- From: Alan Karp <alanhkarp@gmail.com>
- Date: Mon, 28 Dec 2020 10:10:44 -0800
- To: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Received on Monday, 28 December 2020 18:11:08 UTC
David Chadwick <D.W.Chadwick@kent.ac.uk> wrote: > > > > > You may still want to delegate a bearer capability for sub-scoping and > > responsibility tracking. > > Yes you can do that, but only for a non-bearer credential that you have. > A bearer credential by its very definition does not belong to anyone > specifically. Some external (to the credential) mechanism would be > needed to track its provenance, rather like banks track your money in > its account. They cannot track the notes you hold unless they record > their serial numbers. > You're right. My thinking is colored by my work using SAML certificates, which are assumed to be public documents. That ruled out true bearer credentials. We noted you could get behavior similar to a bearer credential by sharing the certificate and the private key it was issued to. Any holder could then do a sub-scope delegation. That approach doesn't work with true bearer credentials. -------------- Alan Karp
Received on Monday, 28 December 2020 18:11:08 UTC