This repository has been archived by the owner on Aug 25, 2023. It is now read-only.

AuthorizationCredential: need a claim about the scope of access to the resources #26

Open

llorllale opened this issue Jul 29, 2020 · 0 comments

Labels

authz documentation

Contributor

llorllale commented Jul 29, 2020

AuthorizationCredential currently has:

issuerDIDDoc (which to me means "location" - see AuthorizationCredential: rename "issuerDIDDoc"? #24)
requestingPartyDIDDoc (PR fix: term expansion alignment #22)
subjectDID (I think should be renamed - see AuthorizationCredential: "subjectDID" #25)

(missing a "resource owner" - see #23)

These things tell us:

The location of the resource
The requesting party
The subject of the claims in the resource

We're missing a way to express the scope of access on the resource along several dimensions:

time (nbf, exp)
mode (RO, RW, ...)
granularity (specific fields inside schemas)
others?

An initial thought was to use the DIF's presentation exchange format to express this... although it doesn't cover all of the bullets

The text was updated successfully, but these errors were encountered:

llorllale added the documentation label

llorllale added the authz label

llorllale mentioned this issue

Add scope to AuthorizationCredential #49

Closed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.