###### tags: `Engineering` `POC` `Right Capabilities` # How to maximize learning by doing? ## Goal Here are results we are going to deliver after prototyping: - Tools (services) for: 1. Generate capability credentials 2. Validate credentials - A complete revocation flow if needed - Put engineering options on the table and make decisions with perspectives from product and marketing teams ## Directions for implementation We need to figure out each aspects before or during implementation. To answer these questions, we need to consider the understandability, usability and its value. The answer would be different among different domains. 1. How will the capability be issued? - In a centralized way: by a service - In a decentralized way: by bitmark app - Full capability issued on object creation by whatever created it 1. How to deliver a capability credential? - By blockchain - By a centralized service - Immediate response to some action (never stored) 1. Whether to validate the identity of a capability? - Direct capability (z-cap) - Indirect capability (macaroon) - What happens if validator is offline? 1. How many rights we have in a given area? This answser determines the complexity of flows for authorization 1. How to deal with revocation? - Revoke the whole subtree (all child capabilites) - Revoke exactly a point 1. Where to validate the identity in real world between trust boundaries? - Third-party caveat - Face-to-face - eKYC 1. How to manage credentials? - bitmark-cli has bitmark private key store - has file sign/verify - add "capability" commands? (e.g., create, delegate, …)