- From: Adrian Gropper <agropper@healthurl.com>
- Date: Tue, 6 Jul 2021 11:20:47 -0400
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
Received on Tuesday, 6 July 2021 15:21:12 UTC
So then can we avoid mention of OAuth2 in the first iteration? - Adrian On Tue, Jul 6, 2021 at 11:18 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > On 7/6/21 11:02 AM, Adrian Gropper wrote: > > If we’re trying to constrain the scope, why do we need OAuth2 and client > > credentials? As I see it, an issuer’s endpoint presented with an HTTP > > Authorization: Bearer token need only trust the signature on the token > and > > understand it’s content. > > > > What am I missing? > > The implementers need something concrete to implement... but you're not far > off. We don't need much more than what you say above... at least, we don't > need more than that for the first iteration. > > I fully expect future iterations to support GNAP/RAR/ZCAPs... and as was > presented last week, we have a fairly clear path to that future when > someone > volunteers to do the work and get the implementation community on board. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > News: Digital Bazaar Announces New Case Studies (2021) > https://www.digitalbazaar.com/ > > >
Received on Tuesday, 6 July 2021 15:21:12 UTC