- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 6 Jul 2021 11:16:57 -0400
- To: W3C Credentials CG <public-credentials@w3.org>
On 7/6/21 11:02 AM, Adrian Gropper wrote: > If we’re trying to constrain the scope, why do we need OAuth2 and client > credentials? As I see it, an issuer’s endpoint presented with an HTTP > Authorization: Bearer token need only trust the signature on the token and > understand it’s content. > > What am I missing? The implementers need something concrete to implement... but you're not far off. We don't need much more than what you say above... at least, we don't need more than that for the first iteration. I fully expect future iterations to support GNAP/RAR/ZCAPs... and as was presented last week, we have a fairly clear path to that future when someone volunteers to do the work and get the implementation community on board. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Tuesday, 6 July 2021 15:17:13 UTC