Authorization Framework on top of Verifiable Credentials from Vasil Papanchev on 2022-02-15 (public-vc-wg@w3.org from February 2022)

From: Vasil Papanchev <vasilpapanchev@gmail.com>
Date: Tue, 15 Feb 2022 12:06:20 +0000
To: public-vc-wg@w3.org
Message-Id: <CAB3E0K7Pwy1uSb-q4G7-5Kh9hKax=gdxnWXrZSFq8V8rFHPX9Q@mail.gmail.com>

Hello,

I am currently writing my Master thesis in Computer Science on the topic: "Interoperable Access Control System based on Self-sovereign Identities and Verifiable Credentials".

I read the following sentence in the VC Data Model v1.0:
The Working Group did consider authorization use cases during the creation of this specification and is pursuing that work as an architectural layer built on top of this specification. [1]

I want to ask whether your working group is indeed pursuing work in this direction?
So far, the only concrete architecture for an RBAC or ABAC based on DIDs and VCs I have found is SSIBAC [2].

With kind regards,
Vasil Papanchev

Sources:
[1] - https://www.w3.org/TR/vc-data-model/#authorization <https://www.w3.org/TR/vc-data-model/#authorization>
[2] - R. Belchior, B. Putz, G. Pernul, M. Correia, A. Vasconcelos and S. Guerreiro, "SSIBAC: Self-Sovereign Identity Based Access Control," 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020, pp. 1935-1943, doi: 10.1109/TrustCom50675.2020.00264.

Received on Tuesday, 15 February 2022 12:13:09 UTC