| Table of Contents | ||
|---|---|---|
|
...
- Drummond Reed, Evernym
- Darrell O'Donnell, Continuum Loop
- Antti Kettunen
Other contributors MUST also add their name and membership affiliation to the Google doc or wiki page version of the spec as it proceeds through development.
...
As with all layers of the ToIP stack, the purpose of a ToIP specification is to enable the technical interoperability necessary to support transitive trust across different trust communities implementing the ToIP stack. In this case, the desired interoperability outcome is a common protocol that works between any number of decentralized trust registries operated by independent governing authorities representing multiple legal and business jurisdictions. One specific example of this need is the digital trust ecosystem defined by the Interoperability Working Group for Good Health Pass (GHP). The GHP Trust Registries Drafting Group produced an extensive set of recommended requirements for a GHP-compliant trust registry.
PLACEHOLDER for Working Draft Specification
Once the Google doc version of the specification is sufficiently complete, the specification will move here for final review.
Trust Registry Protocol v2 Scoping
The v1 protocol provides answers for three main questions
- Is this Issuer Authoritative to issue a particular credential type under a governance framework.
- Is a Verifier Authorized to request a presentation under a governance framework.
- Does the answering Trust Registry acknowledge another Trust Registry under a governance framework.
The v2 efforts are exploring:
- Early input deck: https://docs.google.com/presentation/d/1qQiYTzFrLE4xMFQmgTMM_K6Op-cD6TsjDvUtiDqVmr8/edit?usp=sharing
DISCUSSION AREA
This area is for posting and discussing topics relevant to this Task Force.
TODO:
- ACTION to Darrell: Move the EU Train and input from Daniel Hardman into Github.
EU TRAIN Project
TRAIN stands for "TRust mAnagement INfrastructure". It is a subproject run by Fraunhofer-Gesellschaft within the EU eSSIF-Labs Project. This quote is from a recent post to the W3C Credentials Community Group (CCG) mailing list by David Chadwick:
...
In the same W3C CCG thread, Daniel Hardman made this point:
I feel like decentralization is running into a difficult tension here: we want to democratize issuance (anyone can do it), but we want to trust a limited set of issuers (or at least, a limited set on any given topic). Anybody can create a COVID test result credential, but we only want to accept them if they were issued by a lab that we have reason to trust. Etc...
One solution to this problem is registries: list trusted sources and have your software check whether the issuer is on approved/accredited list by querying. Of course this re-centralizes around the oracle.
...