2021-04-15 Governance Framework Drafting Group Meeting Notes

Attendees

  • Co-Leads:Drummond Reed
  • ID2020 PM: Todd Gehrke

Participants: 

  • Scott Perry 
  • Darrell O’Donnell 
  • Saveita Farooqui
  • Jacques Bikoundou 
  • Julian Ranger 
  • Kaliya Young 
  • Sankarshan 
  • Julian Ranger

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeChair
XY minTopic ATBC
XY min

Topic B

TBC

XY min Topic C TBC
3 minWrap upChair 

Presentations -2021-04-15 Governance Framework DG Meeting.pdf

(PDFs posted)

1. Welcome and Linux Foundation antitrust policy

Notes

April 15, 2021

  1. [Kaliya] updates from the Closed Loop Summit
    1. Role of proxy issuers is a topic which came up at the discussions; [Drummond] is ‘proxy issuer’ being used; ‘secondary issuers’ has been the one using. [Kaliya] health pass issuers could be secondary issuers whereas proxy issuers have a direct relationship with labs and are creating credentials in wallets. The lab itself does not issue but the app maker obtains the credentials from the labs and signs it digitally. [Darrell] likes the term but the definition being used might be restrictive - they are doing it as a service for someone (as a ‘proxy’)
  2. [Drummond] agenda items
    1. Last meeting before IIW (next week); need to gather for figuring out specific topics we’d want to present at IIW
      1. From Scott
        1. ToIP Metamodel
        2. GHP efforts to use the ToIP MetaModel to solve a real business problem
    2. ToIP Governance Metamodel has been further refined based on feedback originating from the GHPC
      1. Biggest change has been terminology - originating from rules/rules engine in the context of governance. Was previously used in a generalized aspect. With the specialized topic of rules/rules engines originating from GHPC, this needed to be replaced by a more specific and non-technical terms
      2. [Scott] In the GHPC Glossary, the term ‘Directive’ has now been defined. The challenge in all GFs, the actions being taken by GAs are an amalgamation of a variety of things. Directive as a term provides a category for these. GAs make more than just Policies within a GF.
        1. Drummond - has reviewed the entry for the word on Wikipedia to determine the usage in policy context
        2. Machine readable (rules) and Human Auditable requirements (policies) are the 2 aspects which need to be differentiated - specifications are a combination of those
        3. [Scott] What about the SHOULDs when the requirements are are the MUSTs see RFC 2119
        4. Governance and Business Requirements have been added as emerging from the discussion today
          1. [Savita] Business, Technical Requirements and Operations - reconciling with the IEEE P2145 work that is ongoing.
          2. [Drummond] Should a category for UX requirements be added; [Savita] Customer Experience/Journey along with incentives (positive/negative)
          3. [Todd] Enforcement - would that not need engaging at requirements across specific jurisdictions?
      3. [Scott] Risk Assessment and Trust Assurance have been separated because they are separate. ‘Certification’ has been removed since it is part of the TAF to determine whether certification would occur.
        1. How are risks mitigated through the risks/requirements
        2. Also contains a risk assessment standard as a baseline (ISO 27005)
        1. [Julian] Who do we think would be creating the TAF? [Drummond has the EoE model on screen at 35th min in recording]
          1. Nation states, groups
        2. [Darrell] highlights from some recent conversation with government authorities
        3. [Savita] How can we say ‘compliant with GF’
          1. [Drummond] that will come down to our own decisions about certification of a specific EGF for compliance with the GHPEGF as a general EGF
    3. Drafting template
      1. [needs link] has been simplified








2. Topic A

3. Topic B  

4. Topic C 

5. Wrap up 

  • Next steps

       

Action Items

  1. TBC