- From: Dmitri Zagidulin <dzagidulin@gmail.com>
- Date: Wed, 1 Apr 2026 20:04:32 -0400
- To: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANnQ-L7yWFYyGn6TVJ4jcMuSOJa8OnhC5G0E9A=_aGNNwBoeQw@mail.gmail.com>
Hi all, A few weeks ago on the CCG call discussing the various work items, I brought up the subject of zCaps (Authorization Capabilities), which is an existing (if somewhat dormant) CCG work item, at https://github.com/w3c-ccg/zcap-spec. And several people have expressed interest in working on that spec again. In parallel, the Delegated Authorization Task Force of the Trusted AI Agent WG at DIF has been evaluating various delegated authorization specifications (including zCaps, various OAuth-based specs, UCANs, GNAP, and many others), and has determined that there's not many authorization options out there with chained delegation ability (basically, zCaps (JSON-based) and UCANs (DAG-CBOR-based) are the only ones). This is especially relevant and timely due to all the momentum and activity behind agent-based development, and the lack of authorization and guardrails in that area. To that end, I'd like to restart work on the zCap spec here at the CCG. The current spec version is v0.3, but it's been out of sync with the way zcaps have been deployed to production by the TruAge project, Digital Bazaar, DCC, and others. So our first goal would be to just update the spec to v0.4, to match the existing implementations. It would be also great to start work on version v0.5, as several new use cases and feature requests have come up in the meantime. So, couple of questions of the group: 1. Would anyone like to help edit the spec? 2. Would folks be interested in a zCap task force call, either monthly or bi-weekly, to work on the spec? Thanks!
Received on Thursday, 2 April 2026 00:04:54 UTC