The diversity of our community is a plus. To begin a conversation on VC access controls, I suggest this short intro to the differences between OAuth 2.0 and GNAP:
My goal is to arrive at a shared understanding of what would be minimum needed to support both OAuth2 and GNAP for securing access to a VC.
This week’s CCG teleconference had a great discussion about object capabilities
Alan Karp: I’ve been doing capabilities since I reinvented them in 1996 and I want to make sure we get it right, because when newbies start to use them there are plenty of mistakes that can be made
[…] A capability or an OCAP is an unforgeable, transferable, permission to use the thing it designates … it combines designation with authorization
The 3Box Labs team recently published a new standard for creating capability containers for accessing decentralized data to the Chain Agnostic Standards Alliance. Capability containers are an approach for managing advanced data security and permissions, commonly referred to as “Object Capabilities” or “OCAPs.”
The Challenging New World of Privacy & Security Atlanta Innovation Forum (Enterprise) featuring folks from MSFT, GSM, and Michael Becker. The video looks at the range of risks present in managing identity assets. Its focus is coming from the enterprise-level perspective.
I was reading zcaps draft, as well as related work, mostly macaroons (https://research.google/pubs/pub41892/.
Something that I found confusing about capability documents is that they do not make clear the actions they concern. For example from this https://w3c-ccg.github.io/zcap-ld/#example-1 it is not clear that this is a capability for “driving a car”.
We are still trying to figure out how to explain these things to people.
Capabilities-based systems are not a new concept; they’re decades old at this
point. The challenge has always been in communicating why they’re useful and
have a place in modern security systems.
The Encrypted Data Vault work uses zcaps, and it’s there that we’re trying
hard to explain to developers how to use it:
The “Verifiable” Economy [was RE: a few thoughts about zcaps] Michael Herman (Trusted Digital Web) (Monday, 5 April)
After ruminating on ZCAPs, VCs, DIDs, and DID Documents over Easter dinner, it occurred to me that we’re on the verge of creating a model for a “verifiable” economy…
I see all of this converging into a Capability Authorization-enabled Decentralized Object Model. “More news at 11…”
Updates on Kepler including implementing support for CACAO-ZCAPs, improved the
put function to make it easier to store objects of different types, and added support for listing objects by prefix: kepler-sdk#40 kepler#115.
Now might be a good time to announce some open source tooling a few of us have been working on related to zcaps that is being created to simplify the developer experience when developing with zcaps.
these are the types of use cases that we think can be created and enabled across the web as an open, interoperable standard. And some of it crosses into the work we’re doing as part of the Decentralized Identity Foundation, too.