Meeting Date

Dec 8, 2022 The ToIP Trust Registry Task Force (TRTF) meets weekly every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings):
- NA/EU 07:00-8:00 PT / 15:00-16:00 UTC
- APAC 18:00-19:00 PT / 02:00-03:00 UTC

Zoom Meeting Link / Recording

https://zoom.us/j/91888476340?pwd=VmNlSG9DWENWempsdGpQeEpXND
(This link will be replaced with a link to the recording of the meeting as soon as that is available)

Attendees

NA/EU Meeting

@Darrell O'Donnell
@Andor
@thomsona
@Daniel Bachenheimer
@Michael Palage
@Markus Sabadello
@Vitor Pamplona
@Christine Martin
@Steve McCown
@Jacques Latour (Deactivated)
@Judith Fleenor (Deactivated)
@mathieu
@Issac Henderson
@Neil Thomson

APAC Meeting

@Daniel Bachenheimer
@Judith Fleenor (Deactivated)
@Andor
@Drummond Reed

Main Goal of this Meeting

1) Review TRTF Home Page
2) Review DIF DIF Trust Establishment materials
3) Presentation from Jacques around TR
4) Determine some initial working items

Main Working Link

https://docs.google.com/document/d/18MraZpXW98UMZ_h_kz7uJ_-p8UgHvDJjwb9YTLAhubY/edit?usp=sharing

Agenda Items and Notes (including all relevant links)

Time	Agenda Item	Lead	Notes
5 min	Start recording Welcome & antitrust notice Introduction of new members Agenda review	Chairs	Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role. New Members:
5 min	Review updates to the meeting times	Chairs	TAFT will be moving to another time slot. TRTF will be taking up this time slot. No TAFT this week. Proposal by @Drummond Reed to move to off-week slot of the Technology Stack WG meeting. That slot is Mondays 08:00-09:00 PT / 16:00-17:00 UTC. First meeting 19th of December. - @thomsona provided feedback to Drummond that Monday at 8am PST does not work. Other time slot is required if possible.
5 min	Review of previous action items	Chairs	ACTION: @Darrell O'Donnell to send out a Doodle poll for ad hoc working sessions for the Trust Registry TF (at both NA/EU and APAC-friendly times) for the next couple weeks. ACTION: @Andor to coordinate with DIF and TOIP to figure out the process to collaborate and send some proposals. ACTION: @Drummond Reed sets up a Slack DM with the the leads of both the Technology Architecture TF and the Trust Registry TF to figure out how the TRTF time slot is chosen & other things.
5 mins	Review updated TRTF Home Page	All	Please review the TRTF Home Page updated yesterday by @Drummond Reed to include a background section, updated leadership list, etc. @thomsona what are the general requirements. Generate a list for the Trust Registry. Most likely some existing work. Categories Requirements Google working document Table which relevant people can add to. Requirements: Root of trust / agreement up front / Source of truth Relationship between TechArch is important. Needs to be compatible. Trust Registry Task Force Early notes from discussions (Google Doc) @Andor keep other orgs informed about model @Darrell O'Donnell no island
10 mins	Review DIF Trust Establishment 0.0.1 spec and Prior Art	@Andor	Yesterday, the ToIP Steering Committee approved the memo of collaboration with DIF on trust registry work. In preparation for this collaboration, TRTF members should review the DIF Trust Establishment 0.0.1 spec and their Prior Art for Trust Establishment GitHub page.
10 mins	Special topic #3		@Jacques Latour to give preso on TR definitions. DIACC Cira: Issuer - Holder - Verifier Allowed to issue credentials Allowed to hold credentials Allowed to verify credentails Digital Identity Ecosystem : Digital Identification and Authentication Council of Canada Governance, Operation, and registration management Governing authority: CUA Academia trust registries Victor: Is the global identifier necessary for the credential? @Jacques Latour (Deactivated) Yes. @Victor: Doesn't need to solve for impersonation to be effective. @Darrell O'Donnell DNS might be one of the best solutions on rigid heirarchy. @Darrell O'Donnell Global trust anchor may be an island @Victor Not all formats have top anchors. 3 jurisdictions. 3 laws and governance structures. @thomsona Trust registries are setup by ecosystems that are set together. Don't want trust registries connected. Missing peer to peer / arbitrary relationships should use the same technologies that trust registries support @Andor village connection @Daniel Bachenheimer E-passports Global uniqueness is hard Trust Framework Going back to wallets found it interesting. @Darrell O'Donnell WHO learned that the ICAO model is no longer feasible. Nation states are no longer willing to defer to the UN. @Daniel Bachenheimer Levels of trust Granularity @Victor. TRAIN allows viability. Chain of trust APAC Discussion: @Andor shared that there was a lot of great discussion in the NA/EU meeting based on @Jacques Latour (Deactivated)'s presentation about DNS-based trust registries. @Drummond Reed : Initial thought about decentralized, but open to learning more about DNSSEC and how it would work Direct parallel: Technology Architecture Spec has three classes of identifiers. Verifiable Identifiers is the broadest category of identifiers, which intentionally includes HTTPS URLs Decentralized Identifiers ← broadened the aperture to handle DNS 1st Generation Work: Semantic interoperability Challenge for digital trust ecosystems Can't rely on a statement from a TR unless you have agreement on the semantics. Triple of identifiers (all 3 are URIs) Governance should be an id Verifier also an id Credential type for issuers or presentation type for verifier. @Daniel Bachenheimer Metadata and granularity. What are they allowed to issue. @Drummond Reed : EU LOAs (levels of assurance) High, Substantial, Low @Judith Fleenor (Deactivated) US: 3 levels defined by NIST 800-63 specifications @Drummond Reed that spec defines two types of LOA Identity assurance Authentication assurance @Andor Blank slate or work with existing system @Drummond Reed we shouldn't be redefining levels of assurance. Provide a standard for framework, but leave it up to the governance framework ToIP ends at description of process\ @Judith Fleenor (Deactivated) What we provide, needs to have provisions for different choices. @Drummond Reed Enable interoperability with legacy infra w/o constraining new models. @Judith Fleenor (Deactivated) Needs to follow design principles Listening sessions @Drummond Reed @Judith Fleenor (Deactivated) DIF should come to ToIP to present and vise versa. @Judith Fleenor (Deactivated) rule: make sure that everyone is a member of DIF or ToIP DIF: No EasyCLA In lockstep and not cloned @Drummond Reed What are their proposed deliverables Task Force: need to revisit @Judith Fleenor (Deactivated) Precursor deliverables. Prioritize the work items.
10 mins	Special topic #4
5 mins	Review decisions/action items Planning for next meeting	Chairs	PROPOSAL: Create comparison table of various Trust registry / Trust list / Trust chain models. Figure out if ToIP TR Spec could cover them all or if there are scoping/boundaries to set.

Screenshots/Diagrams (numbered for reference in notes above)

#1

Decisions

Sample Decision Item

Action Items

@Andor to investigate bad calendar invite on wiki.

Everyone: Start outlining the requirements and constraints

Add requirements from the v1 spec into the new req doc

@Andor @Darrell O'Donnell to push forward the DIF collaboration.

Think about how we can scope and facilitate a collaboration with DIF better.

2022-12-08 TRTF Meeting Notes