glue scheme.¶
TODO: define external authority, company entity¶
Every glue URI, whether expressed as a string or encoded in binary MUST be comprised of the following components:¶
The Authority Identifier indicates the external authority responsible for assigning the External Number and the scheme used to do so.¶
The External Number is the identifier assigned to the company by the external authority.¶
Each glue URI MUST be globally unique. It is assumed that most registered company entity identification schemes already handle any necessary namespacing as part of the external number. However, in the event that collisions are possible within the set of possible external identifiers for an authority identifier scheme, then further namespacing might be necessary at the glue id level. Such namespacing SHOULD be done on the authority identifier as part of the registration process.¶
That is, the different namespaces would be considered either different schemes operated by the same authority, or the same scheme operated by different authorities. In either case a unique authority identifier would be necessary for each.¶
For example, assume there is an external authority FEA that provides identifiers for company entities in USA and Canada. The identifiers in the USA are unique, and the identifiers in Canada are unique, but there is no guarantee that a company entity in Canada won't be assigned the same number as a company entity in the USA. Upon registration of FEA as an Authority Identifier, it would be necessary to seperately register FEA-USA and FEA-Can to provide differentiation between the two sets of external numbers.¶
All glue URIs comply with [RFC3986] and are therefore represented by a scheme identifier and a scheme-specific part. The scheme identifier is: glue, and the scheme-specific parts are represented as a sequence of alphanumeric components separated by the '.' character. A formal definition is provided in the next section, but it can informally be considered as:¶
glue:<authority-identifier>.<external-number>¶
The Authority Identifier MUST be an alphanumeric string from the "Scheme" field of the glue URI Authority Identifier registry. The External Number MUST be the identifier assigned to the company by the external authority under the identified scheme.¶
TODO ABNF¶
TODO DIDs and glue¶
TODO Security¶
There are some corporate identifers which make use of personal identifiers. This is the case for registered sole-proprietor businesses in much of the United States, where the business identifier may be the same as the social-security-number of the business owner.¶
It is possible for such identifers to be represented as glue URIs. An identifier's expression as a glue URI does not change the privacy characteristics of that identifier. The same cautions and concerns need to be taken with the glue URI representation as with the original identifier.¶
Implementers storing or evaluating glue ids are encouraged to evaluate the privacy characteristics of each identification scheme represented by an authority identifier and to appropriately handle any glue id which violates privacy policies.¶
The following sections detail requests to IANA for the creation of a new registry and registration of the 'glue' URI scheme.¶
TODO acknowledge.¶