W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

Re: VC-HTTP-API - A follow up on the RAR presentation

From: Adrian Gropper <agropper@healthurl.com>
Date: Tue, 6 Jul 2021 11:20:47 -0400
Message-ID: <CANYRo8jPnycg4S9ekcW8vRm3cEm5EY304DvRZ0H-K_AQ-i5QZg@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
So then can we avoid mention of OAuth2 in the first iteration?

- Adrian


On Tue, Jul 6, 2021 at 11:18 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 7/6/21 11:02 AM, Adrian Gropper wrote:
> > If we’re trying to constrain the scope, why do we need OAuth2 and client
> > credentials? As I see it, an issuer’s endpoint presented with an HTTP
> > Authorization: Bearer token need only trust the signature on the token
> and
> > understand it’s content.
> >
> > What am I missing?
>
> The implementers need something concrete to implement... but you're not far
> off. We don't need much more than what you say above... at least, we don't
> need more than that for the first iteration.
>
> I fully expect future iterations to support GNAP/RAR/ZCAPs... and as was
> presented last week, we have a fairly clear path to that future when
> someone
> volunteers to do the work and get the implementation community on board.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>
>
Received on Tuesday, 6 July 2021 15:21:12 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:18 UTC