- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 8 Jun 2021 15:41:40 -0400
- To: public-credentials@w3.org
Adrian, thanks for this, I think it highlights where much of the disagreement is: On 6/4/21 5:06 PM, Adrian Gropper wrote: > This "conversation" is happening at two levels that you are helping > clarify. Let's call them authorization and bootstrapping until someone > suggests something different. One level is simply the use of an access > (authorization) token to access a VC or VP. The other level is the > bootstrapping into trust. > > ... > > If we can agree that our work should serve both masters, then maybe we can > agree to work on OAuth and GNAP simultaneously as well. There is strong disagreement that we should serve both bootstrapping and authorization. The latter (authorization -- that is showing up with a token of some kind to demonstrate that you should have access) is in scope. Bootstrapping is completely out of scope. The VC HTTP API doesn't care how you got the token, it just cares that you have a token that authorizes your access to the endpoint. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Tuesday, 8 June 2021 19:42:31 UTC