2021-04- 27 - Trust Registries Drafting Group Meeting Notes
- Todd Gehrke
<DAY> March <#>
Attendees
- Co-Leads: Darrell O'Donnell
- ID2020 PM: Todd Gehrke
Participants:
- Marie Massery
- Stephan Baur
- RJ Reiser
- Sid Mishra
- Sergo Ceron
- Steven Milstein
- Drummond Reed
- Scott Perry
- Kaliya Young
- Julian Ranger
- Harm Jan Arendshorst
Agenda Items
| Time | Item | Who |
|---|---|---|
| 2 min | Welcome & Antitrust Policy Notice | Chair |
| 10 min | Introductions | Chair & PM |
| 5 min | Backgrounder | Chair |
| XY min | Good Health Pass Blueprint Review | TBC |
| XY min | WHO Registry Guidance | TBC |
| 5 min | Tooling | Chair |
| 3 min | Wrap up | Chair |
Meeting Notes
Presentations
- Initial Presentation (Google Slides)
Key Resources:
- GHPC Blueprint Outline v2 - The Trust Registries section is detailed on pages 25-26.
- WHO SVC Guidance
Recording - Link
Notes
1. Welcome and Linux Foundation antitrust policy - http://www.linuxfoundation.org/antitrust-policy
- Talked about publish subscribe model
- CDN redistribution
The Good Health Pass digital trust ecosystem will not be governed by a single EGF— rather there will be many
.
Each VC issued under a specific EGF will identify its issuer's specific EGF and its type with a type of URI
- a DID
- a URI (for X.509 certificates)
The VC specification includes a type property which will be used to indicate the type of credential such as CovidVaccnation as CovidTest
Triple framework:
With this architecture, all we need is a simple trust registry protocol to answer the question:
- Is this issuer
- authorized to issue this VC type
- under this specific EGF?
Verifier resolves the EGF DID using their choice of:
- Pre-loaded DID documents
- Local cache of DID documents
- Verifiable data registry for DID method
In the DID document, the verifier dereferences the trust registry service type to obtain the trust registry service endpoint URI
- [Darrell] The trust registry could act as a catalog of data from other registries.
- [Todd] Would this pull a copy of the keys from other registries?
- How would this work if the other registries are not public?
- This bring up verify the verifiers
- Could the TR act as a proxy or resolver to the other registries EGFs
Spec on the API doesn’t belong in our document but we need to be able to point to it.
[Scott] We need to address how thing get in and how things get out
[Darrell] Governance will deal with how things get in. we just need to say we do CRUD
Trust registry to trust registry needs to be described - Are we going to proxy?
- Within GHPC
- Outside GHPC
The $64,000 Question:
Who maintains the top-level “trust list” of EGF DIDs?
- These are the roots of trust in the Good Health Pass digital trust ecosystem
- Option #1: Governing entity for the GHP EGF maintains a list. e.g., manual publication of a file on an HTTPS website
- Option #2: Cross-registration between EGF root trust registries; each maintains a copy of the current list of DIDs
- Other options?
[Julian]
Action Items
Todd Communicate using the type property to the data model group with a description of how the trust registry plans to use it
Document registry to registry approach with risks of off line copies
Pre details pass of the document - Things we agree needs to get documented with links to specifications yet to be developed with the details