Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Meeting Date

  • The ToIP Trust Registry Task Force (TRTF) meets weekly twice every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings for full meeting info including Zoom links):
    • NA/EU 07:00-8:00 PT / 15:00-16:00 UTC 
    • APAC 18:00-19:00 PT / 02:00-03:00 UTC

...

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
1 minReminder - TSWG2 Mailing ListChairs

Reminder that the Technology Stack Working Group has a new mailing list. You need to join this as it involves the new charter that TSWG is operating under. You can do that here:

5 minReview of previous action itemsChairs
5 minService Profiles/Service DiscoveryChairs

Discussion of Service Discovery Task Force (SDTF)

1 minSpec Reviewhttps://trustoverip.github.io/tswg-trust-registry-protocol/#terms-definitions 
10 minsTerminology BroohahaDarrell O'Donnell 

When we query a trust registry to answer "does this registered entity have ______ to do the thing?"
Is it:

  • authorization; or
  • permission

Do I check the Trust Registry for "authorizations" or "permissions"? Given the NIST definitions

Discuss...


NIST (NOTE: NIST has MANY definitions for authorization. Best is below):

  • permission: Authorization to perform some action on a system.
  • authorization: The right or a permission that is Access privileges granted to a system entity to access a system resource.

Note the circular nature of the definitions...

DECISION: ______ will be used with the following definition...
  • an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity.
    • TelegramSam  - leave in "cryptographic function".
    • Andor: does it add clarity (i.e. cryptographic function).
    • debate is about cryptographic vice gov+tech
      • implicit (leave out "cryptographic function" vs. explicit ("action uses cryptography").
    • possible - defer to NIST (leave as is) and see if that breaks thinking/flow.
      • RAISE issue - do we need something else (another term; revised definition).


DECISION: NIST "authorization" will be used as is. 


10 minsSpecial topic #3

5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

...