Re: VC HTTP Authorization Conversation

On 6/10/21 1:55 PM, Adrian Gropper wrote:
> Is authorization part of the current implementations and test suite?

No, it's not. That's the crux of the current discussion around authorization.
There is no authorization mechanism, which means that the VC HTTP API has no
interoperability at the authorization layer... and that's a big problem for
people building products in this space (because their customers don't want to
do bespoke authorization mechanisms for every product in the ecosystem).

> Can we keep both authorization and delegation out of the VC-HTTP API
> Issuer discussion?

We can definitely keep delegation out of the VC HTTP API discussion.

We could even theoretically keep authorization entirely out of the VC HTTP API
discussion... except for the fact that all the implementers want to define it
and would object to moving forward without Authorization concretely defined.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Friday, 11 June 2021 17:35:27 UTC