- From: Filip Kolarik <filip26@gmail.com>
- Date: Thu, 2 Apr 2026 20:39:36 +0200
- To: dzagidulin@gmail.com
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CADRK2_P4ia9JG5DOAY-LWBi-ghFW9W72p0tf-ouv5FEwXtFoPw@mail.gmail.com>
Hi Dmitri, zcaps is quite an intriguing concept, enabling features that are hard to achieve with traditional ACLs in a scalable and manageable way, offering a different set of trade-offs and fitting well within a decentralized ecosystem. I’m definitely interested and happy to help if the goal is to formalize this approach in order to support future adoption and interoperability. However, given the current state of software engineering, I’m not interested in reviewing AI-synthesized content generated in seconds and shared by someone else. That would be a waste of time; deliberate consensus engineering. Best regards, Filip https://www.linkedin.com/in/filipkolarik/ On Thu, Apr 2, 2026 at 2:07 AM Dmitri Zagidulin <dzagidulin@gmail.com> wrote: > Oh, one other piece of reading that might be helpful to people, to refresh > their memory on zCaps etc. I've been working on a zCap Developer Guide over > at https://github.com/interop-alliance/zcap-developer-guide (which I'd be > happy to donate to the CCG, if there's any interest). > > On Wed, Apr 1, 2026 at 8:04 PM Dmitri Zagidulin <dzagidulin@gmail.com> > wrote: > >> Hi all, >> A few weeks ago on the CCG call discussing the various work items, I >> brought up the subject of zCaps (Authorization Capabilities), which is an >> existing (if somewhat dormant) CCG work item, at >> https://github.com/w3c-ccg/zcap-spec. And several people have expressed >> interest in working on that spec again. >> >> In parallel, the Delegated Authorization Task Force of the Trusted AI >> Agent WG at DIF has been evaluating various delegated authorization >> specifications (including zCaps, various OAuth-based specs, UCANs, GNAP, >> and many others), and has determined that there's not many authorization >> options out there with chained delegation ability (basically, zCaps >> (JSON-based) and UCANs (DAG-CBOR-based) are the only ones). This is >> especially relevant and timely due to all the momentum and activity behind >> agent-based development, and the lack of authorization and guardrails in >> that area. >> >> To that end, I'd like to restart work on the zCap spec here at the CCG. >> The current spec version is v0.3, but it's been out of sync with the way >> zcaps have been deployed to production by the TruAge project, Digital >> Bazaar, DCC, and others. >> So our first goal would be to just update the spec to v0.4, to match the >> existing implementations. >> >> It would be also great to start work on version v0.5, as several new use >> cases and feature requests have come up in the meantime. >> >> So, couple of questions of the group: >> >> 1. Would anyone like to help edit the spec? >> >> 2. Would folks be interested in a zCap task force call, either monthly or >> bi-weekly, to work on the spec? >> >> Thanks! >> >> >> >>
Received on Thursday, 2 April 2026 18:39:52 UTC