From IIW

User-Centric Request Model

Session Convener: Adrian Gropper

Notes-taker(s): Adrian Gropper

Tags / links to resources / technology discussed, related to this session:

Alice, Bob, Wallet, Agent

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

User-Centric Request Model

Alice to Bob is the default use-case

  • Alice and Bob each have a crypto wallet or authenticator
  • Alice delegates request evaluation to an agent
  • Bob delegates request presentation to a client
  • Request evaluation results in a capability that Bob’s client presents to the storage resource.

  • Microsoft Authenticator is now holding VCs (is an anti pattern because it combines wallet and agent)
  • What’s requested?
    • Vaccination status (as registered)
    • Red / Green Infection risk (contextual)
  • Protocol Foundation for IETF / W3C / EIP / ISO
  • Clarify: Agent
    • is potentially automated
    • Alice needs expert representation
    • Bob’s client (agent) is mandated by their employer
  • The requested resource is referenced as a URL (addressable and accessible)
Bob                 Alice
       Client                Agent
       Endpoint   <—————>    Endpoint

  • Bootstrapping (out of scope)
    • Who’s who
    • Directory (AS first vs. RS first)

  • Also consider:
    • 3 Dimensions for interoperability
      • Vocabulary
      • State Transitions
      • Policy Calculus

  • Graduated Disclosure (allow)
  • Resource Abstraction Layer (include)
  • Client knows How, Resource Server knows What
  • Notary or Bond + Auditor = Consequences

WHITEBOARD PICTURES: See image(s) for these notes in the IIWXXXIV Book of Proceedings here: