Re: VC HTTP API Telecon Minutes for 2021-07-13

On 7/21/21 2:58 PM, Daniel Hardman wrote:
> My understanding of the purpose of this API is to allow *trusted parties*
> to issue VCs on behalf of an issuing authority. That is, for trusted
> clients to act as agents of an issuer. They submit information to an
> endpoint to produce a VC with the issuer's signature on it that is intended
> to be given to some other holder via *some other protocol* (e.g., CHAPI,
> DIDComm).
> 
> Wow! I am ecstatic if this statement of scope reflects the will of the
> group.
> 
> *Can I poll the group to see if Dave's view of scope is shared by everyone 
> else?* If it is, then all of my concerns about power imbalances and the 
> client-server nature of the API evaporate. It is only when the API crosses
> a trust boundary that power imbalances matter and inclusivity matter.)

Daniel, I hesitated answering until someone had put together a summary of
where I think the work is today.

Here's my understanding of where the work is right now:

https://docs.google.com/spreadsheets/d/1hlevKRxCXsJBWvJTkL30nZVp8cpF26aY3PJqzuHtIZE/edit

You will note a few items in yellow that are marked as "External Trust
Boundary" API calls. To be fair to what Dave was saying, I expect that we'll
be running some variation of VPR/DIDComm/WACI/Whatever over these endpoints...
but I don't expect that we have consensus on that just yet... and I don't know
if getting consensus on that will address all of your concerns.

Is that categorization of HTTP API endpoints, actions, and trust boundaries
useful? Thoughts?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Sunday, 8 August 2021 19:41:15 UTC