12B/ USER - CENTRIC REQUEST MODEL
From IIW
User-Centric Request Model
Session Convener: Adrian Gropper
Notes-taker(s): Adrian Gropper
Tags / links to resources / technology discussed, related to this session:
Alice, Bob, Wallet, Agent
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
User-Centric Request Model
Alice to Bob is the default use-case
- Alice and Bob each have a crypto wallet or authenticator
- Alice delegates request evaluation to an agent
- Bob delegates request presentation to a client
- Request evaluation results in a capability that Bob’s client presents to the storage resource.
- Microsoft Authenticator is now holding VCs (is an anti pattern because it combines wallet and agent)
- What’s requested?
- Vaccination status (as registered)
- Red / Green Infection risk (contextual)
- Protocol Foundation for IETF / W3C / EIP / ISO
- Clarify: Agent
- is potentially automated
- Alice needs expert representation
- Bob’s client (agent) is mandated by their employer
- The requested resource is referenced as a URL (addressable and accessible)
Bob Alice Client Agent Endpoint <—————> Endpoint
- Bootstrapping (out of scope)
- Who’s who
- Directory (AS first vs. RS first)
- Also consider:
- 3 Dimensions for interoperability
- Vocabulary
- State Transitions
- Policy Calculus
- 3 Dimensions for interoperability
- Graduated Disclosure (allow)
- Resource Abstraction Layer (include)
- Client knows How, Resource Server knows What
- Notary or Bond + Auditor = Consequences
WHITEBOARD PICTURES: See image(s) for these notes in the IIWXXXIV Book of Proceedings here: