W3C home > Mailing lists > Public > public-credentials@w3.org > August 2021

Re: VC HTTP API Telecon Minutes for 2021-07-13

From: Daniel Hardman <daniel.hardman@gmail.com>
Date: Sun, 8 Aug 2021 23:05:28 +0200
Message-ID: <CACU_ch=zbpYFdzEHjp-0VKvyP6bNt-XE1vaaewv0-aKWRKJXdA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Thank you for the link, Manu, and thank you to whoever put that document
together. Good stuff. I’ll be curious to see whether the group aligns
around this categorization.

On Sun, 8 Aug 2021 at 21:41 Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 7/21/21 2:58 PM, Daniel Hardman wrote:
> > My understanding of the purpose of this API is to allow *trusted parties*
> > to issue VCs on behalf of an issuing authority. That is, for trusted
> > clients to act as agents of an issuer. They submit information to an
> > endpoint to produce a VC with the issuer's signature on it that is
> intended
> > to be given to some other holder via *some other protocol* (e.g., CHAPI,
> > DIDComm).
> >
> > Wow! I am ecstatic if this statement of scope reflects the will of the
> > group.
> >
> > *Can I poll the group to see if Dave's view of scope is shared by
> everyone
> > else?* If it is, then all of my concerns about power imbalances and the
> > client-server nature of the API evaporate. It is only when the API
> crosses
> > a trust boundary that power imbalances matter and inclusivity matter.)
>
> Daniel, I hesitated answering until someone had put together a summary of
> where I think the work is today.
>
> Here's my understanding of where the work is right now:
>
>
> https://docs.google.com/spreadsheets/d/1hlevKRxCXsJBWvJTkL30nZVp8cpF26aY3PJqzuHtIZE/edit
>
> You will note a few items in yellow that are marked as "External Trust
> Boundary" API calls. To be fair to what Dave was saying, I expect that
> we'll
> be running some variation of VPR/DIDComm/WACI/Whatever over these
> endpoints...
> but I don't expect that we have consensus on that just yet... and I don't
> know
> if getting consensus on that will address all of your concerns.
>
> Is that categorization of HTTP API endpoints, actions, and trust boundaries
> useful? Thoughts?
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>
Received on Sunday, 8 August 2021 21:06:53 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 8 August 2021 21:06:54 UTC