W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: PROPOSALs for VC HTTP API call on 2021-06-22

From: Alan Karp <alanhkarp@gmail.com>
Date: Thu, 24 Jun 2021 10:53:09 -0700
Message-ID: <CANpA1Z0PopcrHr3SrJ8JWM0D2q02gs5VY+BuZqc50MTQ4dFvLw@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
On Thu, Jun 24, 2021 at 10:28 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

>
> VCs-as-attribute-based-permission-tokens are a really dangerous idea.
>

I agree, but I thought Orie Steele was arguing that not needing to deal
with a separate standard for such things as encryption algorithms and
namespaces was worth the risk.  I've been participating in this discussion
to explore that option.  I think it might be OK if the spec is very careful
about what MUST and MUST NOT go into the two types of tokens.  However, I'd
be quite happy if the decision was not to use VCs as permission tokens.

--------------
Alan Karp
Received on Thursday, 24 June 2021 17:54:47 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 June 2021 17:54:50 UTC