Closed michielbdejong closed 4 months ago
i'm still learning, but I got the impression that even though object cababilities may be transferred, many systems bound this behaviour and talk about "delegation" right?
So object-capabilities are explicitly defined as transferable, but MeadowCap capabilities are explicitly defined as tied to one particular person.
Meadowcap's capabilities are transferable via delegation, thus qualify by this definition.
And even then, I do not think the term capability has such a strict definition that we ought to police the usage of the term.
According to Wikipedia, an object-capility is "a transferable right". According to MeadowCap, a capability is "a [...] token that bestows [...] access [...] to a particular person"
So object-capabilities are explicitly defined as transferable, but MeadowCap capabilities are explicitly defined as tied to one particular person.
Would you be open to renaming MeadowCap capabilities to a different word, for instance "grant", more in line with OAuth terminology?
Btw, I looked up hon UCAN uses the word capability; there the
att
field specifies the "capabilities granted by the prf tokens" or "capabilities delegated to the audience", so there the word "capability" is used to mean the things an audience will be able to do, so whereas they could have also used a different more OAuth-aligned word there, like "scope" or "actions", it's only used in plural, and only for the actions the credential/token enables, not to refer to the credential/token itself, so I think it's less confusing in UCAN than in Willow.