- From: Adrian Gropper <agropper@healthurl.com>
- Date: Fri, 11 Jun 2021 13:59:41 -0400
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: public-credentials@w3.org
- Message-ID: <CANYRo8h=ikTDwnAX+tCcniQ__WE+GoGu3Yapwon6C2KwGqHpFQ@mail.gmail.com>
I’m proposing that OAuth2 and GNAP be delivered simultaneously as part of the same spec and test suite or else that authorization be out of scope for VC-HTTP. - Adrian On Fri, Jun 11, 2021 at 1:41 PM Manu Sporny <msporny@digitalbazaar.com> wrote: > On 6/10/21 1:55 PM, Adrian Gropper wrote: > > Is authorization part of the current implementations and test suite? > > No, it's not. That's the crux of the current discussion around > authorization. > There is no authorization mechanism, which means that the VC HTTP API has > no > interoperability at the authorization layer... and that's a big problem for > people building products in this space (because their customers don't want > to > do bespoke authorization mechanisms for every product in the ecosystem). > > > Can we keep both authorization and delegation out of the VC-HTTP API > > Issuer discussion? > > We can definitely keep delegation out of the VC HTTP API discussion. > > We could even theoretically keep authorization entirely out of the VC HTTP > API > discussion... except for the fact that all the implementers want to define > it > and would object to moving forward without Authorization concretely > defined. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > News: Digital Bazaar Announces New Case Studies (2021) > https://www.digitalbazaar.com/ > > >
Received on Friday, 11 June 2021 18:01:11 UTC