- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Tue, 28 Jan 2020 10:35:47 -0500
- To: Oliver Terbu <oliver.terbu@consensys.net>, Adrian Gropper <agropper@healthurl.com>
- Cc: Guillaume <gjgd+transmute@protonmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
On 1/28/20 9:15 AM, Oliver Terbu wrote: > Thanks, you are right. I overlooked that. > > If the `EncryptedDocument` as per EDV spec is created by Service 1 and > then stored in Service 3 by Service 1, then Bob would have to ask > Service 1 to decrypt the `EncryptedDocument` (see > https://digitalbazaar.github.io/encrypted-data-vaults/#reading-a-document), > or Alice shared some keys with Bob out-of-band. Is this correct? Note that an alternative to sharing keys directly would be delegating a capability (that can be subsequently revoked/expire) to use a key agreement key (for example, one that resides in a WebKMS system). This can help reduce the number of "recipients" for which the document needs to be encrypted and thus also reduce "recipient" management overhead. > I > didn't see anything in the EDV spec that talks about that protocol nor > in the Case 2 diagram. Is this even in scope of the EDV spec? A sequence > diagram would be great to better understand how the EDV spec can be > applied to the two cases Adrian mentioned. > > Oliver > > On Tue, Jan 28, 2020 at 2:55 PM Adrian Gropper <agropper@healthurl.com > <mailto:agropper@healthurl.com>> wrote: > > Diagram 2 is pretty clear. The document is encrypted by Service1. > Alice doesn't have (and may not need or want) an EDV. Alice mostly > wants the hundreds of Services she deals with to respect her agent. > > The other part of your question mentions Bob's agent. That's a real > complication in the real world where Bob's agent (with decryption > capability in the EDV model) is different from Bob's client (which > is typically controlled by Bob's employer.) This too is a real-world > interoperability issue to reconcile with our self-sovereign constructs. > > - Adrian > > > > On Tue, Jan 28, 2020 at 8:36 AM Oliver Terbu > <oliver.terbu@consensys.net <mailto:oliver.terbu@consensys.net>> wrote: > > @Guillaume: thanks for the diagrams. In Use Case 2: how does > BoB's agent decrypt the EncryptedDocument? I assume the document > was encrypted by Alice. > > Thanks, > Oliver > > On Fri, Jan 24, 2020 at 4:19 PM Adrian Gropper > <agropper@healthurl.com <mailto:agropper@healthurl.com>> wrote: > > Hi Guillaume, > > Thanks for the diagrams. They seem accurate and it's helpful > to be clear about who is delegating to whom. Every entity > has an agent but there's only one EDV in both cases. > > Indeed, your question is my main concern. Alice and Bob > typically do not have an EDV they control directly because > the document exchange is between the EDV and some system > that, in most cases, is controlled by an employer. > > My hope is to help create a list of features that any agent > MUST, SHOULD, or MAY have in order to interop with EDVs and > the clients controlled by others. > > Does anyone care to try to create this list? > > Adrian > > > > > > On Fri, Jan 24, 2020 at 9:22 AM Guillaume > <gjgd+transmute@protonmail.com > <mailto:gjgd%2Btransmute@protonmail.com>> wrote: > > Hi Adrian, > > We've made two drawings in order to illustrate what > you're saying. Let me know if those don't represent it > accurately > Case 1: > https://docs.google.com/drawings/d/1ou7N6NHii1AQ-LsNZ3IBZUo8AdOhzjY-nn3bFOJ3hnQ/edit?usp=sharing > > > Case 2: > https://docs.google.com/drawings/d/1G2KHEnze5W9teFWS0nL0LU_Etqx8D48NU4fM4ZbDcgA/edit?usp=sharing > > So is what you're saying that Case 2 would facilitate > interop efforts because user agents (Alice and Bob) > would only need to know how to talk to the proxy agent > (aka EDV agent, aka the service that is in between Alice > and Bob in drawing 2), without creating an EDV themselves? > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Friday, January 24, 2020 12:09 AM, Adrian Gropper > <agropper@healthurl.com <mailto:agropper@healthurl.com>> > wrote: > >> Transmute's recent post about EDV >> https://medium.com/transmute-techtalk/encrypted-data-vaults-c794055b170e >> prompts a possible thought experiment. >> >> Is this a useful way for us to reconcile >> interoperability among use-cases where the DID subject >> does or does not control the EDV and the client >> connecting to the EDV? >> >> >> Case 1 >> >> * >> >> Alice gets an EDV agent. >> >> * >> >> Alice gets an EDV with Service1. >> >> * >> >> Alice has a way, via her agent, to share a doc in >> Service1 with Bob via Bob’s agent. >> >> * >> >> Alice uses her agent to move the doc from Service1 >> to EDV Service2. >> >> >> Case 2 >> >> * >> >> Alice gets an agent that’s compatible with EDV >> agents. Alice has no EDV accounts. >> >> * >> >> Service1 gets an EDV agent. >> >> * >> >> Service1 gets an EDV with Service3. >> >> * >> >> Alice has a way, to “register” her agent with >> Service1’s EDV agent. >> >> * >> >> Alce has a way, via her agent, to share a doc in >> Service3 with Bob via Bob’s agent. >> >> o >> >> Bob’s agent gets a capability from Alice’s agent. >> >> o >> >> Bob’s agent brings the capability to Service1 >> EDV agent, gets a capability. >> >> o >> >> Bob’s agent gets the document from Service3. >> >> >> Differences between Case 2 and 1 >> >> * >> >> Alice’s agent has no relationship with the EDV itself. >> >> * >> >> Alice’s agent can interoperate with an EDV agent. >> >> o >> >> Alice’s agent can register with the EDV agent >> (using a DID). >> >> o >> >> Alice’s agent can issue a capability to Bob’s >> agent. >> >> >> Case 1 and 2 are document-based and have no scoping >> issues. Other cases would add a scope to Bob’s capability. >> >> >> In both case 1 and 2 Bob’s agent (capable of >> interacting with Alice’s agent) may be different from >> Bob’s client, which actually connects to the EDV, >> which is controlled by someone other than Bob. >> >> >> -Adrian >> > -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Tuesday, 28 January 2020 15:35:53 UTC