- From: Orie Steele <orie@transmute.industries>
- Date: Tue, 20 Jul 2021 13:57:54 -0500
- To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Received on Tuesday, 20 July 2021 18:58:19 UTC
See: https://github.com/w3c-ccg/vc-http-api/issues/218 Proposal 1: The APIs that use OAS3.0 MUST define securitySchemes per the OAS 3.0 spec. (@OR13 proposal addresses 4) Proposal 2: The APIs that use OAS3.0 MUST define the use of the Link Header for suite and issuer id discovery (@TallTed 's proposal addressing 1/2/3) Proposal 3: The APIs that use OAS3.0 MUST define the use of a .well-known JSON resource for conveying supported issuer ids and suites. (@OR13 's. proposal addressing 1/2/3) Note that I did not include the proposal to use did:web for discoverability since it conflicted with previous resolutions, although I think it highlights why did:web is such a good choice for issuer APIs.... We also previously resolved to use OAS3.0 yet I question if the recent resolutions are compatible with that proposal, especially when considering support for GNAP / RAR. Can someone point me to an example of an HTTP API specifed using OAS3.0 + GNAP + RAR that is implemented using https://swagger.io/docs/specification/authentication/ ? OS -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
Received on Tuesday, 20 July 2021 18:58:19 UTC