• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
• New Members — APAC call:
  • Allan Thomson introduced himself as Chief Architect Threat Defense Technology at Avast. He's also been a co-chair of several OASIS Technical Committees, including STIX/TAXII 2.x Interoperability. It turns out that he and Wenjing Chu also worked together at a company called Airspace. Allan explained that Airspace was a big proponent of standardization, particularly around 802.11.

Updates of general interest to TATF members.

• Tim Bouma said that the Canadian federal government budget will come out later today and he will report how much they will be spending on digital identity.
  • We had a short discussion about the relative investment levels in the EU, Canada, and the USA.
  • Daniel Bachenheimer shared that governments should invest in just enough digital identity infrastructure to support self-sovereign identity for citizens.
  • Tim Bouma shared the view that government should provide foundational identity and then let the market provide the rest.
  • Neil Thomson felt that government should not be the only issuer of foundational identity—and should not require the use of such foundational identities. And that the government could also certify other legal entities to be issuers of foundational identity.
  • Daniel Bachenheimer said that foundational identities do one thing very useful: establish uniqueness within a population. Government-issued foundational identities also confer legal rights within a country.
  • Tim Bouma pointed out that the issue is that there is no legal definition of foundational identity, which creates an issue for policy development.
  • Vikas Malhotra added that there was a discussion at UNDP about that definition of legal identity and the role of SSI. 

Per the second action item above, we want to gather inputs about scope limitations for the first version of the ToIP stack.

• Wenjing Chu encouraged everyone on the Task Force to contribute their thoughts about canonical use cases.
• ACTION: Drummond Reed to add a section to the ToIP Technology Architecture Specification on Canonical Use Cases and Scope Limitation.

We then had quite a wide discussion about the Architectural Layering of the ToIP Stack section of the document. 

• Sam Smith  pointed out that self-certifying identifiers and data structures are what enable the ability to cross trust domains. Everything needed to prove a trustworthy identifier needs to be “in the belly” because then everything necessary for secure attribution to an identifier is present.
  • There is a key difference between control of an identifier and control of a credential. By going down to self-certifying identifiers, we establish the atomic building blocks of transitive trust.
  • PGP failed because it relied just on public/private key pairs, which don’t inherently support persistence.
  • Persistent identifiers can then develop reputation that can be carried across trust domains.
• Wenjing Chu commented on the confusion between identifiers and VCs. “You can always trust a liar but you can never trust an incompetent person.” What he means that in Layer 2, one is not establishing human trust, just cryptographic trust. L2 gives you what is necessary to establish this autonomous control of an identifier (and thus the basis for detecting duplicity). 
• Vikas Malhotra summarized that first someone sets up an autonomous system, THEN they can issue or receive VCs.
• Darrell pointed out that L2 must support the ability to make conclusions at the higher layers.
• Wenjing gave the example of two spies who can trust each other without either of them knowing the true identity of the other.
• Sam called such identifiers “cryptographic pseudonyms” or “cryptonyms”. You may know who (or what) is behind a cryptonym, but you can prove that you said them.
  • IP addresses do not have the properties necessary to establish a trust spanning layer. What we need is the right kind of identifier: a cryptography verifiable identifier that can be proved. 
  • Use of a ledger can be both below and above L2 because it is two different uses. Sam distinguishes between putting identifier or key rotation history on ledger is support for L1 vs. the use of a public utility as a trust registry is support for L3.
• Wenjing pointed that the reference architecture needs to go early in the flow.
• Layer 2 needs to include the addressing layer because that is common to all above that.
• Tim: the IP layer enabled the spanning of network domains (LANs), where as the trust spanning layer enables the spanning trust domains. Enables a “zero-to-one” transformation. Enables a “trust network of trust networks” that anyone can plug into because the identifiers. The border gateway protocol refers to “autonomous systems” that are all self-governing. 
• The idea came up that this new "layer" needs a name. Suggestions discussed included: Web of trust, Trustnet, trust fabric. Others?

Per the last action item above, Drummond has prepared a new version of the Google doc that is now a full Working Draft and started filling in content that needs review and feedback.

• ACTION: Drummond Reed to finish conversion of the storyline slide deck text into the ToIP Technology Architecture Specification and then post to the TATF Slack channel that it is ready for review of those portions of content. 

Wenjing Chu
Drummond Reed
Sam Smith

This is to recap a discussion between Wenjing Chu and Sam Smith from last week—which Drummond listened to on the recording and has already reflected in the Working Draft 01 outline.

• Wenjing summarized the NA/EU discussion that the core requirement of the trust spanning layer is similar to the goal of the TCP/IP spanning layer (the IP layer). That means we want the ToIP trust spanning layer to be "as simple as possible but no simpler".
• By those two notions, the only thing that the trust spanning layer needs to be able to do is provide autonomous, cryptographic verifiable identifiers that can support non-repudiable communications.
• Anything that is needed to support Layer 2 is in Layer 1. Anything that is a higher layer protocol is L3 or L4.
• John Jordan asked if L1 was always needed. There was a consensus that it is not except for IP connectivity.
• Darrell O'Donnell explained that we have recast the public utilities at L1 because they can support different functions needed at all higher.
• Drummond Reed added that this means L1 public utilities can support all the higher layers in different ways.
• Judith Fleenor said that we might want to look depicting public utilities in different ways in the ToIP stack.
• Wenjing Chu suggested that we may want to actually choose a better name for it, such as "supporting infrastructure".
• Judith suggests that the TSWG needs to do a "road show" with this spec and the layer definitions in order to get consensus all the way around.

APAC CALL ONLY—Sam would like to explain the ACDC concept of chain-link confidentiality and how it provides a different type of privacy protection/preservation that selective disclosure and zero-knowledge proofs.

Here is a link to the slides Sam presented (PDF).

• Sam started with the PAC theorem—slide #1 below.
• He then gave the definitions he's working with—#2 below.
• Sam contended that strong privacy is essentially impossible if the primary party is going to share authentic content with other parties.
• So the only way that the goal of real privacy can be realized by incorporating an exchange of value. 
• A solution to the kinds of exploitation in slide #5 below is chain-link confidentiality.

ACTION: Sam Smith to post to the Meeting Notes and TATF Slack channel a link to his paper and/or slides on chain-link confidentiality.