P2Panda defines "Fine-grained capabilities: Full control over your data by defining who can sync, create, update or delete what"
So this sounds like they are non-transferable, right?
However, according to Wikipedia, an object-capility is "a transferable right".
So object-capabilities are explicitly defined as transferable, but P2Panda capabilities are explicitly defined as tied to the question of who.
Would you be open to renaming MeadowCap capabilities to a different word, for instance "grant", more in line with OAuth terminology?
Btw, I looked up hon UCAN uses the word capability; there the att field specifies the "capabilities granted by the prf tokens" or "capabilities delegated to the audience", so there the word "capability" is used to mean the things an audience will be able to do, so whereas they could have also used a different more OAuth-aligned word there, like "scope" or "actions", it's only used in plural, and only for the actions the credential/token enables, not to refer to the credential/token itself, so I think it's less confusing in UCAN than in P2Panda.
michielbdejong
commented
2 months ago
P2Panda defines "Fine-grained capabilities: Full control over your data by defining who can sync, create, update or delete what" So this sounds like they are non-transferable, right?
However, according to Wikipedia, an object-capility is "a transferable right".
So object-capabilities are explicitly defined as transferable, but P2Panda capabilities are explicitly defined as tied to the question of who.
Would you be open to renaming MeadowCap capabilities to a different word, for instance "grant", more in line with OAuth terminology?
Btw, I looked up hon UCAN uses the word capability; there the
attfield specifies the "capabilities granted by the prf tokens" or "capabilities delegated to the audience", so there the word "capability" is used to mean the things an audience will be able to do, so whereas they could have also used a different more OAuth-aligned word there, like "scope" or "actions", it's only used in plural, and only for the actions the credential/token enables, not to refer to the credential/token itself, so I think it's less confusing in UCAN than in P2Panda.