Secure Data Storage WG - DIF

2 minute read

Webpage - Wiki - GitHub

Secure, encrypted, privacy-preserving storage and computation of data is a critical component of decentralized identity systems. As with identifiers and names must be self-sovereign to the owning entity, a user’s identity data must remain private, only accessible to the entities they allow. DIF members are actively developing specs and reference implementations for provider-agnostic, run-anywhere solutions that provides these features.

  • Mailing List
    • Working Group Wiki

      Create one or more specifications to establish a foundational layer for secure data storage (including personal data), specifically data models for storage and transport, syntax, data at rest protection, CRUD HTTP API, access control, synchronization, and a minimum viable HTTP-based interface compatible with W3C DIDs/VCs.

  • Secure Data Storage Working Group Charter
    • Create one or more specifications to establish a foundational layer for secure data storage (including personal data), specifically data models for storage and transport, syntax, data at rest protection, CRUD API, access control, synchronization, and at least a minimum viable HTTP-based interface compatible with W3C DIDs/VCs.
    • The Identity Hubs and Encrypted Data Vaults documents will be used as a use case, requirements, and technical input for the collaborative effort.

Specs & Projects

The active work items that are underway in the DIF Storage and Compute Working Group

Confidential Storage

  • decentralized-identity/confidential-storage/
  • Latest Editors Draft

    We store a significant amount of sensitive data online, such as personally identifying information (PII), trade secrets, family pictures, and customer information. The data that we store is often not protected in an appropriate manner.

    This specification describes a privacy-respecting mechanism for storing, indexing, and retrieving encrypted data at a storage provider. It is often useful when an individual or organization wants to protect data in a way that the storage provider cannot view, analyze, aggregate, or resell the data. This approach also ensures that application data is portable and protected from storage provider data breaches.

Identity Hubs (Archived)

Encrypted personal datastore for identity interactions and decentralized apps.

  • Identity Hubs
    • Explainer

      Hubs let you securely store and share data. A Hub is a datastore containing semantic data objects at well-known locations. Each object in a Hub is signed by an identity and accessible via a globally recognized API format that explicitly maps to semantic data objects. Hubs are addressable via unique identifiers maintained in a global namespace.

  • System Diagram

Encrypted Data Vaults (Archived)

  • Encrypted Data Vaults

    We store a significant amount of sensitive data online, such as personally identifying information (PII), trade secrets, family pictures, and customer information. The data that we store is often not protected in an appropriate manner.

    Legislation, such as the General Data Protection Regulation (GDPR), incentivizes service providers to better preserve individuals’ privacy, primarily through making the providers liable in the event of a data breach. This liability pressure has revealed a technological gap, whereby providers are often not equipped with technology that can suitably protect their customers. Encrypted Data Vaults fill this gap and provide a variety of other benefits.

Comments by Staticman and Identosphere

Leave a Comment

Your email address will not be published. Required fields are marked *

Loading...