decentralized-identity / confidential-storage

Confidential Storage Specification and Implementation
https://identity.foundation/confidential-storage/
Apache License 2.0
80 stars 24 forks source link

Trust assumptions & consequences of separating policy decisionmaking from policy enforcement #103

Open Therecanbeonlyone1969 opened 4 years ago

Therecanbeonlyone1969 commented 4 years ago

Have we discussed and thought through the trust assumptions & consequences of separating policy decisionmaking from policy enforcement?

agropper commented 4 years ago

In healthcare, the issue has been actively discussed for almost 10 years. It shows up in Kantara UMA, the US API Task Force hearings, and the OpenID HEART workgroup. Healthcare is a good incubator because the trust issues are highly regulated so it's easier to do analyses of product-market fit.

What's new, in my opinion, is the realization in healthcare and every other domain that the days of the enterprise firewall security and privacy model are numbered. (We call that the lobster model: a hard shell with a soft and delicious inside once you're in.) The shift to zero-trust architecture is driven by smartphones and IoT devices that are no longer under the control of the enterprise and effectively outside the firewall.

The shift to zero-trust is the driver for SSI, self-sovereign agents and SDS. That's what the trust assumptions are about. See the NIST publication on zero-trust architecture for a start: https://csrc.nist.gov/publications/detail/sp/800-207/final

On Thu, Sep 10, 2020 at 10:38 PM Andreas Freund notifications@github.com wrote:

Have we discussed and thought through the trust assumptions & consequences of separating policy decisionmaking from policy enforcement?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/decentralized-identity/secure-data-store/issues/103, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABB4YOHV4TX6XBXTHNY6HDSFGERPANCNFSM4RGMUQIA .