Zoom Logo

Secure Data Storage - WG - Shared screen with speaker view
Dmitri Zagidulin
10:08
agenda: https://hackmd.io/J60Fy2QYTXi9jOzQvvscRw
Manu
10:49
I have no video :(
Manu
10:52
well... :)
Manu
11:01
(because I don't trust cameras connected to computers)
Dmitri Zagidulin
11:23
https://hackmd.io/J60Fy2QYTXi9jOzQvvscRw
Manu
12:02
q+ to ask for minutes links.
Balazs Nemethi (DIF)
12:41
IPR related info can be found here: https://dif.groups.io/g/sds-wg/wiki
Dmitri Zagidulin
13:03
https://dif.groups.io/g/sds-wg/wiki
Daniel Buchner
14:36
Goes under...to get a clam
Daniel Buchner
14:41
...otter
Michael Shea
14:59
:face-palm:
Dmitri Zagidulin
15:13
manu are you saying our SEO game is weak?
Manu
16:42
q+
Carsten Stoecker
17:55
Someone who recognizes voices can put a key at the top if they manually cut and paste
Stephen Curran
18:04
q+
Carsten Stoecker
18:11
if you click the (3) it jumps to that point in the recording
Stephen Curran
18:17
q-
Carsten Stoecker
18:19
probably zoom ids?
Manu
18:27
Balazs is Otter.ai!!!!
Carsten Stoecker
18:31
not gonna lie, that's a little scary
Tobias Looker
18:36
Haha!
Dmitri Zagidulin
18:36
I thought it was via Zoom API!
Daniel Buchner
18:36
manu beat me to it
Daniel Buchner
18:39
damn it
Dave Longley
18:40
some otter on the internet knows who i am?
Carsten Stoecker
18:50
otter.ai is balázs handle on dating websites
Stephen Curran
18:51
q+
rhiaro
19:13
it's not hooked into the zoom somehow?! I thought it was just smart enough to know which stream had audio, not voice recognition.. that seems sketchy..
Orie Steele (Transmute)
19:22
Que is Stephen CUrran
rhiaro
19:37
/me resolves not to speak into the ai surveillence..
Carsten Stoecker
19:55
^ sympathizes
Michael Shea
19:58
so what does Otter.ai do with the voice recordings after the fact?
Michael Shea
20:07
Are we all becoming part of a data set that is being sold?
Manu
20:10
shares it w/ google, Amazon, of course.
Manu
20:31
/and Editor/!
Carsten Stoecker
20:33
renowned fer sure
Nader Helmy
20:50
first they came for our call transcripts. then came... skynet
Orie Steele (Transmute)
20:55
^ lolz
Dan Burnett
21:03
Yep, not sure I give permission for my name to be associated with my voice at Otter.ai or Zoom . . .
Dmitri Zagidulin
21:06
https://github.com/decentralized-identity/secure-data-store/issues
Carsten Stoecker
21:11
all joking aside, I am happy to read aloud any chats from people who don't want to speak the rest of this call
Adrian Gropper
21:18
ClearviewAI or Otter?
Dan Burnett
21:21
My PhD is in speech rec. I know how this works :) :(
Daniel Buchner
21:30
CarstenProxyOtter
Carsten Stoecker
21:33
Oh I'm Carsten stoecker today!
Dave Longley
21:35
is it actually recognizing our voices or is it just determining who is speaking next based on a name being called out?
Carsten Stoecker
21:37
carsten = juan
Carsten Stoecker
21:47
sorry
Orie Steele (Transmute)
21:50
^ is that an IP its?
Dmitri Zagidulin
21:53
https://github.com/decentralized-identity/secure-data-store/issues
Dan Burnett
22:02
Oh, I am Manu today
rhiaro
22:05
(at some point I'd also like to know what rights zoom has over these recordings, but we don't need to think about that right now)
Dan Burnett
22:09
Or should I be Dmitri?
Dave Longley
22:12
You've got a lot of work to do, Dan.
Dan Burnett
22:21
Okay, I'm NOT Manu!
Dave Longley
22:26
:)
Orie Steele (Transmute)
22:30
Oldest to newest: https://github.com/decentralized-identity/secure-data-store/issues?q=is%3Aissue+is%3Aopen+sort%3Acreated-asc
Orie Steele (Transmute)
23:22
Don’t use my link
Orie Steele (Transmute)
23:28
It won’t match
Orie Steele (Transmute)
23:36
https://github.com/decentralized-identity/secure-data-store/issues
Dan Burnett
24:20
Carsten == Juan == bumblefudge == ??
Daniel Buchner
24:39
This man uses many peerwise pseudonyms
Dave Longley
24:44
== otter.ai
Carsten Stoecker
24:53
not on this website, anyways
Orie Steele (Transmute)
24:56
https://github.com/decentralized-identity/secure-data-store/blob/master/use_cases.md
Dmitri Zagidulin
25:36
https://identity.foundation/secure-data-store/use_cases
Ganesh Annan
28:20
Here is the use cases document from the VCWG https://www.w3.org/TR/vc-use-cases/
Dave Longley
31:37
I think there may be "requirements" at L1 to support replication at another layer.
Manu
31:49
+1 to what Longley said ^
Tobias Looker
31:59
+1 to Daves point
Tobias Looker
32:28
There are considerations at this layer but it doesn’t mean replication has to happen at this layer
Michael Shea
32:44
@orie what was your thought behind the safety deposit box as a use case?
Daniel Buchner
32:46
the values MUST be embedded or it's not secure
Tobias Looker
33:01
Yes that’s a consideration at L1
Daniel Buchner
33:03
you can fool the nodes with false updates, for example
Orie Steele (Transmute)
33:13
Comments about Safe Deposit box: https://github.com/decentralized-identity/secure-data-store/issues/41#issuecomment-635511903
Ian Preston
33:17
Encryption doesn't need to be at the lowest level.
Manu
35:02
I think you'll find that others feel strongly that it should, Ian. :)
Ian Preston
35:16
+q
Dave Longley
36:56
that "layer" (IPFS, mongodb, whatever storage medium you want to use) is out of scope, IMO -- that is a "lower layer" but so low it's not part of what we're building here.
Orie Steele (Transmute)
37:19
^ agree
Manu
37:28
+1 to layering
Ganesh Annan
37:35
+1 It’s my understanding that EDVs can be built on top of any backing store.
Orie Steele (Transmute)
37:44
Please use the que and keep your response brief
Orie Steele (Transmute)
37:55
Make sure to comnent on issues
Dmitri Zagidulin
38:07
+1 orie
Orie Steele (Transmute)
38:08
EDVs can be built on IPFS.
Dave Longley
38:13
+1
Orie Steele (Transmute)
38:19
They can also be built on S3
Dave Longley
38:38
i think we're just disagreeing on definitions of "lowest layers" here -- there are layers *inside* the spec and *outside* the spec.
Dave Longley
38:44
+1 to Orie
Daniel Buchner
38:49
I do agree with Ian on a variant of his point: object IDs should be their deterministic hash representations
Daniel Buchner
39:05
it's the only way to have a trusted master coordinating
Daniel Buchner
39:23
OOPS
Orie Steele (Transmute)
39:32
^ I also agree… I think content addressing is very useful way of organizing binary.
Daniel Buchner
39:33
It's the only way NOT to have a trusted master coordinating
Orie Steele (Transmute)
41:07
Use the que, be brief, leave comments on issue.
Ian Preston
41:08
What I'm talking about is encryption at the lowest layer. IPFS is just a P2P protocol for content addressed storage in this model.
Carsten Stoecker
41:43
Phone users can raise hand with *9
Dave Longley
41:45
Ian Preston: I think the meaning of "lowest layer" is just in dispute, not what you're saying.
Carsten Stoecker
41:59
*9 also lowers
Orie Steele (Transmute)
42:07
+1 we are assuming byte storage is a solved problem.
Dave Longley
42:18
+1
Manu
42:21
+1
Daniel Buchner
43:20
Basically, this:ID of object = Hash({parent_change_hash: …,encryption_meta: ...,permission_meta: …replication_meta: …,actual_content: ...})
Michael Shea
43:32
@orie I will take a crack at the safety deposit box use case.
Ian Preston
43:53
the main thing I meant by IPFS is the data model - IPLD which is essentially merkle linked data. What I'm saying is that it works very well to layer encryption above that bottom data model layer.
Daniel Buchner
43:56
Those values need to be inextricably baked, else there are a variety of security issues
Orie Steele (Transmute)
44:16
Awesome re: safe deposit box.
Adrian Gropper
45:56
If byte stores are assumed and out of scope, then is the first layer in-scope the Policy Enforcement Point (PEP)?
Orie Steele (Transmute)
49:21
Too much discussion
Dmitri Zagidulin
49:27
+1
Orie Steele (Transmute)
49:27
Please leave comments on the issue.
Carsten Stoecker
49:54
Is "authorization" the broadest umbrella term?
Manu
49:57
-1 for PEP and PDP :( -- I don't know what they mean.
Nader Helmy
50:02
Adrian is that the terminology used by GDPR?
Nader Helmy
50:08
PDP/PEP
Dave Longley
50:11
+1 to authorization instead of sharing
Kaliya Identity Woman
50:17
XACML and stuff
Adrian Gropper
50:40
Nader - sort-of - GDPR talks of controller and processor
Dave Longley
51:21
"authorization" also doesn't presuppose ACL vs. OCAP (competing models)
Nikos Fotiou
52:55
PDP/PEP Section 4 here https://tools.ietf.org/html/rfc2753
Carsten Stoecker
53:06
^ Nice!
Dave Longley
54:54
names would be great ... after we get some agreement on them :)
Kaliya Identity Woman
56:15
q+
Kaliya Identity Woman
57:07
q-
Manu
57:17
haha, brutal Orie... The Issuer Processing Jackhammer. :P
Carsten Stoecker
01:00:51
Is he on the call?
Carsten Stoecker
01:00:58
It seems he may have fallen off
Carsten Stoecker
01:01:15
"Ready for PR"?
Manu
01:02:12
bikeshed!!! we should have a bikeshed label!