Zoom Logo

Secure Data Storage - WG - Shared screen with gallery view
Manu Sporny
04:45
https://github.com/w3c/did-core/pull/431
Manu Sporny
04:54
did-core-test-suites-bro
tobiaslooker
05:35
Git is such a cool protocol!
tobiaslooker
05:40
Commandline all the way
Manu Sporny
05:46
octo-merge
tobiaslooker
05:46
:)
tobiaslooker
06:08
https://github.com/tj/git-extras
tobiaslooker
07:51
https://github.com/decentralized-identity/confidential-storage/blob/master/agenda.md
Dmitri Zagidulin
09:37
https://hackmd.io/-rsNlehZQbOa5gW8XdNYWA
Dmitri Zagidulin
09:57
https://docs.google.com/presentation/d/1QEHSs4XJ05yQl2mvpiqbM80-MySxlVI9cNDLPq_XkkY/edit#slide=id.ga0635cb593_0_7
Manu Sporny
13:03
This is really good -- we need to introduce the spec like Dmitri is doing righ tnow
Orie Steele (Transmute)
13:14
agreed
Adrian Gropper
13:24
+1
Chris Were
13:36
+1
Chris Were
15:11
Should there be a separate “sync” or “replicate” operation or is that assumed with “read”?
Orie Steele (Transmute)
15:42
possibly
Orie Steele (Transmute)
15:49
Depends on how we model replicatioon
Orie Steele (Transmute)
16:01
CouchDB treats replication as a document
Manu Sporny
16:21
assumed w/ read/write, IMHO.... but we may want to talk about it in the spec --- "complex operations that can be achieved using the operation primitives"
Chris Were
16:46
Yep, makes sense
Orie Steele (Transmute)
17:13
q+ to ask about invoker vs invocation key
Manu Sporny
17:16
these examples are really good... makes things very concrete
Manu Sporny
17:28
q+
Manu Sporny
17:39
q+ to note that these are great, we should map this presentation to the spec.
Daniel Buchner
17:49
q+
Dave Longley
17:49
q+
Adrian Gropper
18:31
q+ to talk about Zero Trust Architecture
Orie Steele (Transmute)
19:35
Can we add “type” to this?
Orie Steele (Transmute)
19:46
Since I think we know we need too?
Manu Sporny
19:50
only if you hate people and privacy, Orie.
Orie Steele (Transmute)
19:54
rofl
Manu Sporny
19:54
/me kidding.
Dave Longley
20:01
types aren't required in zcap-ld but they are permitted
Juan (By_) Caballero
20:53
this will be the most-watched recording of the whole WG's run :D
Orie Steele (Transmute)
21:33
@Daniel yep, a Resource can be a “Capability “ :)
Manu Sporny
21:49
right above the recording where that dog ran into the meeting, grabbed on of the Chairs headsets, and then ran around while the WG tripped over each other to remove the dog from the call.
Orie Steele (Transmute)
23:57
I think its much more relevant to hubs, because they are fine grained
Orie Steele (Transmute)
24:25
I don’t think Adrian is as concerned about “file system” access.. as much as “health care report"
Orie Steele (Transmute)
24:29
acess
Orie Steele (Transmute)
24:33
Hubs has the semantics for that
Orie Steele (Transmute)
26:40
Pigeon transport ftw
Orie Steele (Transmute)
27:12
This is the slide
Orie Steele (Transmute)
27:42
The a GNAP-ified ZCAP vs a ZCAP-ified GNAP
Orie Steele (Transmute)
27:51
This is *
Orie Steele (Transmute)
28:10
Or perhaps these should not look similar
Kaliya Identity Woman
28:14
I <3 the chat but can we make sure some of the key insights make it into the notes :)
Dave Longley
28:15
GNAP-ZCAP and ZCAP-GNAP both happen to have a snappy sound to them
Orie Steele (Transmute)
28:48
q+ to ask about request vs capability
Adrian Gropper
28:53
q+
Adrian Gropper
29:34
to talk about wallet vs. client
Dave Longley
30:02
+1 to say it seems you use GNAP to do the request (which may end up being forwarded via CHAPI or something else) ... and zcap(s) are given in response
Dave Longley
30:24
q+
Dmitri Zagidulin
30:26
+1 yeah
Dave Longley
32:08
-1 for assuming employers are handing over/assigning wallet software as the only use case
Orie Steele (Transmute)
32:10
Web browsers are irrelevant?
Orie Steele (Transmute)
32:17
-1 to that
Daniel Buchner
33:19
-1 for attaching ourselves to a separate server that evals authn/authz, instead of the Hub/Vault itself
Orie Steele (Transmute)
33:43
+1 to adopting GNAP for the request format.
tobiaslooker
33:52
Yeap I like it too
tobiaslooker
34:09
+1
Orie Steele (Transmute)
34:22
I compute ECDSA on paper
Orie Steele (Transmute)
34:24
everytime
Daniel Buchner
34:36
If someone wants to duplicate all the authn/authz logic in a separate remote server, that isn't the Vault/Hub, sure, but the Vault/Hub will do it again anyway and not trust that thing
Manu Sporny
34:46
UPS (to Orie): I'll need your signature right here, man.
tobiaslooker
34:49
With an abacus I hope?
Orie Steele (Transmute)
34:59
And lots of tears
tobiaslooker
35:04
:)
Orie Steele (Transmute)
35:21
Type: “ConfidentialStorageAuthorization” ?
Manu Sporny
35:35
Abacus -- supporting BigInts since 1,200 C.E.
Adrian Gropper
35:47
q+ to answer Daniel
Chris Were
37:40
Is a DID document lookup an “external request”?
Daniel Buchner
37:50
yes, but the Hub would do it
Dave Longley
37:59
Depends on whether the "resolver" is external or local.
Orie Steele (Transmute)
38:02
UMA makes many network requests to 3rd party services…. Afaik its like OAuth on steroids when it comes to “making network requests”
Daniel Buchner
38:13
not call out to another server and say "Here's the capability and the caller, tell me what to do"
Orie Steele (Transmute)
38:13
But I am not an UMA expert
Adrian Gropper
39:54
I am an UMA expert and have moved on to GNAP
Orie Steele (Transmute)
41:44
I think GNAP + ZCAPs solves this problem
Manu Sporny
42:49
q+ to become concerned about scope creep.
Adrian Gropper
42:52
q+
Dave Longley
43:14
https://github.com/decentralized-identity/confidential-storage/issues/141 <-- feel free to elaborate here
Dave Longley
43:58
q+ to say we should not make authorization requests normative
Dmitri Zagidulin
44:40
q+
Dave Longley
45:13
q-
Dave Longley
47:11
q+
Orie Steele (Transmute)
47:14
q+ to note that requesting a capability is core
Orie Steele (Transmute)
47:17
Or we are doomed
Manu Sporny
47:58
agree, but put it in a parallel spec... and point to that.
Manu Sporny
49:39
q+ to note that the concern is about the standardization process, not that we define this stuff.
Adrian Gropper
50:36
I’m ok with that but would ask Justin first
Orie Steele (Transmute)
52:06
Shall we try to pass a resolution that forbids a normative requirement on GNAP?
Orie Steele (Transmute)
52:20
I don’t need a GNAP spec to support an object with a type attribute
Adrian Gropper
52:26
no
Manu Sporny
52:35
yeah, feels too early to make that call right now
Manu Sporny
52:43
I don't even know what's being proposed for the request mechanism.
Orie Steele (Transmute)
53:02
JFYI, I would be more than happy to be compatible with GNAP while never taking it as a normative dependency
Adrian Gropper
53:12
sure
Manu Sporny
53:16
yep
Chris Were
53:27
+1
Orie Steele (Transmute)
53:28
Manu we are proposed GNAP RAR as the authorization request structure
Orie Steele (Transmute)
53:37
The json object we looked at
Orie Steele (Transmute)
53:42
Its only requirement is a type
Orie Steele (Transmute)
53:47
Which is a string :)
Manu Sporny
53:56
sure, if that's all that's being said that's fine
Orie Steele (Transmute)
54:00
^^
Kaliya Identity Woman
54:01
BTW I’ve been putting some of the chat in the notes
Manu Sporny
54:02
but I doubt that is "all of what GNAP is"
Kaliya Identity Woman
54:04
cause it feels importnat
Orie Steele (Transmute)
54:22
Its not I will formally object to taking any more of GNAP
Orie Steele (Transmute)
54:26
:)
Dave Longley
54:34
we have some JSON request stuff that flows over CHAPI that may be GNAP compatible
Orie Steele (Transmute)
54:45
exactly
Orie Steele (Transmute)
54:52
GNAP compatibility is worth it
Manu Sporny
54:57
so would I... but we don't know how many people agree with that statement... we may get a deluge of GNAP is NORMATIVE requests.
Orie Steele (Transmute)
55:01
Taking it a normative dependency will kill us
Dave Longley
55:07
(of course "compatible with GNAP" is a moving target :) )
Manu Sporny
55:08
+1
Orie Steele (Transmute)
55:20
exactly
Orie Steele (Transmute)
55:42
q+ to discuss GNAP
Manu Sporny
56:49
yes, what Orie is saying is my concern... and it's totally fine to plan for support for it...
Adrian Gropper
57:19
q+
Manu Sporny
57:25
The Mission of the Secure Data Storage WG is to make Dick and Justin hug it out.
Dmitri Zagidulin
57:32
lol
Manu Sporny
57:44
/normatively/
Adrian Gropper
57:44
+1 Manu
Dave Longley
58:16
+1 to Orie
Dmitri Zagidulin
58:21
+1 to Orie
Manu Sporny
58:27
+1 Orie
Chris Were
58:31
More broadly we need a guide for implementations that point to the future expected direction, while the spec is formalized. O think we all agree there’s a material issue with time where implementations are needed today.
Manu Sporny
58:43
+1 to Chris
Dave Longley
58:47
+1 to Chris
Dmitri Zagidulin
58:49
+1 yeah, agreed, Chris
Manu Sporny
59:57
Thanks all -- productive call today! Thanks Chairs! :)
Dmitri Zagidulin
01:00:04
thanks all!
tobiaslooker
01:00:04
Thanks all!
Orie Steele (Transmute)
01:00:05
Thanks all