Re: VC-HTTP-API - A follow up on the RAR presentation

On 7/6/21 11:02 AM, Adrian Gropper wrote:
> If we’re trying to constrain the scope, why do we need OAuth2 and client 
> credentials? As I see it, an issuer’s endpoint presented with an HTTP 
> Authorization: Bearer token need only trust the signature on the token and 
> understand it’s content.
> 
> What am I missing?

The implementers need something concrete to implement... but you're not far
off. We don't need much more than what you say above... at least, we don't
need more than that for the first iteration.

I fully expect future iterations to support GNAP/RAR/ZCAPs... and as was
presented last week, we have a fairly clear path to that future when someone
volunteers to do the work and get the implementation community on board.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Tuesday, 6 July 2021 15:17:13 UTC