2023.08.08/09 IGRTF Meeting Notes

Zoom Meeting Link / Recording

Attendees

  • Aug 8 - Call included Neil Thomson, and Sankarshan, who had general discussions and closed the call without capturing notes, deferring to the NA/EU call on Aug 9
  • Aug 9 - Neil Thomson, Sankarshan, Karla McKenna, Philip Feairheller, Steven Milstein

Main Goal of this Meeting

Agenda

  • Review Assignments (Karla McKenna, Phil Feairheller) GLEIF - review Issuer Requirements Related Documents from the perspective of GLEIF’s experience as an Issuer and developing governance for Issuers (and the Ecosystem supporting an Issuer)
  • Discussion of the above, plus the Issuer Requirements Documents and next steps/action items:
    • Minimum Viable Credential Policy Template for Verifiable Credentials.docx
      • Nov 2020 template for overall credential policy, imported into Issuer Req TF folder April 2023
      • There is a problem with this document - a search revealed that there are two versions in the ToIP folder space; one is marked as a Scott Perry Document, which is also marked as  Shared, which, particularly from looking at the comments (which are different in each) that this shared version is a separate copy from the one in the Issuer Requirements TF folder of the same name. The Shared Copy (to which most of the comments were made, including the work in today’s NA/EU meeting) has been copied to the ToIP/GSW/Issuer Requirements folder as:

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:

APAC CallAllAs only two attended (Sankarshan, Neil Thomson) only general discussion then close the meeting in deference to attending the NA/EU call

NA/EU CallAll

The meeting was in adding GLEIF comments (and group discussion) to the MVC “shared” document (see notes above as to the most current MVC document in the ToIP Issuer Requirements Folder - the “formerly Shared Copy” version). See the recording and transcript for details. 

While reviewing each comment, there was a discussion on the MVC and ToIP Iss Req 1st draft document, some of which is captured here.

The MVC and ToIP Iss Req documents are substantially different documents. It is understood that the ToIP Iss Req (is different from the MVC) as it leveraged an existing x509 certificate issuance document. They are also highly prescriptive and detailed. 

Specific comments, from the meeting transcript:

Philip Feairheller: Yeah, I think that I'm missing the scope of what an Issuer requirement specification was intended to be, because as I'm looking at the newest working group draft (ToIP Issuer Requirements), dated Aug 1, 2023, there are very specific actual requirements for issuers, where some of which I completely disagree with, like referencing W3C verifiable credential stuff, as opposed to a specification that explains to people how to write requirements, issue requirements for an ecosystem governance framework. That's the model that Karla and I took when approaching these comments. Not that this group should be documenting requirements for Issuers, but that this group should be helping people guide people in how they create issuer requirements for their ecosystem.

Karla McKenna: and what topics and aspects of requirements should be covered?

Sankarshan: And we need to be more lightweight than a 50-page requirements document (template) which potential adopters may choose to disregard.


Suggested Actions/Next Steps
  • All to review the MVC document and the Aug 1 ToIP Issuer Requirements.docx file 
  • Group discussion on resolving the following points
    • What does a useful basket of documents and templates including:
      • Overview
      • “how to think about governance”, how to think about Issuer tech and governance requirements”
      • Example prescriptive requirements documents (e.g., for ToIP based on GLEIF ACDC, W3C, etc.)
    • Suggest part of a simplification of Issuer Requirements is to decompose Issuer requirements into:
      • Issuance - assembling and performing due diligence on input credential-related data/metadata, producing the VC metadata/data set ready for packaging using a VC format
      • VC creation based on Issuance output
      • VC Operation & Lifecycle management
      • Ecosystem Requirements which apply to Issuer and other components (Verifier, holder), such as
        • Key management
        • General Ecosystem Infrastructure requirements












Screenshots/Diagrams (numbered for reference in notes above)

#1


Decisions

  • Sample Decision Item

Action Items

  • Sample Action Item