Re: Attempting to block work (was: Re: VC HTTP Authorization Conversation)

I like the categorization, but you left out a case for authorizers.

I am David the delegator.  I will have 2 endpoints.

   - I will delegate a subset of the permissions in an authorization I hold.
   - I will revoke a delegation that I made.


--------------
Alan Karp


On Sat, Jun 12, 2021 at 1:27 AM Brian Richter <brian@aviary.tech> wrote:

> There aren't that many endpoints in the current spec, let's enumerate them.
>
> Hi, I am Ivan the Issuer, I have 2 endpoints:
>
>    - I will issue a VC
>    - I will update a VC
>
> What authorization mechanism do I use?
>
> Hi, I am Veronica the Verifier, I have 2 endpoints:
>
>    - I will verify a VC
>    - I will verify a VP
>
> What authorization mechanism do I use?
>
> Hi, I am Hagrid the Holder, I have 4 endpoints:
>
>    - I will derive you a credential
>    - I will prove a presentation
>    - Tell me a presentation is ready for me
>    - Provide me a presentation to store
>
> What authorization mechanism do I use?
>
>
> I would be interested in implementers answers to the above questions.
>
> - Brian
>
> On Sat, Jun 12, 2021 at 1:05 AM David Chadwick <
> d.w.chadwick@verifiablecredentials.info> wrote:
>
>>
>> On 11/06/2021 21:54, Orie Steele wrote:
>>
>> The process certainly does not appear to be going super well on this work
>> item, but I think a more rigid issue / PR review on calls and more
>> debate on email can help with that.
>>
>> Perhaps that is because issuer, holder and verifier APIs are all rolled
>> into one  HTTP API. If we clearly separate the API services (and
>> discussion) into those appertaining to the issuer, holder and verifer APIs,
>> then I believe the discussions will be easier to handle.
>>
>> Kind regards
>>
>> David
>>
>