Re: Restarting work on the zCap (Authorization Capabilities) work item

Ok. But it sounds like you're interested, overall, in working on zCaps,
yeah? :) (especially if it doesn't involve AI-generated slop?)

On Thu, Apr 2, 2026 at 2:54 PM Filip Kolarik <filip26@gmail.com> wrote:

> No, it wasn’t. I'm sorry, perhaps I’m just getting too used to clearly
> stating what’s a no-go for me, especially now that everything is bloated
> with AI-generated content, even forums like here. Hopefully, this is just a
> transitional phase, where some people spend five minutes generating pages
> of text and then are bold enough to expect others to spend hours reviewing
> it. I tend to ignore such “contributions.” as they disrespect my time.
>
> On Thu, Apr 2, 2026 at 8:48 PM Dmitri Zagidulin <dzagidulin@gmail.com>
> wrote:
>
>> Filip,
>>
>> Er wait, what do you mean by AI-synthesized content? I don't think any of
>> that was mentioned in this thread. Or did I miss something?
>>
>> On Thu, Apr 2, 2026 at 2:39 PM Filip Kolarik <filip26@gmail.com> wrote:
>>
>>> Hi Dmitri,
>>> zcaps is quite an intriguing concept, enabling features that are hard to
>>> achieve with traditional ACLs in a scalable and manageable way, offering a
>>> different set of trade-offs and fitting well within a decentralized
>>> ecosystem. I’m definitely interested and happy to help if the goal is to
>>> formalize this approach in order to support future adoption and
>>> interoperability.
>>>
>>> However, given the current state of software engineering, I’m not
>>> interested in reviewing AI-synthesized content generated in seconds and
>>> shared by someone else. That would be a waste of time; deliberate consensus
>>> engineering.
>>>
>>> Best regards,
>>> Filip
>>> https://www.linkedin.com/in/filipkolarik/
>>>
>>> On Thu, Apr 2, 2026 at 2:07 AM Dmitri Zagidulin <dzagidulin@gmail.com>
>>> wrote:
>>>
>>>> Oh, one other piece of reading that might be helpful to people, to
>>>> refresh their memory on zCaps etc. I've been working on a zCap Developer
>>>> Guide over at https://github.com/interop-alliance/zcap-developer-guide
>>>> (which I'd be happy to donate to the CCG, if there's any interest).
>>>>
>>>> On Wed, Apr 1, 2026 at 8:04 PM Dmitri Zagidulin <dzagidulin@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>> A few weeks ago on the CCG call discussing the various work items, I
>>>>> brought up the subject of zCaps (Authorization Capabilities), which is an
>>>>> existing (if somewhat dormant) CCG work item, at
>>>>> https://github.com/w3c-ccg/zcap-spec. And several people have
>>>>> expressed interest in working on that spec again.
>>>>>
>>>>> In parallel, the Delegated Authorization Task Force of the Trusted AI
>>>>> Agent WG at DIF has been evaluating various delegated authorization
>>>>> specifications (including zCaps, various OAuth-based specs, UCANs, GNAP,
>>>>> and many others), and has determined that there's not many authorization
>>>>> options out there with chained delegation ability (basically, zCaps
>>>>> (JSON-based) and UCANs (DAG-CBOR-based) are the only ones). This is
>>>>> especially relevant and timely due to all the momentum and activity behind
>>>>> agent-based development, and the lack of authorization and guardrails in
>>>>> that area.
>>>>>
>>>>> To that end, I'd like to restart work on the zCap spec here at the
>>>>> CCG. The current spec version is v0.3, but it's been out of sync with the
>>>>> way zcaps have been deployed to production by the TruAge project, Digital
>>>>> Bazaar, DCC, and others.
>>>>> So our first goal would be to just update the spec to v0.4, to match
>>>>> the existing implementations.
>>>>>
>>>>> It would be also great to start work on version v0.5, as several new
>>>>> use cases and feature requests have come up in the meantime.
>>>>>
>>>>> So, couple of questions of the group:
>>>>>
>>>>> 1. Would anyone like to help edit the spec?
>>>>>
>>>>> 2. Would folks be interested in a zCap task force call, either monthly
>>>>> or bi-weekly, to work on the spec?
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>>
>>>>>