W3C home > Mailing lists > Public > public-credentials@w3.org > April 2021

Re: The ezcap-express library

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 4 Apr 2021 17:39:31 -0400
To: Alan Karp <alanhkarp@gmail.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <6eb559a4-93dc-a7d6-2e71-b9c137c17d5d@digitalbazaar.com>
On 4/4/21 3:56 PM, Alan Karp wrote:
> You have separated the designation of the resource, url, from the 
> authorization, capability, in the request.  What happens if someone uses a 
> different url for that capability?

How URLs are mapped to capabilities is server-specific. If someone uses a
different URL for that capability, the server may or may not resolve to the
same capability. This is application-defined behavior... but again, this is a
corner case (or advanced case). In general, the mapping rules are expected to
be simple... and if they're not... don't use ezcap... use something else.

> The standard approach is to use the capability to both designate and
> authorize.

Yes, which is what is being done, I believe.

What am I missing? I don't know if we're on the same page or not? :)

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Sunday, 4 April 2021 21:39:49 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 4 April 2021 21:39:50 UTC