Zoom Logo

Secure Data Storage - WG - Shared screen with speaker view
Balazs Nemethi
07:04
DIF_XXXII_20 <— discount code :)
Balazs Nemethi
07:19
Thanks to Kaliya!!
Juan (DIF)
07:23
AT LEAST
Orie Steele (Transmute)
08:15
https://github.com/decentralized-identity/confidential-storage/issues/211
Orie Steele (Transmute)
09:02
Proposal 0: New repo for Hubs, containing spec / documentation in markdown, test suite, and implementation
Juan (DIF)
12:02
each feature as an issue not closed until it's testable in the sample implementation :D
Orie Steele (Transmute)
12:24
+1
Dmitri Zagidulin
12:38
+1
Andreas Freund
12:42
+1\
Daniel Buchner
12:44
+1
Adrian Gropper
12:45
+1
Dave Longley
12:48
+1
Michael Herman (Trusted Digital Web)
12:53
+1
Michael Shea
12:59
+1
Tobias
13:09
+1
Orie Steele (Transmute)
13:36
RESOLVED Proposal 0: New repo for Hubs, containing spec / documentation in markdown, test suite, and implementation
Orie Steele (Transmute)
14:03
Proposal 1: Workmode will be PR Review, Issue Review only.
Dmitri Zagidulin
16:41
+1
Daniel Buchner
16:44
+1
Orie Steele (Transmute)
16:44
+1
Andreas Freund
16:48
+1
Juan Caballero
16:49
+1
Michael Shea
16:49
+1
Tobias
16:50
+1
Michael Herman (Trusted Digital Web)
16:52
+1
Adrian Gropper
16:58
+1
Dmitri Zagidulin
17:08
RESOLVED Proposal 1: Workmode will be PR Review, Issue Review only.
Kaliya Identity Woman
17:10
+1
Orie Steele (Transmute)
17:17
Proposal 2: Hubs are built on IPFS Nodes / Clusters and their exposed APIs
Adrian Gropper
19:33
What’s the relationship of authorization to IPFS Nodes?
Michael Herman (Trusted Digital Web)
19:35
q+
Andreas Freund
19:52
q+
Daniel Buchner
20:11
q+
Adrian Gropper
20:15
q+
Dmitri Zagidulin
21:04
hehe +1 to undefined scope.
Daniel Buchner
21:16
Yes, Hubs store things
Andreas Freund
21:22
agree
Dmitri Zagidulin
22:07
(great question Andreas)
Dmitri Zagidulin
22:55
heh “Hubs store things” is one of the few clear/non-argued-about items in the Hub conversations so far.
Dmitri Zagidulin
23:08
I like it.
Michael Herman (Trusted Digital Web)
23:25
...so IPFS as a first baseline ...potentially expanding beyond IPFS in the future?
Dmitri Zagidulin
23:37
I think that’s the goal, yeah
Daniel Buchner
23:53
I cannot honestly believe that "Do Hubs store things" was a question a year in
Dmitri Zagidulin
24:02
lol
Daniel Buchner
24:11
I think I have given 3 presentations where I have shown slides with data in a Hub
Dmitri Zagidulin
24:16
hey you never know! there are plot twists at every turn!
Michael Herman (Trusted Digital Web)
24:35
It's totally valid based on the March 11 recording
Michael Herman (Trusted Digital Web)
24:48
q+
Dave Longley
25:31
i think it's unclear if "IPFS" means -- using IPFS's protocols (with new separate network(s)) or using its existing default network
Dave Longley
25:53
q+
Dmitri Zagidulin
25:55
great question, dave
Daniel Buchner
26:05
IPFS can be used in private subnets
Daniel Buchner
26:24
so IPFS the protocol, for file replication and content addressing
Dave Longley
26:25
@Daniel, right, but what does the proposal mean?
Dave Longley
26:37
@Daniel, if that's the proposal, that's clear.
Daniel Buchner
26:40
Proposal means for content addressing and peer replication of files, IPFS
Orie Steele (Transmute)
27:21
I think you may need to read the IPFS spec to understand the proposal
Dave Longley
27:31
q-
Orie Steele (Transmute)
27:41
We are not hear to explain the entire IPFS protocol
Dave Longley
27:45
@Orie, what Daniel is saying is what i was asking about
Orie Steele (Transmute)
27:51
Cool :)
Orie Steele (Transmute)
28:00
IPFS has a lot of stuff in it
Orie Steele (Transmute)
28:08
We want to use what we can, and built only what we need
Dave Longley
28:10
yes :)
Dave Longley
28:33
(i just wanted to make sure we're talking about reusing protocols ... not necessarily network instances)
Dmitri Zagidulin
28:40
^ +1
Orie Steele (Transmute)
28:58
Yes, software not network
Andreas Freund
29:02
yes -- protocol -> instances are not relevant
Dmitri Zagidulin
29:23
q: Michael
Dmitri Zagidulin
29:40
q: <empty set>
Daniel Buchner
29:46
Yes, there will absolutely be an abstraction above IPFS
Daniel Buchner
29:52
q+
Daniel Buchner
29:56
I have slides for this
Dmitri Zagidulin
30:19
and who doesn’t like slides?
Dave Longley
30:46
i think IPFS's protocols are appropriate for handling replication and so on.
Orie Steele (Transmute)
31:31
Proposal 2: Hubs are built on IPFS Nodes / Clusters and their exposed APIs
Daniel Buchner
31:33
+1 on proposal
Andreas Freund
31:35
+1
Orie Steele (Transmute)
31:35
+1
Dmitri Zagidulin
31:38
+0
Adrian Gropper
31:41
+1
Michael Shea
31:42
+1
Tobias
31:46
+1
Dave Longley
31:49
+1 to reuse IPFS's protocols where possible
Dmitri Zagidulin
33:08
RESOLVED Proposal 2: Hubs are built on IPFS Nodes / Clusters and their exposed APIs
Dave Longley
34:15
(i've always thought about Hubs as intelligence, not storage :/ )
Adrian Gropper
34:23
me too
Daniel Buchner
34:26
Hubs are not meant to be that smart
Daniel Buchner
34:59
They basically serve data with a few thin interfaces that make organization easier, but don't do or see a lot of the data
Orie Steele (Transmute)
35:06
Proposal 3: Wallets have Hubs, we need a UI demo for how a wallet connects to a hub.
Dmitri Zagidulin
35:33
but.. why would wallets want hubs? (un-encrypted)
Daniel Buchner
35:48
Wallets don't want to have data locally?
Dave Longley
35:58
@daniel, what you're describing "serve data with thin interfaces that don't see data" sounds like an EDV server ... not a Hub to me :)
Adrian Gropper
36:19
q+
Dmitri Zagidulin
36:27
what do wallets want with non-encrypted data tho?
Daniel Buchner
36:31
Dave: Hubs store three types of data: encrypted for just the user, encrypted for many parties, public data
Daniel Buchner
36:48
They are all just objects, with different visibility to others
Daniel Buchner
37:00
Just like Twitter has public tweets and DMs
Michael Herman (Trusted Digital Web)
37:00
Why a wallet specifically? ...why not call it an app or an agent?
Dave Longley
37:17
@daniel, then Hubs sound like intelligence + EDVs (for confidential storage) + IPFS network (for public data)
Daniel Buchner
37:25
Because your wallet would need to have an instance locally to persist it outside of some remote one
Orie Steele (Transmute)
37:34
Proposal 4: Features will driven by developer user experience for wallets
Daniel Buchner
37:40
Hard to call it intelligence
Andreas Freund
37:49
q+
Dmitri Zagidulin
38:11
q: Adrian, Andreas.
Daniel Buchner
38:14
q+
Orie Steele (Transmute)
38:18
HAS not IS
Orie Steele (Transmute)
38:20
:)
Orie Steele (Transmute)
38:46
Michael
Orie Steele (Transmute)
38:50
Here is a pciture
Orie Steele (Transmute)
38:51
https://identity.foundation/confidential-storage/#ecosystem-overview
Orie Steele (Transmute)
39:02
We have had this picture in the spec for a while
Orie Steele (Transmute)
39:11
Its essentially the same thing as proposal 3
Orie Steele (Transmute)
39:23
Except we don’t need to think about EDVs
Orie Steele (Transmute)
39:27
Anymore :)
Dmitri Zagidulin
39:31
q+
Troy Ronda
39:34
I assume a wallet with only confidential storage needs might just use EDV for the storage.
Orie Steele (Transmute)
40:04
correct
Dmitri Zagidulin
40:05
^ +1 Troy, that’s kind of what I assume too
Troy Ronda
40:06
The hub is combining the idea of confidential storage and public storage?
Orie Steele (Transmute)
40:10
yes
Orie Steele (Transmute)
40:30
I am not sure about Wallet vs Agent… thing Daniel is saying
Dmitri Zagidulin
40:35
Orie - proposal 3 seems to go against a previous proposal, that features be use case driven
Orie Steele (Transmute)
40:36
I see it like this:
Orie Steele (Transmute)
40:42
Agent -> Wallet -> Edv
Orie Steele (Transmute)
40:49
Agent -> Wallet -> Hub
Orie Steele (Transmute)
41:05
Agent -> Wallet -> Edv, Hub
Orie Steele (Transmute)
41:08
eetc..
Dmitri Zagidulin
41:30
q: Michael (+ Daniel who jumped queue), Andreas
Orie Steele (Transmute)
41:31
q+ to respond to use case driven question
Dmitri Zagidulin
41:59
q: Andreas, Dmitri, Orie
Adrian Gropper
42:10
I’m next
Dmitri Zagidulin
42:14
sorry :)
Dmitri Zagidulin
42:19
q: Adrian, Andreas, Dmitri, Orie
Daniel Buchner
42:45
Your apps will ask your wallet to give them a capability to read or write to some porition of your Hub data
Daniel Buchner
42:52
your wallet hands out those caps
Orie Steele (Transmute)
43:02
SOLID has Apps?
Orie Steele (Transmute)
43:16
You know what also has apps?
Orie Steele (Transmute)
43:20
couchdb
Daniel Buchner
43:20
then the app can write to your hub via a local Hub conduit, or talk to a remote instance
Michael Herman (Trusted Digital Web)
43:21
+1 Adrian
Orie Steele (Transmute)
43:22
:)
Dmitri Zagidulin
43:57
q: Dmitri, Orie
Daniel Buchner
44:10
Wallet: powerful app you have chosen on a device to have access to your DID keys
Orie Steele (Transmute)
44:43
I don’t agree with Andreas
Daniel Buchner
44:46
q+
Michael Herman (Trusted Digital Web)
44:47
+1 Andres … separable and distinct
Orie Steele (Transmute)
44:52
I work on the universal wallet interop sepc
Orie Steele (Transmute)
45:04
Wallets do lots of stuff
Troy Ronda
45:12
Just in a more specific scenario, is it always the wallet that is generating the VPs in hub scenarios?
Orie Steele (Transmute)
45:12
Thats part of the problem
Michael Herman (Trusted Digital Web)
45:51
It's more basic ...it's definitional
Dmitri Zagidulin
45:54
q: Orie, Daniel
Orie Steele (Transmute)
46:12
https://identity.foundation/confidential-storage/#ecosystem-overview
Andreas Freund
46:25
orie I agree that the universal wallet has a lot of stuff in it .. and I am with you … but it might be easier for others to not have to talk about wallets or define the concept of a wallet in the context of hubs
Dave Longley
46:27
use case: you visit app.example in a web browser and it needs storage to function, so it makes a call to CHAPI to ask the user for capabilities to read/write to a Hub ... the user selects their wallet (credential handler) to provide those capabilities
Dave Longley
46:39
app.example receives the capabilities and now can read/write to the Hub
Daniel Buchner
46:41
Dave: YES!!!!
Michael Herman (Trusted Digital Web)
46:56
...as well: where do my 100 apps appear in the spec diagram?
Daniel Buchner
46:58
How can you access a Hub if you don't talk to a Wallet and get a cap first?
Daniel Buchner
47:09
Wallets sign caps for requesting entities
Michael Herman (Trusted Digital Web)
47:42
q+
Troy Ronda
47:54
Yeh wallets producing authorizations is pretty clear.
Adrian Gropper
47:59
Agents issue access tokens to hubs?
Michael Shea
48:04
WAAs (Wallets, Agents, Apps)
Dmitri Zagidulin
48:27
@Dave - that’s a good use case. But that’s not quite “Wallets have Hubs”. It just sounds like “Wallets can store lots of things. Including authz capabilities. For Hubs or other things."
Orie Steele (Transmute)
48:28
^ appropriate for the sound of reading it
Adrian Gropper
48:33
q+
Dmitri Zagidulin
48:54
q: Michael, Adiran
Dmitri Zagidulin
48:58
Adrian
Troy Ronda
48:59
But I’ve been curious about the relationship of hubs to VC and VP coordination.
Orie Steele (Transmute)
49:21
^ yeah, in a way, we are trying to get to a structure to answer that
Orie Steele (Transmute)
49:29
We need definitions to do so
Andreas Freund
49:34
Like Gdrive in a weird centralized way
Dmitri Zagidulin
49:37
q: Adrian
Daniel Buchner
49:56
A wallet is an agent
Dave Longley
50:12
@dmitri -- sure, the wallet could just be storing zcaps for the Hub ... and you visited the Hub provider website to get those ... and then the wallet can delegate to apps from there for you (with consent)
Daniel Buchner
50:13
That's why Agent is a horrible term
Orie Steele (Transmute)
50:17
Nobody agrees on what wallets are.. hence the need for a spec for tham
Daniel Buchner
50:18
User Agent is a browser
Michael Shea
50:26
not anymore in the crypto world, wallets are containing a lot more than just keys
Andreas Freund
50:28
Is a wallet and agent or part of an agent?
Daniel Buchner
50:28
q+
Andreas Freund
50:36
an agent
Dmitri Zagidulin
50:40
q: Daniel.
Orie Steele (Transmute)
50:47
“ not anymore in the crypto world, wallets are containing a lot more than just keys
“ bingo
Daniel Buchner
50:50
Your Browser has your stored passwords and presents you with permission requests
Dave Longley
50:55
1. go to hubs.example in a web browser and sign up -- it will call CHAPI and give your wallet capabilities to read/write/create hubs
Daniel Buchner
50:58
your browser is a User Agent
Daniel Buchner
51:11
it's not my fault the DID community blew that clear term to bits
Dave Longley
51:13
2. go to app.example in a browser and it calls CHAPI and you use your wallet to give it capabilities to access a Hub of your choice
Orie Steele (Transmute)
51:19
Big +1 to Adrian
Andreas Freund
51:26
+1
Dmitri Zagidulin
51:30
I’m still having trouble understanding Proposal 3. It seems to reduce to the trivial “Wallets can store authorizations for Hubs."
Dmitri Zagidulin
51:34
but that’s kind of tautological?
Troy Ronda
51:49
I think it’s more about signing authorizations
Juan Caballero
52:02
yup
Michael Herman (Trusted Digital Web)
53:26
Using Adrian's terminology, a Wallet should be nothing more than a secure resource server for a subject's keys.
Orie Steele (Transmute)
54:10
If you are interested in defining what a wallet iss
Orie Steele (Transmute)
54:16
I invite you to contribute here:
Orie Steele (Transmute)
54:17
https://w3c-ccg.github.io/universal-wallet-interop-spec/
Dmitri Zagidulin
54:53
is there a link to the slides by any chance?
Orie Steele (Transmute)
55:01
There will be
Dmitri Zagidulin
55:05
k
Adrian Gropper
56:41
q+
Michael Herman (Trusted Digital Web)
56:59
Here's the Aries/Agent ARM: https://mwherman2000.github.io/indy-arm/6bed1487-50bb-4dde-b25a-53e05b325924/images/5b7e0960-e031-4cc7-8974-c1f0e269653e.png
Orie Steele (Transmute)
57:01
This page here… is the answer to why we want to be UI driven...
Juan Caballero
57:17
^+1
Dmitri Zagidulin
57:19
q: Adrian
Orie Steele (Transmute)
57:19
“Alexa stop"
Orie Steele (Transmute)
57:24
Must be another agent
Troy Ronda
57:25
Is there any logic like presentation creation or is this simply fetch data?
Michael Herman (Trusted Digital Web)
57:27
q+
Juan Caballero
57:32
Alexa this isn't the UI I want
Dmitri Zagidulin
57:37
q: Adrian, Michael, 3 mins remaining
Daniel Buchner
57:45
https://drive.google.com/file/d/1FF0olZQBfnMFHtZPwGD7c0mQPpz0GZfk/view?usp=sharing
Daniel Buchner
57:59
Yes
Orie Steele (Transmute)
58:17
Run your own hub if you don’t want MS to see your requessts
Orie Steele (Transmute)
58:21
Same issue for GNAP.
Dave Longley
58:37
side note ... i think making a browser interface to this is probably not a good idea nor required (-1 to `navigator.did.*`) ... it hampers innovation and flexibility
Dave Longley
58:54
i think we can do all the stuff in that API without it needing to be "built in" to the browser
Orie Steele (Transmute)
58:55
I think we are all tired of waiting for CHAPI to land :)
Orie Steele (Transmute)
59:09
And want to use MS to get some DID APIs into chrome :)
Dave Longley
59:25
heh... that is so very fraught :)
Dmitri Zagidulin
59:34
@Orie those.. seem to be orthogonal things :) CHAPI and did apis
Orie Steele (Transmute)
59:40
Sure, can’t win a war you never actually fight
Dave Longley
59:49
if you want to immediately make it hard to do anything, create a complex API that has to go through WebIDL and C++ code and all of the browser manufacturers
Dave Longley
01:00:09
when you can do all that with JS instead, do it with JS.
Daniel Buchner
01:00:44
Dave: I was just showing what it would look like if it was a standard in a browser
Dave Longley
01:01:00
that's fine -- i just don't want poeple to get confused and think it's a good idea to build it into the native browser code
Daniel Buchner
01:01:05
but yes, it is still addressable outside of having some Navigator integration
Juan Caballero
01:01:23
big +1 to demos
Michael Shea
01:01:31
thx
Tobias
01:01:44
thanks all