- From: Adrian Gropper <agropper@healthurl.com>
- Date: Thu, 23 Jan 2020 12:09:26 -0500
- To: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8hvbcUa6NN82n7MG6fBfc6QzWavJ=fseDtVVkb32G+Kaw@mail.gmail.com>
Transmute's recent post about EDV
https://medium.com/transmute-techtalk/encrypted-data-vaults-c794055b170e
prompts a possible thought experiment.
Is this a useful way for us to reconcile interoperability among use-cases
where the DID subject does or does not control the EDV and the client
connecting to the EDV?
Case 1
-
Alice gets an EDV agent.
-
Alice gets an EDV with Service1.
-
Alice has a way, via her agent, to share a doc in Service1 with Bob via
Bob’s agent.
-
Alice uses her agent to move the doc from Service1 to EDV Service2.
Case 2
-
Alice gets an agent that’s compatible with EDV agents. Alice has no EDV
accounts.
-
Service1 gets an EDV agent.
-
Service1 gets an EDV with Service3.
-
Alice has a way, to “register” her agent with Service1’s EDV agent.
-
Alce has a way, via her agent, to share a doc in Service3 with Bob via
Bob’s agent.
-
Bob’s agent gets a capability from Alice’s agent.
-
Bob’s agent brings the capability to Service1 EDV agent, gets a
capability.
-
Bob’s agent gets the document from Service3.
Differences between Case 2 and 1
-
Alice’s agent has no relationship with the EDV itself.
-
Alice’s agent can interoperate with an EDV agent.
-
Alice’s agent can register with the EDV agent (using a DID).
-
Alice’s agent can issue a capability to Bob’s agent.
Case 1 and 2 are document-based and have no scoping issues. Other cases
would add a scope to Bob’s capability.
In both case 1 and 2 Bob’s agent (capable of interacting with Alice’s
agent) may be different from Bob’s client, which actually connects to the
EDV, which is controlled by someone other than Bob.
-Adrian
Received on Thursday, 23 January 2020 17:09:41 UTC