Re: VC HTTP Authorization Conversation

I finally caught up with this thread, and I think there's one place (maybe
two) where VC-HTTP may need awareness of the authorization token.

Delegation with OAuth 2 and GNAP opaque tokens is done by token exchange.
That means the API needs a way to say, "This token is not for gating access
to this request but to get a sub-scoped version of this token."  This
exception isn't needed for non-opaque, certificate tokens, such as
zcap-ld.  The "maybe" is revocation.

I haven't studied the work on this spec, so my comments may not apply.  If
so, feel free to ignore this note.

Alan Karp

On Fri, Jun 11, 2021 at 2:32 PM Manu Sporny <>

> On 6/11/21 1:59 PM, Adrian Gropper wrote:
> > If anyone wants me to leave the group, all they need to do is ask.
> No one is asking you to leave the group, Adrian. I personally want you to
> remain and I know that others do as well. You're good people.
> There are, however, multiple people that are requesting that you reconsider
> your approach.
> > I’m proposing that OAuth2 and GNAP be delivered simultaneously as part
> of
> > the same spec and test suite
> We have already polled this proposal and it was fairly clear that there was
> strong opposition to it:
> I don't expect much has changed about how people feel about the proposal in
> the past 10 days.
> Would you like to run the proposal officially during the next call, Adrian?
> > or else that authorization be out of scope for VC-HTTP.
> I expect this to also fail given that many of the implementers are
> requesting
> for OAuth2 to be at least one of the authorization mechanisms.
> Would you like to run this proposal during the next call, Adrian?
> > The privacy issue I’m raising can be handled with UMA.
> We have zero implementers that have said that they want to implement UMA.
> If
> there are implementers that are going to implement UMA to handle
> delegation,
> they should speak up now.
> -- manu
> --
> Manu Sporny -
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)

Received on Saturday, 12 June 2021 00:29:54 UTC