Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Meeting Date

  • The ToIP Trust Registry Task Force (TRTF) meets weekly twice every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings for full meeting info including Zoom links):
    • NA/EU 07:00-8:00 PT / 15:00-16:00 UTC 
    • APAC 18:00-19:00 PT / 02:00-03:00 UTC

Zoom Meeting Link / Recording

...

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
5 minReview of previous action itemsChairs
20 minsStep Back 

Discuss status of group

Step back: 

  • Neil Thomson : Need to be clear on terminology. Do I trust your DID, key rotation, etc. What are the words, terms, and requirements. 
  • Drummond Reed : Building a mental model right now in concepts and terminology. Point to here: 
  • Jo Spencer : Use of a mental model is critical. Life cycle modeling on trust service. Trust services. Not focused on trust decisions. 
  • Eric Drury : Do we have know what a trust registry is? We are making things verifiable. 
    • I think the “need’ for a true registry responds to the human desire to “see” things, or be able to go through the act of verifying (not simply relying on someone/something telling you that blah blah blah cryptography magic) “. So I think a very important part of this is the UI, the ability of humans (or their agents) to “assist parties in making trust decisions”
  • Neil Thomson : Is there a missing piece that needs to sit on the TA technology. Trust Fabric. How do I register with. How do I get to the appropriate registry? How do I prove to people I belong here. Trustable entities vs. Trustable Data. How many TR's do I need to talk to. How do I know where the data came from? Data processing hierarchy. Who signed off? Process controller. Whole series of stacks of things. Do I trust your key management. What are the components and responsibilities? 
    • What part of the "Trust Fabric" is outside the scope of Trust Registries>>
    • Mutual trust recognition is another type of "Trust Service"
  • Jo Spencer : VDR are one component of the services. Automating mutual recognition between different jurisdictions. Rule sets to define that allow formal equivalence. Ecosystem of verifiable credentials. Many components defined: keep this scoped for TR but there will be other things outside of TR.  
  • Drummond Reed +1 to Automating mutual recognition between different jurisdictions. Might need another TF. Keep this focused on cross registry tasks.
    • The two points I want to make (to help Andor with the notes):
      • 1) The definition of TR in V2 will likely be more generalized than in V1.
      • 2) TRs can be needed to assist parties is making trust decisions about other parties at any layer and for any aspect of the ToIP stack — not just for issuing and verifying digital credentials.
30 minsTRTF Deliverables
https://github.com/trustoverip/tswg-trust-registry-tf/discussions/61
55 minsScoping discussion

Darrell O'Donnell  Intention of TR Protocol is really about making decision on issuers & verifiers & DIDs involved. Trust Registry Protocol scope is clearer & what is the bigger trust decision scoping.

Tim Bouma we may have been mixing trust decision as a process & as an input. Simple model but needs to support different upstream models. Can't delegate accountability, but we can delegate responsibility.

Antti Kettunen draw notice into discussion https://github.com/trustoverip/tswg-trust-registry-tf/discussions/61 and the Trust Task & Trust Spanning relationship. Trust Decision as a Trust Task is an abstraction from Trust Registry, because there may be other sources and inputs for the trust decision than the registry.

Scott Perry advocate that we don't go into domain of trust decision. We need to create a range of values or inputs where governance authorities can make trust paths in their contexts. We can't allow the process to make the decision. We need to provide inputs that ecosystems can take and use in the trust process they're making. What are the variables that help gov authorities and interoperability agents.

Drummond Reed lots of discussion going to happen in the TSTF. Trust Decision should be out of scope from us. Trust Decisions can have hundreds or thousands of inputs. Some may not even have anything to do with ToIP. It's critical that we provide inputs but not actually make the trust tasks. Trust Registry Protocol is to obtain SOME of the inputs for the trust decision to happen.

Daniel Bachenheimer in biometrics world we have probabilistic matching and machine makes a trust decisions, which are inputs to human decision. It's up to us to define the technological inputs to human trust. Trust decision rules may be very different for each context / query. 

Andor how does one get the inputs to make the trust decision. Essentially the Trust Decision defines the context and input requirements (e.g. from trust registry)
See: https://github.com/trustoverip/tswg-trust-registry-tf/discussions/68#discussioncomment-4851094

Steve McCown we're using trust in different ways. Trust doesn't imply that a certified doctor is a good doctor. It all depends on the questions we ask. To keep in mind what it is that we're embodying. 

Antti Kettunen tried to summarize some key points:

1) Terminology & glossary needs work. We need to define all key terminology before moving forward to avoid confusion

2) Trust Decision is not about the decision per se, but about giving the decision maker tools and ability to define context & input requirements to make that decision (Maybe "Trust Decision Support" then?)

3) Trust Registry as one type of input for the trust decision. Others may be things like direct authorization challenge, additional credential request, etc.


(APAC) Key Attestation 
  • Trust registry types? - Issuers, Verifiers, Credential Types (and Versions), Wallet Types (and Versions), Use Cases (and credential types used), Charges (value exchange), Exception definitions, Organisations (VON)….
    • Be careful not to have prescription. 
    • Lean onto existing governance of ecosystems.
    • Understand DID methods for what use case
  • Neil Thomson : There is also likely a dependency between trust registries (e.g. DID/Key trust required -> VC Trust Registries -> Service/Verifier Trust Registries -> Specific Service TR …..>
  • Drummond Reed two models for how a TR might operate or be governed. Simple model in V1. Single issuer view. 
  • Neil Thomson
    • Context is critical for TRs...
    • And as Jo Spencer - ecosystem will tend to be a collection of contexts and/or context variations
  • Jo Spencer : Context for centralized or decentralized. Depends. 
  • Neil Thomson : Jurisdictions are gonna have their own : "how do I verify a DID". 
  • Drummond Reed This leads us into the concept of *trust networks* ;-) <ducking>
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

Drummond Reed We need really precise definitions of both of those terms (“verification” and “validity”) as we move forward with this task force (and for the ToIP stack as a whole). Concepts & Terminology brings tools and process to TRTF to help defining the terminology.

...