Re: [zcap-spec] Request for Clarification (Is it "what" or "why?" and cross-matching)

> A capability system would do this differently.  Bob would present his
> credentials, such as age and gender, and get back a capability authorizing
> search with caveats limiting what he can find.  The return values would
> include a capability to read Alice's profile.  Notice the difference?  Any
> authorization is done up front in order to get a capability.  That
> capability is then used to make a request.

I think I now understand. Instead of including proofs with a request to
"use Alice's 'read profile capability," Bob would provide his credentials
as part of a request for a "read profile capability" for Alice's profile.
Proofs are presented when requesting a capability, not when using one. Is
that correct?

But, that leaves me confused about Manu's statement:

> (READ, "
> ",
> did:key:z6MkqvajY2zUw866mQyY2LRwdPXKov1Q48Hw8RWxnKd1AeEt)
> And whomever can do a digital signature as that did:key will learn the
> secret of life.
> *That's a capability that requires cryptographic proofof some kind when
> access to the document is requested. The requirementof a cryptographic
> proof is called a "caveat"* -- that is, "You can
> access X, as long as you meet requirements Y."

Is this saying that the cryptographic proof is required when the capability
is used, or that a new capability will be issued if the cryptographic proof
is provided?

bob wyman

Received on Monday, 6 March 2023 02:37:20 UTC