Tobias Looker

An easier way to replicate this issue is by running the basic [browser sample](https://github.com/mattrglobal/jsonld-signatures-bbs/tree/master/sample/browser), for some reason web-pack is insisting on installing the optional dependency of node-bbs-signatures that is for...

@OR13 just so I am clear, you are proposing to create an encrypted index thats essentially a hash of the schema attribute in a document. Does this mean I could...

> Does the above resonate? Is there a different security model under consideration? Yes it certainly helps to get to the next level of detail. > The Issuer is able...

IMO the last paragraph above touches on some of the limitations involved in using URL based capabilities rather than say cryptographically secured tokens, the former imposes more session based state...

> The simplest case is that the Issuer generated the URL. A more complex case is that an entity that the Issuer can communicate with, in a SECURE and out...

> It's important to remember that the best outcomes for users on the whole are not necessarily the result of the most convenient UX in failure modes I follow this...

> I'm providing ONE example of an end-to-end flow (without focusing on wallet configuration) that is end-to-end secure -- there are other end-to-end flows that we can get into later....

> What I'm trying to highlight as important is not the difference between non-optimal failure mode UX and a perfect solution (no drawbacks) that addresses it. Obviously the latter is...

To be clearer, no I dont think this model is sufficiently end to end secure for several important usecases. I also dont see how you can layer on additional mechanisms...

No manu, I'm saying something different and I believe @mavarley is too, but thats for him to confirm :). What Im saying is proving security or a system is secure,...