W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

Censoring as an Issuer (Re: VC HTTP API Telecon Minutes for 2021-07-13)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 20 Jul 2021 13:56:26 -0400
To: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <32332e07-91c2-1929-7850-b07264d9d9ba@digitalbazaar.com>
On 7/20/21 12:14 PM, Adrian Gropper wrote:
> The linkage of control to possession based on OAuth 2-style API client 
> credentials gives the sovereign Issuer the ability to censor or specify
> the end-user's client.

Replace "Oauth2" with /any authorization mechanism/ and you still have the
same problem.

The server can always deny requests, even legitimate ones. Full. Stop.

An Internet-based server can always censor an Internet-based client. If this
were not possible, every server on the Internet could be Denial-of-Service'd
out of existence.

I continue to be convinced that you don't understand what the Issuer endpoints
of the VC HTTP API do:

https://w3c-ccg.github.io/vc-http-api/issuer.html

Either that, or I'm being fantastically dense (which I do admit is a
possibility). Please help me understand... how is what I said above not true?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Tuesday, 20 July 2021 17:56:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 20 July 2021 17:56:44 UTC