Andrew_Hughes: most of you know me already, i'm returning from distant shores of the internet, starting to pay more attention to the w3c work again, glad to hear today's topic ✪
<andrew_hughes> Hi everyone! Glad to be back and seeing what's been happening over the last year
<orie> Hey David!
Topic: Use Cases
EricSchuh: we are about half way through the scheduled initial triage. Expect to have initial set of use cases. If anyone wants to add anything new, feel free to. If adding something substantial, ping myself or Juan on the Google Doc or comment. ✪
<juan_caballero_(dif/spruce)> scribest with the mostest
PROPOSAL: another entire call dedicated ONLY to green box.
PROPOSAL: It is in scope to define a means of describing access to the VC HTTP API, using RAR/GNAP.
PROPOSAL: it is out of scope (for now) to define a means for an authorization server to request, accept, or process the VC HTTP API.
<mprorock> What about: "It is in scope to define a means of describing access to the VC HTTP API"
PROPOSAL: it is out of scope to define a mechanism to use the VC HTTP API to prove access to a given RS.
PROPOSAL: The vc-http-api will use OAuth2.0 + RAR
<orie> There are 2 options here... OAuth2.0 + RAR or OAuth2.0 + Scopes
<orie> we already resolved not to mention gnap iirc
<justin_richer> RAR == scopes
<orie> correct, imo
<justin_richer> I;'m trying to make that point!
Juan_Caballero_(DIF/Spruce): I was wondering... in the examples you mentioned disclosures as an example of an API-specific object, you said it's in a registry but it wasn't clear... Are you proposing that per API this spec would include optional or mandatory definitions of what disclosures or other types of info specific to VC HTTP API that could optionally be in the token? ✪
<tallted> Will this be OpenAPI spec'able? Or is this forcing human interpretation and no machine discoverability/operationality?
<orie> hence my point, not helpful to call "RAR" === "Scopes"
<juan_caballero_(dif/spruce)> i DO love multidimensional giant tables!
<orie> imagine a world where enterprises use OAuth2.0 + scopes today.
Juan_Caballero_(DIF/Spruce): I find this all very interesting, just wondering if there some sort of fallback or equivalent for how a table written for RAR could be encoded in say scope strings or something else people don't like? ✪
<mprorock> lol @orie
<mike_varley> @orie the google ref; no, that looks like an implementation using rigid strings, that RAR looks ro address with an expression language. (my 3s interpretation)
<orie> RAR = Fancy Scope Strings.
<orie> I try :)
<juan_caballero_(dif/spruce)> thanks for that answer! helpful
<orie> what if we decide to use OAuth2.0 + Scopes
<orie> but all our scopes
<orie> are JSON.stringify(RAR)
<justin_richer> Orie no
<juan_caballero_(dif/spruce)> Orie stop it
<tallted> "RAR = Fancy Scope Strings" -- are those *strings* or can they be URIs or whatever else?
<mprorock> let's just json.stringify everything
<orie> cut me :)
<orie> hence my joke about stringifying them :)
<mprorock> agropper - oauth is in the real world - we have to use oauth and are using it already with the vc-http-api
<orie> Ted ask him if he likes linked data... :)
<butch_clark> Thanks Justin - Very imformative
<justin_richer> thank you for the scribe! I know I am very quick
<juan_caballero_(dif/spruce)> thanks! this really helps
<mahmoud> Thanks justin that was great!
<orie> Thanks justin, this was excellent.
<mike_varley> Thanks scribe! well done. And thank-you Justin.