Re: Credentials and HTTP-Sig authentication for Solid

> On 5 Feb 2021, at 04:02, Michael Herman (Trusted Digital Web) <> wrote:
> Perhaps there is a connection related to the SSI-PDUL model:

There is a symmetry. Access Control sets rules on which agents can access
the content, whereas Content Licensing lays out rules the client promises
to abide by if it receives the content.

Data usage sets rules about what the client can do with the content
once  it has been been shipped. It lets the client answer questions
such as: Can the content be republished?

Access Control happens before shipping: it asks the question
to the server whether the content should be shipped
at all. The Guard wants to know: can the agent making
the request prove they are over a certain age?

The two meet on restricted content, where the server
wants to know: is the client legally responsible?
Ie. the server wants a statement or proof that the client understands
what the restrictions are, and that it can be pursued in court if it
does not follow them.

This type of access control rule should be implementable in the
HTTP-Sig proposal I put forward.

If you want to make sure your use case is considered you can make a pull
request to the Solid Authorization Use Case document

We are just about to close work on these UCR and if you check on gitter you will
find that we have today a 3 hour conf call where you can bring this up, and
a few extra ones in the next 2 weeks.


> Best regards,
> Michael Herman
> Self-Sovereign Blockchain Architect
> Trusted Digital Web
> Hyperonomy Digital Identity Lab
> Parallelspace Corporation
> -----Original Message-----
> From: Henry Story <>
> Sent: February 4, 2021 10:04 AM
> To:
> Subject: Credentials and HTTP-Sig authentication for Solid
> Dear Credentials Community,
>   I am working on Solid Authentication and Authorization as part of my PhD [0].
> A little over a year ago I put together an initial proposal on how to use HTTP-Signature for Solid Authentication [1], following experience I gained implemented this four years ago [2].
> Having recently been awarded some funding by  the EU to work on Solid [3] I have been able to put some effort into improving  that document to see how this could tie in with Web Credentials.
> Here is an extended version of the HTTP-Signature document I put together today, bringing in ideas that have emerged thinking about this over the past 3 months:
> It is work in progress and feedback would be much appreciated.
> Henry Story
> [0]
> [1]
> [2]
> [3]
> WhatsApp, Signal, Tel: +33 6 38 32 69 84‬
> Twitter: @bblfish

Henry Story
WhatsApp, Signal, Tel: +33 6 38 32 69 84‬
Twitter: @bblfish

Received on Friday, 5 February 2021 10:00:16 UTC