W3C home > Mailing lists > Public > public-credentials@w3.org > December 2017

Re: First draft of Linked Data Capabilities available

From: David Chadwick <D.W.Chadwick@kent.ac.uk>
Date: Sat, 9 Dec 2017 18:52:07 +0000
To: public-credentials@w3.org
Message-ID: <b2900df8-0e6c-760a-1a1a-cc9c7ed63128@kent.ac.uk>
Hi Chris

thanks for distributing the draft. I have a few comments on this as follows

1. Do the chains of capabilities form a tree or a directed graph of
capabilities. If directed graphs of capabilities how are these dealt
with e.g. one of my keys is a granted key in two different proclamations
from two different creators. I then create a proclamation with my key to
one of your keys, and I set the parent proclamation to be a list of the
two parents (there is nothing in JSON to stop this). What if one of the
parents subsequently revokes their proclamation but the other parent
does not. What capabilities is your key left with?

2. Say I want to give my class of 100 students access to my research
lab. Using the scheme as outlined in your draft, I would presumably have
to issue 100 proclamations with a subject of MyLab, and know the keys of
all my students. In my prior research using RBAC and X.509 ACs, I would
instead (using your language) create a single proclamation where the
authority to access MyLab was not granted to a key, but rather to a role
(e.g. MyStudent role). Any person who can then present two capabilities,
namely one for access to MyLab, and the other containing the MyStudent
role, would be granted access to my lab. I leave the issuing of
MyStudent role capabilities to my administration, as they know which
students enrol for my course and which dont. Other capability creators
can similarly give rights to MyStudents by issuing single capabilities.
I believe this is a far more powerful and flexible model than simply
issuing capabilities to keys. (In the same way that RBAC is superior to
ACLs.)

regards

David




On 07/12/2017 01:40, Christopher Lemmer Webber wrote:
> Hello all!  I wrote up a first draft of Linked Data Capabilities (which
> we agreed we would explore as a possible work item for the group, but
> that I should get a draft written first):
> 
>   https://w3c-ccg.github.io/ld-ocap/
> 
> This is mostly a transformation into spec-text of the paper Mark Miller
> and I did for Rebooting Web of Trust:
> 
>   https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/draft-documents/lds-ocap/lds-ocap.md
> 
> Like I said, it's a first draft.  But I think the core things are
> already there, and that it's looking pretty good... I even included a
> gentle introduction-by-narrative section (which we did in ActivityPub as
> well, and was generally well received).
> 
> Would love to hear feedback!
>  - Chris
> 
> 
Received on Saturday, 9 December 2017 18:52:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:17 UTC