...
The GSWG meets bi-weekly on Thursdays at 11:00-12:00 PT / 18:00-19:00 UTC. Check the ToIP Calendar for meeting dates.
Zoom Meeting Link / Recording
Attendees
- Scott Perry
- Carly
- Daniel Bachenheimer
- Kabir Maiga
- Ralph Claar
- Keerthi Thomas
- Judith Fleenor
- Mary Lacity
- Savita Farooqui
- Drummond Reed
- Simon Forster
- Steven Milstein
...
Time | Agenda Item | Lead | Notes |
5 min |
| Chairs |
|
5 mins | Review of action items from previous meeting | Chairs | |
5 mins | Announcements | HOME OF SECURE IDENTITY AND TRUST | Identity Week America 2023 | 3 - 4 October 2023
| |
30 mins | Update from Attraction Pass Task Force | Kabir Maiga | Kabir Maiga from the Attraction Pass TF presented the progress made on the "Attraction Pass" where visitors can receive or purchase passes in the form of verifiable credentials (VCs) to gain access to various attractions in a city. These attractions could include museums and other places of interest. The focus is on implementing a ToIP stack and utilising SSI principles to ensure security and privacy. |
5 mins | Any other business | ||
5 mins |
| Chairs | Next Plenary meeting Thursday September 21, 2023 11:00PT |
Meeting Notes
[Generated using ChatGPT and meeting transcript)
Kabir's presentation revolved around the concept of a 'Attraction Pass' for accessing attractions. The main points of his presentation were:
Introduction: Kabir introduced the idea of a digital pass that would allow visitors access to attractions. He highlighted the benefits of such a system in terms of convenience and data collection.
Authentication and Authorization: He discussed the challenges of ensuring secure and interoperable authentication and authorization processes. He emphasized the need to prevent unauthorized access while ensuring visitor privacy.
Stakeholder Roles: Kabir identified the various stakeholders involved in the system, including visitors, attraction staff, sellers, and resellers. He explained their roles in the process of purchasing, presenting, and verifying the digital pass.
Process Flow: He presented a multi-step process, from purchasing the pass to presenting it at the attraction. He explained how IoT devices could be used for verification at the attraction's entrance.
Verifiable Credentials (VCs): Kabir proposed the use of verifiable credentials to represent the digital passes. He explained that these VCs would contain necessary information about the pass holder and their access entitlements.
Pass Structure: He discussed the potential structure of digital passes, whether they would be sold individually or as bundles for accessing multiple attractions.
Interoperability: Kabir emphasized the importance of interoperability between different systems and stakeholders. He highlighted the need for standards to ensure seamless communication and operation.
Digital Signatures and Audit Trails: He mentioned the use of digital signatures to sign passes and create audit trails. This would help in tracking the issuance, transfer, and use of passes.
Benefits of the System: Kabir discussed the benefits for attractions, such as better visitor insights, as well as the potential for partnerships between attractions.
Challenges and Mitigations: He addressed challenges including technical issues, privacy concerns, and fraud. He suggested mitigation strategies for each challenge.
Future Scope: Kabir talked about the future possibilities of the system, such as integrating with accommodation providers or transportation services.
Conclusion: He concluded by emphasizing the need for a well-designed, secure, and interoperable system to ensure the success of the digital pass concept.
Overall, the presentation outlines the conceptual framework of the "Attraction Pass" program and its key components, including verifiable credentials, agent wallets, offline capabilities, privacy considerations, and more. It aims to provide a clear specification for implementing the program while leveraging SSI and trust over IP principles.
DISCUSSION
Daniel Bachenheimer raised several points related to authentication and authorisation for access control in the context of a digital pass for attractions. He emphasised the importance of both authentication and authorisation, particularly for scenarios involving children or specific age-related access. He also expressed concern about preventing misuse, such as using child tickets by adults, and highlighted the need for strong biometric authentication. Dan also touched upon transferability and potential scalping issues.
In response, Kabir Maiga acknowledged Dan's feedback and noted the relevance of integrating both authentication and authorisation into the access control process. Kabir also mentioned that interoperability through standards would be crucial in the design.
The discussion then shifted to the roles of various stakeholders, including Bob (the visitor), Charlie (an attraction staff member), Alice (who sells passes for the attraction), Steve (an authorized reseller), and Frank (who sells concessions within the attraction). Kabir explained the steps involved in the process, starting with Bob purchasing a pass, presenting it to Charlie, and the use of IoT devices for verification. The discussion also explored the idea of signatures and their audit trail for tracking who sold the passes.
Drummond Reed and Scott Perry further delved into aspects such as the rationale for separate signatures by the issuing agent and the issuer, potential privacy concerns, and the tracking of sales. Savita Farooqui sought clarification on how passes sold by authorized resellers for multiple attractions would be structured, whether as a single verifiable credential (VC) for multiple attractions or multiple separate VCs.
Kabir explained that the payload of the pass would contain the VC itself, and Steve could bundle multiple attractions into a single VC or sell them as separate VCs. The conversation also touched on presentation formats, including visual, wireless, and paper passes. Overall, the discussion centred on authentication, authorisation, roles, and the structure of passes within the context of attraction access control.
Screenshots/Diagrams
Action Items
...