Meeting Date & Time
- This Task Force holds TWO meetings weekly every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings):
- NA/EU 07:00-8:00 PT / 14:00-15:00 UTC
- APAC 18:00-19:00 PT / 01:00-02:00 UTC
Zoom Meeting Links / Recordings
- NA/EU Meeting: https://zoom.us/j/99376159509?pwd=UlNyZWFNbDBnanFPeVBablNzdXpBZz09
- APAC Meeting: https://zoom.us/j/99851532700?pwd=b0dvM0QxdXlCUHBwd21najlNSUN6UT09
(This links will be replaced with links to the recordings of the meetings as soon as they are available)
Attendees
NA/EU Meeting
- Drummond Reed
- Darrell O'Donnell
- Wenjing Chu
- Daniel Bachenheimer
- Neil Thomson
- Kevin Dean
- Tim Bouma
- Vikas Malhotra
- Judith Fleenor
- thomsona
- Jacques Latour
APAC Meeting
- Drummond Reed
- Darrell O'Donnell
- Wenjing Chu
- Daniel Bachenheimer
- Neil Thomson
- Kevin Dean
- Tim Bouma
- Judith Fleenor
- Jo Spencer
Main Goal of this Meeting
To close PRs and issues on the ToIP Technology Architecture Specification so we can be ready to release the First Public Review Draft on Nov 15 for Internet Identity Workshop.
Agenda Items and Notes (including all relevant links)
Time | Agenda Item | Lead | Notes |
3 min |
| Chairs |
|
5 min | Announcements | All | Updates of general interest to TATF members. |
2 min | Review of previous action items | Chairs |
|
ToIP Technology Architecture Specification Review Topics | Discussion of progress on the working draft of the ToIP Technology Architecture Specification (TAS). Links to relevant documents and diagrams:
| ||
5 min | EasyCLA Process | It's easy! Read the EasyCLA Guide and follow it. | |
5 min | Issue #44 and PR #50 — License File | Antti's PR is stuck on a DCO problem. Antti said the PR is now #52. The DCO issue is an attestation from the developer. Antti has made an issue assigned to Elisa. We then discussed the actual license that we need to attach. For copyright, it is Text is CC-BY-SA-4.0. This is all in our WG charter; we can just copy it from there. The other source would be the Good Health Pass. Judith: "Once EasyCLA is fully implemented you can most likely turn off DCO. DCO was turned on because we didn't have EasyCLA in place yet." ACTION: Drummond Reed will close on this with Scott Nicholas. | |
5 mins | Closing PR #49 — PR Contribution Process | Two of the four assigned editors have approved this PR. Can we merge it? Description: Initial governance files of CODEOWNERS, CONTRIBUTING.md, and GOVERNANCE.md. Related to issues: Antti believes this is ready to merge; Andor agrees. DECISION: PR #49 was labelled as last call. | |
10 mins | Issue #31 — Four Layer Diagram | Review Allan's proposed new version of Figure 4. See this evolution of the previous version. Allan presented a new diagram (see screenshot #1 below) as a model diagram to convey the key concepts of what is in and out of scope for ToIP. He also showed Jo Spencer 's diagram that conveys many of the same concepts. Darrell liked Allan's diagram for how it communicates the big picture. Wenjing Chu likes Allan's diagram but said that Figure 4 is the scope of just a single Endpoint System. Jacques Latour likes the diagram but feels it is still too high-level for his own purposes, which need to get into lower-level systems such as DNS. Allan agreed that the model diagram could be more detailed and specific, with a more detailed diagram. Comments:
ACTION: Drummond Reed to propose a structure for a storyline that provides that storyline. | |
15 mins | Issue #10: Definition of "authenticity" (is "integrity" needed?) | Neil will update us on his work on this issue — see this Google doc. Neil explained that there are different definitions of these terms, and they are usually specific to particular contexts. He has also been talking to Henk van Cann about the same issues with related to KERI and ACDC. Drummond had a long talk with Sam Smith and wrote up the following: This paragraph in Neil’s writeup goes to the heart of it: Dan Bachenheimer points out that many readers with security backgrounds will expect to see integrity listed alongside authenticity because they are considered separate security properties. For example, a message could have been sent by an authentic sender, but tampered with in transit so its integrity is lost. Sam’s first point was very simple: if the message was “tampered with it transit”, then it is no longer from the authentic sender. At that point it is from the attacker (who of course will endeaver to make it the message still look like it is from the authentic sender). Sam put it to me this way: There is no concept of data transmission over the Internet where you can establish the authenticity of the data — secure attribution to a source — without having confirmed the integrity of the data. So the resolution seems simple: the definition of “authenticity” when it comes to the ToIP stack and the Layer 2 Trust Spanning Protocol can essentially be: A communication is authentic at ToIP Layer 2 when the receiver can cryptographically verify that it has been digitally signed by the private key bound to the sender’s identifier. Because this form of authenticity is conveyed via a digital signature over a body of content, by definition that digital signature is only valid if the body of content has not been tampered with in transmission. Therefore this form of authenticity inherently includes integrity. If we agree on this point, then all we need to discuss is the PR that is needed to actually close the issue.
| |
10 mins | Trust Registry | Key efforts beginning on the Trust Registry Protocol Specification v2.0.
| |
5 mins |
| Chairs |
Screenshots/Diagrams (numbered for reference in notes above)
#1
Decisions
- Sample Decision Item
Action Items
- Sample Action Item