RE: Are we doing enough to align our work with Zero Trust Architecture? from Daniel Buchner on 2021-01-03 (public-did-wg@w3.org from January 2021)

From: Daniel Buchner <Daniel.Buchner@microsoft.com>
Date: Sun, 3 Jan 2021 19:23:18 +0000
To: "dzagidulin@gmail.com" <dzagidulin@gmail.com>, "agropper@healthurl.com" <agropper@healthurl.com>
CC: "public-did-wg@w3.org" <public-did-wg@w3.org>
Message-ID: <CO2PR00MB01529BF903084CBA3E7E7D7D81D39@CO2PR00MB0152.namprd00.prod.outlook.com>

Hey Adrian,

There's no way to have a completely zero trust personal datastore architecture unless all copies of your personal datastore are on machines you physically own. This is because even if you are encrypting data, a remote machine can still delete it, refuse to serve some files, etc. Realistically, the best you can do is encrypt data and provide instances of your datastore with explicit, certain, cryptographically secire directives on how to hand it out, trusting that if a remote instance of your datastore hands out the wrong data to the wrong person, at least it's encrypted, so they shouldn't be able to read the contents. I think this rational, minimal, infra-level trust is what we're shooting for in the Confidential Storage group.

- Daniel

From: Dmitri Zagidulin <dzagidulin@gmail.com>
Sent: Saturday, January 2, 2021 5:41 PM
To: Adrian Gropper <agropper@healthurl.com>
Cc: W3C DID Working Group <public-did-wg@w3.org>
Subject: Re: Are we doing enough to align our work with Zero Trust Architecture?

Hi Adrian,

It's a tough question (because the term 'Zero Trust' is kind of vague and undefined, or at least differently defined across projects).
But aside from that - no. Confidential Storage is pretty much the opposite of "zero trust" (which is why, if you recall, 'Zero Trust' was intentionally excluded from the list of valid names, when we were renaming the spec). We recognize that encryption is not enough, and we require trusted servers to enforce authorizations.

So, I'm sure there's a time and place for "zero trust architecture", it's just that it's completely out of scope for this group.

On Sat, Jan 2, 2021 at 6:35 PM Adrian Gropper <agropper@healthurl.com<mailto:agropper@healthurl.com>> wrote:
Please read https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F01%2F02%2Fus%2Fpolitics%2Frussian-hacking-government.html&data=04%7C01%7Cdaniel.buchner%40microsoft.com%7C5cccccb697cb4d47e0b308d8af88d782%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637452349584774738%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DcVBCkrMFjyodLF%2FyYiXVBtWdtm0yT1ZGrENYCM4foU%3D&reserved=0>

What would be a good way for our SSI communities to advance zero trust architecture through more effective accountability and audit?

Adrian

Received on Sunday, 3 January 2021 19:23:41 UTC