W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Verifiable Credentials as Authorization Anti-Pattern (was Re: Funded Deployments of Verifiable Credentials - framework for meta-credentials)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 8 Sep 2022 14:49:25 -0400
Message-ID: <CAMBN2CSgf3xQqks4Msf+Jta9Mrueota1fkyXX+shgB2idE9m8g@mail.gmail.com>
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
On Thu, Sep 8, 2022 at 2:31 PM David Chadwick
<d.w.chadwick@truetrust.co.uk> wrote:
> Thus I conclude that the whole confused deputy argument for why capabilities are better than credentials is a spurious one.

David, you seem to be re-defining the precise language Alan is using
to describe the problem and the solution with your own definitions
(which are ill defined). The terms he is using have formal definitions
in computer science, some of which can be found here:

https://en.wikipedia.org/wiki/Confused_deputy_problem
https://en.wikipedia.org/wiki/Ambient_authority
https://en.wikipedia.org/wiki/Capability-based_security
https://en.wikipedia.org/wiki/Object-capability_model

You need to assert that either:

1) Your solution binds an unforgeable reference to a resource with the
operation to be performed (and thus IS a capability), or
2) It doesn't do #1, but addresses the confused deputy and ambient
authority problems in some other way.

So, let's start there, are you arguing for a non-capabilities based
system to be expressed using Verifiable Credentials? If so, how are
you solving for (at the very least) ambient authority and confused
deputy?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Thursday, 8 September 2022 18:50:14 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 8 September 2022 18:50:15 UTC