Closed csuwildcat closed 4 years ago
I preface this with apologies for lacking context: what are the expected timings for request/response lifecycles? Acceptable timeouts? Ballpark ranges?
@cvan not sure about timing, but I was reading about one strategy where all requests/responses are async, in the sense that you should not expect a response on the same request loop.
Open to suggestions, what do you think?
@thedoctor should we add this to the Capability area/spec, or just the main explainer?
@csuwildcat This should go in the auth section (which is still to be created, and still pending somewhat on the DID-auth work)
Is this in the auth section of the spec now?
Resolved on 07/05/2020 call
The act of requesting permissions should follow a defined flow, and leverage/reuse existing Hub functions wherever possible.
Requesting Permission
The requesting entity shall perform the following steps to request a permission:
Message
object, with apotentialAction
value of theAuthorizeAction
object typeresult
field of theAuthorizeAction
Message
object with a JWT and sign with a key matching the requesting entity's DIDMessage
object as the bodyIn response, the target identity shall:
Message
in a change set sync operationMessage
object will be sent back with itsactionStatus
updated with aCompletedActionStatus
value