wenjing
commented
2 years ago Thanks @dhh1128 for getting the 80% agreed. Yes, I do see the remaining 20% language issue - we currently use "local" and "locus of control" in places that could be more disciplined to avoid the wrong impressions due to our choice of terms. I propose we still like to keep the terms "interface" and "protocols", but would clarify the term "local" (an adjective) to mean "within the locus of control" (since "locus of control" does not have a convenient adjective). This clarification would emphasize that the key distinction is in the boundaries of locus of control. Alternatively, we could simply avoid the word "local" - but also replace it with something that says it is "within the locus of control". But I have to say that for common language it is easier to use a short hand like "local". So that'll be what I propose, but I'm OK if there is strong pushback to phase out "local" as well. Hope I hear back soon so I may propose something in the next 2 weeks.
dhh1128
talltree
Daniel Hardman 09:02 23 Aug I understand the desire to make a distinction here between an interface and a protocol, but I think we're being inconsistent. Two paragraphs above, we introduce the concept of an interface with the phrase, "Within an Endpoint System..." Here we say that an interface can also be used across Endpoint Systems, as long as the loci of control doesn't change. Which is it? Is it a protocol if it's remoted, or a protocol if it crosses a trust boundary?
A few pages above, I left a comment asking whether Alice the employee and Alice the private individual represent the same locus of control if she uses a different device for each. Notice how that plays into the definitions we use here.
And here's another thorny example: If I stay local but cross a trust boundary (different locus of control on the same Endpoint System), am I using a protocol or an interface?
My suggestion is to keep the wording at the beginning of the current paragraph (interface = within a single locus of control; protocol = crosses trust boundaries, whether local or remote). This would require us to modify the verbiage two pararaphs above, perhaps changing to "Within the set of Endpoint Systems fully controlled by a given party..."
BTW, in Hyperledger Aries, the set of Endpoint Systems fully controlled by a given party" is called the "sovereign domain." We may need such a term here.
Drummond Reed 10:49 25 Aug WENJING to review and decide if he can resolve or move to Github.
Wenjing Chu 18:32 25 Aug I looked over the several points Daniel brought up - I think mostly our current text is quite consistent. On the first point: we never said you could distribute implementation interfaces across "Endpoint Systems". No, you can distribute some of your implementations to the cloud - but it is still within your locus of control. In other words, it is essentially the meaning of the "sovereign domain" in Aries. So I don't see inconsistency here. Let me then go to the Third point, what if an implementation stays local but crosses trust boundaries. Then, it's no longer in the End System's locus of control since someone else can compromise it out of your control. The part that crosses the trust boundaries would be reclassified as "Supporting System" e.g. Now the second point about Alice's two roles - same person but two different roles and devices. I did think about this quite a bit. I think this is an orthogonal issue - the End Systems - are defined for "systems" or devices if you may - the DIDs and humans are bound to them, but not the same. (See also the Biometrics discussion) If Alice has two roles (employee, a private individual), then she has two controller roles - each can control devices, each has a locus of control. (What is shared in her own mind between the two roles, unethically? - I think that's out of scope :-). Conclusion? I think as long as the "locus of control" is understood in the same way, we are in actual agreement and we can resolve this comment here.
Daniel Hardman 09:14 26 Aug I'm glad we mostly agree on the theory. So I'm 80% of the way to saying we can resolve this comment.
However, I still think the language is inconsistent. Two paragraphs above, we introduce the term "Interface" by saying it's how layers communicate within an Endpoint System. In the following paragraph, we then introduce the term "Protocol" by saying that remote interactions "require a defined Protocol." Yet in the paragraph where this comment is anchored, we say that the distinction is not local vs. remote, but rather locus of control. Wenjing's comment indicates that locus of control is the real issue, and I agree with that distillation -- so why are we confusing readers by introducing the concepts with the wrong distinction, only to correct ourselves?