owned this note
owned this note
Published
Linked with GitHub
# Running Agenda & Minutes of Distributed Data Storage & Relay Implementer Calls
[ [DIF Calendar](https://bit.ly/dif-calendar) | [spec](https://github.com/decentralized-identity/identity-hub/) | [zoom link](https://us02web.zoom.us/j/83661706904?pwd=Z2MxNWJJalVGbXNNRTdGRC9HeTNEZz09) ] meetings every other Wednesday at 7
## 2021-07-15 - Hubs update
Daniel
- overview - 3 architectures that might be aligned/abstracted
+ "everything is a filepath"
+ URL routes (REST based)
+ Object-Oriented (DIDComm-esque OO protocol)
+ design goals
+ DID URLs - *encode* the passage of an object
+ Adrian: could even be a token, no? Daniel: Yes
+ various approaches to "normalization" of interfaces
+ "permission objects" and invocations
+ combine/embed api command objects and capability invocation
+ adrian: AuthZ choices, can we separate those concerns (addressing and authorization)
+ Daniel: there needs to be some way of passing authZ signatures whatever the configuration; "the hub" would enforce policies and
+ Daniel: could work across diff architectures (say, microservices); but all this works as a logical whole regardless, by dint of the hub abstract itself
+ adrian: end-user managing agents and hubs distinctly? Daniel: I don't think the hub should care;
+ Adrian: Inrupt/solid seems to collapse the agent and hub; is there a standardized API between hub and agent
+ daniel - proposals
+ Hub's native language = object-based; anything higher-order must be translated
+ dereferencing pretty standards, service=identityhub in a DID URL that looks like example 1 [here](https://w3c-ccg.github.io/did-resolution/#dereferencing-algorithm-primary)
+ Adrian: Service Endpoint survey in DIF Glossary group a yearish ago: mediator function? //notification and //files/EDV
- Making that translation/abstraction more concrete
- filepath example:
- schema originals, illegal characters, other constraints?
- a recent fission PR: schema path translated to something non-inferential
- each company is responsible for that translation
- each approach brings certain constraints;
- Charles: I can sympathize with the "object"-abstraction approach; how would ZCaps work here?
- Daniel: UCanns gets passed, but not bound to the data, have to be passed along; what values *need* to be present in the objects for them to be translatable to all
- where ambiguous or requiring, say, an extra envelope or something, that can be specified by the object spec
- Charles: how work with CIDs?
- Read/write whatever corresponds to this CID? or more like
- Daniel: They're more like functions than invocations: the object contain a predicate and an action
- Abstracting the nature of the calls
- trying not to bind the objects to HTTP syntax/verbs, or at least a superset of them?
- Juan: how diff from JSONRPC?
- Adrian: Reminds me of RAR - Brian's recent email:
- https://medium.com/oauth-2/rich-oauth-2-0-authorization-requests-87870e263ecb
- https://pt.slideshare.net/TorstenLodderstedt/rich-authorization-requests
- https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar
- https://youtu.be/g_aVPdwBTfw?t=1240
- Adrian: layered control - does this specify/ossify a fixed set of options for backing systems?
- Daniel: Next steps
- a PR to better describe properties of the objects
- Juan: I'd like to see an example or two from each category of objects (Fetch, COllection-style, etc), ideally with a simple use-case, for translating into the various backing architectures to have a concrete example to play with (and help identify corner-cases/limits to translation early...)
- working on a prototype in a branch /reference/, node server but works on client side (dexy) - not performant, but useful for testing and tire-kicking (JOSE-CBOR)
- reference might be useful to make service conversation a little less speculative and more concrete
## 2021-07-07 - Functional Requirements meeting
Hacky "Doodle" for new time proposal:
X = all of us could make this time
/ = some of us could make this time and/or we hate it
|time|daniel b|spruce|fission|ceramic|textile|
|---|---|---|---|---|---|
|Mon 18CET/9PST||X||||
|Mon 19CET/10PST||X||||
|Tue 18CET/9PST||X||||
|Tue 19CET/10PST||X||||
|Wed 18CET/9PST||X||||
|Wed 19CET/10PST||X||||
|Thu 18CET/9PST||X||||
|Thu 19CET/10PST||X||||
## Homework for 2021-07-07 - notes from various meetings and conversations
Boris (Fission): what are the "verbs" that define the core APIs and interfaces?
### Minimal Starting Point?
[#76](https://github.com/decentralized-identity/identity-hub/issues/76)
Sync strategies?
Wayne:
- Noise protocol?
- More web2 style?
- meta syncing
e.g. IPFS pinset?
Map content to paths?
Joel:
- Sync strategy at API layer?
- Where is the boundary layer? Can you use a server to do this?
- don't we immediately hit issues with encryption
Ted:
- encrypted blobs are going to be small or monolothic
- public read is FTP, do we need that?
Adrian Gropper
- relationship to EDV, auth, messaging
- more that we talk about ontologies -- this is not the space to do that
### Naming
[#75](https://github.com/decentralized-identity/identity-hub/issues/75)
Distributed Data Storage & Relay
Identity Hub --> Joel likes this name; pointed out by Boris that Identity is a trigger word
Distributed App Storage & Relay? --> app has baggage
Either about identity attached, or not
### IPLD Open Questions
Brooke: list open questions for IPLD team https://hackmd.io/G9mGFW_2QxuU3UMR1qjTzA
e.g. not providing data?
encryption scheme in the CID?
make it a triple?
### Administrivia
Can Boris get access to repo to help manage? Yes, Daniel can help make it happen
Everyone -- review issues!
---
Joel got from last call the sense that the functional reqs are:
1.
2.
3.
Adrian Gropper
1. The Identity Hub receives requests that result in scoped authorizations to be enforced in a domain (legal entity) separate from the domain of the Hub. [AG]
2. The Identity Hub (domain) and the resource server (domain) must both understand the authorization scope schema. The client (requesting party) "may" understand the schema but it's optional. [AG]
3. DIDs are relevant to the Hub but not typically relevant to the Resource Server (S). The relationship between RS and data subject DID is a separate "registration" flow that is ut of scope for the Hub specification. [AG]
Charles thinks they are...
1. Hub controller(s) can issue attenuated delegations to control access on hub resources
2. authorized invokers can perform capability-specified actions on hub resources
3. cryptographic DAG structures are preferable for various security and utility reasons
Brooklyn: Permissioning uses cryptree for read-access, UCann and/or cryptree for write-access; KMS gets a little more complicated; my open questions are more around interop between systems or about user-controlled storage.
- Fission was made very much for a serverless, dApp use case
- Daniel: but availability and throughput are a necessity for scaling this (phone can't be a hub alone)
Use-cases that break this model:
-
## 2021-06-23 - Use Cases
Use-case gathering
- Adrian: User-centric please
- Adrian: I'm trying to identify the authZ assumptions- cross-domain AuthZ when token for AS is given by Alice
- Daniel: Alice is Alice's AuthZ capability issuer
- Daniel: Borgcube replication & sync assumption
- Daniel: Playlist use-case
- Spotify shouldn't be asking for FHIR objects, for example
- (How's that communicated, tho?)
- Daniel: Hotel Use case (travel plan that can be synced across hotel chains)
- Adrian: but how is this attenuated? How is this scoped?
- Daniel: Granular resource sharing (no idea how that looks at UX layer)
Functional Requirements
- Daniel: "Request data by data"
- normalize data requests, discourage application/domain-specific apis or practices
- Daniel:"use SCHEMA.ORG as scopes"
- need to be JSON (to translate to DAG-JOSE)
- unique strings that map to data (don't typecheck)
- POD landscape might validate schemas, no idea how that works if encrypted
- validation (and data shape and transformation) on the consuming side, not at this layer
- Daniel: DID-relative URL
- DID needs to be changeable; can't be a URI in static sense
- Carson: Is ALICE always [inter]active in these AuthZs? Or is she one-time delegating hubs to a policy server or PEP?
- Daniel: its a policy choice, users/consumers could prefer that (but personally would not advise)
- Carson: if an application works this way, can e.g. spotify be one-time delegated a reusable authz to perform many actions for a goal? (e.g. data processing for recommendations)
- Daniel: Action inbox // FISSION's UCann (a capability??)
- Carson: Anything OCap-based or -like should be functionally equiv for my question, so sounds like... maybe?
- Daniel: the policy defn can be flexible enough that the hub doesnt have to care how most apps work to serve them
- Adrian: Protocol should be aware of when it's talking to Alice and when talking to a PEP she has delegated (and maybe act differently or process the data differently depending?). I would call that ATTENUATED DELEGATION FULL STOP.
- Daniel: But I think DID gives us that already? Adrian: No, a DID just gives you a service endpoint;
- D: a DID A can include a key in their DID Doc which is controlled by another party B, with an attestation that the key/verification methods authority has been delegated to B
- Daniel: Hubs could handle delegation many diff ways
-