2023.05.16/17- IGRTF Meeting Notes

Meeting Date

16 (APAC)/17 (NA/EU) May 2023

Zoom Meeting Link / Recording

Attendees

Presentations, Models and Diagrams

Folder: ToIP Working Groups and Committees\GSWG - Governance Stack Working Group\Issuer Governance Requirements Task Force\Models and Diagrams

Models/diagrams for this meeting:  Guide to Issuer Models & Diagrams

Main Goal of this Meeting

Schedule for future meetings (presentations by Super-Issuers)

Determination if there are undefined requirements topics for Issuers or Super-Issuers

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members: Shreya Kothari, Callum Haslam (find all the member introductions in the recording of this meeting)
  • Scott urges the participants to know more about vLEI work at GLEIF in the context of the work underway at this Task Force.
  • Philip mentions the topic of "How do we trust the issuers?"
  • Steven mentions the paradox of whether to do governance first or the technology/implementation, especially since the technology moves much more rapidly.


5 minsAnnouncementsCo-Leads
  • Need commitments from those presenting Issuer 
5 minsWhat areas of Issuer Requirements need workCo-Leads 

The working assumption is that a starting point is the MVCred Policy Template for Issuers of VCs. Additional requirements work outstanding:

  • Are there outstanding requirements areas in the MVCPT?
  • Super-Issuer requirements - requirements of an Issuer of an Issuer (e.g. GLEIF who accredits/Issuers licensees/credentials to  vLEI Issuers
    • Governance requirements
    • Verifiability requirements (how to determine (more than once a year, ideally in real-time) that an Issuer is not compromised
  • ...
50 minsDiscussion on Issuer RequirementsCo-Leads

APAC call highlights

Detailed Transcript

Governance processes vs VCs vs existing physical (card, paper) credentials

  • VC governance should be an extension of existing physical credentials
  • Initial Governance for electronic credentials as “Guard Rails” to prevent key abuses of privacy, service denial, etc.

Looking for Guard Rails - I’ve had a look at two sources of possible guard rails  (materials and links in the IGRTF/Supporting Documents folder), but I (Neil Thomson) have to admit that no clear, short, succinct set of “guard rails” has jumped off the page yet (still reading)

  • The Sovrin Guardianship white papers
  • The Good Health Pass project (see Supporting Document Links.gdoc)

Verifier Governance - Experience in India (with Aadhaar – UIDAI.gov.in) suggests that unbalanced control between Holder and Verifiers where Verifiers are asking for much more PII and personal data than they are entitled to. This suggests mechanisms to control and regulate Verifiers which may result in additional requirements on Issuers and possibly a new component for monitoring and regulation – a VC (Data/Presentation) Consent Broker.

New Issuer Requirements? Could include default/recommended/suggested requirements on:

  • How VCs, their claims and other data are to be used in terms of
  • What data can be presented
  • For what purpose(s)
  • Retention restrictions
  • Redistribution limits

This might go in hand with a VC Consent Broker which

  • Checks a Verifiers Data Request VC to see what data they are permitted to ask for and their restrictions in terms of purpose, process, retention and redistribution
  • Reports where Verifiers ask for data beyond their Data Request VC, including denial of essential services (under regulation)

NA/EU Call 

Unfortunately, there was no call due to duplicate (different) ZOOM call links that co-existed in the ToIP Schedule, which has since been corrected.

5 minsAction ItemsParticipantsOrganization w Experience with being an Issuer or governing Issuers to book a presentation date (NA/EU or APAC) time slots

Screenshots/Diagrams (numbered for reference in notes above)







Decisions

  • Sample Decision Item

Action Items

  • Next meeting in two weeks and discuss what the objectives of the TF are and what would be the targeted deliverables