2021-04-27 Governance Framework Drafting Group Meeting Notes

Attendees

  • Co-Leads:Drummond Reed
  • ID2020 PM: Todd Gehrke

Participants: 

  • Scott Perry 
  • Darrell O’Donnell 
  • Saveita Farooqui
  • Jacques Bikoundou 
  • Julian Ranger 
  • Kaliya Young 

Agenda Items

  • Review IIW slide deck on GHP Trust Architecture
  • Review the “Paths to a Pass” diagram
  • Review the Glossary
  • Review the eSSIF-Labs mental models
    • Parties/Actors/Actions
    • Jurisdictions
  • IATA Questions document
  • Agree on writing assignments for the next 48 hours

Presentations -

(PDFs posted)

Notes

1. Welcome and Linux Foundation antitrust policy

[Drummond] last week of drafting and we have to collect policies from other groups.

    1. Slide deck from IIW
    2. Agenda
    3. We need to Align on terms eSSIF labs mental models


First principal of the GHPC trust registry is that each EGF is a root-of-trust with their own trust registry. This is same model that the WWW ended up with a set of ~500 CAs

There is work underway called TRAIN, we have looked at it and it might be overkill for what we are trying to do. 

The Good Health Pass digital trust ecosystem will not be governed by a single EGF—rather there will be many

Each VC contains a type prosperity which we can use as the types of creds an issuer might be authorized to provide.

Each VC issued under a specific EGF will identify its type with a type URI


Triple framework:

With this architecture, all we need is a simple trust registry protocol to answer the question:

  1. Is this issuer 
  2. authorized to issue this VC type 
  3. under this specific EGF?

Verifier resolves the EGF DID using their choice of:

    1. Pre-loaded DID documents
    2. Local cache of DID documents
    3. Verifiable data registry for DID method 

In the DID document, the verifier dereferences the trust registry service type to obtain the trust registry service endpoint URI

The $64,000 Question: Who maintains the top-level “trust list” of EGF DIDs?

  • These are the roots of trust in the Good Health Pass digital trust ecosystem
  • Option #1: Governing entity for the GHP EGF maintains a list. e.g., manual publication of a file on an HTTPS website
  • Option #2: Cross-registration between EGF root trust registries; each maintains a copy of the current list of DIDs
  • Other options?

[Julian] In the 30 day time frame GHPC would need to maintain the trust registry.


Saveta shared some diagrams from the rules engine channel that would be good to include


https://essif-lab.pages.grnet.gr/framework/docs/terms/pattern-jurisdiction

       

Action Items

  1. We need to discuss the options of how we would operationalize a Trust Registry

  2. Continue the discussion about certification and the trust assurance framework.

  3. Finish updating the Glossary
  4. Finish the sections for which our DG is authoritative in the Good Health Pass Ecosystem Governance Framework
  5. Complete mapping of other Drafting Groups into the sections of the GHP EGF
  6. Begin reviewing the policies of the other DGs