Credentials Task Force proposal from Tony Arcieri on 2015-11-07 (public-webpayments-ig@w3.org from November 2015)

From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 6 Nov 2015 16:36:47 -0800
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
Message-ID: <CAHOTMVJcHNmof4gRNDyr-76y9z2Yrxq9YLChP0A2FOP0dO7Svw@mail.gmail.com>

On Friday, November 6, 2015, Dave Longley <dlongley@digitalbazaar.com>
wrote:
>
> Yeah, I could see macaroons being used in conjunction with credentials.

Macaroons specifically self-identify as bearer credentials in the paper.

> It's unclear if there might need to be some minor tweaks to macaroons as
> they appear to be very service oriented, whereas credentials are
> user-centric.

Macaroons are specifically designed for multi-principal actions where one
of the principals *can* be an end user. All of the diagrams in the paper
illustrate user <-> service <-> service interactions.

So long as a set of required attributes could be embedded in a macaroon
> (caveats) and a set of credentials could assert those attributes (despite
> not being tied to a service), I could see them playing nicely together.

This is definitely the case: caveats are arbitrary.

-- 
Tony Arcieri

Received on Saturday, 7 November 2015 00:37:20 UTC