Dave Longley
Dave Longley
@David-Chadwick, VCs are used to make verifiable statements about an identity to be shared with a third party. A VC verifier may use a VC to give someone the right...
@David-Chadwick, > So, a credential issued by management saying the holder can drive a pool car, does not have a single resource or target, but has many (all the cars...
@David-Chadwick, > There certainly is a requirement for a verifier to know if the holder is authorised to present the VC (in the VP) that it has just received. I...
See #39 for updates here.
Currently there's no support for invocation without a proof to reduce optionality in the core primitives as much as possible. One could get similar behavior to bearer tokens with zcaps,...
@David-Chadwick, The fact that a VC gives you a privilege does not mean that the VC needs to "**be** that privilege". VCs make assertions about the attributes one possesses, which...
A PR should definitely specify how to return a `redirectUrl` at the end of an exchange for a client to use / get back into the channel where an exchange...
A note on my last comment: > We may want a separate set of endpoints for setting / getting oauth2 client credentials / access tokens for the instance An OAuth2...
I think having instances and configs (and the endpoints for getting instance configs, etc.) defined in the spec should cover this issue. To that end, I recommend we close this...
I made some comments [over here](https://github.com/w3c-ccg/traceability-interop/issues/468#issuecomment-1334171184) where I noted potential problems with having the issuing service auto-generate identifiers for referencing issued credentials. I think the better model is for the...