Re: Credentials Containers

On 01/27/2015 08:38 AM, Melvin Carvalho wrote:
> On 21 January 2015 at 01:00, ☮ elf Pavlik ☮ <perpetual-tripper@wwelves.org>
> wrote:
> 
>> Howdy,
>>
>> I just took another look at Identity Credentials 1.0 spec
>> http://opencreds.org/specs/source/identity-credentials/
>>
>> I feel certain resistance thinking about all operations happening
>> directly on my identity document. At the same time wondering if some
>> conversations already happened about storing credentials in some kind of
>> separate containers? Possibly something similar to Hydra Collection[1]
>> or LDP Container[2]
>>
>> On fist thought it would allow storing different credentials on
>> different services. Also having different levels of security for each of
>> them.
>>
>> {
>>   "@context": "https://w3id.org/identity/v1",
>>   "id": "https://example.com/identities/bob",
>>   "type": ["Identity", "Person"],
>>   "credentialContainer" : [
>>     {
>>       "id": "https://backpack.opentechschool.org/bob414",
>>       "type": "OpenBadgeBackpack"
>>     },
>>     {
>>       "id": "https://supersecure.example.net/bob123",
>>       "type": "CredentialContainer"
>>     }
>>   ]
>> }
>>
>> I must admit right away not understanding how Access Control supposed to
>> work with identity document. JSON-LD Frame, JSON Patch, JSON Pointer all
>> currently don't belong to my daily toolbox. So question above comes bit
>> more out of my gut feeling than solid analysis.
>>
> 
> For access control, what some of us do is have a list of URLs that can read
> to a document, and a list that can write.  This can be linked in a header
> rel="acl" which could also be some JSON LD.
Does it give read/write access to all the data 'in this document', or
your can select in very granular way who can access with pieces of
information available 'in this document'.