Subject: XDI TC Unofficial Telecon Notes: Monday 2017-12-18
Following are the notes of the unofficial telecon of the XDI TC held on:
Date: Monday, 18 December 2017 USA
Time: 9:00AM - 10:00AM Pacific Time (16:00-17:00 UTC)
The TC operates under a standing rule approved 17 July 2008 under which the TC does not hold regular official meetings and conducts all business by electronic ballot only. Unofficial weekly meetings are held to enable discussion among members but no business is conducted nor actions taken.
Drummond and Markus provided a further update on the progress of the review of the DID Spec Hardening Proposal V3 at the W3C Credentials Community Group, including open issues of special interest to the XDI TC.
Drummond and Markus described the three options:
Drummond explained that a consolidation process is currently taking place between two different “world views” - one that emphasizes a DID as a subject in the RDF graph model with its open-world assumption, and one that aims specifically at describing keys and services that enable an agent protocol.
One aspect of this discussion is how cryptographic keys are described in a DID document. Markus leaned towards type field plus usage. Markus pointed out that a service may reference a key with a specific usage.
At some point in this discussion, Sam Smith suggested a “middle ground” where key descriptions could be located at a point in the graph that can be reached through multiple paths. We noted that this idea closely resembles a standard pattern for usage of $ref relational arcs in collections in the XDI graph model.
Markus and Drummond both attended the Rebooting the Web of Trust conference in September in Boston. One of the highlights was an in-depth discussion of the object capabilities security model with Mark Miller, the world expert on the topic. Although at that conference we did not have time to go into it beyond a short discussion with Mark, we felt that XDI link contracts are capabilities, and we are interested to see how much of the overall model that Mark has been advocating either has been or can be implemented by link contracts.
We agreed that a “generic” link contract — one that describes a set of policies that need to be met in order to have certain permissions instead of just identifying the target — could be considered to align well with the object capability model.
Note however that a “specific” XDI link contract—one that grants permissions only to a single specific peer—may resemble a traditional ACL model rather than the object capability model. So it would be best to say that the XDI graph model supports the entire spectrum of security models, and to promote the object capability usages of link contracts for their specific advantages.
We briefly looked back at 2017 and ahead to next year. We agree that at this point, the main question XDI faces is “the maturity problem”, i.e., it is still young, untested, and lacks sufficient tooling. However Markus mentioned that he is working on several projects that will use XDI and this will help it gain in maturity.
Drummond thanked everyone on the call for their contributions this year and looks forward to the maturation process in 2018.
WE WILL NOT BE HOLDING CALLS FOR THE NEXT TWO WEEKS for the holiday break.
The next call will be Monday January 8 at the usual time (Monday 9AM PT). The link where agenda items can be posted for the next meeting is: https://docs.google.com/document/d/19oDl0lbb56Grehx2a5flZnhrgnua5l8cVvC_dJ8fTXk/edit?usp=sharing