Skip to content

Commit e5a4b58

Browse files
Add some more terms.
Signed-off-by: Dmitri Zagidulin <dzagidulin@gmail.com>
1 parent eefcf40 commit e5a4b58

1 file changed

Lines changed: 34 additions & 5 deletions

File tree

README.md

Lines changed: 34 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -118,36 +118,58 @@ private keys).
118118

119119
#### action, allowed action
120120

121+
A list of operations that the holder of the zcap is allowed to perform on the
122+
[target](#target-invocation-target), provided they can provide an invocation
123+
signature.
124+
121125
#### agent
122126
Any entity, usually an app (mobile, desktop or web app), an AI agent,
123127
or cloud microservice, capable of generating or storing cryptographic material
124128
(at least a public/private [keypair](#key-cryptographic-key)) so that it can
125129
prove cryptographic control over its identifier.
126130

127-
#### allowed actions
128-
129131
#### attenuation
130132

131133
#### Authorization header
134+
An HTTP header typically used to carry request authorizations.
135+
See [Constructing the Authorization Header](#constructing-the-authorization-header).
132136

133-
#### capability chain
137+
#### capability chain, proof chain
134138

135139
#### caveat
136140
See [attenuation](#attenuation).
137141

138142
#### controller
143+
The [DID](#did-decentralized-identifier) of the [agent](#agent) authorized to
144+
invoke a capability.
139145

140146
#### data integrity proof
147+
A way to cryptographically sign a structured document (like a JSON object), used
148+
for chained delegation proofs.
149+
See the [Verifiable Credential Data Integrity 1.0](https://www.w3.org/TR/vc-data-integrity/)
150+
specification for more details.
141151

142152
#### delegation
143153

144154
#### Digest header
155+
An HTTP header containing a digest hash of the request body.
156+
See [Constructing the Digest Header](#constructing-the-digest-header).
145157

146158
#### DID, Decentralized Identifier
159+
See [Decentralized Identifier 1.1](https://www.w3.org/TR/did-1.1/) spec
147160

148161
#### expiration
162+
An optional zcap property with a timestamp determining when a zcap expires.
163+
The timestamp is a string, in [XML-Schema dateTimeStamp](https://www.w3.org/TR/xmlschema11-2/#dateTimeStamp)
164+
format (web developers may be familiar with this format from the Javascript
165+
[`toISOString()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
166+
function).
149167

150168
#### HTTP Signatures
169+
Refers to [RFC9421: HTTP Message Signatures](https://www.rfc-editor.org/rfc/rfc9421.html),
170+
a specification that details how to sign HTTP requests (headers and body).
171+
However, see the [Current vs Future Deployments](#current-vs-future-deployments)
172+
section for more discussion.
151173

152174
#### invocation, capability invocation
153175
The _act_ of invoking a capability at the intended destination ([resource
@@ -160,12 +182,19 @@ thus proving possession of the badge, even if not cryptographicaly) would be
160182
the equivalent of invoking a capability.
161183

162184
#### key, cryptographic key
163-
164-
#### proof chain
185+
Used to sign capability invocations, HTTP headers, and to generate delegation
186+
proofs. For zCaps specifically, this is likely to be an asymmetric key pair,
187+
using an appropriate elliptic curve such as `ed25519`.
165188

166189
#### resource server, RS
190+
A server hosting a resource that's protected by an authorization capability.
191+
For API use cases, it's the API server itself, for storage use cases, it's
192+
the actual file or database server hosting the individual objects specified in
193+
`invocationTarget`.
194+
Note: The RS is ultimately responsible for verifying and enforcing zCaps.
167195

168196
#### revocation
197+
A way to revoke (make invalid) a given zcap, after it was issued.
169198

170199
#### root zcap
171200

0 commit comments

Comments
 (0)