# Solid Authorization Panel September 16th, 2020 ## Present - Justin B - Sarven - Henry S - elf Pavlik - Dmitri Z ## Agenda - UC Survey Feedback - https://github.com/solid/authorization-panel/blob/master/proposals/wac-ucr/uc-survey.md ## Minutes ### Survey Discussion SC: Propose setting a deadline for next week to discuss the survey results. ### https://solid.github.io/authorization-panel/wac-ucr/#capabilities-vc JB: Use case where someone is rushed to hospital and only someone with a digital credential that can prove they're a medical professional could access an "emergency health profile" DZ: VC spec actually instructs that VCs should not be used for capability-based access control and instead should use linked-data authorization capabilities DZ: There are attribute based access control using a verifiable credential as a replacement for the authorization subject which are legitimate. DZ: Verifiable credential is not an appropriate fit in a capability-based system and instead should consider something like https://w3c-ccg.github.io/zcap-ld/. These are specifically made to work on the web. DZ: Add a section for attribute-based access control with verifiable credentials and move (2.9.1 here) EP: Can find a simpler use case where a media provider allows a subscriber to have a credential if they're a paid subscriber. * DZ: It is verifiable credentials + trusted issuers DZ: Noting that time-based access control is often an aspect of attribute based access control. DZ: Replace 2.9.1 in capabilities section with the media provider use case that Pavlik suggested Action Item: JB to move current 2.9.1 to new system. Action item: DZ to make replacement VC use case. HS to make payment use case.