-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(#99) Add selection criteria to RFC 0028 #142
Conversation
cc @dhh1128 |
2250c84
to
d18ff70
Compare
Signed-off-by: George Aristy <george.aristy@securekey.com>
Signed-off-by: Daniel Hardman <daniel.hardman@gmail.com>
@llorllale Thank you for raising this. It's good stuff. Some points of feedback:
This doesn't mean I am against criteria, or that I only want to support ones that require human evaluation. I'm just sensing a tension, and I'm thinking about it... The specific example you give of a network-specific payload for Do you have use cases where you need the introduction to be highly precise (please introduce me to exactly the IoT device with this serial number)? Can we list them? I have raised a PR against your fork (llorllale#1) so you can see where my head is at. |
remove dangerous example; tweak verbiage
I merged your pull request. I also fixed point 2.
I struggled a bit with this because errors can occur anywhere. I think the only meaningful error state for the Introducer could be between arranging and the end point: the Introducer would report any "error" back to the requestor, such as a rejection, or a generic error (timeout, i/o, etc.).
You bring up two points here (if I'm reading it right):
Agreed.
I failed to make this clear: when an Agent requests an introduction with criteria, they are not (in our use cases!) asking for provable attributes about anyone - they are asking for a third party Agent that has provable attributes about the Introducer. So to follow the network-specific example I wrote, the question to the Introducer is not "can you introduce me to someone who has a driver's license?", but rather "can you introduce me to someone who can prove you have a driver's license?" But I can see perfectly why it can be interpreted just as you did.
Our use cases are the sharing of provable attributes of a Data Subject by a third party with the former's consent. The request for introduction with criteria would go to the Data Subject, where they would give informed consent (or rejection), and introduce the requestor to the Holder of these attributes (with the Holder's consent). (we've looked at RFC 0103 but have trouble fitting our use cases into those models without squinting really hard) |
As per PR review: * Add PNG rendering of state machines to repo Signed-off-by: George Aristy <george.aristy@securekey.com>
Merging held for George and Daniel discussion. |
As per PR review: * Add error state to introducer Signed-off-by: George Aristy <george.aristy@securekey.com>
…to 99 Signed-off-by: George Aristy <george.aristy@securekey.com>
Some cleanup Signed-off-by: George Aristy <george.aristy@securekey.com>
Cleanup Signed-off-by: George Aristy <george.aristy@securekey.com>
Cleanup Signed-off-by: George Aristy <george.aristy@securekey.com>
@dhh1128 I've added a Regarding your point about violating a potential introducee's privacy - do you see valid use cases where an Agent can ask another for attributes about a third party? That thought has not been expressed in any of the other "feature" RFCs that I know of. |
@llorllale This is getting better with each commit. Thanks for continuing to work on this. I've been silent since your comment last week partly because I'm busy, but also because I'm scratching my head about your use case. It feels very odd to me to ask ask a third party for attributes. I can't wrap my head around it, so I feel stuck. Maybe we need another personal conversation? |
Cleanup Signed-off-by: George Aristy <george.aristy@securekey.com>
@dhh1128 would an alternative involving a "redirection" of a |
@dhh1128 So far, there are DIDComm protocols for how Alice can share data and proofs for credentials she is holding in her Agent. But, there are also scenarios where we want to enable Alice to control access to resources held elsewhere (e.g., on a service or even from a device). When @llorllale "third party", what is meant is a service where Alice has a relationship/connection and that service and Alice has registered her control over a set/scope of resources. With her control registered:
With some characteristics such as:
The above does introduce some overlap with the goals of UMA, but doing so via DIDComm. |
@llorllale Yes, a redirection feels much better to me. It would match the pattern described here. @troyronda Thank you. The general pattern you describe makes a lot of sense to me, and it is more or less the way I was imagining agents and hubs would collaborate: Alice's agent introduces Bob and her hub to one another, and then lets the two of them talk directly. It also matches the way CDNs work on the web today. However, I wouldn't use the term "RP" or "Relying Party" for a party who wants resources; that term has a very specific meaning with respect to credentials. I don't think credentials are best modeled as resources. That's a bigger discussion than this ticket, though. The main thing I want to do is get the introduce protocol right-sized--sophisticated enough to handle introductions, but not bogged down with stuff that deserves a new protocol in its own right. Maybe some of that balancing act can only happen as we try to implement, and we learn what the code looks like and whether we like it. |
@llorllale I want to get this merged instead of leaving it in limbo. But I do think we might be putting too much into the introduction protocol, instead of decomposing it into a subprotocol for identifying introducees that match criteria, followed by a very simple introduce protocol that matches common human uses and that could serve as the second half of a sophisticated, automated introduction like the one you need. So: what is your vote? Shall we merge this now, and work on decomposition after--probably generating a new RFC for that new subprotocol? Or do you want to work with me now to revise? |
@dhh1128 I'm OK with merging this now and working on that new subprotocol. This RFC is still very rough around the edges and has a couple of big TODOs, but that's ok since it's still in PROPOSAL, right? |
My $0.02 is that the selection criteria and related consent work is a separate protocol that could be used for different things and so is over the top for introduction. IMHO The introduction protocol should be about introductions amongst known entities. Determining why and discovering who is needed for a specific introduction ought to be a separate protocol. |
I opened #174 for the subprotocol. |
…to 99 Signed-off-by: George Aristy <george.aristy@securekey.com>
Update: this is still being discussed in issue #174 |
I think the RFC needs work in two areas.
How about making this PR and RFC the subject of an Aries WG call and going over it for the community? |
Another clarification that would help me, but it goes back to the original submission from @dhh1128. An introducer sends a proposal to an introducee, and the introducee sends back a Here's how I understand it's supposed to work (in life, at least):
Where did I get lost? |
Closes #99
Adds selection criteria to the
request
message of the Introduce protocol in a generic way as a step towards enabling resource discovery. As a result, two new states were added to the Introduce protocol.There are two TODOs:
didexchange/invitation
message? I'm not certain what the best approach would be, whether via a decorator or by extending the didexchange RFC.Further notes:
README
in this PR, but they can be seen here:Signed-off-by: George Aristy george.aristy@securekey.com