> > A capability system would do this differently. Bob would present his > credentials, such as age and gender, and get back a capability authorizing > search with caveats limiting what he can find. The return values would > include a capability to read Alice's profile. Notice the difference? Any > authorization is done up front in order to get a capability. That > capability is then used to make a request. I think I now understand. Instead of including proofs with a request to "use Alice's 'read profile capability," Bob would provide his credentials as part of a request for a "read profile capability" for Alice's profile. Proofs are presented when requesting a capability, not when using one. Is that correct? But, that leaves me confused about Manu's statement: > (READ, " > https://docs.google.com/presentation/d/vYm4GDBZARndSKu-pMBC4RZTp5_WkAewggLo1623vnHd/edit > ", > did:key:z6MkqvajY2zUw866mQyY2LRwdPXKov1Q48Hw8RWxnKd1AeEt) > And whomever can do a digital signature as that did:key will learn the > secret of life. > > *That's a capability that requires cryptographic proofof some kind when > access to the document is requested. The requirementof a cryptographic > proof is called a "caveat"* -- that is, "You can > access X, as long as you meet requirements Y." Is this saying that the cryptographic proof is required when the capability is used, or that a new capability will be issued if the cryptographic proof is provided? bob wyman
Received on Monday, 6 March 2023 02:37:20 UTC