2021-04-08 - Trust Registries Drafting Group Meeting Notes

<DAY> March <#>

Attendees

  • Co-Leads: Darrell O'Donnell
  • ID2020 PM: Todd Gehrke 
  • Participants: 
    • Stephan Baur 
    • RJ Reiser 
    • Steve Megennis
    • Sankarshan Mukhopadhyay
    • Drummond Reed
    • Karla McKenna
    • Michael Becker
    • Sid Mishra
    • Steven Milstein

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeChair
10 minIntroductionsChair & PM
5 minBackgrounderChair
XY min

Good Health Pass Blueprint Review

TBC

XY min WHO Registry GuidanceTBC
5 min

Tooling

Chair
3 minWrap upChair 

Meeting Notes


  1. Introduction
    1. Michael Becker (Identity Praxis) - consultant and advisor in personal information management space
  2. [Darrell] sharing a diagram that is WIP to demonstrate how GHP fits into the Trust Registry concept; trying to pick apart the overlap and scope as well what is a bare minimum Trust Registry (see ~5 mins into the recording in order to have the explanation for the diagram)
    1. [Darrell] This topic needs to be addressed through the Governance aspect and the Trust Framework
    2. [Michael] Also - what about expiry? [Darrell] and thus revocation of entries
      1. Drummond - IATA is doing that for IATA travel pass
      2. [Steve Magennis] does IATA expose an API that can be accessed by the holder?
      1. What happens the registry that issued a credential is revoked at the point a travel event is taking place? (see Trust Triangle) and the way in which rules engine works within the GF to decide whether the recipients get a window/runway of valid passes
      2. [Stephan] Suggestions to modify the diagram
      3. [Todd] We are discussing the rules engine assuming that there is a single instance. The way it could be seen is that once a test leads to an issuance of a credential from the lab, when you go to travel the verifier decides which rules engine and trust registry they want to point at. Rules engines are jurisdictional - each country will have a specific set of rules.This is different from CommonPass which intends to be a global centralized registry of rules. There are possibilities of augmented roles beyond the proof of vaccination. 
      4. [Michael] How to conclude that rules are aligned with each other?
      5. [Drummond] We need to clarify with the Rules Engine group that Rules Engines serve all 3 domains - issuer rules, holder rules, verifier rules
    1. [Darrell] It doesn’t have to be, it is a source one can look-up to determine if one is an authorized issuer etc
    1. [Darrell] A centralized trust registry cannot be imposed on any country
    2. Inheritance avoids the need to walk through.
    3. [Drummond] registry of registries would also need to consider where the root of trust is (eg. what DID chains can you walk for the whole chain of trust). Starting supposition is that the roots of trust is the governance frameworks
    4. [Stephan] let’s differentiate the rule-logic that speaks to VC content vs. VC mechanisms like signature validation that is, logic that concerns identity attributes of the issuer
    1. Discovery
    2. Delegation of trust
    1. How does the trust registry link to the governance framework?
    2. [Michael] Would there not be a mechanism which demonstrates when the last time it was audited?
    3. [Michael] is a trust registry a more formalized ledger?
    4. ‘Trust Diamond’ as an extension of the ‘Trust Triangle’
    5. [Julian] Concept of ‘inheritance’ (see ~30 mins into the recording for the discussion around geopolitics and acceptable vaccination regimes)
    6. [Darrell] What does a trust registry allow for
    7. [Stephan] Authorized issuer → Accredited Issuer → Authoritative Issuer
    8. What does ‘validity’ mean in context of a credential/pass?
    9. [Todd] want to remind everyone to continue to capture feedback in our key questions document - Trust Registries Key Interoperability Questions That Must Be Answered https://docs.google.com/document/d/1mVZ5pRGBhb7VK5pSPsaZwaDo9hRjlZiQmCdggknP4ec/edit#
    10. Additional document to refer the template for the draft document: https://docs.google.com/document/d/1whUa9gbqd-Ve6F1z4jf5tgngYHiiG7QHimc9MuNM0G4/edit 

Keep in mind that we want to focus on short, medium, and long term goals: 

  • Phase 1 (Within 30 Days)
  • Phase 2 (Within 90 Days)
  • Phase 3 (Within 6 Months)

Presentations 

Key Resources:


Notes

1. Welcome and Linux Foundation antitrust policy - http://www.linuxfoundation.org/antitrust-policy


2. Topic A

3. Topic B  

4. Topic C 

5. Wrap up 

  • Next steps

       

Action Items

  1. TBC