- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 8 Aug 2021 15:40:58 -0400
- To: daniel.hardman@gmail.com
- Cc: W3C Credentials CG <public-credentials@w3.org>
On 7/21/21 2:58 PM, Daniel Hardman wrote: > My understanding of the purpose of this API is to allow *trusted parties* > to issue VCs on behalf of an issuing authority. That is, for trusted > clients to act as agents of an issuer. They submit information to an > endpoint to produce a VC with the issuer's signature on it that is intended > to be given to some other holder via *some other protocol* (e.g., CHAPI, > DIDComm). > > Wow! I am ecstatic if this statement of scope reflects the will of the > group. > > *Can I poll the group to see if Dave's view of scope is shared by everyone > else?* If it is, then all of my concerns about power imbalances and the > client-server nature of the API evaporate. It is only when the API crosses > a trust boundary that power imbalances matter and inclusivity matter.) Daniel, I hesitated answering until someone had put together a summary of where I think the work is today. Here's my understanding of where the work is right now: https://docs.google.com/spreadsheets/d/1hlevKRxCXsJBWvJTkL30nZVp8cpF26aY3PJqzuHtIZE/edit You will note a few items in yellow that are marked as "External Trust Boundary" API calls. To be fair to what Dave was saying, I expect that we'll be running some variation of VPR/DIDComm/WACI/Whatever over these endpoints... but I don't expect that we have consensus on that just yet... and I don't know if getting consensus on that will address all of your concerns. Is that categorization of HTTP API endpoints, actions, and trust boundaries useful? Thoughts? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Sunday, 8 August 2021 19:41:15 UTC