- From: Oliver Terbu <oliver.terbu@consensys.net>
- Date: Tue, 28 Jan 2020 14:36:25 +0100
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: Guillaume <gjgd+transmute@protonmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CALu3yZ+F7-p9dtvE6ReBmaA+Cm=QJrkAK6iSQ-kj_rW74rBmfw@mail.gmail.com>
@Guillaume: thanks for the diagrams. In Use Case 2: how does BoB's agent decrypt the EncryptedDocument? I assume the document was encrypted by Alice. Thanks, Oliver On Fri, Jan 24, 2020 at 4:19 PM Adrian Gropper <agropper@healthurl.com> wrote: > Hi Guillaume, > > Thanks for the diagrams. They seem accurate and it's helpful to be clear > about who is delegating to whom. Every entity has an agent but there's only > one EDV in both cases. > > Indeed, your question is my main concern. Alice and Bob typically do not > have an EDV they control directly because the document exchange is between > the EDV and some system that, in most cases, is controlled by an employer. > > My hope is to help create a list of features that any agent MUST, SHOULD, > or MAY have in order to interop with EDVs and the clients controlled by > others. > > Does anyone care to try to create this list? > > Adrian > > > > > > On Fri, Jan 24, 2020 at 9:22 AM Guillaume <gjgd+transmute@protonmail.com> > wrote: > >> Hi Adrian, >> >> We've made two drawings in order to illustrate what you're saying. Let me >> know if those don't represent it accurately >> Case 1: >> https://docs.google.com/drawings/d/1ou7N6NHii1AQ-LsNZ3IBZUo8AdOhzjY-nn3bFOJ3hnQ/edit?usp=sharing >> >> >> Case 2: >> https://docs.google.com/drawings/d/1G2KHEnze5W9teFWS0nL0LU_Etqx8D48NU4fM4ZbDcgA/edit?usp=sharing >> >> So is what you're saying that Case 2 would facilitate interop efforts >> because user agents (Alice and Bob) would only need to know how to talk to >> the proxy agent (aka EDV agent, aka the service that is in between Alice >> and Bob in drawing 2), without creating an EDV themselves? >> >> >> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >> On Friday, January 24, 2020 12:09 AM, Adrian Gropper < >> agropper@healthurl.com> wrote: >> >> Transmute's recent post about EDV >> https://medium.com/transmute-techtalk/encrypted-data-vaults-c794055b170e >> prompts a possible thought experiment. >> >> Is this a useful way for us to reconcile interoperability among use-cases >> where the DID subject does or does not control the EDV and the client >> connecting to the EDV? >> >> >> Case 1 >> >> - >> >> Alice gets an EDV agent. >> - >> >> Alice gets an EDV with Service1. >> - >> >> Alice has a way, via her agent, to share a doc in Service1 with Bob >> via Bob’s agent. >> - >> >> Alice uses her agent to move the doc from Service1 to EDV Service2. >> >> >> Case 2 >> >> - >> >> Alice gets an agent that’s compatible with EDV agents. Alice has no >> EDV accounts. >> - >> >> Service1 gets an EDV agent. >> - >> >> Service1 gets an EDV with Service3. >> - >> >> Alice has a way, to “register” her agent with Service1’s EDV agent. >> - >> >> Alce has a way, via her agent, to share a doc in Service3 with Bob >> via Bob’s agent. >> - >> >> Bob’s agent gets a capability from Alice’s agent. >> - >> >> Bob’s agent brings the capability to Service1 EDV agent, gets a >> capability. >> - >> >> Bob’s agent gets the document from Service3. >> >> >> Differences between Case 2 and 1 >> >> - >> >> Alice’s agent has no relationship with the EDV itself. >> - >> >> Alice’s agent can interoperate with an EDV agent. >> - >> >> Alice’s agent can register with the EDV agent (using a DID). >> - >> >> Alice’s agent can issue a capability to Bob’s agent. >> >> >> Case 1 and 2 are document-based and have no scoping issues. Other cases >> would add a scope to Bob’s capability. >> >> In both case 1 and 2 Bob’s agent (capable of interacting with Alice’s >> agent) may be different from Bob’s client, which actually connects to the >> EDV, which is controlled by someone other than Bob. >> >> >> -Adrian >> >> >>
Received on Tuesday, 28 January 2020 13:36:40 UTC