Time

Agenda Item

Lead

Notes

3 min

• Start recording

• Welcome & antitrust notice

• Introduction of new members

• Agenda review

Chairs

• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

• New Members: None.

5 min

Announcements

All

Updates of general interest to TATF members.

• @Drummond Reed is speaking on a panel on the topic of "SSI and web3"

• @Vikas Malhotra said that NIST has published a new document on "Engineering Trustworthy Secure Systems": https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1r1.fpd.pdf

• @Tim Bouma pointed out that Apple announced their FIDO2 support for "passkeys". This includes device-specific keys that will manage the sharing of passkeys across multiple devices. So now you can use your secure enclave on different devices to do that sharing.

  • @Sam Smith said that the secure enclave can protect the keys on each device. Apple never sees the keys in the same way as password managers like 1Password.

  • Apple uses biometrics to unlock the passkeys on each device. This would be like Ubiqui moving keys across its devices.

  • @Sam Smith in the NA/EU meeting said he didn't believe the protocol used by Apple could be used across other OSes, however @thomsona attended the FIDO2 presentation at RSA from IBM, Google, and Apple did show passkey sync across devices on different OSes. 

    • What FIDO2 and WebAuthn does standardize is how each device talks to a website.

    • The main benefit to the business is increased security due to no passwords, and also reduction of phishing.

    • Allan said that there is not currently a protocol for sharing between cloud repositories.

    • Allan thought the demo did a good job of showing the value both to the consumer and to the business. ToIP should be thinking hard about how to keep use cases as simple as possible to minimize friction for adoption.

  • Tim points out that the EU is mandating USB-C for Apple, so regulators are starting to mandate more constraints on interoperability for BigTech.

2 min

Review of previous action items

Chairs

15 mins

Setup of the GitHub repo & starting to use GitHub issues

@Wenjing Chu 

Our GitHub repo has been created! https://trustoverip.github.io/TechArch/ 

• Note that it is just a generic spec template page right now. Wenjing will discuss his proposals for how we should proceed with both the Markdown version of the spec and issues management.

• The issues are at https://github.com/trustoverip/TechArch/issues

10 mins

Setup of the TSWG terms wiki & plan of action to populate

@Drummond Reed @Neil Thomson 

The TSWG terms wiki and glossary has now been set up (huge HT to @Daniel Hardman).

• https://github.com/trustoverip/tswg

• https://trustoverip.github.io/tswg/glossary

Drummond and Neil will discuss the plan of action to begin populating it.

• Drummond explained the work of the Concepts and Terminology WG and the relationship of the various terms wikis—see Terms Wikis.

ACTION: @Neil Thomson to proceed with initial population of the TSWG terms wiki with assistance from @Drummond Reed.

20 mins

Progress on the spec & discussion of issues

@Wenjing Chu 

Discussion of progress on the working draft of the ToIP Technical Architecture Spec and work on issue resolution.

• Wenjing proposed to divide our issues into three buckets

• The first bucket is "meta-issues" about what the document should cover.

• We began with discussion about a diagram suggested by Tim.

• Wenjing proposed that this spec is a technology architecture spec that only covers that subject—it doesn't get into specific protocols yet (that will come in a subsequent spec). It also doesn't cover larger questions of how to explain the stack from a conceptual and policy standpoint.

  • Drummond agreed and described a way to think about three levels: conceptual, architecture, protocol specifics.

  • Tim agreed about the specifics of this document, and the need for a different document the regulators, policymakers and business people.

  • Drummond suggested that we formally name that other deliverable.

  • ACTION: @Tim Bouma and @Drummond Reed to prepare a proposed name and scope for this "policymaker" deliverable (@thomsona's suggestion is (ToIP Technology Introduction for Policymakers") and document this in a wiki page for next week's meeting.

  • @Neil Thomson suggested that we start a "catalog" of our other deliverables. Drummond agreed that we should list them on the wiki page for this TF.

  • Allan had brought up test cases as another document for the catalog.

  • ACTION: @Drummond Reed to add the policymaker document and the ToIP Interoperability Test Cases deliverables to the Technology Architecture Task Force wiki page.

• Wenjing also suggested that use cases need to be added. We have discussed passwordless authentication and other aspects of digital identity.

  • ACTION: All members of the Technology Architecture TF to add their proposed use cases to the Google doc as soon as possible.

• Wenjing's second bucket is "intermediaries". His proposal is that we limit the term to the relaying of messages and not other functions that should be considered supporting systems.

  • @Jo Spencer has expressed strong views about intermediaries. 

  • Drummond suggested that we discuss that question with Jo in the APAC meeting.

  • Wenjing suggested that the term should be defined that the role of an intermediary.

  • Sam suggested that intermediaries play no role in the trust basis.

• Wenjing's third bucket is interoperability.

• We also briefly discussed Kaliya's comment about the ToIP stack being very "Hyperledger Aries architecture focused" and thus not friendly to other "stacks".

  • ACTION: @Drummond Reed to see if Kaliya would like to present in an upcoming meeting about her perspective that the ToIP stack is very "Hyperledger Aries architecture focused" and thus not friendly to other "stacks".

APAC

• We discussed the proposal from the NA/EU meeting about three documents

  • @thomsona suggested that the document he started can be called the ToIP Interoperability Test Specification.

    • This document may have a set of interoperability test profiles. Drummond agreed with that approach.

  • The current doc will stay ToIP Technology Architecture Specification. 

  • Allan suggested the name ToIP Technology Introduction for Policymakers for Tim's document.

• We then went into a discussion about intermediaries — see screenshot #1 below.

  • Allan shared his concern that suggesting that intermediaries are needed violates the End-to-End Principle.

  • Wenjing clarified that intermediaries are always optional, and that when they serve only to route messages (e.g., as DIDComm mediators), that does not violate the End-to-End Principle.

  • We did not come to any conclusion other than to agree that "Intermediaries" should probably be a label for a category of issues in our new GitHub repo.

• ACTION: @Wenjing Chu to start creating the first issues in the new GitHub repo for the ToIP Technology Architecture Specification and then post a message to Slack once he has posted them.

• ACTION: Once Wenjing is done, @Drummond Reed to send a message to the Technology Stack WG mailing list announcing the start of issues management for the ToIP Technology Architecture Specification on GitHub.

5 mins

• Review decisions/action items

• Planning for next meeting 

Chairs