Time | Agenda Item | Lead | Notes |
5 min | - Start recording
- Welcome & antitrust notice
- Introduction of new members
- Agenda review
| Chairs | - Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
- New Members:
|
5 mins | Review of action items from previous meeting | Chairs | |
5 mins | Announcements | TF Leads | News or events of interest to members: - TSWG Plenary after this call!
- All members meeting Wednesday
https://canivc.com - List of implementations of W3C specifications and their current compliance status |
5 mins | Reports | Open | - KERIpy
- Sam Smith working on CESR versioning. Can now create and parse version 2 messages of all events in protocols.
- currently working on group counting codes
- Minor updates to 1.1.x (currently at 1.1.8) release as we discover issues qualifying QVIs and working with existing QVI (Provenant)
- KERIA
- Minor updates to 0.1.x (currently at 0.1.4) release as we discover issues qualifying QVIs and working with existing QVI (Provenant)
|
25 mins | Discussion | Open | - CESR Stream interop examples (Charles Lanahan )
- Sample of generating dicts in python for testing `sizify`
- Philip Feairheller to create repo
cesr-test-vectors to house these new samples
- Idea of using a KERI based OIDC identity Provider
- Why was OIDC created in the first place?
- In support of federated identity
- Convenience... let someone else manage authentication
- It was deemed too difficult for individuals to manage their own key pairs
- So now we have KERI that solves the hard problem... managing keys for unbounded term identifiers
- Once this hard problem has been solved, the reason for federated identity goes away.
- While it seems reasonable to support OIDC for legacy reasons, you are mixing security postures and that is dangerous.
- Daniel Hardman : What is the goal here for EBA with this new pilot.
- Is it to improve the security posture of their infrastructure or to improve convenience of not having to manage accounts.
- We can use this as a test case for explaining the improved security
- Lance Byrd : DPOP - https://datatracker.ietf.org/doc/html/rfc9449
- Public key in bearer token and then requiring presenter of bearer token to sign every request... sound familiar?
|
5 mins | Any other business | Open |
|
5 mins | - Review decisions/action items
- Planning for next meeting
| Chairs |
|