W3C home > Mailing lists > Public > public-credentials@w3.org > March 2023

Re: [zcap-spec] Request for Clarification (Is it "what" or "why?" and cross-matching)

From: Bob Wyman <bob@wyman.us>
Date: Sun, 5 Mar 2023 21:36:53 -0500
Message-ID: <CAA1s49Xfw68M3r9BLvRu1fZQRzxD0+nxZSOKdWb9nrXHwB2K2Q@mail.gmail.com>
To: Alan Karp <alanhkarp@gmail.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
> A capability system would do this differently.  Bob would present his
> credentials, such as age and gender, and get back a capability authorizing
> search with caveats limiting what he can find.  The return values would
> include a capability to read Alice's profile.  Notice the difference?  Any
> authorization is done up front in order to get a capability.  That
> capability is then used to make a request.

I think I now understand. Instead of including proofs with a request to
"use Alice's 'read profile capability," Bob would provide his credentials
as part of a request for a "read profile capability" for Alice's profile.
Proofs are presented when requesting a capability, not when using one. Is
that correct?

But, that leaves me confused about Manu's statement:

> (READ, "
> https://docs.google.com/presentation/d/vYm4GDBZARndSKu-pMBC4RZTp5_WkAewggLo1623vnHd/edit
> ",
> did:key:z6MkqvajY2zUw866mQyY2LRwdPXKov1Q48Hw8RWxnKd1AeEt)
> And whomever can do a digital signature as that did:key will learn the
> secret of life.
> *That's a capability that requires cryptographic proofof some kind when
> access to the document is requested. The requirementof a cryptographic
> proof is called a "caveat"* -- that is, "You can
> access X, as long as you meet requirements Y."

Is this saying that the cryptographic proof is required when the capability
is used, or that a new capability will be issued if the cryptographic proof
is provided?

bob wyman
Received on Monday, 6 March 2023 02:37:20 UTC

This archive was generated by hypermail 2.4.0 : Monday, 6 March 2023 02:37:21 UTC