storage compute

This commit is contained in:
⧉ infominer 2020-11-26 19:26:34 -05:00
parent f819db3514
commit cef9ef9f9a
3 changed files with 59 additions and 0 deletions

View File

@ -0,0 +1,59 @@
---
date: 2020-11-26
title: DIF - Secure Data Storage
description: data models for storage and transport, syntax, data at rest protection, CRUD API, access control, synchronization, and at least a minimum viable HTTP-based interface compatible with W3C DIDs/VCs.
excerpt: >
Secure, encrypted, privacy-preserving storage and computation of data is a critical component of decentralized identity systems. As with identifiers and names must be self-sovereign to the owning entity, a user's identity data must remain private, only accessible to the entities they allow. DIF members are actively developing specs and reference implementations for provider-agnostic, run-anywhere solutions that provides these features.
permalink: organizations/identity-foundation/wg/secure-data-storage/
canonical_url: https://decentralized-id.com/organizations/identity-foundation/wg/secure-data-storage/
categories: ["Identity Foundation (DIF)","Web Standards"]
tags: ["Storage and Compute WG","DIF","Secure Data Storage","Hubs"]
header:
image: /images/storage-compute-head.webp
teaser: /images/storage-compute-teaser.webp
last_modified_at: 2020-11-26
---
[Webpage](https://identity.foundation/working-groups/storage-compute.html) - [Wiki](https://dif.groups.io/g/sds-wg/wiki) - [GitHub](https://github.com/decentralized-identity/confidential-storage/)
> Secure, encrypted, privacy-preserving storage and computation of data is a critical component of decentralized identity systems. As with identifiers and names must be self-sovereign to the owning entity, a user's identity data must remain private, only accessible to the entities they allow. DIF members are actively developing specs and reference implementations for provider-agnostic, run-anywhere solutions that provides these features.
- [Mailing List](https://dif.groups.io/g/sds-wg/wiki/home)
- [Working Group Wiki](https://lists.identity.foundation/g/sds-wg/wiki)
> Create one or more specifications to establish a foundational layer for secure data storage (including personal data), specifically data models for storage and transport, syntax, data at rest protection, CRUD HTTP API, access control, synchronization, and a minimum viable HTTP-based interface compatible with W3C DIDs/VCs.
- [Secure Data Storage Working Group Charter](https://drive.google.com/file/d/1vf2CsD9QZstzrd6CJ4WFVHw0WKwwNLHf/view)
> - Create one or more specifications to establish a foundational layer for secure data storage (including personal data), specifically data models for storage and transport, syntax, data at rest protection, CRUD API, access control, synchronization, and at least a minimum viable HTTP-based interface compatible with W3C DIDs/VCs.
> - The [Identity Hubs](https://github.com/decentralized-identity/identity-hub/blob/master/explainer.md) and [Encrypted Data Vaults](https://digitalbazaar.github.io/encrypted-data-vaults/) documents will be used as a use case, requirements, and technical input for the collaborative effort.
## Specs & Projects
The active work items that are underway in the DIF Storage and Compute Working Group
### Confidential Storage
- [decentralized-identity/confidential-storage/](https://github.com/decentralized-identity/confidential-storage/)
- [Latest Editors Draft](https://identity.foundation/confidential-storage/)
> We store a significant amount of sensitive data online, such as personally identifying information (PII), trade secrets, family pictures, and customer information. The data that we store is often not protected in an appropriate manner.
>
> This specification describes a privacy-respecting mechanism for storing, indexing, and retrieving encrypted data at a storage provider. It is often useful when an individual or organization wants to protect data in a way that the storage provider cannot view, analyze, aggregate, or resell the data. This approach also ensures that application data is portable and protected from storage provider data breaches.
### Identity Hubs (Archived)
Encrypted personal datastore for identity interactions and decentralized apps.
* [Identity Hubs](https://github.com/decentralized-identity/identity-hub/)
* [Explainer](https://github.com/decentralized-identity/identity-hub/blob/master/explainer.md)
> Hubs let you securely store and share data. A Hub is a datastore containing semantic data objects at well-known locations. Each object in a Hub is signed by an identity and accessible via a globally recognized API format that explicitly maps to semantic data objects. Hubs are addressable via unique identifiers maintained in a global namespace.
* [System Diagram](https://raw.githubusercontent.com/decentralized-identity/hubs/master/diagrams/full-system.png)
[![](https://raw.githubusercontent.com/decentralized-identity/hubs/master/diagrams/full-system.png)](https://raw.githubusercontent.com/decentralized-identity/hubs/master/diagrams/full-system.png)
### Encrypted Data Vaults (Archived)
* [Encrypted Data Vaults](https://digitalbazaar.github.io/encrypted-data-vaults/)
> We store a significant amount of sensitive data online, such as personally identifying information (PII), trade secrets, family pictures, and customer information. The data that we store is often not protected in an appropriate manner.
>
> Legislation, such as the General Data Protection Regulation (GDPR), incentivizes service providers to better preserve individuals' privacy, primarily through making the providers liable in the event of a data breach. This liability pressure has revealed a technological gap, whereby providers are often not equipped with technology that can suitably protect their customers. Encrypted Data Vaults fill this gap and provide a variety of other benefits.
>
> This specification describes a privacy-respecting mechanism for storing, indexing, and retrieving encrypted data at a storage provider. It is often useful when an individual or organization wants to protect data in a way that the storage provider cannot view, analyze, aggregate, or resell the data. This approach also ensures that application data is portable and protected from storage provider data breaches.

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.3 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.0 KiB