W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: VC HTTP API Endpoint Authz Needs (was: Re: Attempting to block work)

From: Alan Karp <alanhkarp@gmail.com>
Date: Tue, 15 Jun 2021 12:37:35 -0700
Message-ID: <CANpA1Z0x2j6NsXZ0RSCEb=d7O0ubD3z9faTWHLKxo=fzsPzVFA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Adrian Gropper <agropper@healthurl.com>, W3C Credentials Community Group <public-credentials@w3.org>
On Tue, Jun 15, 2021 at 12:05 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 6/15/21 2:52 PM, Alan Karp wrote:
> > I believe delegation must be a MUST.
>
> This is the point of contention. If we say "MUST", then we must define a
> mechanism, of which there are zero that are ready to go...


I say the following with great trepidation.

I would rather see no authorization mechanism included in the spec than
have one that is flawed.  (Sorry, Adrian.)  The risk of implementations
going down the wrong track is simply too high.  However, the spec should be
designed so authorizations can be added later.

Is it possible to include recommendations for those who want authorizations?

--------------
Alan Karp
Received on Tuesday, 15 June 2021 19:39:15 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 15 June 2021 19:39:19 UTC