Meeting Schedule
- Bi-Weekly at 8:00-9:00 am PDT / 11:00-12:00 am EDT / 15:00 – 16:00 UTC / 17:00 - 16:00 CEST
Attendees
- Eric Drury
- Carly
- Feng Hou
- Charles Lanahan
- Drummond Reed
- Neil Thomson
- Scott Whitmire
- Jordan Evans
- Darrell O'Donnell
- Steve Magennis
- Judith Fleenor
- Stephen Curran
...
Time | Agenda Item | Lead | Notes |
5 min |
| Chairs |
|
1 min | Announcements | TF Leads | News or events of interest to EFWG members: |
5 min | Review of action items from the previous meeting | Chairs | Bhutan NDI Case Study update |
40 min | IIW Recap | All | Sessions or content that we'd be interested in hearing about:
|
5 min |
| Chairs |
Recording
Notes
AI notes - coming
TDW - Trust DID Web is a new DID method but doesn't get DID doc from HTTP location but instead you get a log of all the entries of the changes of the DID doc. Every line is tied to the previous via a hash of the entry. The controller determined according to DID spec who much sign every transition. Very similar to DID: webs, but the difference is the transition state is the DID doc. Can you pre-rotation of keys. Next step, take the spec to a task force to evolve the specification. This DID has portability that lets you move the location of the DID, this changes the DID but the SCID (self certifying identifier) plus the history stays the same. Combine with high assurance DNS as with DID:webs will work the same. Long term storage - 30yr+, what kind of archival storage for this information?
...
Eric Scouten at Adobe also co-chairs the X.509 VID Task Force at ToIP (meets every other week, Thursdays 8:30AM PT—I attend most meetings). The goal is to build a bridge between X.509 certs and decentralized identifiers (DIDs/VIDs) so that an ecosystem or an issuer does not have to choose one or the other. After researching all the options, it has become clear the best one is also the easiest: just publish a DID/VID in the Subject Alternative Name field of the X.509 cert. That makes it easy to go from the cert to the DID/VID. (To go in the other direction—from the DID document to the X.509 cert—there are several options, including putting a specific service endpoint type in the DID document.)
To do a sanity check with the IIW community on this design and on the value of an X.509-to-DID/VID bridge, on Thursday Eric and I called a session together with WebTrust auditor Scott Perry and BC Gov architecture Stephen Curran (who had already given his Last Great DID Method session). We had a number of X.509 savvy architects and developers attend, plus a woman from Digicert who used to work on X.509 at Adobe.
AI notes from meeting transcript:
The document is a detailed transcript of a meeting discussing advancements and concerns related to digital identity standards, particularly decentralized identifiers (DIDs) and their interaction with various protocols and specifications. Key highlights include:
- **Architecture Comparison**: Drummond Reed clarified that TDW uses a simpler version of the architecture used by did:webs, focusing on a self-certifying identifier (SCID) to address security and portability challenges.
- **Implementation and Compatibility**: Stephen Currran shared links to the TDW specification and its implementations in Typescript and Python. Discussions also covered compatibility with the Trust over IP (ToIP) Trust Spanning Layer and various identifier systems like VID.
- **Standards and Specifications Discussion**: Drummond Reed overviewed several trust and identity standards, including EBSI Trust Chains, ToIP Trust Registry Protocol, OpenID Federation, and Credential Trust Establishment. Each has unique attributes suited to different needs in the identity verification ecosystem.
- **Future Considerations**: Neil Thomson highlighted the need for interoperable and secure data storage solutions for credentials to avoid management issues across different platforms.
**Action Items**:
- **Review and Feedback**: Participants are encouraged to review the linked TDW specifications and provide feedback, particularly regarding their implementation and compatibility with other systems like VID and TSP.
- **Community Engagement**: Drummond Reed and Eric Scouten plan to engage the IIW community to evaluate the proposed X.509-to-DID/VID bridge design for viability and value.
- **Further Research and Development**: There's a call for continued exploration of how various trust and identity standards can coexist and support each other, ensuring seamless interoperability and security across platforms.
These action items aim to drive the next steps in the development and integration of these digital identity standards and to ensure broad acceptance and compatibility within the community.