- From: Pelle Braendgaard <pelle.braendgaard@consensys.net>
- Date: Tue, 27 Mar 2018 11:17:37 -0600
- To: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANQzS_hDN6+2dWfSHv65OC+3TU23SEn8F9vq9b0_U9bE7J2YtQ@mail.gmail.com>
Hi, I just wanted to clarify my statement in the call, as I think it caused some confusion. In a HTTP based world, there is a very clear separation that is needed for a very good reason. Blockchains are very different as there is no central server that we need to authorize ourselves with. Interacting with apps on all the different blockchains is very much out of scope I believe, so in most cases traditional protocol level Authorization is not needed. That said and (this is where I think the confusion arrived). People are and will be using verified credentials for authorization on a businesses (NOT protocol level). So the nice clean separation we had in the HTTP world is maybe not as clean anymore. I don't think we need to model authorization at all for DID-AUTH, but just like authorization is built on top of traditional authorization method, we should just be aware that business level authorizations will be built on top of it. Which is why Marcus 2.) definition is what we are currently supporting with uPort. Pelle -- *Pelle Brændgaard // uPort Engineering Lead* pelle.braendgaard@consensys.net 49 Bogart St, Suite 22, Brooklyn NY 11206 Web <https://consensys.net/> | Twitter <https://twitter.com/ConsenSys> | Facebook <https://www.facebook.com/consensussystems> | Linkedin <https://www.linkedin.com/company/consensus-systems-consensys-> | Newsletter <http://consensys.us11.list-manage.com/subscribe?u=947c9b18fc27e0b00fc2ad055&id=257df01285&utm_content=buffer1ce12&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer>
Received on Tuesday, 27 March 2018 17:18:08 UTC