Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Recording

  • Recording link:
    • Start of session: 7:46
  • Full-Text Transcript: link

Attendees

Jo Spencer, Neil Thomson

Chat Links

Information mentioned in the notes and transcript on Supply Chains

  • VCs/credentials for cross-border trade - link
    • Referenced in project-vckit (reference vc platform using the cross board trade VCs), which is discussed in the following Forum Seminar
      • Future of Digital Standards for Sustainable Supply Chains - link

Main Goal of this Meeting

  • Root(s) of Trust
    • What are the candidates for roots of trust (technical, administrative)?
    • How are they verified (from any point in the ecosystem? 
    • How and why is this important for Issuers (requirements)?
    • Issuers and Trust Registries - an attempt at separating roles and responsibilities, plus overlaps. 
  • Discussion on Supply Chain implementations using VCs (UN/CEFACT)

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
20 minsSee topics, aboveAll 

Summarize points

Using GLEIF as example of an Ecosystem which has declared technical and authoritative/governance roots of Trust.

  • The key aspects of requirements (and governance) of Issuer haven’t changed, which is good news for existing (non-VC) credentials (and should be captured as models for new Issuers who lack a non-VC background).
  • Roots of trust are going to be determined by the authoritative actors in the ecosystem, which need to be well defined, understood and captured within governance.
    • So what are reference examples ToIP should be capturing? GLEIF is our a prime candidate as one of the references.
  • Organizations have a requirement to fit into their ecosystem/supply chains, including all public “touch points (such as public roles within the organization), but internal governance (including roots of trust) are entirely their domain.
    • GLEIF uses a model of needing multiple authoritative signatures (by people in defined roles) on assigning organization identifiers, roles and related credentials. This is in keeping with current organizational practices (financial, including banks).
  • Multi-signatures leads to overlapping/shared responsibilities - complicating
  • The GLEIF model provides for Organization and Role identities, from which rights and responsibilities can be assigned (including public and internal/private roles). Between GLEIF, the vLEI issuer and the LEI/vLEI organization there is a series of certificate/role pairs such that:
    • A certificate is issued by a higher authority to the organization and roles within the organization. 
    • An Organization (LEI, vLEI) acts as a trust anchor/root of trust for roles and actions by roles within the organization or for idenitifying sub-organizations (e.g., parent-child corporation relationships)
    • Roles 
      • Must be a human
      • Have rights and responsibilities, which can include actions on behalf of the organization, and assigning a role to another human
      • Has a certificate signed by the authoritative higher level role which assigned this role


This provides a trust chain of the following as an illustration of a trust change for Issuers through to issuing Verifiable Credentials


Screenshots/Diagrams (numbered for reference in notes above)

For Universal Credential Adapters and Use of Intermediaries Discussion

Decisions

  • Sample Decision Item

Action Items

  • Sample Action Item


  • No labels