W3C home > Mailing lists > Public > public-credentials@w3.org > December 2020

Re: VCs - zCaps / OCap a Discussion

From: David Chadwick <D.W.Chadwick@kent.ac.uk>
Date: Mon, 7 Dec 2020 22:47:53 +0000
To: Alan Karp <alanhkarp@gmail.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <40b026d8-7ee0-55f6-d3a9-5b7136deb8b1@kent.ac.uk>

On 07/12/2020 22:22, Alan Karp wrote:
>
>     As a boss, if I revoked an employee's permission I would want all
>     instances of this to be revoked.
>
>
> You need a different mechanism for that.  The solution is to give Bob 
> an ocap to use a Bob-agent, which holds all the ocaps that have been 
> delegated to Bob.  When Bob gets fired you revoke his Bob-agent ocap.  
> This solution also works in the case in which the boss gets fired.  If 
> you didn't do something like this, every delegation the boss made 
> would be revoked, and nobody would be able to get any work done.
>
We seem to be getting rather complex here. Does this mean that every 
user has two "selfs". His real self that is directly given ocaps, and an 
agent-self that is only given delegated ocaps?
Received on Monday, 7 December 2020 22:48:08 UTC

This archive was generated by hypermail 2.4.0 : Monday, 7 December 2020 22:48:09 UTC