Zoom Logo

Secure Data Storage - WG - Shared screen with speaker view
Dmitri Zagidulin
04:26
https://github.com/decentralized-identity/edv-spec
Manu Sporny
07:02
q+
Troy Ronda
08:09
Derek re-opened the batch PRs into the new repo.
Troy Ronda
08:22
https://github.com/decentralized-identity/edv-spec/pull/1
Dmitri Zagidulin
08:30
@Troy excellent, thanks. we’ll be discussing those next
Troy Ronda
08:37
https://github.com/decentralized-identity/edv-spec/pull/2
Troy Ronda
09:00
So he captured the inaugural 1, at least as a PR ;).
Dmitri Zagidulin
09:10
hahaha true.
Daniel Buchner
09:11
Move it into W3C?
Derek Trider
09:23
haha. The old issues are marked for moving, so they should get brought over too
Dmitri Zagidulin
09:30
aye
Dmitri Zagidulin
09:56
https://github.com/decentralized-identity/edv-sample-implementation
Dmitri Zagidulin
10:08
https://github.com/decentralized-identity/edv-test-suite
Adrian Gropper
10:10
Do I get special mention for suggesting there should be two separate specs many many months ago?
Dmitri Zagidulin
11:27
https://github.com/decentralized-identity/edv-spec/pull/1
Michael Herman (Trusted Digital Web)
12:49
Is transactional integrity required for the full batch?
Dmitri Zagidulin
12:51
q+ to ask about which signing keys
Kaliya Identity Woman
12:59
<3 the Zed-Caps…the special Canadian version of the spec
Troy Ronda
13:05
haha
Michael Herman (Trusted Digital Web)
13:08
q+
Manu Sporny
13:14
+1 to Canadian Zed-caps.
Dave Longley
13:15
q+ to ask about bulk usage use case
tobiaslooker
13:22
haha
Manu Sporny
13:41
/me assumes that NZ uses NZ Zed-Caps as well :P
Troy Ronda
13:42
Difference was unusable to useable :).
Dmitri Zagidulin
14:03
q: Michael, Dave
Kaliya Identity Woman
14:06
maybe we just go with it…makes us sound special.
tobiaslooker
14:11
No we dont actually but would be willing to migrate :)
Juan Caballero
14:14
Oz too, on behalf of Charles Cunningham.
Troy Ronda
15:49
The problematic part is that it’s a Web Wallet that is accessing EDV. Both doing Crypto in the browser and using KMS servers makes things slow. As these storage tasks happen in user visible activities, we don’t want to do more than **one**.
Dave Longley
15:54
q+ to ask about "in a row"
tobiaslooker
15:59
In a row?
tobiaslooker
16:10
+1 to Daves question
Dave Longley
16:15
(are they dependent upon each other?)
Dave Longley
16:23
does one request depend on the result of another?
Troy Ronda
16:43
The problem is creating signatures - the in a row isn’t the relevant problem . Remember this is in the browser.
Dave Longley
16:44
(because i don't understand how you could batch then)
Troy Ronda
17:22
They cannot be - it’s in the browser.
Dmitri Zagidulin
17:30
q: Dave, then also Dave.
Troy Ronda
18:12
If you use HTTP signatures and ZCAPs, it’s not reasonable to sign twice for each operation.
Dave Longley
18:49
i feel like we need a breakdown of everything that's going on here :)
Troy Ronda
19:41
I think it’s mandatory to be able to batch the authorizations.
Troy Ronda
20:05
q+
Troy Ronda
20:52
The use case is pretty clear - the user modifies multiple records and we won’t accept the crypto delay as user visible.
Manu Sporny
21:35
It sounds like the thing that's slowing everything down is signing the HTTP request?
tobiaslooker
21:51
Yeah I think that is a concern with remote KMSs
Manu Sporny
21:56
like the WebKMS system... why can't you delegate the zcap?
Manu Sporny
22:09
q+
Troy Ronda
22:13
It’s not just remote KMS. It’s the fact that each operation is being signed.
tobiaslooker
22:17
But as spoken briefly on the last call a delegate to the browser would circumvent that need
Dmitri Zagidulin
22:17
q: Troy, Manu
Troy Ronda
22:24
No it would not.
Troy Ronda
22:33
The browser is very slow at signing.
Manu Sporny
22:37
!?
tobiaslooker
22:43
So troy you believe even a local signing operation would still be too slow?
tobiaslooker
23:04
Do you have some stats?
Troy Ronda
23:09
Correct - it’s a crypto operation in the browser.
Dave Longley
23:39
TR: How many of those ops/sec do you think the browser can do?
Dave Longley
23:46
(or do you know, per test data?)
Troy Ronda
23:57
Creating a signature?
Dave Longley
24:04
Yeah, is this like an ed25519-sign?
Troy Ronda
24:08
yeh
Manu Sporny
24:19
browser can do 331μs signature op
Dave Longley
24:22
How many of those does the hardware you're using do per second?
Manu Sporny
24:24
sign x 3,017 ops/sec @ 331μs/op
Manu Sporny
24:34
https://github.com/paulmillr/noble-ed25519
Dave Longley
25:52
what's the target total timefor your use case ... 100-150ms? ... and how many total crypto ops would it take if you didn't do what you're doing with batch mode?
tobiaslooker
27:59
And that’s JS based imp? Wouldn’t WASM be even faster?
Dave Longley
28:46
how are you authenticating/authorizing use of the KMS? -- is there a secret in the browser?
Dave Longley
29:01
q+ ^
Dmitri Zagidulin
29:04
yeah that’s my question as well
tobiaslooker
29:12
q+
Derek Trider
29:49
q+
Dmitri Zagidulin
29:53
q+ to discuss group procedure
tobiaslooker
30:04
q- Daves question is what I wanted to ask
tobiaslooker
31:27
q+
Dave Longley
31:39
another way to put it: if the existing API can handle the use cases, we don't want a separate API
Dave Longley
31:43
so we should exhaust that option
Adrian Gropper
32:20
Can someone share their favorite Web KMS example i this context?
Adrian Gropper
32:26
in
Dave Longley
32:26
it's better to have 1 way to do things vs. 2 ... nevermind the complexities involved in a batch API that are specific to the concept of "batching"
Dave Longley
33:01
again, that doesn't mean it can't be justified -- it's just a high bar when there's already another way (that could maybe handle the use case)
Michael Herman (Trusted Digital Web)
33:07
Will replication/sync further drive this requirement for batch updates? ...potentially large ones.
Derek Trider
33:45
q+
Troy Ronda
34:08
Why convert a developer-specified batch into individual operations.
Manu Sporny
34:19
q+ to note that SecureKey could always define this as an extension if they'd want... explore process for that.
Michael Herman (Trusted Digital Web)
34:42
The request was not for batch inserts ...it was stated as a batch of heterogeous operations
Dave Longley
34:49
TR: If the low-latency API is good enough, then it should be the only one and that's why you'd use it in that case.
Troy Ronda
35:28
It’s also handy for the backend DB to be able to treat it as bulk.
Juan Caballero
35:39
wasm performance inscrutable
Michael Herman (Trusted Digital Web)
35:41
q+
Juan Caballero
35:56
and unpredictable not just with golang
Dave Longley
36:53
+1 to having people innovate on a batch API
Dave Longley
37:14
+1 to manu
Derek Trider
37:33
q+
Troy Ronda
37:35
Note - our implementation already includes this function.
Dave Longley
37:45
(the WG shouldn't block experiments)
Dmitri Zagidulin
37:45
q: Michael, Derek
Troy Ronda
37:51
We have been trying to document so others can interop with us.
Dmitri Zagidulin
38:03
@troy - makes sense.
Troy Ronda
38:54
More specifically WASM in the browser.
Troy Ronda
39:08
It’s not a programming environment - it’s WASM.
Troy Ronda
39:42
q+
Dmitri Zagidulin
39:53
q: Michael, Derek, Troy
Dave Longley
40:42
q+
Dave Longley
41:27
q+ to agree with Michael and mention that it's important that we don't end up needing 3 APIs because the other use cases that may need a batch API (not because of latency issues) need a different shape
Dmitri Zagidulin
41:59
q+
Dmitri Zagidulin
43:06
nice, great point about checking EDV server config for supported features
Michael Herman (Trusted Digital Web)
43:19
+1 for ensuring the spec is applicable for a large range of runtime environments
Manu Sporny
43:43
q+ "how do we agree" --> tends to be "how many will implement"
Michael Herman (Trusted Digital Web)
43:44
Perhaps we should list the specific environments we have prioritized
Troy Ronda
44:59
How many implementations are there?
Dmitri Zagidulin
45:04
q: Dmitri, Manu
Troy Ronda
45:05
3?
Manu Sporny
45:06
four so far, I think?
Troy Ronda
48:08
How many implementors are on the call though?
Manu Sporny
49:01
two? :P
Manu Sporny
49:06
(which is the problem) :P
Manu Sporny
49:46
Orie is missing ...
Manu Sporny
49:47
q
Manu Sporny
49:49
q+
Tobias
50:25
we have implemented it too
Juan Caballero
50:32
not that I know of :)
Tobias
50:33
and no batch apis
Dave Longley
50:34
oh, mattr^ has one
Dave Longley
50:44
we have 3 implementers here :)
Juan Caballero
50:48
maybe later
Kaliya Identity Woman
50:53
Implementors matter :)
Michael Herman (Trusted Digital Web)
51:50
What's the minimum requirements? 2 implementors? ...or a majority of the 5?
Dave Longley
52:03
2 implementers + no objections from the WG.
Ian Davis (he/him)
52:08
q+
Dmitri Zagidulin
53:06
+1 to an official / easy way for an Extensions section. (to help reach the 2 implementers goal)
Dave Longley
55:35
(if at least two aren't implementing, it can't become a standard anyway)
Dmitri Zagidulin
55:40
PROPOSALS: 1) Additions/Edits to the Spec go in unless there are hard formal objections against it.
Manu Sporny
56:06
q+
Dave Longley
56:40
q+
Dmitri Zagidulin
56:49
PROPOSAL: 2) Additions/Edits to the API go in automatically if there’s consensus. Otherwise, they go into Proposals section, and wait for 2 implementations.
Manu Sporny
57:18
I like proposal 2 more.
Adrian Gropper
57:24
q+
Dave Longley
59:14
PROPOSAL: PRs get merged if there is consensus. Features are marked at-risk if we don't have two independent implementers committing to them.
Dmitri Zagidulin
59:27
+1
Derek Trider
59:47
I'll let Troy take this one :)
Dmitri Zagidulin
01:00:38
pay no attention to that part :) (the delay in the PR.) as you can hopefully see, we’re determined to move things along a lot faster, in the task force.
Adrian Gropper
01:02:00
+1
zokama
01:02:03
+1
Dave Longley
01:02:05
+1 to my own proposal :)
Manu Sporny
01:02:07
+1 to Dave's proposal (although, I'm concerened about it)
Troy Ronda
01:02:19
+1
Tobias
01:02:27
+1 agree with manu though
Dave Longley
01:02:37
(if you're concerned enough about a feature, object ... if you're not, it goes in and is marked at-risk)
Derek Trider
01:03:04
haha. breaking new ground
Tobias
01:03:09
thanks all!
Manu Sporny
01:03:17
The ground around here is made of granite :P
Derek Trider
01:03:19
Good stuff. I'll be watching the PRs and improving based on feedback!
Derek Trider
01:03:23
haha
Derek Trider
01:03:25
Thanks everyone