W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: VC HTTP Authorization Conversation

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 8 Jun 2021 15:41:40 -0400
To: public-credentials@w3.org
Message-ID: <da414f1a-59d7-d1e7-2316-68fcd528a13a@digitalbazaar.com>
Adrian, thanks for this, I think it highlights where much of the disagreement is:

On 6/4/21 5:06 PM, Adrian Gropper wrote:
> This "conversation" is happening at two levels that you are helping
> clarify. Let's call them authorization and bootstrapping until someone
> suggests something different. One level is simply the use of an access
> (authorization) token to access a VC or VP. The other level is the
> bootstrapping into trust.
> 
> ...
> 
> If we can agree that our work should serve both masters, then maybe we can 
> agree to work on OAuth and GNAP simultaneously as well.

There is strong disagreement that we should serve both bootstrapping and
authorization.

The latter (authorization -- that is showing up with a token of some kind to
demonstrate that you should have access) is in scope.

Bootstrapping is completely out of scope. The VC HTTP API doesn't care how you
got the token, it just cares that you have a token that authorizes your access
to the endpoint.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Tuesday, 8 June 2021 19:42:31 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 8 June 2021 19:42:45 UTC