Re: Presentation of RAR to VC HTTP API group from Justin Richer on 2021-06-29 (public-credentials@w3.org from June 2021)

From: Justin Richer <jricher@mit.edu>
Date: Tue, 29 Jun 2021 17:09:50 -0400
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-Id: <245DC712-6922-4F63-9AD3-40E6BE77ACED@mit.edu>

I had to dust off an old SlideShare account, but I’ve uploaded the deck from today’s presentation:

https://www.slideshare.net/zeronine1/rar-and-gnap-for-vc-http-api <https://www.slideshare.net/zeronine1/rar-and-gnap-for-vc-http-api>

As stated on the call, I did not write the deck as a leave-behind artifact, and so encourage people to instead watch the video of the presentation with vocal track instead.

 — Justin

> On Jun 29, 2021, at 10:03 AM, Justin Richer <jricher@mit.edu> wrote:
> 
> Hi Manu,
> 
> I’m planning on presenting at tonight’s meeting, as we had discussed last week.
> 
> Hopefully you’ll see from the discussion tonight that many of the questions you raise below are, in my opinion, out of scope for the effort I’m proposing.
> 
> — Justin
> 
>> On Jun 24, 2021, at 12:20 PM, Manu Sporny <msporny@digitalbazaar.com> wrote:
>> 
>> Hi Justin,
>> 
>> Thank you for volunteering to walk the VC HTTP API group through the potential
>> application of Rich Authorization Requests to the VC HTTP API.
>> 
>> You had mentioned that you might be able to present something by next Tuesdays
>> call (but assuming your current workload is high, the following week would be
>> fine too -- up to you to determine where this is on your list of priorities).
>> 
>> You had requested the current VC HTTP API documentation in order to understand
>> the endpoints that need authorization protection. The current documentation is
>> here:
>> 
>> https://w3c-ccg.github.io/vc-http-api/issuer.html
>> https://w3c-ccg.github.io/vc-http-api/verifier.html
>> 
>> I'm not including the holder APIs because they're still a bit green and
>> haven't received a lot of group review yet.
>> 
>> At this point, demonstrating and/or answering at least the following questions
>> would probably be useful:
>> 
>> * A concrete life cycle example of RAR as applied to the
>> VC HTTP API. How do you get the token with RAR stuff
>> inside of it? What do you put in the RAR section? How
>> does the server process the token? How does one deploy
>> this today? The /verify endpoint would most likely be
>> the simplest example.
>> 
>> * Where is RAR deployed today and is it supported by
>> the big vendors (Auth0, Okta, Ping, Cognito, etc.).
>> How many software libraries support RAR today?
>> 
>> * When will RAR be a standard? Are there any RFC
>> challenges that you can see at this point?
>> 
>> * Are there other things you need on top of RAR to do
>> things like delegation or attenuated delegation? If so,
>> are these solutions standardized (or on their way to
>> standardization)?
>> 
>> ... and, of course, anything else you feel relevant. If you could plan for a
>> 15 minute presentation followed by at least 15-30 minutes of discussion, that
>> would probably be a good target.
>> 
>> -- manu
>> 
>> -- 
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://www.digitalbazaar.com/
>> 
> 
>

Received on Tuesday, 29 June 2021 21:10:08 UTC