W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: VC HTTP Authorization Conversation

From: Adrian Gropper <agropper@healthurl.com>
Date: Fri, 11 Jun 2021 13:59:41 -0400
Message-ID: <CANYRo8h=ikTDwnAX+tCcniQ__WE+GoGu3Yapwon6C2KwGqHpFQ@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: public-credentials@w3.org
I’m proposing that OAuth2 and GNAP be delivered simultaneously as part of
the same spec and test suite or else that authorization be out of scope for
VC-HTTP.

- Adrian

On Fri, Jun 11, 2021 at 1:41 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 6/10/21 1:55 PM, Adrian Gropper wrote:
> > Is authorization part of the current implementations and test suite?
>
> No, it's not. That's the crux of the current discussion around
> authorization.
> There is no authorization mechanism, which means that the VC HTTP API has
> no
> interoperability at the authorization layer... and that's a big problem for
> people building products in this space (because their customers don't want
> to
> do bespoke authorization mechanisms for every product in the ecosystem).
>
> > Can we keep both authorization and delegation out of the VC-HTTP API
> > Issuer discussion?
>
> We can definitely keep delegation out of the VC HTTP API discussion.
>
> We could even theoretically keep authorization entirely out of the VC HTTP
> API
> discussion... except for the fact that all the implementers want to define
> it
> and would object to moving forward without Authorization concretely
> defined.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>
>
Received on Friday, 11 June 2021 18:01:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 11 June 2021 18:01:18 UTC