@@ -118,36 +118,58 @@ private keys).
118118
119119#### action, allowed action
120120
121+ A list of operations that the holder of the zcap is allowed to perform on the
122+ [ target] ( #target-invocation-target ) , provided they can provide an invocation
123+ signature.
124+
121125#### agent
122126Any entity, usually an app (mobile, desktop or web app), an AI agent,
123127or cloud microservice, capable of generating or storing cryptographic material
124128(at least a public/private [ keypair] ( #key-cryptographic-key ) ) so that it can
125129prove cryptographic control over its identifier.
126130
127- #### allowed actions
128-
129131#### attenuation
130132
131133#### Authorization header
134+ An HTTP header typically used to carry request authorizations.
135+ See [ Constructing the Authorization Header] ( #constructing-the-authorization-header ) .
132136
133- #### capability chain
137+ #### capability chain, proof chain
134138
135139#### caveat
136140See [ attenuation] ( #attenuation ) .
137141
138142#### controller
143+ The [ DID] ( #did-decentralized-identifier ) of the [ agent] ( #agent ) authorized to
144+ invoke a capability.
139145
140146#### data integrity proof
147+ A way to cryptographically sign a structured document (like a JSON object), used
148+ for chained delegation proofs.
149+ See the [ Verifiable Credential Data Integrity 1.0] ( https://www.w3.org/TR/vc-data-integrity/ )
150+ specification for more details.
141151
142152#### delegation
143153
144154#### Digest header
155+ An HTTP header containing a digest hash of the request body.
156+ See [ Constructing the Digest Header] ( #constructing-the-digest-header ) .
145157
146158#### DID, Decentralized Identifier
159+ See [ Decentralized Identifier 1.1] ( https://www.w3.org/TR/did-1.1/ ) spec
147160
148161#### expiration
162+ An optional zcap property with a timestamp determining when a zcap expires.
163+ The timestamp is a string, in [ XML-Schema dateTimeStamp] ( https://www.w3.org/TR/xmlschema11-2/#dateTimeStamp )
164+ format (web developers may be familiar with this format from the Javascript
165+ [ ` toISOString() ` ] ( https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString )
166+ function).
149167
150168#### HTTP Signatures
169+ Refers to [ RFC9421: HTTP Message Signatures] ( https://www.rfc-editor.org/rfc/rfc9421.html ) ,
170+ a specification that details how to sign HTTP requests (headers and body).
171+ However, see the [ Current vs Future Deployments] ( #current-vs-future-deployments )
172+ section for more discussion.
151173
152174#### invocation, capability invocation
153175The _ act_ of invoking a capability at the intended destination ([ resource
@@ -160,12 +182,19 @@ thus proving possession of the badge, even if not cryptographicaly) would be
160182the equivalent of invoking a capability.
161183
162184#### key, cryptographic key
163-
164- #### proof chain
185+ Used to sign capability invocations, HTTP headers, and to generate delegation
186+ proofs. For zCaps specifically, this is likely to be an asymmetric key pair,
187+ using an appropriate elliptic curve such as ` ed25519 ` .
165188
166189#### resource server, RS
190+ A server hosting a resource that's protected by an authorization capability.
191+ For API use cases, it's the API server itself, for storage use cases, it's
192+ the actual file or database server hosting the individual objects specified in
193+ ` invocationTarget ` .
194+ Note: The RS is ultimately responsible for verifying and enforcing zCaps.
167195
168196#### revocation
197+ A way to revoke (make invalid) a given zcap, after it was issued.
169198
170199#### root zcap
171200
0 commit comments