- From: Carlos Bruguera <cbruguera@gmail.com>
- Date: Tue, 2 Jul 2019 13:30:20 +0700
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAJrRL-FWZhbX0C10jHcv6trbw7RMQu_01CqRjEuqm+Bj-LZDYg@mail.gmail.com>
Great initiative! My assumption is that this specs attempt to "standardize" all these separate lines of work for secure identity data storage? Are DIF Hubs, for example, expected to stay compliant with these specs (or are the specs already being considered to be compatible with the ongoing work on DIF Hubs)? I cite the DIF Hubs specific example because I already perceived it it as an initiative to reach some sort of "common ground" for agent interoperability among different identity platforms (if I my understanding is correct)... On this note, A particular feature of DIF Hubs is that they intend to implement a protocol for data replication among different agents: is this being considered for Secure Data Hubs, or would that be left outside this scope? Any feedback appreciated. Thanks in advance. On Tue, Jul 2, 2019 at 11:10 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > Hi all, > > For a number of years, a handful of us in the community have been > grappling with the problem of personal data storage. How do we store > application data, such as Verifiable Credentials, in a way that is > controlled and administered by us, encrypted by default from parties > that may not have our best interests in mind, and most importantly in a > standards-compliant manner? > > There is similar work going on at Hyperledger Aries, DIF's Identity > Hubs, at Solid/Inrupt, and elsewhere in the world. We tried to study > each system and provide a fundamental low-level layer for answering the > question above... we're calling the technology: > > Secure Data Hubs > > ... and here's the Abstract: > > We store a significant amount of sensitive data online such as > personally identifying information, trade secrets, family pictures, and > customer information. The data that we store should be encrypted in > transit and at rest but is often not protected in an appropriate manner. > This specification describes a privacy-respecting mechanism for storing, > indexing, and retrieving encrypted data at a storage provider. It is > often useful when an individual or organization wants to protect data in > a way that the storage provider cannot view, analyze, aggregate, or > resell the data. This approach also ensures that application data is > portable and protected from storage provider data breaches. > > This is a very rough draft and we hope to incubate the work in the W3C > CCG and eventually gain support for it across various communities and > take it through the standardization process at W3C: > > https://msporny.github.io/data-hubs/ > > If there is interest in collaborating on the specification, we'll > contribute it to the W3C CCG and request that it become a formal work > item in the group. For now, take a look at the spec and let us know what > you think about it. Happy to answer any questions on this mailing list > and on a future CCG call if the Chairs deem this a good topic to cover. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny) > Founder/CEO - Digital Bazaar, Inc. > blog: Veres One Decentralized Identifier Blockchain Launches > https://tinyurl.com/veres-one-launches > > >
Received on Tuesday, 2 July 2019 06:30:59 UTC