W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: VC HTTP API Endpoint Authz Needs (was: Re: Attempting to block work)

From: Adrian Gropper <agropper@healthurl.com>
Date: Tue, 15 Jun 2021 23:04:13 -0400
Message-ID: <CANYRo8h388k2uUn08Nx88x9Tumr08hrw-UC6Xwu7E94VaGqjdQ@mail.gmail.com>
To: Alan Karp <alanhkarp@gmail.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>
Why Sorry, Adrian? I'm fine with keeping authorization out of scope and
moving the topic to another WG.

- Adrian

On Tue, Jun 15, 2021 at 10:00 PM Alan Karp <alanhkarp@gmail.com> wrote:

> On Tue, Jun 15, 2021 at 12:05 PM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
>> On 6/15/21 2:52 PM, Alan Karp wrote:
>> > I believe delegation must be a MUST.
>>
>> This is the point of contention. If we say "MUST", then we must define a
>> mechanism, of which there are zero that are ready to go...
>
>
> I say the following with great trepidation.
>
> I would rather see no authorization mechanism included in the spec than
> have one that is flawed.  (Sorry, Adrian.)  The risk of implementations
> going down the wrong track is simply too high.  However, the spec should be
> designed so authorizations can be added later.
>
> Is it possible to include recommendations for those who want
> authorizations?
>
> --------------
> Alan Karp
>
Received on Wednesday, 16 June 2021 03:13:05 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 16 June 2021 03:13:21 UTC