Re: VC HTTP Authorization Conversation

Adrian, thanks for this, I think it highlights where much of the disagreement is:

On 6/4/21 5:06 PM, Adrian Gropper wrote:
> This "conversation" is happening at two levels that you are helping
> clarify. Let's call them authorization and bootstrapping until someone
> suggests something different. One level is simply the use of an access
> (authorization) token to access a VC or VP. The other level is the
> bootstrapping into trust.
> ...
> If we can agree that our work should serve both masters, then maybe we can 
> agree to work on OAuth and GNAP simultaneously as well.

There is strong disagreement that we should serve both bootstrapping and

The latter (authorization -- that is showing up with a token of some kind to
demonstrate that you should have access) is in scope.

Bootstrapping is completely out of scope. The VC HTTP API doesn't care how you
got the token, it just cares that you have a token that authorizes your access
to the endpoint.

-- manu

Manu Sporny -
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches

Received on Tuesday, 8 June 2021 19:42:31 UTC