Time

Agenda Item

Lead

Notes

5 min

• Start recording

• Welcome & antitrust notice

• Introduction of new members

• Agenda review

Chairs

• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

• New Members:

5 min

Review of previous action items

Chairs

15 mins

Issue/PR Review

https://docs.google.com/spreadsheets/d/1UTzCvFr8np652cnyt-WB3R3TjYjZdL0egw5wX5b5Pf0/edit?usp=sharing

Consider use of "DID method enum" spec ← This is going to be paired with existing work.

https://github.com/trustoverip/tswg-trust-registry-protocol/issues/61 ← this has a PR now.

https://github.com/trustoverip/tswg-trust-registry-protocol/issues/58 ← needs follow up.

https://github.com/trustoverip/tswg-trust-registry-protocol/issues/56 ← blocked by a common data model

https://github.com/trustoverip/tswg-trust-registry-protocol/issues/21 ← aligned to the work we are doing today on the common data models.

https://github.com/trustoverip/tswg-trust-registry-protocol/issues/4 ← responded. moving this along.

10 mins

Previous TRTF Call Review

Andor Kesselman

Recap on the common data model and previous call around authorization data model. 9 Open PR’s, including a versioning change. Needs to be merged.

Drummond to point finding some folks to

10 mins

Previous TRTF Call Review

Andor Kesselman

• Triples Model → SOP is nice. Too abstract. Selling the TRQP as SOP is complicated. What triples models is doing is generally aligned even if expressed differently in the APIs.

  • Authorization Queries

  • Trust Relationship Queries

• Which order matters?

  • [ DO ] Starting point is the governance framework.

  • Open object you are asking about is the entity you’re asking about.

  • Subject is the governance framework that is the authorization you are asking.

  • Subtle Point : bootstrapped process.

  • Same trust framework can manage 100’s of frameworks.

  • OOB discovery.

  • WHOIS queries.

  • Another lens : When he applies APIs.

  • Terminology Question:

  • What is the statement called?

    • Authority Statement

    • Authorization Statement

    • More accurate

      • seems like it comes from the legal world: "An authority statement is a document that establishes the authority of a person or entity to act on behalf of another party

      • Richness of statements

      • In OIDF : Subject and Predicates

      • EU

        • Query : Trust Service Providers

        • Are you a trust service provider?

      • Simple string.

      • Important thing to think about with merged ecosystem foundry groups.

• Implementation Guides Not Necessarily Need To Here

• GAN may share the yellow.

• Red is out of scope.

• Like the idea that GAN will pilot the yellow.

• First do one and see if it is replicatable.

• Don’t include in registry until it’s tested.

• Want to bring things onto

• Consumer Implementation :

Image Added

10 min

Supplementary Assets

Andor

Need a spot to put supplementary assets.

• Reference Implementation

• User Guides

• Profiles

• Implementation Guides

Drummond Reed : Raised that W3C Called Note : Published by W3C Working Groups. Doesn’t require. No official weight. No approvals. If no strong objections. Don’t get consumed with producing notes. Not the core work.

Darrell O'Donnell : Notes might be useful unless we can point to real world use cases. ToIP group may pull it in.

Eric Drury : Anything that can get traction.

Darrell O'Donnell : Don’t want to burden ToIP.

15 min

TRQP Profiles

Andor

Image Removed

https://gist.github.com/andorsk/3c1f1d869644d4d0c58f9cb3f78028b5

Data Interaction Patterns and Abstract Data Model : Closing in on a few results with a few open questions: 

1. Requirement for the ecosystem to maintain full state at a single registry ( therefore no traversal requirements ). This means that multi-hops are not supported. A query is a parallel query to the EGF and to the registry with the entity information. 

2. Authorization string is bound to an EGF, but no global uniqueness requirements. 

3. Authorization Data Model ( i.e information about the authorization itself ) was not discussed. Open question of whether this is within scope. 

4. Authorization State : Requirement to abstract TRQP-3 to non HTTP model. 

5. Mostly aligning on triples model. Context may be necessary. In discussion.

Image Removed

30 mins

TRQP Common Data Model Work 

Andor

a7fcfa75d178f51cbe6dd9cc9224b772#restfuldid-based-trqp-profile

Darrell O'Donnell : This is a note level thing. Acknowledge them and make them aware.

Antti Kettunen : DID Methods. DID Core ( Base Specification ). Profiles are like methods.

Antti Kettunen Base specification needs to be a real standard. Should eventually push to SDO.

• Better traction in W3C, ISO, etc.

• IETF is good but too engineering driven.

• What SHOULD or MUST be in the spec.

  • V1 Must state the RESTFul HTTP

• Drummond: Bindings belong in the specification.

• What needs to be in the profile vs. specification.

• Darrell : The call on the API side.

26th is off! 2nd off.

9th coming back.

Antti : Closer to business cases the more accurate/restrictive you need to be. Layers need to be understood here. Ecosystem specific profiles in between?

Andor : Closest is OpenID Stack and HAIP Profile

Antti Kettunen 3 specification layers after the profiles

Eric Drury : Question for use case

Examples of the 3 layers I mentioned (in EWC):

1. EUDI Implementation of OID4VCI: https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/ewc-rfc001-issue-verifiable-credential.md  

2. Payment Wallet Attestation: https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/payment-rfcs/ewc-rfc007-payment-wallet-attestation.md  

3. (if VISA would implement this in their network): “VISA Payment Wallet spec”

Image Modified

5 mins

• Review decisions/action items

• Planning for next meeting 

Chairs