Skip to content

Latest commit

 

History

History
65 lines (45 loc) · 3.28 KB

2021-03-26.md

File metadata and controls

65 lines (45 loc) · 3.28 KB
Raw

2021-03-26 Interop Primer

Present

  • Justin B
  • e Pavlik

Minutes

JB: I like linking from Primer to the relevant parts of the spec.

EP: Any references to definitions should link to the definition in the spec document

JB: I think we can start simple so that people don't get overwhelmed right from the beginning.

EP: I started with my 'non-trivial' example. But yes we can start simple and build up to it.

Ideas/Features

  • Ability to click on a given resource and go to the snippet (like a definition autolink)
  • Will use physical containment for the infrastructure of the interop hierarchy (aligning with spec), but will also continue to research how we can get "flatter" over time and further leverage shapetree virtual hierarchy for those purposes
  • Include multiple variants of similar scenarios to check if spec covers all those variants (e.g., registration exists during authz or not)

Outline

  • Alice and Bob are collaborating on project data, using different apps for project management

  • Explaining the Agent (Alice)

    • Explaining Alice's profile document
    • Emphasizing privacy focused design (principle of least privilege)
    • Talk about the registry set/registry pattern
    • (Can also tie-in/link to other parts of the primer where this compartmentalization is demonstrated, e.g., application registration flow)

  • Explaining the Application (Acme Project)

    • Explain Application's profile document
    • Emphasize that the profile document is a public manifest that agents in the ecosystem can use to help them make decisions about whether to use the app, the access the app needs, how trustworthy the app is, etc.
    • (Can tie-in/link-to app registration/authorization workflows where this information is employed)

  1. We start with Alice, who has one identity, and one pod that's been bootstrapped

    1. Profile points to registry sets
    2. Pod has been provisioned with empty registries

  2. Alice wants to manage projects and tasks, and has no project/task data (or data registrations) yet in the pod

  3. Alice finds a pod-compatible project management application online

  4. Alice goes through the application request's access flow (from the spec)

    1. Through Alice's Trusted Authz Agent
      1. Alice registers the app
      2. App is going to ask for the ability to read/write project data (she has none yet)
      3. Alice says OK - data registrations are created for that data from authz agent

  5. Alice creates a project - makes some tasks, deletes one, changes them

  6. Alice shares the project with Bob

    1. Go through the Controller Shares Access workflows
    2. Bob gets a receipt pushed to his access inbox
    3. Bob's trusted authz agent processes it
      1. Presents the share to him
      2. Identifies the compatible registered project management application to use (which already has the necessary access to PM data) - he could have the option to use another (like Acme Project), but decides on this one.
      3. Updates his Remote Data Registry
    4. Bob loads up his project management app and sees the remote project
    5. Bob collaborates with Alice in the shared project
    6. Bob has authorization for app to access shared projects (all, whitelist, blacklist)