- From: Adrian Gropper <agropper@healthurl.com>
- Date: Fri, 24 Jan 2020 10:17:11 -0500
- To: Guillaume <gjgd+transmute@protonmail.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8gssktU0sLX0EcXo__O8Ox0ogJH1x0Tf8Mj5v1a4bQB_Q@mail.gmail.com>
Hi Guillaume, Thanks for the diagrams. They seem accurate and it's helpful to be clear about who is delegating to whom. Every entity has an agent but there's only one EDV in both cases. Indeed, your question is my main concern. Alice and Bob typically do not have an EDV they control directly because the document exchange is between the EDV and some system that, in most cases, is controlled by an employer. My hope is to help create a list of features that any agent MUST, SHOULD, or MAY have in order to interop with EDVs and the clients controlled by others. Does anyone care to try to create this list? Adrian On Fri, Jan 24, 2020 at 9:22 AM Guillaume <gjgd+transmute@protonmail.com> wrote: > Hi Adrian, > > We've made two drawings in order to illustrate what you're saying. Let me > know if those don't represent it accurately > Case 1: > https://docs.google.com/drawings/d/1ou7N6NHii1AQ-LsNZ3IBZUo8AdOhzjY-nn3bFOJ3hnQ/edit?usp=sharing > > > Case 2: > https://docs.google.com/drawings/d/1G2KHEnze5W9teFWS0nL0LU_Etqx8D48NU4fM4ZbDcgA/edit?usp=sharing > > So is what you're saying that Case 2 would facilitate interop efforts > because user agents (Alice and Bob) would only need to know how to talk to > the proxy agent (aka EDV agent, aka the service that is in between Alice > and Bob in drawing 2), without creating an EDV themselves? > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Friday, January 24, 2020 12:09 AM, Adrian Gropper < > agropper@healthurl.com> wrote: > > Transmute's recent post about EDV > https://medium.com/transmute-techtalk/encrypted-data-vaults-c794055b170e > prompts a possible thought experiment. > > Is this a useful way for us to reconcile interoperability among use-cases > where the DID subject does or does not control the EDV and the client > connecting to the EDV? > > > Case 1 > > - > > Alice gets an EDV agent. > - > > Alice gets an EDV with Service1. > - > > Alice has a way, via her agent, to share a doc in Service1 with Bob > via Bob’s agent. > - > > Alice uses her agent to move the doc from Service1 to EDV Service2. > > > Case 2 > > - > > Alice gets an agent that’s compatible with EDV agents. Alice has no > EDV accounts. > - > > Service1 gets an EDV agent. > - > > Service1 gets an EDV with Service3. > - > > Alice has a way, to “register” her agent with Service1’s EDV agent. > - > > Alce has a way, via her agent, to share a doc in Service3 with Bob via > Bob’s agent. > - > > Bob’s agent gets a capability from Alice’s agent. > - > > Bob’s agent brings the capability to Service1 EDV agent, gets a > capability. > - > > Bob’s agent gets the document from Service3. > > > Differences between Case 2 and 1 > > - > > Alice’s agent has no relationship with the EDV itself. > - > > Alice’s agent can interoperate with an EDV agent. > - > > Alice’s agent can register with the EDV agent (using a DID). > - > > Alice’s agent can issue a capability to Bob’s agent. > > > Case 1 and 2 are document-based and have no scoping issues. Other cases > would add a scope to Bob’s capability. > > In both case 1 and 2 Bob’s agent (capable of interacting with Alice’s > agent) may be different from Bob’s client, which actually connects to the > EDV, which is controlled by someone other than Bob. > > > -Adrian > > >
Received on Friday, 24 January 2020 15:17:29 UTC