Open expede opened 8 months ago
It seems consistent with exp
so sounds good to me.
I think we have discussed this in the past, but can't recall conclusions we came to so I apologize to bring this up again, but maybe we can capture decisions this time around.
One alternative we could consider is to constraint subject
via delegation policy. I think side effect would be that by default all delegations would be more like power lines which may not be the right default, but on the flip side it would make it a lot easier to express cases where more then one subjects is involved.
Similarly we could use policy to restrict delegation channel e.g. using synthetic selector that gives you iterator of iss
in the chain so you could say ["some", ".@.prf[]", ["==", '.iss', "did:key:zAlice"]]
.
but can't recall conclusions we came [...] using synthetic selector that gives you iterator of iss
My understanding was that we were punting on delegations restricting things beyond the args
field, due to the many implications that it would incur (such as the "do not redelegate" bit, etc)
@gozala at least looking at my implementation from around that time, I think that we had landed on "Require that you use an explicit sub: null
if omitted"
more then one subjects is involved
Can you give me a concrete example?
I’m ok with punning and using null
to redelegate all resources explicitly
I chatted with @matheus23 earlier today about the updated powerline syntax & changes from past iterations. [Philipp, feel free to correct me if I'm wrong on any of the below but wanted to capture here.]
TL;DR he's in favour, but raised that it's too easy to omit the
sub
field accidentally. Two suggestions:sub: null
if omittedsub: "did:*
The glob has the disadvantage that it looks like you can restrict DIDs by scheme (
did:dns:*
), when I'm pretty sure that's not the behaviour that we want.I am in favour of making the
Null
explicit. In most libraries you're already going to have to give have some variation onaudience: Option<DID>
, so let's just renderNone
tonull
as a default.Any objections?