- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Sat, 9 Dec 2017 18:52:07 +0000
- To: public-credentials@w3.org
Hi Chris thanks for distributing the draft. I have a few comments on this as follows 1. Do the chains of capabilities form a tree or a directed graph of capabilities. If directed graphs of capabilities how are these dealt with e.g. one of my keys is a granted key in two different proclamations from two different creators. I then create a proclamation with my key to one of your keys, and I set the parent proclamation to be a list of the two parents (there is nothing in JSON to stop this). What if one of the parents subsequently revokes their proclamation but the other parent does not. What capabilities is your key left with? 2. Say I want to give my class of 100 students access to my research lab. Using the scheme as outlined in your draft, I would presumably have to issue 100 proclamations with a subject of MyLab, and know the keys of all my students. In my prior research using RBAC and X.509 ACs, I would instead (using your language) create a single proclamation where the authority to access MyLab was not granted to a key, but rather to a role (e.g. MyStudent role). Any person who can then present two capabilities, namely one for access to MyLab, and the other containing the MyStudent role, would be granted access to my lab. I leave the issuing of MyStudent role capabilities to my administration, as they know which students enrol for my course and which dont. Other capability creators can similarly give rights to MyStudents by issuing single capabilities. I believe this is a far more powerful and flexible model than simply issuing capabilities to keys. (In the same way that RBAC is superior to ACLs.) regards David On 07/12/2017 01:40, Christopher Lemmer Webber wrote: > Hello all! I wrote up a first draft of Linked Data Capabilities (which > we agreed we would explore as a possible work item for the group, but > that I should get a draft written first): > > https://w3c-ccg.github.io/ld-ocap/ > > This is mostly a transformation into spec-text of the paper Mark Miller > and I did for Rebooting Web of Trust: > > https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/draft-documents/lds-ocap/lds-ocap.md > > Like I said, it's a first draft. But I think the core things are > already there, and that it's looking pretty good... I even included a > gentle introduction-by-narrative section (which we did in ActivityPub as > well, and was generally well received). > > Would love to hear feedback! > - Chris > >
Received on Saturday, 9 December 2017 18:52:39 UTC