W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

Proposals addressing discoverability issues with vc-http-api

From: Orie Steele <orie@transmute.industries>
Date: Tue, 20 Jul 2021 13:57:54 -0500
Message-ID: <CAN8C-_Kk7YBV6RUp-YONm6D1Ssv1m15XAbUt7zWhx-cKGt3o2Q@mail.gmail.com>
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
See: https://github.com/w3c-ccg/vc-http-api/issues/218

Proposal 1: The APIs that use OAS3.0 MUST define securitySchemes per the
OAS 3.0 spec. (@OR13 proposal addresses 4)
Proposal 2: The APIs that use OAS3.0 MUST define the use of the Link Header
for suite and issuer id discovery (@TallTed 's proposal addressing 1/2/3)
Proposal 3: The APIs that use OAS3.0 MUST define the use of a .well-known
JSON resource for conveying supported issuer ids and suites. (@OR13 's.
proposal addressing 1/2/3)

Note that I did not include the proposal to use did:web for discoverability
since it conflicted with previous resolutions, although I think it
highlights why did:web is such a good choice for issuer APIs....

We also previously resolved to use OAS3.0 yet I question if the recent
resolutions are compatible with that proposal, especially when considering
support for GNAP / RAR.

Can someone point me to an example of an HTTP API specifed using OAS3.0 +
GNAP + RAR that is implemented using
https://swagger.io/docs/specification/authentication/ ?


Chief Technical Officer

Received on Tuesday, 20 July 2021 18:58:19 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:18 UTC