Re: Reminder and Agenda for Confidential Storage Spec Call - Dec 3, 2020

Ahh, makes sense, thanks!

On Thu, Dec 3, 2020 at 4:30 PM John, Anil <anil.john@hq.dhs.gov> wrote:

> >I'm not sure where the Trusted Trade Server name came from, I wasn't
> involved then.
>
>
>
> It came from two proof-of-concepts (1) NAFTA/CAFTA POC and (2)
> Intellectual Property Rights multi-party blockchain technology
> proof-of-concept that DHS S&T and DHS CBP worked on back in the day which
> needed an architectural model that separated shared data from data that was
> business sensitive given the need for DHS/CBP to work with multiple,
> sometimes competing, entities in the Trade domain.
>
>
>
> The deployment architecture that resulted was validated in the POCs with
> trade organizations who brought their own Blockchain tech and who needed to
> share data with DHS/CBP deploying their Blockchain/DLT paired with an
> associated “Trade Server” in which the business sensitive data was kept
> under the control of the data owner, while allowing dynamic on-demand
> access by DHS/CBP.
>
>
>
> NAFTA/CAFTA POC report @
> https://www.cbp.gov/sites/default/files/assets/documents/2019-Oct/Final-NAFTA-CAFTA-Report.pdf
>
> IPR POC report @
> https://www.cbp.gov/sites/default/files/assets/documents/2020-Mar/IPR%20POC%20Report%20-%20Final%20V2.pdf
>
>
>
> The architectural model was interesting and generically useful enough
> that, Digital Bazaar who was the vendor that we worked with on the POCs,
> with our full support decided to contribute that architecture model to the
> community to be standardized via the “Encrypted Data Vault” spec/moniker.
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: https://www.dhs.gov/science-and-technology/svip]
>
>
>
> *From:* Dmitri Zagidulin <dzagidulin@gmail.com>
> *Sent:* Thursday, December 3, 2020 3:30 PM
> *To:* John, Anil <anil.john@hq.dhs.gov>
> *Cc:* Credentials Community Group <public-credentials@w3.org>
> *Subject:* Re: Reminder and Agenda for Confidential Storage Spec Call -
> Dec 3, 2020
>
>
>
> *CAUTION: *This email originated from outside of DHS. DO NOT click links
> or open attachments unless you recognize and/or trust the sender. Contact
> your component SOC with questions or concerns.
>
>
>
> So, to be slightly more detailed/pedantic, the evolution was more like:
>
>
>
> "Trusted Trade Server" >> the SVIP program / proof of concept that used
> that name generated interest and momentum in this. (I'm not sure where the
> Trusted Trade Server name came from, I wasn't involved then.)
>
>
>
> Then there was the Encrypted Data Vault draft spec (informed by the
> experience with the Trusted Trade Server tech). Last year, it was proposed
> to the W3C CCG as a work item. This stirred a lot of discussion and
> questions, starting with things like "how do EDVs relate to project X over
> here...".
>
> It was clear that multiple groups working on similar tech were interested
> in the concept of encrypted / secure storage, including DIF's Identity Hub
> project (also some interest from Hyperledger Aries, Solid Project, etc).
>
>
>
> So right around that same time, the Encrypted Data Vaults paper
> <https://urldefense.us/v2/url?u=https-3A__github.com_WebOfTrustInfo_rwot9-2Dprague_blob_master_draft-2Ddocuments_encrypted-2Ddata-2Dvaults.md&d=DwMFaQ&c=2plI3hXH8ww3j2g8pV19QHIf4SmK_I-Eol_p9P0CttE&r=FUgYmx6LTIaPqn7QR6TBfzml-fqCTpab-djgqlCFtgU&m=2mpFeK4htT_5HqaV0qLqGOFFiIbjEIjnodt6VHIKGx8&s=7ewjo5amgQshBdeHF2QBNd2e4AhcFh7SX5XCk3ZgZ_s&e=>
> came out (at the Rebooting the Web of Trust 9 conference in Prague), which
> attempted to clarify what Encrypted Data Vaults were, and how they related
> to other projects in this space (including Identity Hub).
>
>
>
> Further discussion made it clear that a lot of this work is related, and
> complementary (for example, Identity Hub could use Encrypted Data Vaults as
> a low-level storage spec). And after a lot of *titanic* effort and
> negotiation, several communities came to form the Secure Data Storage WG at
> DIF (as a joint item with the W3C CCG). (There was a bit of time pressure
> to come up with the name for the group and the spec, and 'Secure Data
> Storage' was the best we could come up with at the time.)
>
>
>
> The important detail here is - "Secure Data Storage" was an umbrella term
> (for the spec and the working group) which included in it the Encrypted
> Data Vault spec and the Identity Hub spec.
>
>
>
> Fast forward to now. As the working group went on (and mentioned this work
> to other communities), a consistent piece of feedback that we encountered
> was... the fact that "secure" storage was too *generic* of a term. All
> companies and storage provider (from the most random web hosting company to
> Dropbox to Google Drive etc) rightly consider their storage, well.. secure.
> It was turning out that the 'Secure Data Storage' name was not working.
>
>
>
> Hence the project to rename it. (Very reluctantly rename it, mind you.)
> And 'Confidential Storage' is the name that got the most consensus.
>
>
>
> And again, it doesn't *replace* Encrypted Data Vaults or Identity Hubs.
> It's just the general umbrella term for those specs and related tech.
>
>
>
> Does that make more sense?
>
>
>
> On Thu, Dec 3, 2020 at 12:51 PM John, Anil <anil.john@hq.dhs.gov> wrote:
>
> Just so I can trace the evolution of the naming here …
>
>
>
> Trusted Trade Server  >> Encrypted Data Vault >> Secure Data Storage >> to
> …. “Confidential Storage”? :-)
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: https://www.dhs.gov/science-and-technology/svip]
>
>
>
>
>
>