- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 13 Jun 2021 17:24:06 -0400
- To: public-credentials@w3.org
On 6/12/21 11:44 AM, Adrian Gropper wrote: > Brian's initiative and Manu's analysis suggests that we could benefit from > separating internal vs. external endpoints. Internal endpoints, for > example, are unlikely targets for DoS attacks and benefit from delegation > only to the extent it promotes a Zero Trust Architecture. As is mentioned later in this thread "internal" vs. "external" doesn't quite capture it. There are really three classes of trust boundaries that we're talking about: 1. Single Trust Boundary - all systems reside within the same trust boundary. At least OAuth2/MTLS is needed here because there might be attackers behind your firewall/VPN. 2. Multi-tenant Trust Boundaries - multi-tenant systems that do not reside within the same trust boundary, but reside on the same logical system. At least OAuth2/MTLS is needed here because these endpoints are exposed to the seedy underbelly of the Internet. 3. No Trust Boundary - anyone has access to these APIs and trust is gradually established after the first contact. The initial presentation exchange endpoint is an example of this type of endpoint. You don't want any sort of authorization protection on this endpoint because you want anyone to be able to start a presentation exchange with you. Authorization to proceed is determined at a higher layer of logic. You can apply delegated authorization schemes to the same types of trust boundaries as the OAuth2/MTLS ones. So, it's not just internal vs. external... we have at least three types of trust boundaries that apply to the VC HTTP API. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Sunday, 13 June 2021 21:24:36 UTC