How should encrypted data vaults be related to "wallets"?

[OR13]

Here is one way I see them being related:

NOTE: the issue I am linking is from another spec, and a question about how layers apply to that spec, and how they relate to hyperledger projects.

• https://github.com/transmute-industries/universal-wallet/issues/9#issuecomment-642218814

Regarding layers that exist in a wallet / agent and how they might relate to this spec:

Layer A - Wallet Data Model - Plaintext Representations of Wallet Content in JSON Layer B - Wallet Interface - Functions for generating / transforming Layer A Layer C - Concrete Wallet Implementation (macOS / Android / iOS / Windows) Layer D - KMS Interface leveraged by C Layer E - Encrypted Data Vault / Secure Data Store (might use mongo db / dynamo)

Layer C, D and E might all be run by totally different providers... D and E are likely to be separate entities...

The idea being that maybe I get a new computer and I want to move my wallet from some windows software that implements the spec to some macOS software that implements the spec.

The new wallet starts empty, I authenticate it to the KMS and then use that to authenticate it to the Encrypted Data Vault / Storage provider. The wallet then downloads the contents from that provider, or queries to the provider just in time if internet is fast / always on.

[OR13]

One potential confusion is:

Wallets have keys Vaults require keys Vaults store wallet content Do Vaults store keys?

... they really shouldn't (wallets should use a KMS)... but due to the poor support for secp256k1 and ed25519 in KMS... it might be a good idea to describe how you might use a vault to store everything that goes in a wallet... including keys, credentials, secrets and documents.

[OR13]

Related hyperledger indy concept https://hyperledger-indy.readthedocs.io/projects/sdk/en/latest/docs/design/011-wallet-query-language/README.html

especially interesting is the use of encrypted / tags / indexes... would be nice for someone to deep dive and summarize for the group.

[OR13]

@csuwildcat to add how this is related to hubs... do hubs have wallets?

[csuwildcat]

Wallets can have within them, a Hub instance, and having keys allows them to decrypt data, whereas a Hub instance located on some remote cloud you shouldn't trust, like Azure, AWS, etc. doesn't have keys, and can't decrypt data.

[OR13]

Wallets are out of scope, but we still might want to explain how they are related.

[dmitrizagidulin]

Action item (based on an informal straw poll on a recent WG call): Add a 'Relationship to Other Specifications' section, and specifically add a couple of sentences on how wallets relate to hubs / EDVs.

[agropper]

The Ecosystem Diagram shows how Wallets are related to Storage and to KMS (which might itself be an instance of Storage). Also, I believe we have a consensus that the keys to items in Storage are not going to be in Storage so that would imply that Storage and KMS need to be separate entities with appropriate APIs.

As far as Hubs, please see my comment on Issue #21.

[OR13]

Closing my own issue.