- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 20 Jul 2021 13:56:26 -0400
- To: W3C Credentials CG <public-credentials@w3.org>
On 7/20/21 12:14 PM, Adrian Gropper wrote: > The linkage of control to possession based on OAuth 2-style API client > credentials gives the sovereign Issuer the ability to censor or specify > the end-user's client. Replace "Oauth2" with /any authorization mechanism/ and you still have the same problem. The server can always deny requests, even legitimate ones. Full. Stop. An Internet-based server can always censor an Internet-based client. If this were not possible, every server on the Internet could be Denial-of-Service'd out of existence. I continue to be convinced that you don't understand what the Issuer endpoints of the VC HTTP API do: https://w3c-ccg.github.io/vc-http-api/issuer.html Either that, or I'm being fantastically dense (which I do admit is a possibility). Please help me understand... how is what I said above not true? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Tuesday, 20 July 2021 17:56:42 UTC