Exploreing the differences between how capabilities are represetned between UCAN and ReCap.
UCAN | ReCap | |
---|---|---|
$RESOURSE |
Needs to be a URI | Any String |
$ABILITY |
One ability per resource ref | Any nymber of abilities per resource ref |
$EXTENSION |
Additional caveats for a specific resource | Additional information, relevant for all resources |
All resources | Not possible | In def property |
OCAP delegation | In prf property (not within capability) |
Possibly in ext property |
namespace |
Defined as part of $ABILITY |
Defined, top level globally. |
[
{
"with": $RESOURCE,
"can": $ABILITY,
"nb": $EXTENSION
},
...
]
In a UCAN capabilites are stored as an array of objects as defined above. These are stored in the att
property of the UCAN.
$RESOURSE
- A string, needs to be a URI$ABILITY
- A string verb representing allowed actions$EXTENSION
- Any data, verifiers must know how to interpret or reject
{
"def":[ $ABILITY, ... ],
"tar":{
$RESOURCE:[ $ABILITY, ... ],
$RESOURCE:[ $ABILITY, ... ],
$RESOURCE:[ $ABILITY, ... ]
},
"ext": $EXTENSION
}
$RESOURSE
- Any string$ABILITY
- A string verb representing allowed actions$EXTENSION
- Any data, verifiers do what they want with it
- Does ReCap need global
def
? - Why does ReCap need
namespace
- Remove
namespace
from ReCap - Remove
ext
from ReCap - Add
prf
to ReCap for delegation in the same way UCAN does - Force ReCap to use URIs for
$RESOURSE
- Add
nb
field per$RESOURCE
This should make ReCap roughly equivalent to UCAN.