Exploreing the differences between how capabilities are represetned between UCAN and ReCap.
| UCAN | ReCap | |
|---|---|---|
$RESOURSE |
Needs to be a URI | Any String |
$ABILITY |
One ability per resource ref | Any nymber of abilities per resource ref |
$EXTENSION |
Additional caveats for a specific resource | Additional information, relevant for all resources |
| All resources | Not possible | In def property |
| OCAP delegation | In prf property (not within capability) |
Possibly in ext property |
namespace |
Defined as part of $ABILITY |
Defined, top level globally. |
[
{
"with": $RESOURCE,
"can": $ABILITY,
"nb": $EXTENSION
},
...
]
In a UCAN capabilites are stored as an array of objects as defined above. These are stored in the att property of the UCAN.
$RESOURSE- A string, needs to be a URI$ABILITY- A string verb representing allowed actions$EXTENSION- Any data, verifiers must know how to interpret or reject
{
"def":[ $ABILITY, ... ],
"tar":{
$RESOURCE:[ $ABILITY, ... ],
$RESOURCE:[ $ABILITY, ... ],
$RESOURCE:[ $ABILITY, ... ]
},
"ext": $EXTENSION
}$RESOURSE- Any string$ABILITY- A string verb representing allowed actions$EXTENSION- Any data, verifiers do what they want with it
- Does ReCap need global
def? - Why does ReCap need
namespace
- Remove
namespacefrom ReCap - Remove
extfrom ReCap - Add
prfto ReCap for delegation in the same way UCAN does - Force ReCap to use URIs for
$RESOURSE - Add
nbfield per$RESOURCE
This should make ReCap roughly equivalent to UCAN.