- From: Henry Story <henry.story@co-operating.systems>
- Date: Fri, 5 Feb 2021 10:59:58 +0100
- To: "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>
- Cc: "public-credentials@w3.org" <public-credentials@w3.org>
- Message-Id: <D0E1426F-217A-4AEA-A1A6-D8251CA9F3A6@co-operating.systems>
> On 5 Feb 2021, at 04:02, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net> wrote: > > Perhaps there is a connection related to the SSI-PDUL model: https://hyperonomy.com/2021/01/27/self-sovereign-identity-personal-data-usage-licensing-ssi-pdul-model-solution-concept/ There is a symmetry. Access Control sets rules on which agents can access the content, whereas Content Licensing lays out rules the client promises to abide by if it receives the content. Data usage sets rules about what the client can do with the content once it has been been shipped. It lets the client answer questions such as: Can the content be republished? Access Control happens before shipping: it asks the question to the server whether the content should be shipped at all. The Guard wants to know: can the agent making the request prove they are over a certain age? The two meet on restricted content, where the server wants to know: is the client legally responsible? Ie. the server wants a statement or proof that the client understands what the restrictions are, and that it can be pursued in court if it does not follow them. This type of access control rule should be implementable in the HTTP-Sig proposal I put forward. > https://github.com/bblfish/authentication-panel/blob/HttpSig/HttpSignature.md If you want to make sure your use case is considered you can make a pull request to the Solid Authorization Use Case document https://solid.github.io/authorization-panel/wac-ucr/ We are just about to close work on these UCR and if you check on gitter you will find that we have today a 3 hour conf call where you can bring this up, and a few extra ones in the next 2 weeks. Henry > > > Best regards, > Michael Herman > Self-Sovereign Blockchain Architect > Trusted Digital Web > Hyperonomy Digital Identity Lab > Parallelspace Corporation > > -----Original Message----- > From: Henry Story <henry.story@co-operating.systems> > Sent: February 4, 2021 10:04 AM > To: public-credentials@w3.org > Subject: Credentials and HTTP-Sig authentication for Solid > > Dear Credentials Community, > > I am working on Solid Authentication and Authorization as part of my PhD [0]. > A little over a year ago I put together an initial proposal on how to use HTTP-Signature for Solid Authentication [1], following experience I gained implemented this four years ago [2]. > > Having recently been awarded some funding by the EU to work on Solid [3] I have been able to put some effort into improving that document to see how this could tie in with Web Credentials. > > Here is an extended version of the HTTP-Signature document I put together today, bringing in ideas that have emerged thinking about this over the past 3 months: > > https://github.com/bblfish/authentication-panel/blob/HttpSig/HttpSignature.md > > It is work in progress and feedback would be much appreciated. > > Henry Story > > [0] https://co-operating.systems/2019/04/01/ > [1] https://github.com/solid/authentication-panel/blob/master/HttpSignature.md > [2] https://github.com/read-write-web/akka-http-signature > [3] https://nlnet.nl/project/SolidControl/ > > https://co-operating.systems > WhatsApp, Signal, Tel: +33 6 38 32 69 84 > Twitter: @bblfish > Henry Story https://co-operating.systems WhatsApp, Signal, Tel: +33 6 38 32 69 84 Twitter: @bblfish
Received on Friday, 5 February 2021 10:00:16 UTC