EFWG 2022-10-13 Meeting - Trinsic
Meeting Schedule
- Bi-Weekly at 8:00-9:00 am PST / 11:00-12:00 am EDT / 15:00 – 16:00 UTC / 17:00 - 18:00 CET
- https://zoom.us/j/95389236256?pwd=RFErMm9SS0tBenA1Q0dSYlpXK3Bqdz09
Attendees
- Steve Magennis
- Eric Drury
- Carly
- P Subrahmanyam
- Fireflies.ai Noetaker Mark
- Richard Zbinden (new)
- Vlad Zubenko
- Anita Rao
- Callum Haslam
- Charles Macpherson (new)
- Jason (new)
- Chi Hwa Tang
- dhoffman
- Gary de Beer
- Jacques Bikoundou
- Jorges Flores
- Ken Garner
- Neil Thomson
- Phil Wolff
- Richard Zbinden
- Savita
- Scott Perry
- sumapnair
- Thomas
- Tomislav Markovski
- Trinh
Presentation Files
- Presentation slides
- Example VCs showcased during the Demo
- Trinsic’s open source implementation of Trust Registry with eSSIF Lab
Recording
Notes
Agenda Items & Meeting Notes
- Welcome & Introductions
- EFWG Community Topics & Announcements
- Presentation from Trinsic: "Solving Governance in SSI Ecosystems with Trust Registries"
- Q&A / Discussion
- Ecosystem white paper passed by all members present with no dissent
- Tomislav Markovski presenting Ecosystem Governance and SSI - Trust Registries
- Importance of Governance in Identity - to provide a layer of trust in an open ecosystem
- need to protect authentic data
Multiple approaches to Governance - who provides the root of trust- First three - are fairly decentralized methods
- last two more decentralized model
- Trust Registry
- answers if an ecosystem participant has authority to act according to governance framework
- practical problem - how for all verifiers maintain lists of all authorized members in a given ecosystem
- cross ecosystem trust establishment - different ecosystems can identify other ecosystem's trust registries that they also trust
- Participants don't have to trust ecosystem itself, but that data providence is trusted
Types of trust registries- Thinking about them in term of technical solutions
- Not just a list of members, can be other types as well
- Trinsic has done work with centralized trust registries
- ToIP trust registry protocol specification
Related efforts- Trust Establishment currently under early development https://identity.foundation/trust-establishment/
- TRAIN- registering definitions of credential schemas https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/
- Trinsic solution
- the ToIP trust registry specification merged with verifiable credentials
- No information coded in credential how valid is the credential
- in an open ecosystem can have anyone issuing credentials
- add the governance information to the credential for referencing.
- Can validate the issuer ID but also the governance associated with it.
- Demo - no yet in production, CLI demo,
- two VC demos, good and bad actor issuers and with and without governance for verification
- Demo on good actor first confirms credentials are valid, not revoked, schema conforms, valid issuer, and signature verified for both good and bad actors.
- All the checks pass because there is nothing wrong with both credentials.
- How do you know? Trust Registry solves this.
- Issue a credential with governance information encoded.
- There is an issuer field extension to the VC ,in the credential - not just the issuer DID. It includes claims of which governance framework and trust registry it belongs to.
- Now verification doesn't work for the bad actor because the trust registry membership fails (an additional check)
- Is there a list of EFGs and how do you discover them?
- No list of Ecosystem Governance Frameworks that exist that someone maintains
- Presumably it would be published on the website
What controls are required to prevent bad actors from adding records to trust registries?
Depends on security and design of trust registries -it depends on who manages the registry.
How will a standard schema be adopted for a given verifiable credential? Who drives it?
- Community, adoption, large corporations, open standards e.g. mDL
- Schemas - will be interesting how communities adopt schemas. Centralizing and standardizing will develop
Q. What's next for your project? Where is it going in the next six months or so?
- Better management tools.
- Adding privacy preserving trust registries, especially based on accumulators (useful also for revocation)
- Q. What do you hope to learn early in deployment?
- How customers use the product
Q. How much do various credential ecosystem parties have to do to extend what they do to include the registry?
- minimal - current trust registry is membership based, just add and remove members
- extensions possible
- e.g. can be member of multiple governance frameworks/trust registries
- Concerns - correlation attacks, e.g. info leaks from the issuer identity
Admin Reminder : remember to re-subscribe to new meeting calendar
If you want your name on the invite, reach out to Elisa Trevino (on slack), she will put your name in the calendar invite to make sure that the invite is sent out each time.
Coming up
- Resuming regular schedule Sept 15
- Next presenter, Sept 29: Trinsic Trust Registry solution