[AGENDA] VC HTTP API Work Item - July 13th 2021

VC HTTP API Work Item - July 13th 2021
Time: Tue 4pm ET, 1pm PT, 10pm CET, 8am NZDT (Wed)

Text Chat:
      http://irc.w3.org/?channels=ccg
      irc://irc.w3.org:6665/#ccg

Jitsi Teleconf:
      https://meet.w3c-ccg.org/vchttpapi

Duration: 60 minutes

MEETING MODERATOR: Manu Sporny

AGENDA:

1. Agenda Review, Introductions, Use Cases Update (10 min)

2. Pull Requests (5 minutes)
   https://github.com/w3c-ccg/vc-http-api/pull/211

3. Issue Processing (5 minutes)
   https://github.com/w3c-ccg/vc-http-api/issues/204

4. Authorization Proposals (40 minutes)

These are synthesized proposals based on Justin's reformulation of MikeV's
proposals, the +1s on the mailing list, work that has volunteers, and ideas
that seem like they might at least get majority support given input from the
mailing list.

PROPOSAL: How a VC HTTP API client gets an authorization token is out of scope.

PROPOSAL: How a VC HTTP API server validates an authorization token is out of
scope.

PROPOSAL: One of the authorization mechanisms for the VC-HTTP-API MUST be
OAuth 2 Bearer tokens.

PROPOSAL: One of the authorization mechanisms for the VC-HTTP-API SHOULD be
GNAP key-bound access tokens.

PROPOSAL: One of the authorization protocols for the VC-HTTP-API MUST be OAuth
2 Client Credentials. NOTE: This one conflicts with the first proposal (on
purpose).

PROPOSAL: The VC HTTP API MUST define access actions in terms of OAuth 2 RAR
structures.

In the interest of making some preliminary decisions and moving on, we will be
doing majority voting for all proposals that fail to achieve consensus.
Remember that all of this is at risk to being re-litigated when the work flows
into an official working group, so decisions are to be viewed as preliminary
(and not final).

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Saturday, 10 July 2021 15:10:28 UTC