2022-12-01 GSWG Meeting Notes

Meeting Date

The GSWG meets bi-weekly on Thursdays at 11:00-12:00 PT / 18:00-19:00 UTC. Check the ToIP Calendar for meeting dates.

Zoom Meeting Recording

Attendees

Main Goal of this Meeting

1) Update on Technology Stack WG progress that affects GSWG, 2) Report and next steps with the Governance Architecture Task Force.

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
    • Chris Raczkowski was very active in the Sovrin Foundation Trust Framework Working Group, and subsequently on the Sovrin Foundation Board of Trustees. He has continued to work in the area of verifiable credentials and digital trust.
5 minsReview of action items from previous meetingChairsNone
5 minsAnnouncementsTF Leads

News or events of interest to Governance Stack WG members:

  • On Dec 9th, Mathieu Glaude of Northern Block will release a podcast with Scott Perry on the ToIP stack and ToIP governance. He's also recorded two of them with Drummond.
  • Scott Perry recorded a 30 minute webinar on digital trust for Schellman which can be a resource for anyone new to the GSWG work.
  • Daniel Bachenheimer presented today on the TrustTech conference. They cover both innovations in identity and payments. As an EU conference, it is mostly payments-focused, but Dan covered decentralized identity and sovereign data and privacy. He shared a link to the ToIP Technology Architecture V1.0 Specification spec and showed the interactive version of the ToIP stack. Other speakers brought up the ISO mDL.
  • Scott Perry is working on a white paper with Savita Farooqui on blockchain governance. They are also working on a white paper for how the IEEE model can apply to ToIP governance.
  • Judith Fleenor shared a thought about the relationship of "trust" and "identity". She pointed out that with the ToIP stack and the ToIP trust spanning protocol, trust can be accomplished without necessarily requiring either identity or a "payload".
    • She said: "Authentic Data / Authentic Transactions… sometimes it doesn’t involve data… "
  • Savita Farooqui sees the people side — the human side — is critical to the full lifecycle of trust.
  • Judith Fleenor also mentioned the point from thomsona in the Technology Architecture TF meeting this morning that we must put on as much of a security lens as an identity lens.
  • Neil Thomson pointed out that trust in data is different than — and can be separated from — trust in identity. "Digital trust -> Identifier, Identity (VCs) and data trust."
    • Carly agreed and suggested a paper on all three.
    • Carly asked: "But does trust need to have endpoints? (and identities are the endpoints). Trust is a relationship."
    • Neil replied: "Need to look at use cases - trust is a relationship between entity and it's attestor, but are their end points when the trusted entity is participating in an interaction."
  • Savita Farooqui says we can approach "Trust by Design". Drummond said it was the first time he'd heard that phrase and he loved it — it made total sense to build on "Privacy by Design" and "Security by Design" to graduate to "Trust by Design". 

ACTION: Scott Perry to send a link to the Schellman digital trust explainer video he recorded to Judith Fleenor once the video is ready.

20 minsUpdate on developments in the Technology Stack WGDrummond Reed 

We will cover progress and hot topics in the Technology Architecture TF and Trust Registry TF and how they affect the Governance Stack WG.

  • Drummond explained that there is a lot going on in the Technology Stack WG that will affect GSWG work.
  • This is particularly true because of the growing recognition of the role of trust registries. The Trust Registry Task Force is starting up again and that consumed all of today's Technology Architecture TF meeting.
  • Carly put it this way: "Trust registries are the meat and potatoes of the ToIP stack when it comes to governance".
    • Judith Fleenor added: "And, HX are the veggies!  Making sure we are healthy for humans."
    • Carly: "I think trust registries are where assertions are made about an identity (e.g. this doctor is recognized by the college to practice in Ontario where doctor = identity and assertion is recognition to practice)" and "to continue on my current mental model of trust registries - they contain assertions not identities"
  • Scott Perry said, "Trust registries are the straw that turns the ToIP drink. It's the nexus of where technology meets governance. It's the intersection of governance and trust assurance."
  • Scott highly recommended (and Drummond seconded) this paper on trust registries from the last Rebooting the Web of Trust conference in The Hague in September. Note that they didn't call the paper "Trust Registries" but "Verifiable Issuers and Verifiers" — which Judith said was "great for muggles".
20 minsReport from the Governance Architecture Task ForceCarly 

First Carly to the minutes of yesterday's GATF meeting. Meeting minutes for the most recent GATF meeting are here.

  • It again suggests the importance of trust registry work, but from a larger view.
  • Savita Farooqui felt that the topic of trust registries with governments should be looked at in terms of the incentives that governments have to solve certain problems or provide certain services to their constituents.
  • Carly talked about the Gov of Ontario's Vendor of Record list that it already maintains.
    • Neil Thomson: "A key question for getting on an approved vendors list. Currently, getting on any Gov list requires a very large budget - typically only the largest multi-national manuf and consulting orgs. How can ToIP reduce the cost of becoming qualified and verified - currently very manual work. Can crypto trust chains dramatically simplify and lower costs while providing higher security/trust claims/credentials/data?"
  • Judith Fleenor: "Governance was brought up multiple times at IIW35."
  • Savita Farooqui attended an IIW session about the business models in the ToIP world. It made a distinction between the ToIP use cases and a ToIP business model. The former is easy but the latter is hard.
  • Carly Huitema agreed that the Seezoo team thought incentives were super important, even in a government context.
  • Drummond Reed noted that governments might be tempted to use did:web but "did:web is the crack cocaine of DIDs. Very easy to get into and very dangerous."

We then discussed the priority of work items for the Governance Architecture TF:

  • Credential lifecycle governance: development, onboarding, issuing, revoking, terminating.
  • Judith Fleenor advocated bringing trust registries at the top of the list due to the activity of the Trust Registry TF.
  • Judith felt that auditing was lower because we need the other components first.
  • Judith noted that machine-readable governance is a strong area of interest with DIF. 
    • Savita Farooqui "Machine-readable governance is how to implement the decisions made."
  • Daniel Bachenheimer asked what the specific deliverables are from the Governance Architecture TF.
  • Trust registry lifecycle: designing, building, onboarding, operating a trust registry.
  • Dan shared this link to the first-generation ToIP trust registry specification.
  • Drummond Reed said he had a light bulb about the GSWG needing to focus on governance "components" just like the TSWG needs to focus on component specifications.
  • In terms of work item priority, Carly said, "And we should pick only the components that are specific to ToIP rather than general ones that are useful everywhere - go to the market need."
5 minsHoliday meeting scheduleDrummond Reed One final 2023 meeting on Dec 15, first 2023 meeting will be Jan 12.
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

The December 15th meeting was supposed to be a review of the ToIP Technology Architecture V1.0 Specification to analyze what it means for the ToIP Governance Stack. However it turns out Drummond has a conflict with a trip to see John Jordan, his team, and other ToIP members in Victoria BC on Thursday and Friday Dec 15/16.

ACTION: Drummond Reed to work with Scott Perry to arrange the agenda for the December 15 GSWG meeting.

Decisions

  • None

Action Items