- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Mon, 7 Dec 2020 22:47:53 +0000
- To: Alan Karp <alanhkarp@gmail.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
On 07/12/2020 22:22, Alan Karp wrote: > > As a boss, if I revoked an employee's permission I would want all > instances of this to be revoked. > > > You need a different mechanism for that. The solution is to give Bob > an ocap to use a Bob-agent, which holds all the ocaps that have been > delegated to Bob. When Bob gets fired you revoke his Bob-agent ocap. > This solution also works in the case in which the boss gets fired. If > you didn't do something like this, every delegation the boss made > would be revoked, and nobody would be able to get any work done. > We seem to be getting rather complex here. Does this mean that every user has two "selfs". His real self that is directly given ocaps, and an agent-self that is only given delegated ocaps?
Received on Monday, 7 December 2020 22:48:08 UTC