On Sun, Jul 24, 2016 at 12:35 PM, Ellison Anne Williams < [email protected]> wrote:
> Hi Guys, > > There has been a lot of good discussion lately about signing Pirk objects, > validating, etc in another thread. I would like for us to step back and > consider the trust model for Pirk. > > Pirk is an application that runs within a user's system to provide the > ability to (1) generate a secure query via PIR and/or (2) execute a secure > query via PIR. A Pirk Querier generates a Query object and a Pirk Responder > generates a Response object. For a user system that is running the Pirk > application, these objects are just an output of the application. > > Communication between the Querier and Responder entities is necessary for > the Querier to send the Responder a query (Query object) and for the > Responder to return the results (Response object), but those transport > mechanisms are external to Pirk. User systems running the Pirk application > can choose to communicate with each other in whatever way they would like > to. > > As such, I propose that the authentication of the Query and Response > objects remain external to Pirk. It seems that this is best left as a part > of the access control/authentication of users' systems that are running the > Pirk application and communicating with each other. > > Yes, I agree this is the best way to proceed. I think we should keep focus around PIR and leave this the duty of the user. This also of the same philosophy as the Responder's data access: the > Responder can only execute a query over data to which the data owner has > given it access. This is enforced outside of Pirk -- data access controls > of the data owner for a data user (such as Pirk) are outside of the scope > of the Pirk project. > > Thoughts? > > Ellison Anne >
