Re: Presentation of RAR to VC HTTP API group from Justin Richer on 2021-06-29 (public-credentials@w3.org from June 2021)

From: Justin Richer <jricher@mit.edu>
Date: Tue, 29 Jun 2021 10:03:29 -0400
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-Id: <D2D94280-5E96-467F-90D2-F33248B37685@mit.edu>

Hi Manu,

I’m planning on presenting at tonight’s meeting, as we had discussed last week.

Hopefully you’ll see from the discussion tonight that many of the questions you raise below are, in my opinion, out of scope for the effort I’m proposing.

 — Justin

> On Jun 24, 2021, at 12:20 PM, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
> Hi Justin,
> 
> Thank you for volunteering to walk the VC HTTP API group through the potential
> application of Rich Authorization Requests to the VC HTTP API.
> 
> You had mentioned that you might be able to present something by next Tuesdays
> call (but assuming your current workload is high, the following week would be
> fine too -- up to you to determine where this is on your list of priorities).
> 
> You had requested the current VC HTTP API documentation in order to understand
> the endpoints that need authorization protection. The current documentation is
> here:
> 
> https://w3c-ccg.github.io/vc-http-api/issuer.html
> https://w3c-ccg.github.io/vc-http-api/verifier.html
> 
> I'm not including the holder APIs because they're still a bit green and
> haven't received a lot of group review yet.
> 
> At this point, demonstrating and/or answering at least the following questions
> would probably be useful:
> 
> * A concrete life cycle example of RAR as applied to the
>  VC HTTP API. How do you get the token with RAR stuff
>  inside of it? What do you put in the RAR section? How
>  does the server process the token? How does one deploy
>  this today? The /verify endpoint would most likely be
>  the simplest example.
> 
> * Where is RAR deployed today and is it supported by
>  the big vendors (Auth0, Okta, Ping, Cognito, etc.).
>  How many software libraries support RAR today?
> 
> * When will RAR be a standard? Are there any RFC
>  challenges that you can see at this point?
> 
> * Are there other things you need on top of RAR to do
>  things like delegation or attenuated delegation? If so,
>  are these solutions standardized (or on their way to
>  standardization)?
> 
> ... and, of course, anything else you feel relevant. If you could plan for a
> 15 minute presentation followed by at least 15-30 minutes of discussion, that
> would probably be a good target.
> 
> -- manu
> 
> -- 
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>

Received on Tuesday, 29 June 2021 14:03:47 UTC