Re: Reconciling EDV with Alice to Bob from Adrian Gropper on 2020-01-28 (public-credentials@w3.org from January 2020)

From: Adrian Gropper <agropper@healthurl.com>
Date: Tue, 28 Jan 2020 08:55:42 -0500
To: Oliver Terbu <oliver.terbu@consensys.net>
Cc: Guillaume <gjgd+transmute@protonmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CANYRo8iq9Re_vwf6sX9kGaVsx_WOmXmsJNGvbDWae9h5xh22wA@mail.gmail.com>
Diagram 2 is pretty clear. The document is encrypted by Service1. Alice
doesn't have (and may not need or want) an EDV. Alice mostly wants the
hundreds of Services she deals with to respect her agent.

The other part of your question mentions Bob's agent. That's a real
complication in the real world where Bob's agent (with decryption
capability in the EDV model) is different from Bob's client (which is
typically controlled by Bob's employer.) This too is a real-world
interoperability issue to reconcile with our self-sovereign constructs.

- Adrian



On Tue, Jan 28, 2020 at 8:36 AM Oliver Terbu <oliver.terbu@consensys.net>
wrote:

> @Guillaume: thanks for the diagrams. In Use Case 2: how does BoB's agent
> decrypt the EncryptedDocument? I assume the document was encrypted by Alice.
>
> Thanks,
> Oliver
>
> On Fri, Jan 24, 2020 at 4:19 PM Adrian Gropper <agropper@healthurl.com>
> wrote:
>
>> Hi Guillaume,
>>
>> Thanks for the diagrams. They seem accurate and it's helpful to be clear
>> about who is delegating to whom. Every entity has an agent but there's only
>> one EDV in both cases.
>>
>> Indeed, your question is my main concern. Alice and Bob typically do not
>> have an EDV they control directly because the document exchange is between
>> the EDV and some system that, in most cases, is controlled by an employer.
>>
>> My hope is to help create a list of features that any agent MUST, SHOULD,
>> or MAY have in order to interop with EDVs and the clients controlled by
>> others.
>>
>> Does anyone care to try to create this list?
>>
>> Adrian
>>
>>
>>
>>
>>
>> On Fri, Jan 24, 2020 at 9:22 AM Guillaume <gjgd+transmute@protonmail.com>
>> wrote:
>>
>>> Hi Adrian,
>>>
>>> We've made two drawings in order to illustrate what you're saying. Let
>>> me know if those don't represent it accurately
>>> Case 1:
>>> https://docs.google.com/drawings/d/1ou7N6NHii1AQ-LsNZ3IBZUo8AdOhzjY-nn3bFOJ3hnQ/edit?usp=sharing
>>>
>>>
>>> Case 2:
>>> https://docs.google.com/drawings/d/1G2KHEnze5W9teFWS0nL0LU_Etqx8D48NU4fM4ZbDcgA/edit?usp=sharing
>>>
>>> So is what you're saying that Case 2 would facilitate interop efforts
>>> because user agents (Alice and Bob) would only need to know how to talk to
>>> the proxy agent (aka EDV agent, aka the service that is in between Alice
>>> and Bob in drawing 2), without creating an EDV themselves?
>>>
>>>
>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>> On Friday, January 24, 2020 12:09 AM, Adrian Gropper <
>>> agropper@healthurl.com> wrote:
>>>
>>> Transmute's recent post about EDV
>>> https://medium.com/transmute-techtalk/encrypted-data-vaults-c794055b170e
>>> prompts a possible thought experiment.
>>>
>>> Is this a useful way for us to reconcile interoperability among
>>> use-cases where the DID subject does or does not control the EDV and the
>>> client connecting to the EDV?
>>>
>>>
>>> Case 1
>>>
>>>    -
>>>
>>>    Alice gets an EDV agent.
>>>    -
>>>
>>>    Alice gets an EDV with Service1.
>>>    -
>>>
>>>    Alice has a way, via her agent, to share a doc in Service1 with Bob
>>>    via Bob’s agent.
>>>    -
>>>
>>>    Alice uses her agent to move the doc from Service1 to EDV Service2.
>>>
>>>
>>> Case 2
>>>
>>>    -
>>>
>>>    Alice gets an agent that’s compatible with EDV agents. Alice has no
>>>    EDV accounts.
>>>    -
>>>
>>>    Service1 gets an EDV agent.
>>>    -
>>>
>>>    Service1 gets an EDV with Service3.
>>>    -
>>>
>>>    Alice has a way, to “register” her agent with Service1’s EDV agent.
>>>    -
>>>
>>>    Alce has a way, via her agent, to share a doc in Service3 with Bob
>>>    via Bob’s agent.
>>>    -
>>>
>>>       Bob’s agent gets a capability from Alice’s agent.
>>>       -
>>>
>>>       Bob’s agent brings the capability to Service1 EDV agent, gets a
>>>       capability.
>>>       -
>>>
>>>       Bob’s agent gets the document from Service3.
>>>
>>>
>>> Differences between Case 2 and 1
>>>
>>>    -
>>>
>>>    Alice’s agent has no relationship with the EDV itself.
>>>    -
>>>
>>>    Alice’s agent can interoperate with an EDV agent.
>>>    -
>>>
>>>       Alice’s agent can register with the EDV agent (using a DID).
>>>       -
>>>
>>>       Alice’s agent can issue a capability to Bob’s agent.
>>>
>>>
>>> Case 1 and 2 are document-based and have no scoping issues. Other cases
>>> would add a scope to Bob’s capability.
>>>
>>> In both case 1 and 2 Bob’s agent (capable of interacting with Alice’s
>>> agent) may be different from Bob’s client, which actually connects to the
>>> EDV, which is controlled by someone other than Bob.
>>>
>>>
>>> -Adrian
>>>
>>>
>>>
Received on Tuesday, 28 January 2020 13:55:56 UTC