- From: Steven Rowat <steven_rowat@sunshine.net>
- Date: Sat, 9 Dec 2017 12:32:59 -0800
- To: David Chadwick <D.W.Chadwick@kent.ac.uk>, public-credentials@w3.org
On 2017-12-09 10:52 AM, David Chadwick wrote: > 2. Say I want to give my class of 100 students access to my research > lab. Using the scheme as outlined in your draft, I would presumably have > to issue 100 proclamations with a subject of MyLab, and know the keys of > all my students. In my prior research using RBAC and X.509 ACs, I would > instead (using your language) create a single proclamation where the > authority to access MyLab was not granted to a key, but rather to a role > (e.g. MyStudent role). Any person who can then present two capabilities, > namely one for access to MyLab, and the other containing the MyStudent > role, would be granted access to my lab. I leave the issuing of > MyStudent role capabilities to my administration, as they know which > students enrol for my course and which dont. Other capability creators > can similarly give rights to MyStudents by issuing single capabilities. > I believe this is a far more powerful and flexible model than simply > issuing capabilities to keys. (In the same way that RBAC is superior to > ACLs.) Interesting example. I've been envisioning a publishing use of the DID system that might have the parallel problem, although I'm not sure. Perhaps someone can comment. My example: Say a publisher is putting out all of Author X's works (a playwright), and: -- Some people need access to all the plays of Author X. -- Some people need access only to the "To be or not to be,..." speech in one of the plays of Author X. -- Some people need access to a whole group of individual quotes across Author X's works. -- Some people need access to individual Acts within the Author X plays. etc. Perhaps this is a different problem, but if it's the same problem as David describes, I'm in favour of having roles that can re-use a certain access key rather than having all different keys for each single instance. In other words, I'm hoping this publisher will be able to use DID to offer 350 quotes from the works Author X (or, to extend it, Author X, Y and Z together) as a single access, rather than 350 different key instances. ? Steven > > regards > > David > > > > > On 07/12/2017 01:40, Christopher Lemmer Webber wrote: >> Hello all! I wrote up a first draft of Linked Data Capabilities (which >> we agreed we would explore as a possible work item for the group, but >> that I should get a draft written first): >> >> https://w3c-ccg.github.io/ld-ocap/ >> >> This is mostly a transformation into spec-text of the paper Mark Miller >> and I did for Rebooting Web of Trust: >> >> https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/draft-documents/lds-ocap/lds-ocap.md >> >> Like I said, it's a first draft. But I think the core things are >> already there, and that it's looking pretty good... I even included a >> gentle introduction-by-narrative section (which we did in ActivityPub as >> well, and was generally well received). >> >> Would love to hear feedback! >> - Chris >> >> > >
Received on Saturday, 9 December 2017 20:33:27 UTC