Re: VC HTTP API Endpoint Authz Needs (was: Re: Attempting to block work)

On 6/15/21 2:52 PM, Alan Karp wrote:
> I believe delegation must be a MUST.

This is the point of contention. If we say "MUST", then we must define a
mechanism, of which there are zero that are ready to go...

That doesn't mean that people aren't experimenting with capabilities and
capability delegation and the VC HTTP API. Digital Bazaar certainly is with
ZCAPs... but we don't want to impose that sort of pain on the rest of the
group. What we are fairly certain of at this point is that the current design
doesn't preclude capability-based delegation, so we're happy to leave it there
until the community is ready to make a stand on a capability-based delegation
hill in the future.

To put it in perspective, this is already happening in the Encrypted Data
Vault work -- that does support capability-based delegation... but it's more
experimental (and so people are more willing to take chances) than with the VC
HTTP API work.

-- manu

Manu Sporny -
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)

Received on Tuesday, 15 June 2021 19:06:21 UTC