2021-04- 27 - Trust Registries Drafting Group Meeting Notes

<DAY> March <#>

Attendees

Participants: 
  • Marie Massery 
  • Stephan Baur   
  • RJ Reiser  
  • Sid Mishra
  • Sergo Ceron
  • Steven Milstein
  • Drummond Reed
  • Scott Perry
  • Kaliya Young
  • Julian Ranger
  • Harm Jan Arendshorst

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeChair
10 minIntroductionsChair & PM
5 minBackgrounderChair
XY min

Good Health Pass Blueprint Review

TBC

XY min WHO Registry GuidanceTBC
5 min

Tooling

Chair
3 minWrap upChair 

Meeting Notes


Presentations 

Key Resources:

Notes

1. Welcome and Linux Foundation antitrust policy - http://www.linuxfoundation.org/antitrust-policy



  1. Talked about publish subscribe model
  2. CDN redistribution

The Good Health Pass digital trust ecosystem will not be governed by a single EGF— rather there will be many

.                         

Each VC issued under a specific EGF will identify its issuer's  specific EGF and its type with a type of URI

  • a DID
  • a URI (for X.509 certificates)

 

The VC specification includes a type property which will be used to indicate the type of credential such as CovidVaccnation as CovidTest

Triple framework:

With this architecture, all we need is a simple trust registry protocol to answer the question:

  1. Is this issuer 
  2. authorized to issue this VC type 
  3. under this specific EGF?

Verifier resolves the EGF DID using their choice of:

    1. Pre-loaded DID documents
    2. Local cache of DID documents
    3. Verifiable data registry for DID method 

In the DID document, the verifier dereferences the trust registry service type to obtain the trust registry service endpoint URI


  1. [Darrell] The trust registry could act as a catalog of data from other registries.
  2. [Todd] Would this pull a copy of the keys from other registries?
    1. How would this work if the other registries are not public? 
    2. This bring up verify the verifiers
    3. Could the TR act as a proxy or resolver to the other registries EGFs

Spec on the API doesn’t belong in our document but we need to be able to point to it.

[Scott] We need to address how thing get in and how things get out

[Darrell] Governance will deal with how things get in. we just need to say we do CRUD

Trust registry to trust registry needs to be described - Are we going to proxy?

  1. Within GHPC
  2. Outside GHPC       


The $64,000 Question:

Who maintains the top-level “trust list” of EGF DIDs?

  • These are the roots of trust in the Good Health Pass digital trust ecosystem
  • Option #1: Governing entity for the GHP EGF maintains a list. e.g., manual publication of a file on an HTTPS website
  • Option #2: Cross-registration between EGF root trust registries; each maintains a copy of the current list of DIDs
  • Other options?

[Julian] 

Action Items

  1. Todd Communicate using the type property to the data model group with a description of how the trust registry plans to use it

  2. Document registry to registry approach with risks of off line copies

    Pre details pass of the document - Things we agree needs to get documented with links to specifications yet to be developed with the details