Comments (11)
100% agree with this approach!
We could advocate that people list their endpoints for the VC HTTP API and the authorization in the DID docs of the organizations did doc and put that into the well-known path for discoverability. then the only thing that remains is the identity set up of A and B in each other's apps. But that can follow the already known and used methods that enterprises love and cherish. cc @OR13 @mprorock
from traceability-interop.
On the call today, we discussed 2 options regarding access_token and scope.
Consensus was too not put scopes into the flow, until the API is more mature/
from traceability-interop.
I like this flow - OAuth works well in this case and the way you are lining out the /organizations/...
path sets things up well for the multi-tenant situations we are seeing in the real world
from traceability-interop.
thanks, I think we already have evidence that some vc http api endpoints will be isolated and authenticated on a per tenant basis, whether thats via a subdomain or a path.
obviously it's frustrating to build and maintain so many point to point integrations... but this is what folks doing api integrations today expect, and we will be shooting ourselves in the face to start with anything else IMO.
from traceability-interop.
nb: closely related to #3
from traceability-interop.
great note from @TallTed on weekly call that auth should likely apply to all APIs in this spec
from traceability-interop.
partially addressed in #15
Would love to work postman test for this: #16
from traceability-interop.
I talked about DBMS analogies on the call; the basic web architecture also fits.
DBMS "native" API carries ODBC/JDBC/dotNET/OLE DB/etc. carries app data and/or logic of varying depths which may require varying authentication and authorization, typically to the CATALOG or SCHEMA or TABLE or ROW or even CELL.
TCP/IP carries TLS carries HTTP (making it HTTPS) carries app data and/or logic of varying depths which may require varying authentication and authorization, to the directory/container or file or segment of file, etc.
It's important to build to allow the very very low-level, though early efforts may only require the high level at the beginning -- with the eternal caution that some early deployments may linger for decades past their expected expiration date (note bene the FORTRAN and COBOL that still powers the financial industry, not to mention [if I remember right] still-lingering pieces of the air-traffic-control system!) ... so always be careful what optionals you put default credentials into!
from traceability-interop.
related:
from traceability-interop.
implemented in spec, pending close once new issue addressing the links above is raised.
from traceability-interop.
Opened, here: w3c-ccg/vc-api#218
from traceability-interop.
Related Issues (20)
- [BUG] expanding traceability did document with pyld HOT 5
- [Discussion] Should the created field be removed as an option when creating a credential? HOT 3
- [Question] When verifying a presentation, is it expected that all VC have also been verified? HOT 1
- @context values can be objects according to the spec, conformance test-suite will raise this as a failed step HOT 2
- Editors (and authors?) lists need update
- Outdated Interoperability Testing section HOT 4
- Reschedule meeting cadence HOT 6
- Cleanup issue tracker on respec docs
- Confusing "allow-list" reference
- `service` section outdated
- `assertionmethod` section seems unnecessary HOT 2
- Remove did:key from Example 5 HOT 1
- Outdated Authorization section
- Add additional code generation languages HOT 1
- Data Integrity Proof Suites section is outdated
- Update Introduction section
- PR-653 hasn't been published
- Update section 8 HOT 1
- Testing Interop HOT 2
- Service endpoint discovery is pointless when client_credentials have already been exchanged
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traceability-interop.