2021-04-29 Governance Framework Drafting Group Meeting Notes

Attendees

  • Co-Leads: Drummond Reed
  • ID2020 PM: Todd Gehrke

Participants: 

  • Scott Perry 
  • Darrell O’Donnell  
  • Jacques Bikoundou  
  • Sevita Farooqui  
  • Kaliya Young 

Agenda Items

  • Update on the IATA Q&A session earlier today
  • Update on ToIP governance meta-model terminology
  • Review the completed GHP EGF Primary Document sections
  • Discuss the remaining Primary Document sections
  • Discuss the Risk Assessment and Trust Assurance sections
  • Agree on writing assignments for the next 72 hours to complete our draft by Monday
  • Volunteers to review RFC 2119 statements in other DG reports

Presentations -

(PDFs posted)2021-04-29 Governance Framework DG Meeting.pdf

Notes

1. Welcome and Linux Foundation antitrust policy

IATA Feedback from call this morning. Didn’t get through all the questions. We will have another meeting. 

Got some input on Trust Registries and Rules Engine.

[Darrell] High the pla for embracing the other formats such as EU and WHO certificates

Need to support recommendations 

Other key takeaways - 

  • Seemed IOTA was overwhelmed by the diagram. 
  • Some IOTA people couldn’t make the call
  • Mathew from IOTA data standards group was there and was able to address questions.

[Drummond] We are trying to publish a ToIP GF model for the airline industry. They are placed into the end of the document that contains the IATA questions.

IOTA and Tamatic might be hosting a TR but we are not sure that is true.

[Savita] Sensed hesitation to have IOTA host the rules but would rather have a go no-go result presented to the airlines.

[Kaliya] Document releases might be delayed 

Pushing to have everything done by Tuesday

    1. [Drummond] Only so much we can do because we will be importing policies based on the other documents. Pretty sure we will be done by Monday
    2. Updates to the ToIP governance frameworks documents to include Mandates, Recommendations, and Options
    3. [Drummond] Leading document review section by section.
      1. Control documents are created when you need them to be modular 
      2. So far the Glossary is the only control document being split out
      3. We will need to link some supporting documents from the main GHPC Governance document. - Such as those that include policies for lower level ecosystems
      4. It is best if a Governance authority can see a 100% of what they need to conform to in one document.
      5. More harmonization when the other drafting groups are done.
      6. Still need to work on general requirements Extensions and Revisions
      7. Revision quest is who is going to maintain this moving forward.


  • We need to identify the governance authority. Who will maintain and enforce this moving forward.


  1. We can make recommendations for the process part but the structure part, the who needs to be identified.
  2. GHPC is being named as a placeholder with a process to pass this responsibility off to a long term organization.
    1. Charter
    2. By Laws
    3. GHPC needs to put this out to establish a collaborative
  3. [Savita] Present a spreadsheet that lays out roles and responsibilities of a GF. It also touches on incentive models. This was developed for interoperable goventance for blockchains. - A copy will be shared that we can modify or barrow content from.
  4. Talked about conformance reporting and auditing for the governance model.
    1. Can be a self asserted performance report
    2. May just be a site that host the reports
    3. This would indicate that a URL is dedicated to the governance framework.
    4. MUST Document if you conform to all the mandates 
    5. MUST document why you don’t conform to recommendation
    6. If you use a option document why you chose that option.
  5. [Scott] We also need to focus on the revisions of the trust assurance framework. This is hard to do after the fact. - Learned from Sovrin.
    1. This can be bare bones minimum
  6. We need more recommendations for the general recommendation. This is typically a small set of general requirements.
  7. What belongs in the control document section.
    1. GHPC Risk assessment
    2. Need to tie risks to the must statements in the GF
  8. We are doing the 30, 90, 180 day recommendations as a separate document.
    1. We want to make sure the 30 day is a realistic goal that a vendor can comply with.
  9. [Scott] Shared the risk assessment process <Diagram> and document
    1. Midicate
    2. Avoidance
    3. Accept
  10. Full disclosure from a risk standpoint! 
  • Next steps

       

Action Items

  1. TBC