feat: simpler access control model

[nissimsan]

This has two suggestions:

1. Drop the idea of mixing item id and access key
2. Drop the role, this isn't actually Role Based Access Control anyway

[onthebreeze]

Hi Nis.

I'm all for simpler. But lets trigger a broader discussion on this.

1. With respect to the item ID as access key. Perhaps the wording is misleading but the business intent here is that someone who does not physically hold the item cannot see data specific to the serialised item. The publisher of the data doesn't know in advance who will buy the item and so has no way to share some out-of-bounds key. The key has to go with the physical item. Sometimes you cant even put some secret key in the box because there is no box (think RFID tag in cow's ear). So making the item ID un-guessable is a practical way to achieve the business goal. Sometimes (eg cattle) perhaps the only way to achieve the goal. So I'm keen not to delete this one.
2. With regard to role, again maybe misleading language but the business intent is that a data provider may need to provide access to a party that they don't know in advance (eg a recycling plant) but where they can receive evidence that a given requestor has an authorised role granted by some other party they trust. Eg UK government maintains a list of authorised recycling plants and issues the plants with a relevant DIA credential. recycling plant presents the credential when requesting data and the provider says "I dont know you but I can see that UK govt says you are a recycling plant - so here you go". In that case we need to specify what kind of "roles" are allowed - or else the requester might present a valid DIA saying that they are a veterinary surgeon - but that doesn't mean they should get access to data intended for recycling plants.

So if we delete these two features, how do you propose to solve the corresponding business problem?

[nissimsan]

I sincerely regret mixing two suggestions into one!

Per 1) it is the conflation of concerns that bother me with this. My suggestion is to focus on the access key. If implementers choose to use that as an item identifier, they are free to do so. But IMO that is beyond the UNTP spec.

Per 2) OK, I wasn't aware of this intention. Ambitious.

I'm happy to drop this PR, just thought it was worth a discussion.

[zachzeus]

As we discussed in the meeting tonight - maybe we should simplify the page by dramatically reducing its scope for the initial release, and move the more ambitous components to a 'roadmap' for this section. With an invite to implementers and collaborators to help us explore this.