Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TimeAgenda ItemLeadNotes
3 min
  • Start recording
  • Welcome & antitrust notice
  • New member introductions
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
2 minReview of previous action itemsChairs
  •  ACTION: Drummond Reed to put on the agenda of the next TSPTF meeting the topic of Samuel Smith giving a full-length example of how dynamic risk assessment works using KERI.
5 minsUpdate on the Identifier Traits topic

At our 2024-06-26 meeting, we discussed the topic of "Identifier Traits" raised at DICE raised by Jan Christoph Ebersbach (known as "JC"). See this Github Gist page for a summary.

We agreed at that meeting that the TSPTF focus was on appraisability frameworks for dynamic appraisability of a VID, but that we would welcome work on a generalized set identifier traits that could feed into our appraisability framework.

Drummond will give a brief updated on the Identifier Traits work going to the DIF Identifiers and Discovery Working Group co-chaired by Markus Sabadello.

40 minsKERI example of dynamic risk assessment of a VIDSam Smith 

Sam presented a use case for how real-time appraisal of a VID can work using KERI, highlighting why dynamic appraisability is important and how it enables a validator to make a live appraisal thereby protecting themselves from a compromised or malicious controller.

Screenshots #1 thru #9 below capture selected slides from Sam's presentation.

In the Q&A, Sam clarified that key event logs (KELs) that use interaction events and key delegation are the ways that key management infrastructure can be scaled to millions of transactions in a short period.

Sam explained how the current bearer-token-based code signing used by companies by Microsoft is subject to (and has been) compromised by an attack on a bearer token. With KERI key management, the exact key that was compromised (and the exact key controller) can be identified and recovered.

Neil Thomson: "This suggests that on any interaction between VIDs (2 party) that they regularly perform a Live Assessment (e.g. once a day, every XX transactions)". Drummond agreed.

5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

...