- From: Dan Bolser <dan@geromics.co.uk>
- Date: Thu, 30 Apr 2020 12:11:17 +0100
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: Ivan Herman <ivan@w3.org>, W3C DID Working Group <public-did-wg@w3.org>
- Message-ID: <CANQ+bf5k+R=sWfpDUp8QqrHyNb=JPNbbR2H8aEU2NBEspxmBxA@mail.gmail.com>
Thanks all, I've read all the replies so far with great interest. One small question about the below which I don't think has been addressed yet: On Wed, 29 Apr 2020 at 11:11, Adrian Gropper <agropper@healthurl.com> wrote: > If I understand correctly, this is a case where the DID has a “controller” > service endpoint that is an Authorization Server. (The AS standard is now > being improved as “transactional authorization” in IETF.) > Can you link me to the AS standard? And now I can't resist a broader comment... The “private” shoe size itself might be held in a secure data store such as > is operated by my hospital because they have a really good foot x-ray lab. > > In this architecture, the hospital is a processor (of foot x-rays) and the > authorization server, like the rest of the DID, is my controller. > Yes, this three party situation is roughly what I had in mind. Of course it generalises to two parties if I want to attest to my own shoe size... In my mind, the value of a "specific / concrete" protocol in either case is that the party with the data can be 'smart' in various dumb ways, doing things such as: letting people know I have a shoe size to offer (if you're interested), attaching 'conditions' to access, such as a promise to delete the data after 30 days, allowing toe size to be requested, refusing to give data about more than 6 toes, for example, checking the credentials of the request, reporting this succinctly to a user in the context of that uses preferences, etc., etc. I'm fairly sure all this has been 'painted' if not specified in detail (I need to read the other replies in more detail to work it out). For example is it clear how to use resources like this [1] in the above negotiation of body part dimensions? Or is this all out of scope? Many thanks, Dan. [1] https://www.ebi.ac.uk/ols/ontologies/uberon/terms?iri=http%3A%2F%2Fpurl.obolibrary.org%2Fobo%2FUBERON_0002387 - Adrian > > On Wed, Apr 29, 2020 at 5:11 AM Ivan Herman <ivan@w3.org> wrote: > >> Forwarding this to the DID WG list >> >> Ivan >> >> Begin forwarded message: >> >> *From: *Dan Bolser <dan@geromics.co.uk> >> *Subject: **Protocol for requesting private data?* >> *Date: *29 April 2020 at 10:56:17 GMT+2 >> *To: *public-vc-wg@w3.org >> *Resent-From: *public-vc-wg@w3.org >> *Archived-At: *< >> https://www.w3.org/mid/CANQ+bf7YPx8L-0PE2ddswGeB=EuNKLsuT2oj4Kt6x+g2rQwbiQ@mail.gmail.com >> > >> *List-Id: *<public-vc-wg.w3.org> >> *Message-Id: *< >> CANQ+bf7YPx8L-0PE2ddswGeB=EuNKLsuT2oj4Kt6x+g2rQwbiQ@mail.gmail.com> >> >> Sorry if this is the wrong place to ask... >> >> I'm looking for details on how to use SSI to request access to 'private' >> data from a controller. Specifically, I'm thinking about nuggets of data >> that I don't want to put in plain text in a DID document. >> >> My example is shoe size. An online shoe shop wants to know my shoe size >> to taylor my browsing experience. >> >> Are there specific / concrete proposals on how to negotiate this data? >> >> >> Many thanks, >> Dan. >> >> >> >> >> >> ---- >> Ivan Herman, W3C >> Home: http://www.w3.org/People/Ivan/ >> mobile: +31-641044153 >> ORCID ID: https://orcid.org/0000-0003-0782-2704 >> >>
Received on Thursday, 30 April 2020 11:11:47 UTC