Dave Longley
Dave Longley
I think even if the part of issue that is at the JSON-LD framing layer were resolved here, it wouldn't fully address all the concerns. It's not going to be...
@HanaeRateau, > Thank you @dlongley for the detailed answer. I understand now why it would not be possible to hide the `id`. However, I'm confused about the confidence method mechanism....
Sounds good, as long as it isn't a hard requirement. The first time a capability is "delegated" ("granted") it makes a lot of sense to do that. But we have...
I agree it's important to protect against replay attacks. There's more than one way to invoke an ocap-ld capability ... and those ways may include their own mitigations. For example,...
I'd rather see a recommended context in a best practices/primer/getting started doc as @BigBlueHat suggests. Even then, I'm not convinced there is such a context that broadly supports enough use...
Earlier revisions of the spec had any objects / resources essentially using a polymorphic design where objects / resources were their own "root capabilities". This lead to a desire to...
Pasting my [response](https://github.com/w3c/vc-data-model/pull/169#discussion_r188399202) from the other thread over here: @David-Chadwick, I'm sure others will have something to say here, but here's my initial attempt at breaking things down in a...
@David-Chadwick wrote: > this one still isnt resolved > ii) an identity permission. This credential states (the identity of) the subject, the action and the object e.g. David can drive...
@David-Chadwick, > i) who should issue a credential to drive any car in the car pool? I don't think it could be the car itself. But could a car in...
@David-Chadwick, > Unfortunately your statement 'Management then issues them an OCAP to drive any car' breaks your rule that the verifier issues the ocap. The car (the verifier) did not...