W3C home > Mailing lists > Public > public-credentials@w3.org > December 2020

Re: VCs - zCaps / OCap a Discussion

From: Alan Karp <alanhkarp@gmail.com>
Date: Wed, 16 Dec 2020 16:14:09 -0800
Message-ID: <CANpA1Z0QphBgmTB5fMHKGwDPKQVJQ-6ky4O8=oST9z7dyxK1iw@mail.gmail.com>
To: Adrian Gropper <agropper@healthurl.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Adrian Gropper <agropper@healthurl.com> wrote:

> I have no idea what
> “ The PEP may know that the token is valid, perhaps because it has cached
> the validation result, but it doesn't know if the request is included in
> the permissions specified in the token.”
> My bad.  I meant PDP.

> means. I try to use ‘request’ consistently to refer to interaction at the
> PDP. I use ‘token’ in relation to the capability presented by a ‘client’ to
> Company A as the PEP.

Sorry.  That comes from the SPKI spec and allows you to memoize the
validation of a certificate.  That means the PDP only needs to check the
delegation chain once for a given zcap no matter how many times it sees
it.  The PDP still needs to verify that the zcap authorizes the request
being made every time.

Alan Karp

Received on Thursday, 17 December 2020 00:14:33 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 17 December 2020 00:14:34 UTC