Add existing work to Encrypted Data Vault page

[ipatka]

Add Bloom Vault to the survey of existing work
https://github.com/hellobloom/bloom-vault

In production cloud hosted vault for encrypted data per user device keys. Vault stores claims to be used in verifiable credentials/ presentations. Can be user hosted.

@msporny
Can you provide some details about the ?? fields in the tables below?

Project	In-transit encryption	At rest encryption required	metadata	queries	storage
Bloom	TLS	Yes	??	no	database

Project	Auth	access control	read-write interface	application ecosystem	standards
Bloom	bearer token	??	REST	yes	w3c, own

We also have a 3rd party security audit that we can submit for public use. It's relevant to many of these similar architectures.

[dmitrizagidulin]

@ipatka Here's what the column headings mean:

• At rest encryption required: For all data that is stored in the vault, is client-side encryption of the data required? For example, data that is stored in IPFS - it's not required to encrypt it. (And it's not encrypted, by default.) Whereas for Data Shards, every single block of data is encrypted, that's a requirement.
• Metadata - I'm not actually sure what this column means... @rhiaro ?
• Queries - Does the vault support any sort of queries or searching, on the stored data?
• Access Control - what sort of standard or protocol does the vault use for access control?

Hopefully that clarifies.

[ipatka]

At rest encryption: The data is required to be encrypted within the table. I'll just put yes
Queries: You can get counts but can't search on any data contents or do updates
Access control: A user gets a temporary access token to post or delete data by proving ownership of the PGP fingerprint. The data in the table is keyed by fingerprint.

I'll update the table in the first comment with this info thanks!

[dmitrizagidulin]

@ipatka - What license is bloom-vault source code licensed with?
Also, are is there a spec or docs for the vault API?

[ipatka]

Just added the license and spec to the repo.
Apache 2.0
Spec: https://github.com/hellobloom/bloom-vault/blob/master/spec.md

[ChristopherA]

You might want to reach out to the folk at ZeroDark, including @vinthewrench who are doing interesting parallel work, have good security pedigree (ex-PGP & ex-Silent Circle/Blackphone), and I would really like see join us in the larger DID standards community & ecosystem.

Ask them to read and comment on https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/draft-documents/encrypted-data-vaults.md

— Christopher Allen

On Wed, Aug 7, 2019 at 1:16 PM Vinnie Moscaritolo [email protected] wrote:
I just published an article on medium about my latest project, ZeroDark.cloud a Zero-knowledge sync and messaging framework.

https://medium.com/@vmoscaritolo/zerodark-cloud-enables-a-new-class-of-privacy-focused-applications-17b09a878530

I have docs online at https://zerodarkcloud.readthedocs.io/en/latest/. And the core library is available on CocoaPods.

This might be useful for any iOS/macOS developers - we plan to ship a Android client in near future.

Feel free to ping me with any questions.

Vinnie Moscaritolo
4th A Technologies LLC
https://www.zerodark.cloud
Email: [email protected]
Mobile: 1.541.840.9152

ZeroDark.cloud™
Zero-knowledge sync & messaging

[ipatka]

Thanks! Will reach out to them

[rhiaro]

'Metadata' was supposed to be what format the data about the data or manifest or similar is stored in. In some it's not encrypted, so it's a JWT or something.

[dmitrizagidulin]

@rhiaro ahh, ok. So, I have some thoughts on how we can restructure those tables / that section.