Re: Reconciling EDV with Alice to Bob from Oliver Terbu on 2020-01-28 (public-credentials@w3.org from January 2020)

From: Oliver Terbu <oliver.terbu@consensys.net>
Date: Tue, 28 Jan 2020 15:15:52 +0100
To: Adrian Gropper <agropper@healthurl.com>
Cc: Guillaume <gjgd+transmute@protonmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CALu3yZLKzNzr69vEYt05Bp6YhML20q2DpKRxakojRPZdh2dqjA@mail.gmail.com>
Thanks, you are right. I overlooked that.

If the `EncryptedDocument` as per EDV spec is created by Service 1 and then
stored in Service 3 by Service 1, then Bob would have to ask Service 1 to
decrypt the `EncryptedDocument` (see
https://digitalbazaar.github.io/encrypted-data-vaults/#reading-a-document),
or Alice shared some keys with Bob out-of-band. Is this correct? I didn't
see anything in the EDV spec that talks about that protocol nor in the Case
2 diagram. Is this even in scope of the EDV spec? A sequence diagram would
be great to better understand how the EDV spec can be applied to the two
cases Adrian mentioned.

Oliver

On Tue, Jan 28, 2020 at 2:55 PM Adrian Gropper <agropper@healthurl.com>
wrote:

> Diagram 2 is pretty clear. The document is encrypted by Service1. Alice
> doesn't have (and may not need or want) an EDV. Alice mostly wants the
> hundreds of Services she deals with to respect her agent.
>
> The other part of your question mentions Bob's agent. That's a real
> complication in the real world where Bob's agent (with decryption
> capability in the EDV model) is different from Bob's client (which is
> typically controlled by Bob's employer.) This too is a real-world
> interoperability issue to reconcile with our self-sovereign constructs.
>
> - Adrian
>
>
>
> On Tue, Jan 28, 2020 at 8:36 AM Oliver Terbu <oliver.terbu@consensys.net>
> wrote:
>
>> @Guillaume: thanks for the diagrams. In Use Case 2: how does BoB's agent
>> decrypt the EncryptedDocument? I assume the document was encrypted by Alice.
>>
>> Thanks,
>> Oliver
>>
>> On Fri, Jan 24, 2020 at 4:19 PM Adrian Gropper <agropper@healthurl.com>
>> wrote:
>>
>>> Hi Guillaume,
>>>
>>> Thanks for the diagrams. They seem accurate and it's helpful to be clear
>>> about who is delegating to whom. Every entity has an agent but there's only
>>> one EDV in both cases.
>>>
>>> Indeed, your question is my main concern. Alice and Bob typically do not
>>> have an EDV they control directly because the document exchange is between
>>> the EDV and some system that, in most cases, is controlled by an employer.
>>>
>>> My hope is to help create a list of features that any agent MUST,
>>> SHOULD, or MAY have in order to interop with EDVs and the clients
>>> controlled by others.
>>>
>>> Does anyone care to try to create this list?
>>>
>>> Adrian
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jan 24, 2020 at 9:22 AM Guillaume <gjgd+transmute@protonmail.com>
>>> wrote:
>>>
>>>> Hi Adrian,
>>>>
>>>> We've made two drawings in order to illustrate what you're saying. Let
>>>> me know if those don't represent it accurately
>>>> Case 1:
>>>> https://docs.google.com/drawings/d/1ou7N6NHii1AQ-LsNZ3IBZUo8AdOhzjY-nn3bFOJ3hnQ/edit?usp=sharing
>>>>
>>>>
>>>> Case 2:
>>>> https://docs.google.com/drawings/d/1G2KHEnze5W9teFWS0nL0LU_Etqx8D48NU4fM4ZbDcgA/edit?usp=sharing
>>>>
>>>> So is what you're saying that Case 2 would facilitate interop efforts
>>>> because user agents (Alice and Bob) would only need to know how to talk to
>>>> the proxy agent (aka EDV agent, aka the service that is in between Alice
>>>> and Bob in drawing 2), without creating an EDV themselves?
>>>>
>>>>
>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>>> On Friday, January 24, 2020 12:09 AM, Adrian Gropper <
>>>> agropper@healthurl.com> wrote:
>>>>
>>>> Transmute's recent post about EDV
>>>> https://medium.com/transmute-techtalk/encrypted-data-vaults-c794055b170e
>>>> prompts a possible thought experiment.
>>>>
>>>> Is this a useful way for us to reconcile interoperability among
>>>> use-cases where the DID subject does or does not control the EDV and the
>>>> client connecting to the EDV?
>>>>
>>>>
>>>> Case 1
>>>>
>>>>    -
>>>>
>>>>    Alice gets an EDV agent.
>>>>    -
>>>>
>>>>    Alice gets an EDV with Service1.
>>>>    -
>>>>
>>>>    Alice has a way, via her agent, to share a doc in Service1 with Bob
>>>>    via Bob’s agent.
>>>>    -
>>>>
>>>>    Alice uses her agent to move the doc from Service1 to EDV Service2.
>>>>
>>>>
>>>> Case 2
>>>>
>>>>    -
>>>>
>>>>    Alice gets an agent that’s compatible with EDV agents. Alice has no
>>>>    EDV accounts.
>>>>    -
>>>>
>>>>    Service1 gets an EDV agent.
>>>>    -
>>>>
>>>>    Service1 gets an EDV with Service3.
>>>>    -
>>>>
>>>>    Alice has a way, to “register” her agent with Service1’s EDV agent.
>>>>    -
>>>>
>>>>    Alce has a way, via her agent, to share a doc in Service3 with Bob
>>>>    via Bob’s agent.
>>>>    -
>>>>
>>>>       Bob’s agent gets a capability from Alice’s agent.
>>>>       -
>>>>
>>>>       Bob’s agent brings the capability to Service1 EDV agent, gets a
>>>>       capability.
>>>>       -
>>>>
>>>>       Bob’s agent gets the document from Service3.
>>>>
>>>>
>>>> Differences between Case 2 and 1
>>>>
>>>>    -
>>>>
>>>>    Alice’s agent has no relationship with the EDV itself.
>>>>    -
>>>>
>>>>    Alice’s agent can interoperate with an EDV agent.
>>>>    -
>>>>
>>>>       Alice’s agent can register with the EDV agent (using a DID).
>>>>       -
>>>>
>>>>       Alice’s agent can issue a capability to Bob’s agent.
>>>>
>>>>
>>>> Case 1 and 2 are document-based and have no scoping issues. Other cases
>>>> would add a scope to Bob’s capability.
>>>>
>>>> In both case 1 and 2 Bob’s agent (capable of interacting with Alice’s
>>>> agent) may be different from Bob’s client, which actually connects to the
>>>> EDV, which is controlled by someone other than Bob.
>>>>
>>>>
>>>> -Adrian
>>>>
>>>>
>>>>
Received on Tuesday, 28 January 2020 14:16:06 UTC