2022-04-04 TSWG Meeting Notes

Meeting Date

  •  

Zoom Meeting Recording

Attendees

Main Goal of this Meeting

1) Present status reports from our three active Task Forces, 2) review the first proposed eIDAS 2.0 blog post drafted by Antti Kettunen and Bart Suichies, 3) review Daniel Bachenheimer's comments on the OIX SSI mapping.

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
    • Jacob Ansari is Security Advocate at Schellman, who recently joined as a Steering Member; based in Racine Wisconsin
    • Viky Manaila is an invited expert assisting with the eIDAS 2.0 proposals in the EU.
5 minGeneral announcementsAllUpdates from TSWG members of general interest to the group.
5 minsReview of Action Items from the previous meetingChairsThere were no notes from the last meeting.
15 minsTask Force ReportsTF Leads

Trust Registry TF — Darrell O'Donnell

  • The WHO has a group working with LF Public Health on GCCN (Global COVID Credentials Network) on developing trust registry architecture for health credentials.
  • They are actively interested in the ToIP Trust Registry Protocol Specification (Google doc).
  • They are interested in more advanced features than in the V1 protocol.
  • There is a current task to move the spec from the current Google doc version of the spec into Markdown.
  • There is a current recurring meeting happening Friday mornings 7-8:30AM PT. Contact Lucy Yang for an invite.
  • Daniel Bachenheimer noted that initially WHO decided to just defer to ICAO PKI. Drummond Reed said that this new effort seems broader and slightly more open to decentralized approaches.
  • Darrell O'Donnell raised that seeing organizations step back from standing up new PKI networks and shift focus to schema aligns well with our work at ToIP and the TSWG.

ACDC TF — Sam Smith Philip Feairheller 

  • Phil reported that Sam Smith has made tremendous progress on the ACDC specification. It has gotten long enough that he can't continue in HackMD and is moving it into a dedicated repo.
  • A draft should be published before IIW (last week of May).
  • That work is leading to an issuance and exchange protocol that uses KERI EXN (Exchange) messages.

Technology Architecture TF — Drummond Reed

20 minsReview eIDAS 2.0 blog post draft

See the draft in this Google doc. This is an important geopolitical document for the ToIP Foundation to publish, so it is worth a close review by TSWG members.

  • Antti Kettunen explained that the blog makes two major points.
  • The first one is that while eIDAS 2.0 will provide new tools for EU citizens, it needs to balance sovereignty and agency. The current proposals are tilted toward sovereignty for EU member states, but not providing true agency for EU citizens because it doesn't allow citizens to use their government-supplied identity documents to a small controlled set of verifiers.
  • The second key point is that the QTSP (Qualified Trust Service Provider) "perimeter-based security model" the current proposal follows is not the right approach in favor of the zero-trust model embraced by ToIP.
  • The conclusion is currently the difficult part because the ToIP stack is not fully defined yet, so it is hard to ask the EU to not take a step forward. So the blog post proposes that we need to look beyond the current model.
  • Antti explained that the next step would be a position paper which would recommend the overall design the EU could follow to reach these objectives.
  • The earlier that we can finish this, the better.
  • Viky, who is an invited expert working on eIDAS 2.0 proposals, recommends that we publish a paper as soon as possible so it can be considered.
    • Viky believes that the current draft is a little "too sharp". 
    • She recommends that we make a concrete proposal for how the proposal should change.
    • She said that the current proposals do support digital wallets including credentials from non-qualified providers.
  • ACTION: Daniel Bachenheimer will review the eIDAS 2.0 blog post draft.
  • ACTION: Andre Kudra will review the eIDAS 2.0 blog post draft.
10 minsOIX SSI MappingDan and Drummond are slated to review the OIX SSI Mapping (<== note that this link may not provide access due to shared drive issues) with Nick Mothershaw of OIX immediately after this meeting, so it would be good to get feedback on Dan's analysis. 
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

Decisions

  • None

Action Items