Re: concerns about personal data hubs, identity hubs, EDV from Manu Sporny on 2019-11-18 (public-credentials@w3.org from November 2019)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 18 Nov 2019 12:03:05 -0500
To: daniel.hardman@evernym.com
Cc: Daniel Buchner <daniel.buchner@microsoft.com>, Sam Curren <telegramsam@gmail.com>, "indy@lists.hyperledger.org" <indy@lists.hyperledger.org>, Rouven Heck <rouven.heck@consensys.net>, W3C Credentials CG <public-credentials@w3.org>, Tobias Looker <tobias.looker@mattr.global>, Orie Steele <orie@transmute.industries>, Dmitri Zagidulin <dzagidulin@gmail.com>
Message-ID: <ed205cfd-b7e9-a8a6-eec8-ae81d5a657ed@digitalbazaar.com>

On 11/18/19 10:46 AM, Daniel Hardman wrote:
> This email is a comment about the architecture that's beginning to 
> coalesce around the data hub concept. It is not me trying to derail 
> the effort--I think it's good and important--but me trying to raise a
> cautionary flag and trigger some thoughtful dialog.

Thank you for raising these concerns, Daniel. I personally found nothing
in what you wrote with which to disagree... and I tried really hard to
find a nuance that would send us down different paths.

I think what you hope for is reflected in the Encrypted Data Vaults
spec (which we hope to build Identity Hubs on top of), and if it isn't,
it should be... because what you're saying should be at the heart of
what we're doing. Again, personal opinion. I'm almost certain it's the
opinion of Digital Bazaar. It also aligns w/ other cross-community
discussions I've had over the past several months.

The devil is in the details, but I think we're all headed down the same
road... we'll find out if that's true on Friday.

> This means that I would like it to be possible for Alice to put a
> hub interface behind her own identity (and her own DID) rather than
> the identity of a third party hub-serving intermediary. If we can
> design hub interfaces such that this is a first-class mode of
> operation, I will feel cheerful about this issue.

+1, I feel like that's what we're trying to do.

> Therefore, I am looking for any spec that gets written to include
> the ability to interface with hubs over DIDComm. This means that in
> the non-TLS mode, I ought to be able to authenticate the hub itself,
> plus any party that interacts with a hub, using the keys in my DID
> doc, NOT using certs and logins and API keys.

+1, that's a design requirement for Encrypted Data Vaults, on which
Identity Hubs should be able to be built (if we did the design correctly).

I'm being brief because I agree with everything you said, Daniel... just
wanted to make sure you know that there may be more alignment than you
think.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Monday, 18 November 2019 17:03:53 UTC