Re: Request for CCG Chair Intervention in CCG Process from Adrian Gropper on 2021-08-21 (public-credentials@w3.org from August 2021)

From: Adrian Gropper <agropper@healthurl.com>
Date: Sat, 21 Aug 2021 15:04:31 -0400
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CANYRo8jwDAOJnvyAEMa8tmRiCddgn4zsVDEEHS0D9oqwwWf9LQ@mail.gmail.com>

Here are the two resolutions:

RESOLUTION: The VC HTTP API work item group will separate GNAP from OAuth2
until it is clear how much extra work GNAP would add within the scope of
the specification. Voted +5 / -3 (JR, AG, OS in dissent)

RESOLUTION: One of the authorization protocols that will be defined for use
in the VC-HTTP-API MUST be OAuth 2 Client Credentials. Voted +5 / -2.5 (JR,
AG, MS in dissent)

and, for comparison:
RESOLUTION: One of the authorization mechanisms defined for the VC HTTP API
MUST be GNAP key-bound access tokens. Voted +6.25 / -2.7 (MS, OS, JA, TT in
dissent)

- Adrian

On Sat, Aug 21, 2021 at 2:12 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 8/19/21 1:04 PM, Adrian Gropper wrote:
> > Thank you for the quick and thorough response. I believe the other two
> > resolutions made that day do not meet the criteria for group consensus.
> > Should they be removed entirely, as well?
>
> Adrian, could you explicitly state which two resolutions you're talking
> about?
>
> On 8/19/21 2:57 PM, Orie Steele wrote:
> >> Should they be removed entirely, as well?
> >
> > Yes, PRs for resolutions that have objections should not be merged.
>
> Orie, could you explicitly state which resolutions you're talking about?
>
> ----------
>
> To help everyone understand the remaining resolutions we're contemplating,
> here they are:
>
> The VC HTTP API work item group will separate GNAP from OAuth2 until it is
> clear how much extra work GNAP would add within the scope of the
> specification.
>
> One of the authorization mechanisms defined for the VC-HTTP-API MUST be
> OAuth
> 2 Bearer tokens.
>
> How a VC HTTP API server validates an authorization token is out of scope.
>
> One of the authorization protocols that will be defined for use in the
> VC-HTTP-API MUST be OAuth 2 Client Credentials.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>

Received on Saturday, 21 August 2021 19:04:55 UTC