- From: Alan Karp <alanhkarp@gmail.com>
- Date: Thu, 21 Aug 2025 10:46:08 -0700
- To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Received on Thursday, 21 August 2025 17:46:26 UTC
I have followed a variety of access control systems off and on for some 30 years, including the recent discussion on this list of the use of OAuth 2.0 and 2.1. I have concluded that many, if not all of them, suffer from being based on use cases that are too simple. In an attempt to address that problem, I've constructed a bunch of use cases <https://alanhkarp.com/UseCases.pdf> that I think capture all the hazards an access control system must address. Comments, criticisms, and corrections will be appreciated and resented in equal measure. -------------- Alan Karp
Received on Thursday, 21 August 2025 17:46:26 UTC