Meeting Date & Time
This Task Force meets every ________________. There are two meetings to serve different time zones:
- NA/EU meeting: 08:30-09:30 PT / 16:30-17:30 UTC
- APAC meeting: XX:00-XX:00 PT / XX:00-XX:00 UTC
See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.
Zoom Meeting Links / Recordings
- NA/EU Meeting: <insert Zoom link from ToIP Calendar entry here>
- APAC Meeting: <insert Zoom link from ToIP Calendar entry here>
NOTE: These Zoom meeting links will be replaced by links to recordings of the meetings once they are available.
Attendees
NA/EU:
APAC:
Agenda Items and Notes (including all relevant links)
Time | Agenda Item | Lead | Notes |
3 min |
| Leads |
|
2 min | Review of previous action items | Leads | |
5 mins | Update on Microsoft did:x509 spec | Eric Scouten spoke with Maik Richards at Microsoft, who expressed support for our TF taking over this work but is unable to join us. Working with Judith Fleenor to ensure IPR is compatible. | |
20 mins | Artifacts for X.509 DID at CIRA. DNS records, TLS, etc. | Anchor identifiers in DNS names. We all use them. Goal is to map X.509 cert to a domain name. SAN field can perform that mapping. did:web is similar; there's a domain name that can be trusted to be unique and it contains a public key. Can map public key component (or hash thereof) of X.509 to a TLSA record. An X.509 field with a SAN field can be matched to the public key in the DNS. If so, the VID can be considered authentic. DNS is useful because it is global today. DNS can host trust registry affiliation. VID can be identified as part of a specific trust registry (C2PA, etc.). Jacques Latour working with Jesse Carter to build a demo. A document/blob is signed by an did:x509 VID and identify the trust registry affiliation. Work that is being done on did:web applies in the same manner and can provide an additional layer of authenticity. DNSSEC answers concern about (plain) DNS being clear-text and thus easily tampered with. DNSSEC adds an RRSIG signature to DNS replies that ensures trust chains back to IANA (trust root for top-level domains). (Watch recording starting at about 15 minutes for Jacques' slides.) did:x509 should really be about answering the question can you trace a did:x509 through to the X.509 itself to a trust registry? Will ask Jesse Carter to do a demo in an upcoming meeting. Question raised about comparison to did:web – are they meaningfully different? A: Conceptually similar, but shift in emphasis on where the identity is expressed. Example of did web https://trustregistry.ca/.well-known/did.json/ | |
15 mins | Topic #3 (open) | ||
5 mins |
| Leads |
Screenshots/Diagrams (numbered for reference in notes above)
#1
Decisions
- Sample Decision Item
Action Items
- ACTION: Eric to summarize Drummond's e-mail with his feedback on the MSFT spec and add to meeting notes here. (Carried over from 2024-01-11.)