Commit 7939d2ae authored by Nikos Fotiou's avatar Nikos Fotiou
Browse files

Resource request

parent e185bbca
......@@ -32,19 +32,22 @@ The following figure illustrates the modules of the ZeroTrustVC component.
A typical authorization flow in ZeroTrustVC includes the following steps
### Issuer configuration
With this step, a resource owner configures the authorization server with policies
With this step, a resource owner configures the issuer with policies
that specify the access rights that correspond to a client. Clients are identified
using a public key (later on this project we will consider cases where clients are
identified by a Decentralized Identifier).
### VC request and issuance
With this step, a client requests from the authorization server a VC. A client request
With this step, a client requests from the issuer a VC. A client request
is in essence an [OAuth 2.0 access token request using the client
credentials grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4). The
client proof possession of the corresponding public key using OAuth 2.0 [Demonstrating
Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04).
The authorization server responds with a VC [encoded as JWT](https://www.w3.org/TR/vc-data-model/#jwt-encoding).
The issuer responds with a VC [encoded as JWT](https://www.w3.org/TR/vc-data-model/#jwt-encoding).
### Resource request
A client requests an HTTP resource by including in its request the received
JWT-encoded VC and the corresponding [DPoP proof](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04#section-7).
\ No newline at end of file
JWT-encoded VC and the corresponding [DPoP proof](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04#section-7).
The request is received by the verifier that acts as an HTTP proxy. The verifier
validates the included VC and proof, and if the validation succeeds, it forwards
the request to the actual resource.
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment