Zoom Logo

Secure Data Storage - WG - Shared screen with speaker view
Dmitri
04:09
attendance doc: https://hackmd.io/lKmW-LZ4Tw-0-RcFAxjsJA
Orie Steele (Transmute)
05:10
Who am I?
Orie Steele (Transmute)
05:13
Where am I?
Adrian Gropper
06:20
We clearly need a third name...
Orie Steele (Transmute)
06:33
We are in the “Secure Data Storage WG"
Orie Steele (Transmute)
06:51
We are working on the “Confidential Storage Specification”
Orie Steele (Transmute)
06:59
We are under some IPR agreement
Dmitri
07:17
attendance doc: https://hackmd.io/lKmW-LZ4Tw-0-RcFAxjsJA (add yourself)
Orie Steele (Transmute)
08:41
Very intereesting
Orie Steele (Transmute)
09:15
I had a chat with the Tangem Card folks about adding hardware support for x25519, for a similar type of scenario to support hardware protected edvs
Jim StClair
10:28
Congrats Kaliya!
Dave Longley
10:37
+1
Dave Longley
11:19
Secure Data Storage WG
Orie Steele (Transmute)
11:20
q+
Orie Steele (Transmute)
12:11
q-
Adrian Gropper
12:16
I’m in favor of moving to EDV.
Adrian Gropper
12:24
q+
Orie Steele (Transmute)
13:00
q+ to describe why we can’t name the spec edv
Daniel Buchner
13:42
I think if we did Hubs, folks like Ceramic and Solid would be smart to develop completely independently of this group
Daniel Buchner
14:06
which may be OK, but we definitely want to understand that EDV usage may MASSIVELY decline as a result
Adrian Gropper
14:20
q+
Daniel Buchner
14:25
because Hubs is where most applications will exist
Daniel Buchner
14:42
devs don't write dapps against low-level DB-centric calls
Daniel Buchner
14:56
that's not controversial, it's just reality, even today
Dmitri
15:45
@daniel - I agree, I look at EDV as more of a backend for Hubs and wallets and such
Daniel Buchner
15:53
Why would Hubs be controllers?
Daniel Buchner
15:57
they don't mutate data
Daniel Buchner
16:02
and can't read encrypted data
Daniel Buchner
16:06
q+
Adrian Gropper
16:26
Indexes are plain text
Dmitri
16:34
indexes are also encrypted
Orie Steele (Transmute)
16:42
^ not in hubs
Dmitri
16:45
ohhh right
Dmitri
16:46
sorry
Adrian Gropper
16:50
yeah
Orie Steele (Transmute)
16:57
Hence confusion
Chris Were
17:08
w+
Chris Were
17:10
q
Orie Steele (Transmute)
17:17
Lets keep everyone together until we can’t :)
Dave Longley
18:33
datashards
Chris Were
18:48
noted, great to know, thank you
Orie Steele (Transmute)
18:58
https://github.com/decentralized-identity/confidential-storage/issues/157
Adrian Gropper
19:00
? what do you mean in the document itself?
Adrian Gropper
19:07
aha
Daniel Buchner
19:09
The one oddity is that you're essentially writing an entirely different layer to circulate publicly exposed private keys just for the public data
Orie Steele (Transmute)
19:16
^ 157 is a proposal for EDVs
Orie Steele (Transmute)
19:18
Not hubs
Orie Steele (Transmute)
19:20
Not be clear
Orie Steele (Transmute)
19:37
*to bee
Orie Steele (Transmute)
19:46
God I hate zoom chat
Daniel Buchner
19:57
so you say "I want everyone to see this in plaintext", but then you encrypt that, and then need to include a private key with it, even though you never wanted to encrypt it in the first place
Adrian Gropper
20:20
I agree - it’s rificulous
Orie Steele (Transmute)
20:23
Take your crying to the issue
Orie Steele (Transmute)
20:27
:)
Dmitri
20:46
https://identity.foundation/confidential-storage/#terminology
Adrian Gropper
21:23
q+
Dmitri
21:48
https://identity.foundation/confidential-storage/use-cases/#functional-requirements
Chris Were
24:00
q+
Daniel Buchner
24:02
q+
Adrian Gropper
24:22
q+
Adrian Gropper
24:43
to talk about share data
Adrian Gropper
25:52
+1 what Dmitri said about authorization
Daniel Buchner
27:37
Alice to Bob is more of an AuthZ use case
tobiaslooker
27:54
q+
Juan Caballero
27:59
alice to alice is sharing with 0 entities?
Orie Steele (Transmute)
28:12
Its encryption and access to only yourself
Juan Caballero
28:29
thus not sharing?
Orie Steele (Transmute)
28:39
The word sharing is meaningly
Orie Steele (Transmute)
28:43
Meaningless cancer
Orie Steele (Transmute)
29:04
“Sharing” is not sufficiently defined
Orie Steele (Transmute)
29:09
For anyone to understand
Orie Steele (Transmute)
30:07
q+ tp talk about backup
Adrian Gropper
30:50
q+
Dave Longley
30:55
are we talking about something that should be invisible to the client or not?
Chris Were
31:02
In my mind “replication” can be a means of “data sharing”
Dmitri
31:07
why Dave, it sounds like you want to join the queue :)
Dave Longley
31:11
q+
Dmitri
31:56
orie is /never/ unclear.
Orie Steele (Transmute)
32:12
Thats not true, please ask for clarity always
Orie Steele (Transmute)
32:16
:)
Orie Steele (Transmute)
32:39
q+
Chris Were
32:47
+1 to dave
Orie Steele (Transmute)
32:56
To talk about visibility of replicatiton
Adrian Gropper
33:01
+1 dave
Dave Longley
34:30
"client-controlled replication"
Adrian Gropper
34:30
+1
Adrian Gropper
34:35
q+
Adrian Gropper
34:50
to say what Orie is NOT replication
Daniel Buchner
34:51
Wyoming underground citadel, FTW
Daniel Buchner
35:00
data protected by buffalo
Dmitri
35:06
woooot, underground citadel as a service!
Daniel Buchner
35:52
Replication is simply the act of replicating data to other instances of a thing
Orie Steele (Transmute)
35:56
q+ to say that it is replication and provide a concrete example
Daniel Buchner
36:14
0 work
Dave Longley
36:16
"client-controlled replication" (what Orie describes -- perhaps we need a better name, naming is hard) would be a potential feature for the spec, "server-controlled replication" would not be.
Daniel Buchner
36:20
literally not even flinch
Chris Were
36:37
I feel we need a clear distinction of layers to frame these conversations; “server” EDV, “client” EDV, Hub. We may likely have different types of replication supported at those different layers.
Daniel Buchner
36:37
q+
Orie Steele (Transmute)
36:38
https://guide.couchdb.org/draft/replication.html
Orie Steele (Transmute)
36:47
^ wow look, a definition for replication
Daniel Buchner
36:56
Alice changes nothing
Dmitri
38:05
q+ to discuss visibility vs controlled.
Adrian Gropper
38:08
q+
Dmitri
38:52
@chris - great point.
Daniel Buchner
39:58
all are just SE endpoints in your DID Doc
Daniel Buchner
40:04
yes, magically they do their thing!
Daniel Buchner
40:12
that's my goal with replication
Daniel Buchner
40:23
yes
Orie Steele (Transmute)
40:23
Or not in your dod document…. You don’t need to disclose them to use them.
Dave Longley
40:23
well, magic we have to design and implement :)
Orie Steele (Transmute)
40:55
q+ to object to Daniels language
Dmitri
40:56
I suspect magic, in terms of replication, will be more the domain of Hubs. whereas EDVs will be much more of a 'manual ditch digging' sort of thing
Orie Steele (Transmute)
41:16
“We don’t know if instances are equivalent"
Daniel Buchner
41:30
Orie: huh?
Orie Steele (Transmute)
41:45
We should be careful to promise folks they can just use ___any__ edv thats is listed
Orie Steele (Transmute)
41:53
To not *
Daniel Buchner
42:05
Don't hate on me saying "Magic"
Orie Steele (Transmute)
42:17
:) thats basically what I am about to do
Daniel Buchner
42:25
because the section title in the CouchDB doc is literally "The Magic" LOLOL
Chris Were
42:48
With couch, replication can be client as well, via PouchDB
Daniel Buchner
43:47
I am tremendously good at bothering people, but especially Orie - we all have our special talents
Daniel Buchner
44:09
I agree that there is differential replication
Daniel Buchner
44:19
q+
Adrian Gropper
45:01
q+
Orie Steele (Transmute)
45:07
Yep, I love pouchdb
Orie Steele (Transmute)
45:34
The will get, “what they are configured to get"
Orie Steele (Transmute)
45:42
And the client gets to tell them that part.
Orie Steele (Transmute)
45:49
Or it won’t work :)
Adrian Gropper
45:51
Filtered replication is still a SLA issue.
Adrian Gropper
46:21
But is it separate service entities?
Dmitri
46:22
q+ to mention namespaces
Daniel Buchner
46:43
filtered replication
Chris Were
46:44
@Orie: Yeah exactly. With pouch/couch you can use either client/server replication.
Daniel Buchner
46:48
if that's what the spec sats
Orie Steele (Transmute)
46:48
I’m note sure the watch will even know about filters that it won’t have.
Daniel Buchner
47:09
Orie: there's a base-level map that all instances should have
Dmitri
47:12
@orie / chris - I would argue that with Pouch, it's /still/ "server"-controlled replication. Except that the library essentially runs a little server in the browser
Daniel Buchner
47:16
so they know what to send others, and not to send
Orie Steele (Transmute)
47:27
Daniel: No, there is no “base level map” :)
Orie Steele (Transmute)
47:42
Or at least, not one I have seen
Juan Caballero
47:44
entities here means infra providers ?
Dave Longley
47:46
q+ to say we should differentiate based on what the client needs to do, does it set a configuration option on the server and walk away or does it have to *do* the replication
Juan Caballero
47:55
entity is getting slippery
Daniel Buchner
48:01
***insert meme: Well it would be a lot cooler if it did***
Orie Steele (Transmute)
48:19
^ sure, I am not opposed to defining that…. later
Orie Steele (Transmute)
48:34
Simple things first.
Orie Steele (Transmute)
48:39
Then complex things
Dmitri
49:19
q+
Orie Steele (Transmute)
49:24
Please Dave pick a “place to start”
Chris Were
49:28
Need to support both IMO
Daniel Buchner
49:31
The Client is just one instance of the same logical thing, imo
Orie Steele (Transmute)
49:34
Don’t ask this group more open ended questions
Orie Steele (Transmute)
49:36
:)
Daniel Buchner
49:40
so it should do the same functions
Orie Steele (Transmute)
49:57
q+ to propose the simple case
Adrian Gropper
50:20
+1 Dave’s framing is useful.
Orie Steele (Transmute)
50:57
I think we can have the server do differential replication…
Daniel Buchner
50:59
that's an important distinction
Orie Steele (Transmute)
51:02
I have a proposal
Chris Were
51:04
q+
tobiaslooker
51:14
q+
Daniel Buchner
51:23
Dave really helped me understand where this is really a thing to throw to Hubs
Dave Longley
51:30
Orie, yes, maybe there's something we could do with encrypted indexes... would need to think about it.
Daniel Buchner
51:31
don't be a half-way replication crook
Orie Steele (Transmute)
51:42
Lets talk about what we have working today
Orie Steele (Transmute)
51:47
And how we could make indexes work
Daniel Buchner
51:48
it will be more complex to do that with half on each side
Dave Longley
51:52
@Daniel, yes, the client-controlled replication, I think, belongs in Hub space.
Daniel Buchner
51:59
q+
tobiaslooker
53:02
q-
Adrian Gropper
53:06
We can’t keep avoiding the authorization issue by calling it replication.
Dmitri
53:18
+1 to what Orie is saying.
Dave Longley
53:23
q+ to say we can explore what Orie is saying, it may be possible, but having not done it yet, i can't say what the pitfalls would be.
Adrian Gropper
53:48
q+
Adrian Gropper
54:39
+1 Orie
Orie Steele (Transmute)
55:07
My proposal will work for both “filtered” and “unfiltered"
Orie Steele (Transmute)
55:16
With encrypted indexes or not.
Chris Were
55:37
q+
Chris Were
55:54
You won’t always know the filter when designing the indexes, needs to be dynamic
Orie Steele (Transmute)
56:30
q+ to answer the bob indy question
Daniel Buchner
57:09
Yes, agree with Chris
Daniel Buchner
57:36
dynamism in the index means that inbound writers need to write in a way that new objects fall into the right indexes
Orie Steele (Transmute)
57:50
^ this is possible :)
Daniel Buchner
58:09
but without having to know all of the reindexing logic, unless we also replication those types of things *across participants*
Orie Steele (Transmute)
58:19
The only requirement is that the writer intend to be indexed.
Orie Steele (Transmute)
58:33
And therefor replicated
Daniel Buchner
58:49
Orie: I think your thing would require Alice's instances to actively replication index logic to Bob, so Bob can do the right thing with the objects he's inbounding
Daniel Buchner
59:01
actively replicate*
Daniel Buchner
59:34
I think it would be non-trivial
Daniel Buchner
01:00:01
and assume the writer IS NOT Alice writing to Alice
Daniel Buchner
01:00:12
the harder question is what Bob needs to do
Daniel Buchner
01:00:25
q+
Dmitri
01:01:50
(top of the hour warning)
Dave Longley
01:03:09
you'd probably want to have a number of different indexes (perhaps over the same data) using different keys to enable some "sharing" use cases here (to use the evil "sharing" term)