Zoom Logo

Secure Data Storage - WG - Shared screen with speaker view
Dmitri Zagidulin
01:51
agenda/attendance link: https://hackmd.io/KWpFD9eOTNa9cUShkPYf7g
Dmitri Zagidulin
04:24
https://hackmd.io/KWpFD9eOTNa9cUShkPYf7g
Dmitri Zagidulin
06:25
https://www.rankedchoices.com/sdswgnouns, https://www.rankedchoices.com/sdswgadjectives
Michael Shea
07:21
Not to pick nits, but Identity and User are nouns….
Juan Caballero
08:28
English is a loosely-typed language ;)
Michael Shea
08:42
:)
Jim StClair
08:44
JaJaJa, Juan
Juan Caballero
09:07
heyoooo
Juan Caballero
11:00
never in the clear
Dmitri Zagidulin
12:03
Encrypted (example: Encrypted Data Vault, Encrypted Resource Server)Confidential (example: Confidential Storage)Limited Trust or Zero Trust (example: Limited Trust Storage)
Dave Longley
13:21
zero trust may be conflated with untrustworthy vs. no trust is required
tobiaslooker
13:26
You also do have to trust the provider somewhat
tobiaslooker
13:55
E.g the provider has to fulfil some basic roles as a storage provider
Manu Sporny
14:21
q+ to respond to "In the industry"
Dave Longley
15:08
confidential => use other people's resources confidentially... to do your private business
Jim StClair
15:48
I wouldn't say "zero trust database" at a cocktail party
Dave Longley
15:54
plus, who doesn't want to inspire confidence? :)
Dmitri Zagidulin
16:00
lol
Kaliya Identity Woman
16:04
we had this problem with “open ID” where normal humans thought their identity was “open” meaning widely exposed
Manu Sporny
16:31
Zero Trust ID :P
Jim StClair
17:04
+1 Manu
Nader Helmy
17:04
that's the problem with terms like "open" and "zero trust", it always begs the question: from whose perspective
Dmitri Zagidulin
17:11
PROPOSAL: Strike 'Zero Trust' from the list (as we did with 'Secure', but for different reasons).
Michael Shea
17:19
+1
Dave Longley
17:20
+1
Manu Sporny
17:21
+1
Adrian Gropper
17:22
+1
Sze (Z) Wong
17:22
+1
Jim StClair
17:23
+1
robbie jones
17:24
+1
Dmitri Zagidulin
17:26
+1
tobiaslooker
17:26
+1
Kaliya Identity Woman
17:30
+1
Manu Sporny
17:41
and thus is the story of the brief life of the word Zero Trust in the SDS WG. :P
Manu Sporny
17:55
RIP Zero Trust
Dmitri Zagidulin
18:04
VaultStorage or Store (example: Data Store)Hub (example: Data Hub, Storage Hub, Identity Hub)
Juan Caballero
18:25
confidential vault is pretty redundant :D
Jim StClair
18:31
No Fabric?
Dmitri Zagidulin
18:58
@Jim - fabric is on the list of nouns. (didn’t make it into top 3 tho)
Nader Helmy
19:03
"Hub" is so vague
Jim StClair
19:14
:(
Dave Longley
19:15
confidential storage ... in part, provided by the primitive "encrypted data vaults" <-- seems to work
Adrian Gropper
19:31
the Appendix half
Manu Sporny
19:41
^^ ooh, I like the above... also liked Mesh/Fabric
Michael Shea
20:35
wasn’t there a potential trademark or IP related issue with ‘mesh’?
Jim StClair
20:35
https://lingarogroup.com/is-data-fabric-the-future-of-data-management-platforms/
Dave Longley
20:39
"fabric" may lead to confusion with related things such as hyperledger fabric
Jim StClair
20:45
@mike, yes
Adrian Gropper
20:51
data broker
Dmitri Zagidulin
20:59
@michael oh good god, are you serious? (re ‘mesh’). :(
Jim StClair
21:08
That's a bad word @adrian LOL
Adrian Gropper
21:12
surveillance point
Jim StClair
21:23
yes - I shared this last meeting
Michael Shea
21:31
@dmitri just remembering Jim’s point last week
Jim StClair
21:44
Google "mesh" and it's associated with thoughtworks
Nader Helmy
22:18
How about "Confidential Data Vault"
Manu Sporny
22:40
/me would be happy with that -- Encrypted/Confidential Data Vault.
Dave Longley
22:41
i'd prefer to keep "encrypted data vault" for the lower level primitive
Michael Shea
22:42
fishnet?
Manu Sporny
22:50
Phishnet
Nader Helmy
22:57
I'd be in favor of a name that unifies the two different "parts" of the spec, personally
Jim StClair
22:59
Encrypted/Confidential Data Vault.
Michael Shea
23:25
Encrydential
Jim StClair
23:49
https://trustgrid.io/what-is-a-data-mesh/#:~:text=Functioning%20similar%20to%20a%20service,held%20across%20multiple%20data%20silos.
Nader Helmy
23:49
I know its been a deliberate decision to separate the vault & hub layers, but I think it would be a win to come up with one name to describe the whole thing
Manu Sporny
23:59
"Encrydential" feels like it might be a denture brand... and incredible one.
Dave Longley
24:08
since there is "confidential computing" ... we might want to put our stake in the ground for "confidential storage"
Michael Shea
24:14
you don’t know your using them....
Jim StClair
24:16
https://www.thoughtworks.com/radar/techniques/data-mesh
Jim StClair
24:28
+1 Dave
Manu Sporny
24:31
ooh, like the "Confidential Storage" angle
tobiaslooker
24:31
Yeah +1 to Daves point
Adrian Gropper
24:46
+1 dave
tobiaslooker
25:00
q+
Nader Helmy
25:29
Confidential Storage or Confidential Data Vault
Nader Helmy
25:34
+1 to either
Manu Sporny
25:38
q+ to say confidential works for corporate and personal
Nader Helmy
26:11
+1 manu
Adrian Gropper
26:16
Data Vault is too vague for me
tobiaslooker
26:18
Storage aligns with existing terminology better than say data vault though does it not?
Michael Shea
26:19
+1
Juan Caballero
26:21
q+
Manu Sporny
26:57
good question
Dave Longley
27:08
confidential storage -- you can even serve your public data with confidence
Juan Caballero
27:16
:D
Juan Caballero
27:20
good answer, Dave!
Juan Caballero
27:35
I mean, I knew the answer technically, was just asking messaging/marketing-wise :D
Nader Helmy
28:53
So with Confidential Storage, what would we call an instance of such a thing? Confidential Storage Provider?
Nader Helmy
29:06
That's one benefit of "Data Vault" IMO, tho its a bit more obtuse
Michael Shea
29:12
a freeholders…. :D
Dmitri Zagidulin
30:58
+1 to adrian’s point ‘in parallel’
Manu Sporny
31:22
Confidential Data Storage / Confidential Data Store / Confidential Data Storage Provider
Juan Caballero
31:39
resource server :D
Adrian Gropper
31:43
Service
Juan Caballero
31:51
^ yes!
tobiaslooker
31:56
Yeah Confidential Storage Provider/Service
Juan Caballero
32:01
unfortunately it abbreviates to CSS
Manu Sporny
32:04
/me CSS 1.0!
Nader Helmy
32:04
Yes it does :)
Juan Caballero
32:29
.unfortunate { emoji : frown }
Manu Sporny
32:48
/me appreciates Juan's joke like a fine wine.
Juan Caballero
33:00
i think "service" encapsulates both storage and hub functionalities well
Manu Sporny
33:30
we might want to change the name of the group :)
Orie Steele (Transmute)
33:33
Can we just say no to renaming?
Orie Steele (Transmute)
33:39
ugh
Manu Sporny
33:55
What if half of us call it one thing and the other half calls it something else.
Orie Steele (Transmute)
33:56
External marketing material
Manu Sporny
33:57
:P
Orie Steele (Transmute)
34:04
Should be aligned
Orie Steele (Transmute)
34:13
q+
Orie Steele (Transmute)
35:51
+1 to confidential its like “privacy” for busineses
Manu Sporny
36:15
Decentralized Data Storage Working Group -- working on the Confidential Storage specifications and the Storage Hubs specifications.
Manu Sporny
36:33
/me not a proposal! Just spit ballin' man! :P
Orie Steele (Transmute)
36:41
DDSW working on CSP and SH
Daniel Buchner
36:57
+1 to Decentralized Data Storage WG
Dmitri Zagidulin
37:11
https://docs.google.com/presentation/d/1QEHSs4XJ05yQl2mvpiqbM80-MySxlVI9cNDLPq_XkkY/edit#slide=id.g9d1f72de30_0_0
Daniel Buchner
37:20
The Braces WG
Adrian Gropper
37:21
I have a proposal for authorization.
Daniel Buchner
37:28
D.D.S.
Manu Sporny
37:37
Daniel Buchner, DDS
Manu Sporny
37:45
isn't that a doctor thing?
Daniel Buchner
37:53
Thought it was dentistry
Daniel Buchner
37:55
but not sure
Michael Shea
37:58
yes it is
Juan Caballero
38:10
doctor of dental SURGERY
Juan Caballero
38:16
bad day for that joke!
Manu Sporny
38:17
ooh
Juan Caballero
38:29
the most dreaded of dentists
Manu Sporny
38:52
because they slice your jaw open fromt he inside of your mouth and take out bones.
Dave Longley
39:45
yeah but we could use DDS to detooth the storage silos of today
Manu Sporny
40:30
Storage Silos - Defanged, news at 11
Juan Caballero
40:49
fun fact: i once had a TEAM of DDSs (well, 2 of them) remove 7 teeth from my skull in one day. can we spitball another metaphor now? .unfortunate { emoji : crying-inside; font-size : xx-large; }
Adrian Gropper
41:18
TMI
Dave Longley
41:22
whose teeth were they?
Nader Helmy
41:35
rip juan
Daniel Buchner
41:55
wait, did someone say gnope?
Michael Shea
41:58
Keith Duncan, of the Chicago Blackhawks had 5 removed in one instant in a playoff game….
Manu Sporny
42:19
OAuth2 RawR
Dave Longley
44:15
q+
Manu Sporny
44:43
q+
Orie Steele (Transmute)
45:06
q+ to ask about GNAP structured scopes and zcaps
Adrian Gropper
45:56
q+ to respond to Orie
Dmitri Zagidulin
48:12
q+ to ask clarifying question of Adrian
Juan Caballero
48:54
scope, purpose, and requester creds
Dmitri Zagidulin
49:04
thx
Adrian Gropper
50:14
Any authorization protocol that supports attenuated delegation should mitigate the risks of semantic drift in scopes.
Orie Steele (Transmute)
50:25
q+ to ask about why requester credentials matter?
Manu Sporny
51:19
q+ to agree with Orie
Dmitri Zagidulin
51:22
q+ to address orie’s question
Dave Longley
51:58
+1 to orie, shouldn't happen at the storage server (PEP) ... find to have that happen where the capabilities are minted
Dave Longley
52:01
fine*
Adrian Gropper
53:10
I am not in favor of merging PDP with PEP at all
Manu Sporny
54:07
yeah, but if it goes to the same server, there's still a problem
Manu Sporny
54:13
a correlation problem
Daniel Buchner
57:15
I can't edit
Dmitri Zagidulin
57:57
Daniel - will fix that
Manu Sporny
59:16
I don't know what semantic drift is! :)
Dave Longley
59:31
the meaning of a scope may change over time?
Manu Sporny
59:38
yeah, maybe
Dave Longley
59:38
as people change what it means to them?
Manu Sporny
59:49
right, so keep your @contexts locked down
Nader Helmy
01:00:09
Adrian what you're talking about seems to drift into access control vs a capabilities model
tobiaslooker
01:00:12
Or the in-proper deprivation of a scopes usage?
tobiaslooker
01:00:19
*deprication
Nader Helmy
01:00:28
Capabilities model considers that separation to be a feature not a bug
Juan Caballero
01:00:40
^ !
Juan Caballero
01:00:50
be there or be square
Juan Caballero
01:01:14
FREEHOLD THO
Dmitri Zagidulin
01:01:22
omg freehold <3