Re: Request for CCG Chair Intervention in CCG Process from Adrian Gropper on 2021-08-21 (public-credentials@w3.org from August 2021)

From: Adrian Gropper <agropper@healthurl.com>
Date: Sat, 21 Aug 2021 16:58:24 -0400
To: Mike Prorock <mprorock@mesur.io>
Cc: Manu Sporny <msporny@digitalbazaar.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CANYRo8huMx8hBMikv5nR_O4jaoSZZcSE5a6Uj10BSz6yHJU5HA@mail.gmail.com>

I will formally object to any resolution that gives the VC Issuer the power
to censor how a VC is transported or used. OAuth 2 with Client Credentials
is one example.

The basis of my objection is that legacy credentials do not pose this added
restriction on the VC subject. OAuth 2 / OIDC history has shown that
protocol to result in platform centralization in a number of ways. That
outcome may have been unintended at the time the standards were conceived
but it is a demonstrated fact today.

My proposal is: Any VC access authorization protocols MUST support
delegation by the subject of the VC without censorship of the client or
agent involved.



On Sat, Aug 21, 2021 at 4:35 PM Mike Prorock <mprorock@mesur.io> wrote:

> Manu,
> Looks like you got it right by my quick read.
>
> Michael Prorock
> CTO, Founder
> mesur.io
>
> On Sat, Aug 21, 2021, 15:49 Manu Sporny <msporny@digitalbazaar.com> wrote:
>
>> On 8/21/21 3:25 PM, Orie Steele wrote:
>> > I would be happy to have the chairs overrule either side of the argument
>> > at this point.
>>
>> IIUC, that's not going to happen at this point (which is the right call,
>> IMHO):
>>
>> https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0266.html
>>
>> I believe the CCG Chairs have been very clear that they're expecting the
>> VC
>> HTTP API Editors to:
>>
>> 1. Strike the GNAP-KBAT resolution.
>>
>> 2. If there are further objections on the other
>>    resolutions, work it out in the VC HTTP API group using
>>    the new process, recording a decision with dissent if
>>    necessary.
>>
>> 3. If there is dissent, escalate using the new process
>>    for a final decision.
>>
>> Chairs, please correct me if I got any of that wrong.
>>
>> > As Adrian points out, there was not unanimous consensus on them.
>>
>> Unanimity isn't required for consensus:
>>
>> https://www.w3.org/2020/Process-20200915/#def-Consensus
>> https://www.w3.org/2020/Process-20200915/#def-Unanimity
>>
>> That's not the question at hand. The question is -- who is raising a
>> formal
>> objection to which proposals? There were four proposals left, Adrian is
>> just
>> objecting to two of them. Which ones are you objecting to, if any?
>>
>> Orie, please respond to this:
>>
>> https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0299.html
>>
>> ... and I would love to hear your thoughts on this as a path forward:
>>
>> https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0300.html
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://www.digitalbazaar.com/
>>
>>
>>

Received on Saturday, 21 August 2021 20:58:51 UTC