Re: The ezcap-express library

On 4/4/21 3:56 PM, Alan Karp wrote:
> You have separated the designation of the resource, url, from the 
> authorization, capability, in the request.  What happens if someone uses a 
> different url for that capability?

How URLs are mapped to capabilities is server-specific. If someone uses a
different URL for that capability, the server may or may not resolve to the
same capability. This is application-defined behavior... but again, this is a
corner case (or advanced case). In general, the mapping rules are expected to
be simple... and if they're not... don't use ezcap... use something else.

> The standard approach is to use the capability to both designate and
> authorize.

Yes, which is what is being done, I believe.

What am I missing? I don't know if we're on the same page or not? :)

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Sunday, 4 April 2021 21:39:49 UTC