Re: VCs - zCaps / OCap a Discussion from Alan Karp on 2020-12-17 (public-credentials@w3.org from December 2020)

From: Alan Karp <alanhkarp@gmail.com>
Date: Wed, 16 Dec 2020 16:14:09 -0800
To: Adrian Gropper <agropper@healthurl.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CANpA1Z0QphBgmTB5fMHKGwDPKQVJQ-6ky4O8=oST9z7dyxK1iw@mail.gmail.com>

Adrian Gropper <agropper@healthurl.com> wrote:

> I have no idea what
>
> “ The PEP may know that the token is valid, perhaps because it has cached
> the validation result, but it doesn't know if the request is included in
> the permissions specified in the token.”
>
> My bad.  I meant PDP.

> means. I try to use ‘request’ consistently to refer to interaction at the
> PDP. I use ‘token’ in relation to the capability presented by a ‘client’ to
> Company A as the PEP.
>

Sorry.  That comes from the SPKI spec and allows you to memoize the
validation of a certificate.  That means the PDP only needs to check the
delegation chain once for a given zcap no matter how many times it sees
it.  The PDP still needs to verify that the zcap authorizes the request
being made every time.

--------------
Alan Karp

>

Received on Thursday, 17 December 2020 00:14:33 UTC