Skip to content

Latest commit

 

History

History
684 lines (450 loc) · 21.3 KB

agenda.md

File metadata and controls

684 lines (450 loc) · 21.3 KB
Raw

Secure Data Storage WG - rolling agenda & minutes

hackmd-github-sync-badge

Current Spec | Issues | DIF page | Mailing list and Wiki | Meeting recordings

For this call, you are encouraged to turn your video on. This is a good way to build rapport given we are a large, disparate group experiencing a lot of churn.

This document is live-edited DURING each call, and stable/authoritative copies live on our github repo under /agenda.md . Please note that we might not notice a pullrequest in time, but you are free to propose agenda items for future meetings via hackmd.

Meeting - 8 April 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. A discussion about work mode for the EDV dedicated sub call

Meeting - 1 April 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. A discussion about work mode for the EDV dedicated sub call
NOTES

Agenda: Dmitri gave an intro into the suggested working

PROPOSAL: EDV calls focus on the following:

Spec Test vectors Remaining 1.0 of features (history api, etc). securekey PR pagination history api All +1's

PROPOSAL: EDV calls spin up 3 repos. 1) EDV Spec repo. 2) Test suite / test vectors. 3) Example implementation (client, server).

All +1's

PROPOSAL: Based on what I heard: Incoming issues will be triaged on call within two weeks. Issues that have been triaged will have tags associated with them, and a directly responsible individual assigned. If no one volunteers, the issue will be considered to unimportant to keep open.

All +1's

Manu: what do we want to do with the current list of issues in the repo?

Orie: As we spin up the new repo editors will label the relevant ones "Pending Move to EDV/Hub" all other issues

Eric: Question about when cross group updates will occur

Orie: In favour of not setting up anything formal yet

Manu: Lets rely on more informal cross sub-group overlap for context sharing

Manu: Propose to move on to outstanding feature issues

Troy: Gave a quick summary of their existing proposal for batch capability in an EDV

Tobias: Gave a quick summary of the proposal for a history API on an EDV

Attendees
  • Dmitri Z
  • Tobias Looker
  • Kaliya Young
  • Daniel Buckner
  • Manu Sporny
  • Dave Longley
  • Justin Bingam
  • Zokama
  • Eric Schuh
  • Balazs Nemethi
  • Ian Davis
  • Adrian Gropper

Meeting - 25 March 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. A proposal to the WG was put forward about call structure
NOTES

Intros and Re-intros

Justin Bingham - Co-editor of the SOLID specification

Agenda

A proposal was made to the working group to shift the call structure to alternating topic calls between Hubs and EDVs

PROPOSAL: The SDS WG will change to alternating calls where we will focus on EDVs on one call and Hubs on the other call. Each group will report into the the other group at least once a month.

Proposal passed, no objections noted.

Attendees
  • Dmitri Z
  • Tobias Looker
  • Kaliya Young
  • Daniel Buckner
  • Manu Sporny
  • Dave Longley
  • Adrian Gropper
  • Michael Herman
  • Zokama
  • Derek Trider
  • Eric Schuh
  • Michael Shea
  • Neil Thomson
  • Troy Ronda
  • Balazs Nemethi

Meeting - 18 March 2021 (1600 ET)

Agenda + recording1 + recording2

Meeting - 11 March 2021 (1600 ET)

Agenda + recording

Meeting - 4 March 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. A discussion of Daniel Buckner's Requirements for Hubs
NOTES

Intros and Re-intros

Eric Schuh - from legendary requirements introduced himself

Announcements

Up and coming thoughtful biometrics workshop - Run by Kaliya Young et al, reach out to her for more details

Agenda

Dmitri gave a brief summary of the previous 2 sessions about the EDV - Hubs requirements doc

Manu continued facilitating the discussion around this doc making it to completion

PROPOSAL: This group can specify a log data model (or better yet use an existing data model) and API, as a separate Note / side-spec.

+1 for all except for Adrian and Michael

Dmitri moved the group onto our next agenda item which was to gather requirements from implementers on which features are the most important

Manu outlined a process in which we can establish this list via collecting requirements then applying rank choice voting

Present
  • Dmitri Z
  • Tobias Looker
  • Kaliya Young
  • Daniel Buckner
  • Manu Sporny
  • Dave Longley
  • Adrian Gropper
  • Michael Herman
  • Balas Nemethi
  • Chris Were
  • Derek Trider
  • Eric Schuh
  • ET
  • Jace Hensley
  • Michael Herman
  • Michael Shea
  • Neil Thomson
  • Troy Ronda
  • Zokama
  • Juan

Meeting - 25 Feb 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. A discussion of Daniel Buckner's Requirements for Hubs
NOTES
  • Manu continued taking the group through Daniel Buckners requirements document
Present
  • Dmitri Z
  • Tobias Looker
  • Kaylia Young
  • Daniel Buckner
  • Manu Sporny
  • Dave Longley
  • Adrian Gropper
  • Michael Herman
  • Derek Trider
  • Troy Ronda
  • Balazs
  • Robbie Jones
  • Michael Shea
  • Jace Hensley

Meeting - 18 Feb 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. A discussion of Daniel Buckner's Requirements for Hubs
NOTES
  • Continued conversation around the requirements document
Present
  • Dmitri Z
  • Tobias Looker
  • Kaylia Young
  • Daniel Buckner
  • Manu Sporny
  • Dave Longley
  • Adrian Gropper
  • Michael Herman
  • Derek Trider
  • Troy Ronda
  • Balazs
  • Robbie Jones
  • Michael Shea

Meeting - 11 Feb 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. A discussion of Daniel Buckner's Requirements for Hubs
NOTES

  • Michael H asked for someone to summarise the differences between Hubs and EDVs to frame the conversation

  • Orie and Daniel B gave an explanation of the conceptual separation

  • Adrian wrote up some notes in response to Daniels requirements that were shared on the list

  • Much of the discussion was held interactively via the hackmd document

Present
  • Dmitri Z
  • Tobias Looker
  • Kaylia Young
  • Daniel Buckner
  • Manu Sporny
  • Dave Longley
  • Derek Trider
  • Juan Caballero
  • Benjamin Goering
  • Stephen Curran
  • Troy Ronda
  • Orie Steele
  • Chris Were
  • Adrian Gropper
  • Michael Herman

Meeting - 4 Feb 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. Replication Discussion Continued
  4. Issue Review
Present
  • Dmitri Zagidulin
  • Daniel Buchner
  • Adrian Gropper
  • Derek Trider
  • Vaner Vendramini
  • Kaliya Young
  • Jace Hansley
  • Derk Trider
  • Sze Wong
  • Manu Sporny
  • Michael Shea

Meeting - 28 Jan 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. Replication Discussion Continued
  4. Issue Review
Present
  • Dmitri Z
  • Tobias Looker
  • Kaylia Young
  • Daniel Buckner
  • Manu Sporny
  • Dave Longley
  • Orie Steele
  • Chris Were
  • Adrian Gropper
  • Michael Herman
  • Michael Shea
  • Nader Helmy
  • Zokama

Meeting - 21 Jan 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. Replication Discussion Continued
  4. Issue Review
NOTES

Introductions / Re-introductions

  • Jace from Bloom re-introduced himself

Replication Discussion

  • Orie gave a brief reflection on our prior discussion on replication, touching on topics such as

    • filtered / partial replication, are we looking for EDV's to support only syncing a subset of information

    • how does this intersect with the AuthZ model we select

    • what role the client plays and what role the server play, e.g is it server controlled, client controlled or somewhere in between like client controlled but server facilitated.

  • Adrian asked the question "what would we do differently to other DBs like CouchDB"

  • Orie answered Adrians question, saying right now it is not defined but the likely solution will be similar however there are quite unique constraints that come about when the data is client side encrypted.

  • Adrian asked how does an architecture like this protect against a honey pot style approached

  • Daniel B make the observation that AuthZ is an important component in syncing that directly relates to the trust model assumed between clients and instances

  • Andreas stated that the real problem in syncing between instances is the model we assume around consistency i.e do we assume strong consistency?

  • Dave L responded to Adrians query by stating his assumption is that the server would not have the ability to decrypt the documents only perhaps Zcaps required to make authorized calls to another instance

  • Michael asked is the replication model assumed multi-master or not? And also how granular does the sync get?

  • Chris asked if we are going to adopt a model like CouchDB's replication do we want to invest in attempting to standardised this?

  • Daniel B shared previous experiences with couch db, finding it in-compatible with their requirements for hubs

  • Orie responded to Michaels partial sync strategy by explaining how CouchDB works with map-reduce queries, citing npm as a popular project that leverages CouchDB, but also noted the distinct difficulties that are introduced when the data is client encrypted.

  • Adrian expressed frustration at the introduction of hubs into the conversation, saying that he finds them orthogonal and a distraction to the discussion on sync and replication. He clarified his issue w.r.t the honey pot question saying by encrypting we create a key management issue where clients need HSMs to interact with an EDV.

  • Dmitri agreed that adrians general question around key management is good, but to an extent out of scope for this working group.

  • Manu in response to the question around standardizing a replication model like couchdb said it is potentially a very difficult and involved task. Furthermore he asked had anyone implemented a model like this? Or instead can we talk about a simpler replication model like uni-directional replication.

  • Zokama asked why is couchdb the main focus of the discussion?

  • Michael echoed the same sentiments as Zokama

  • Tobias responded to adrians question saying he does not expect clients to need an HSM to interact with an EDV, instead an EDV client will need to be able to perform crypto operations but where the keys used are sourced from will likely be varied e.g HSM SSM or derived from knowledge factors like a password.

  • Orie asked to re-frame the discussion back into use-cases for replication. He also proposed whether we can initially constrain the conversation to uni-directional replication (the simple case) before the more complex derivatives.

  • Dmitri brought the conversation back to some core properties uni-directional vs bi-directional, partial vs full sync and how the sync is performed. He also echoed Orie's ask to start simple w.r.t sync and replication.

  • Daniel said he has done a tone of research on sync and replication and wants to be sure we build a system that caters for the more complicated sync scenarios and is committed to that cause.

  • Manu echoed Dmitri and Ories ask to work on uni-directional replication initially and asked us to work on more terse use cases that describe the business need.

  • Adrian asked for the use-cases to be more granular and relatable than just backup and recovery

  • Andreas pointed out there are other examples of P2P replication protocols that can be looked at for sources of inspiration.

  • Michael asked what sort of change tracking is build into an EDV to date?

  • Manu asked for those using the terminology of "master slave" to instead move towards language like "primary secondary" clarifying he doesn't believe anyone on the call means anything bad when they use it, just wanting to drive the ecosystem towards more inclusive language.

  • Dmitri responded to Michaels query by saying it is partially dependent on what use-cases we use to guide us.

Present
  • Dmitri Zagidulin
  • Tobias Looker
  • Kaylia Young
  • Daniel Buckner
  • Adrian Gropper
  • Chris Were
  • Dave Longely
  • Derek Trider
  • Juan Caballero
  • Leah
  • Michael Shea
  • Robbie Jones
  • Sze (Z) Wong
  • Troy Ronda
  • Zokama
  • Jim StClair
  • Kristina Yasuda

Meeting - 14 Jan 2021 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. Replication (Use Cases and Threat Models)
  4. Issue Review
NOTES

Intro's / Re-intro's and announcements

Zokama - Introduced himself Kaylia - New job now the ecosystem director for the linux foundation for public health Revisited the naming question

  • Group chartered as the Secure Data Storage WG and as per the vote in the WG we have renamed the current work item to Confidential Storage, there are appears to be some confusion about this relationship it was clarified during the call.

  • Adrian proposed for the spec to be renamed to EDV (encrypted data vaults) and to remove the hubs section from the current spec because there is a legal distinction between EDV and hubs.

  • Chris in reference to Adrians argument re-raised the point about hubs having access to un-encrypted data, Dmitri asked Chris to create an issue to capture this if it does not already exist.

Replication

  • Dmitri explained how we got to this topic: authorization model -> how do we refer to resources (identifiers) -> how do we replicate these resources between provider instances.

  • The conversation around replication was framed in the context of the use cases document

  • Adrian G gave some examples about how he would like replication to occur, citing an example use case involving drop box and a password manager

  • Chris W asked for clarification on the sharing data usecase, "is that sharing everything or only a subset?". Dmitri clarified that the current usecase is very general and the granularity of sharing is dependent on the authz model.

  • Adrian asked whether backup is related to replication and whether it exists at just the hub level. Orie said he believes replication is at the EDV (CS) level.

  • Dave asked whether replication is invisible to the client or co-ordinated by the client? I.e is replication achieved by the client co-ordinating it, or is it something two EDV servers do together without the client.

  • Dave proposed "client-controlled replication"would be a potential feature for the spec, "server-controlled replication" would not be.

  • Daniel B proposed what properties he would like to see from replication which is that Alice can have multiple instances of her hub that when a change is sent to one, it is broadcasted to all meaning if one provider fails she has appropriate redundancy.

  • Dmitri clarified what he called a difference between client visible vs client controlled replication citing Orie's example of couch db, which is replication that is client visible but server controlled, where as another option is for replication to be client visible and client controlled.

  • Orie made the point that not all replicas may be equal citing that some replicates due to storage requirements or bandwidth might not be able to hold an entire dataset.

  • Dave clarified further about client controlled replication, asking is it the client setting a setting on the EDV or is it actually performing the copy. He also pointed out that when the server instances are responsible for syncing differential replication (partial replication) would be difficult, as the server has no access to the plain text data.

  • Orie pointed out that encrypted indexes could offer a solution to achieve differential replication (partial replication) between two server instances. Dave agreed that we could explore a solution based on this. Chris agreed but was not convinced about dynamic filtered based replication.

Present
  • Dmitri Zagidulin
  • Tobias Looker
  • Kaylia Young
  • Daniel Buckner
  • Adrian Gropper
  • Chris Were
  • Dave Longely
  • Derek Trider
  • Juan Caballero
  • Leah
  • Michael Shea
  • Robbie Jones
  • Sze (Z) Wong
  • Troy Ronda
  • Zokama
  • Jim StClair
  • Kristina Yasuda

Meeting - 7 Jan 2021 (1600 ET)

Agenda + recording

    1. IPR Reminder
  2. Introductions and Re-Introductions
  3. Discussion about Identifiers (how we refer to documents and other artifacts in an EDV) - Presentation.
  4. Issue review
Present
  • Dmitri Zagidulin
  • Tobias Looker
  • Kaylia Young
  • Manu Sporny
  • Daniel Buckner
  • Orie Steele
  • Troy Ronda
  • Chris Were
  • Dave Longley
  • Derek Trider
  • Adrian Gropper
  • Andreas Freund

Meeting - 17 Dec 2020 (1600 ET)

Agenda recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. PR Review (Example capabilities for operations).
  4. Issue review
Present
  • Dmitri Zagidulin
  • Tobias Looker
  • Kaylia Young
  • Manu Sporny
  • Daniel Buckner
  • Martin Riedel
  • Steve Magennis
  • Troy Ronda
  • Chris Were
  • Dave Longley
  • Derek Trider
  • Juan Caballero
  • Adrian Gropper
  • Andreas Freund

Meeting - 10 Dec 2020 (1600 ET)

Agenda + recording

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. PR Review (Example capabilities for operations).
  4. Issue review
Present
  • Dmitri Zagidulin
  • Tobias Looker
  • Kaylia Young
  • Manu Sporny
  • Daniel Buckner
  • Martin Riedel
  • Steve Magennis
  • Troy Ronda
  • Chris Were
  • Dave Longley
  • Derek Trider
  • Juan Caballero
  • Adrian Gropper
  • Andreas Freund

Meeting - 3 Dec 2020 (1600 ET)

Agenda

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. Discussion: Storage Operations, and Authorization Structure
  4. Issue review

Meeting - 19 Nov 2020 (1600 ET)

Agenda

  1. IPR Reminder
  2. Introductions and Re-Introductions
  3. (Continued) Use Cases and Demos conversation
  4. Issue review

Meeting - 15 Oct 2020 - (1600 ET) recording | transcript

Agenda

  1. IPR Reminder
  2. Introductions and Re-Introductions

Proposal

Attendees