An example scenario illustrating how ACK-ID verifies an agent’s identity and ownership.
did:web:banktrust.com
).did:web:fx.banktrust.com
).did:web:fx.banktrust.com
is operated by did:web:banktrust.com
and is authorized to provide FX quoting services.did:web:banktrust.com
is on this list.did:web
domain and Trust List status for known entities).did:web:fx.banktrust.com
.did:web:fx.banktrust.com
) and relevant VCs (including the Ownership & Authorization VC).did:web:banktrust.com
) and asserts control over the Agent DID (did:web:fx.banktrust.com
).did:web:banktrust.com
). This confirms it’s associated with the expected banktrust.com
domain via the did:web
method (relying on HTTPS security). If the DID cannot be resolved or links to an unexpected domain, the interaction is rejected. Note that other non-web DID methods would require different mechanics for resolving identity.did:web:fx.banktrust.com.rogue.net
. When the CorpTreasury Agent resolves this DID and verifies the presented VCs, it would find:
did:web:banktrust.com
Owner DID (signature verification fails).did:web:banktrust.com.rogue.net
) would not be on CorpTreasury’s Trust List.