hyperledger / aries-rfcs

Hyperledger Aries is infrastructure for blockchain-rooted, peer-to-peer interactions
https://hyperledger.github.io/aries-rfcs/
Apache License 2.0
326 stars 217 forks source link

Term suggestion: Custodial Agent replace Cloud Agent, Non-custodial replace Edge #122

Closed kdenhartog closed 4 years ago

kdenhartog commented 5 years ago

I'd like to suggest a change in terms to follow suit with a common verbiage arising in the digital currency space. It appears to have backing from Coincenter who are the leaders in public policy advocacy with regards to cryptocurrencies. This distinction emphasizes the differences between the two which is that a custodial wallet, while under your control, can be take control of by another party for a variety of legal compliance reasons or malicious activity (impersonation).

swcurran commented 5 years ago

I'd be against this as I think it just gets us into another pair of terms that don't really cover all the cases. I think the CoinCenter usage is a very different use case. Further, I think in our use cases, those terms are pretty confusing.

I'd vote for now we continue with the awkward terms we have until some clear ones are identified. Further, I'm pretty sure we need more than two terms.

kdenhartog commented 5 years ago

I agree that we need more than one term, but I think it's an important distinction that we should be recognizing. It infers liability and control shifts, which are important considerations when distinguishing between devices I own vs. devices I use. I don't believe it would be good choice for us to ignore useful language because it doesn't convey all use cases.

A cloud agent is not in my sole control if it doesn't exist on my device. At any point in time with or without reason, a cloud service provider can opt to no longer provide me services. This means they have the right to remove control from my hands even if the cloud agent is in my domain. Furthermore, cloud agents are not designed where I maintain full control via a key. Since the key (that represents the cloud agent) lives on the device of the cloud agent (which I do not own) I "share" control with the device owner, even if the device represents me in my domain.

Since there's a change in control "sole" vs "shared", I believe that it's important to recognize this distinction. Especially since one of the core principles of SSI is control. Looking to the ideas provided in The Path to Self-Sovereign Identity one of the statements made about control is "the user is the ultimate authority on their identity". So that leaves me with the question, do the terms custodial and non-custodial provide better clarity of "ultimate authority" when compared to the terms edge and cloud? I believe so which is why I believe we should change them.

Given your point about needing more than one term, I believe it would be useful to have both. For example, a non-custodial cloud agent would be like a device that lives in my home and has high availability. A custodial cloud agent would be one that lives on AWS for example. It would also have high availability, but I (the domain owner) would share control with the cloud provider. We'll also have to consider how an agency impacts this. As far as I'm aware, agency providers are not always the cloud service provider either. This may mean that I (the domain owner) am sharing control with both an agency provider and a cloud service provider.

kdenhartog commented 5 years ago

So I've been thinking about the term "edge" and "cloud" again and I think I know why it never felt like a good term. On one hand, edge is an adjective describing the locality of a node within the network, where as cloud is an adjective describing the availability as well as the locality within the network.

The reason this makes for confusing language is that the term "edge" is describing a supposed dichotomy (it's actually a poor dichotomy when looking at it from a graph perspective because an outer node in a graph has no difference when compared to an inner node - it's a visual representation) while the term "cloud" implies a polychotomy - the division of locality and division of availability.

Because of this, I think that our attempts to describe all the cases of agents into only two words is destined for failure. I'd advocate that we start using many adjectives when describing agents and propose that at least two of the qualities that should be described should be the agents availability and the agents responsibilities to one or more principles. (e.g. only the domain owner or domain owner + other parties)

jljordan42 commented 5 years ago

Or we go with less ... like we have been saying in Rocket.Chat. Aries-agent-python is fine. We don’t describe spreadsheet or document editor software with where it’s deployed or what it’s used for .. it’s just spreadsheet software.

dhh1128 commented 5 years ago

The drawbacks of "cloud" and "edge" are already discussed at length in the Agent RFC. If you want to introduce another term pair (custodial/noncustodial), that would be fine, but it should be defined in that section.

If, besides introducing a new term pair, you want to urge existing codebases and contributors to use your new term pair, that is a much harder sell. There is not a single term pair that produces the greatest possible insight in all contexts. You could socialize your term pair on a community call and see if you can build mindshare...

kdenhartog commented 5 years ago

Yeah, I like your suggestion to made edits to the RFC. I'll propose a few additions when I get the time and then I think we can close this specific issue.

Since posting this though, I've further my thinking to the realization that "non-custodial" only provides legal value. In the technical sense, it's of very little value. For example, is a mobile app that was downloaded from the Google play store, which lives on my device, but I have no access to the source code under my "custodial" control? Is it still my "custodial" agent, if the app analyzes my data and providing insight analytics back to the company who developed the app?

It was questions like this that made me step back from my position on this subject. I'm now much more in favor of the point @jljordan42 raises which is to say this software is just an "agent". And if people ask what does that mean I'll reference them to the Agent RFC that does an excellent job explaining what we mean when we call something an agent.

TelegramSam commented 4 years ago

Closed as resolved per discussion in Aries WG Call 22 Jan 2020. Can be reopened if it should not have been closed