2023-04-12 TSPTF Meeting Notes

Meeting Date & Time

This Task Force meets three out of every four Wednesdays (the fourth Wednesday is the Technology Stack WG plenary meeting). There are two meetings each Wednesday to serve different time zones:

  • NA/EU meeting: 08:00-09:00 PT / 15:00-16:00 UTC
  • APAC meeting: 18:00-19:00 PT / 01:00-02:00 UTC

See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.

Zoom Meeting Recordings

Attendees

NA/EU:

APAC:

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
3 min
  • Start recording
  • Welcome & antitrust notice
  • New member introductions
  • Agenda review
Leads
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
    • Adam Bradley is working for Mastercard based in Melbourne.
    • Jim StClair is now working with Coordinated Care Inc.
2 minReview of previous action itemsLeads
  • ACTION: Sam Curren to: 1) Create a Github Discussion to figure out the wording of the choices in a poll about TSPTF member preferences for how long they believe is optimal for the TSP spec process to take (see Sam's slides on the topic), and once there is rough consensus on the choices, 2) run the poll using the Github Discussions polling feature.
  • ACTION: Oskar van Deventer to create a Github discussion thread to prep for a TNO-Moderated Terminology Design Workshop at our NA/EU meeting on 03 May 2023.
  • ACTION: ALL TSPTF MEMBERS to review the Google Slides deck where we are accepting proposals for the 3rd generation ToIP stack diagram and submit any ideas, suggestions, or comments you have.
5 minsTimeline PollSam Curren 

Per his action item above, Sam created this Github discussion thread. If we have consensus on the proposed options, then ideally Sam can begin the actual poll ASAP after the meeting.

In real time during the meeting, Sam created the poll here.

ACTION: ALL TSPTF MEMBERS please complete this TSP Task Force timeline poll — ideally in the next 24 hours so we can review the results at the start of the TSP Workshop tomorrow (Thursday April 13).

5 minsTerminology Design Training WorkshopOskar van Deventer 

Reminders:

  1. This session will take place at our regular NA/EU meeting time on Wednesday 03 May 2023.
  2. So far 4 terms have been proposed in this Github discussion thread that Oskar started. Please propose any other terms you would specifically like to see discussed in the workshop.

ACTION: ALL TSPTF MEMBERS please add any other terms to this Github discussion thread (especially fundamental terms) that you would like to suggest we review in depth at the Terminology Design Training Workshop.

APAC:

Jo Spencer "Have a look at the mental model work - https://essif-lab.github.io/framework/docs/essifLab-pattern-list - @Jim, you might remember that a lot of this came out of the activities we were doing in the Sovrin Guardianship work."

20 minsRecap of the 06 April TSP WorkshopAll

See the extensive Meeting Notes. We will discuss key thoughts and takeaways from attendees.

Daniel Hardman andSam Smith both shared that the biggest takeaway was the focus on the need for the TSP to support appraisability of the trust basis of the parties to the protocol.

20 minsPrep for the next TSP Workshop TOMORROWDrummond Reed 

Our second TSP Workshop is the same day/time as the last one: Thursday 13 April 2023 at 1:00-3:00PM PDT / 20:00-22:00 UTC / 22:00-24:00 CEST / 06:00-08:00 AEST.

Our goal is to discuss and agree on the agenda. One option is to discuss a consolidate stage proposal just posted by Drummond Reed called the Two-Layer Design Model Proposal.

Daniel Hardman was happy to start discussion on the above proposal. Other potential topics:

  • A definition of "trust task" that is different than the current proposal and thus has implications for the TSP design. Essentially he wants to make a case that the proposal above fits under one definition and not the other.
    • Daniel will leave a comment with his proposed definition.
  • Composability is another key topic. Daniel suggests that Sam share his thoughts about this topic.

Neil Thomson suggests we need to look at different types of trust tasks:

  1. One that is gathering evidence for making trust decisions.
  2. Assistance in making the trust decisions.
  3. Taking actions to preserve that trust in accomplishing the user's objectives.

Sam Smith suggests discussing what "duplicity-evident computing" means. It is a term that has evolved out of the KERI and ACDC work that is not yet well-established in the security community. This compliments the discussions about authenticity, confidentiality, and privacy — and duplicity-evident computing complements all of them and simplifies attack surfaces.

Drummond Reed provided a quick review of the Two-Layer Design Model Proposal and explained why he thought it would be helpful to discuss. 

Sam Smith would prefer to pick one topic on which we can drive a discussion to closure. The Two-Layer proposal could take the entire two hours. To properly support higher-level trust tasks, we need a set of composability properties. Where should those go? That's quite an in-depth discussion. Sam feels composability is about composing transitive trust, not about composing actions.

Sam Curren does believe that there is a need for more common semantics than what would be in a minimal TSP. 

APAC:

Daniel Bachenheimer "NIST digital identity specs is an interesting topic; would like to discuss further with any/all interested but don't want to take this call down a rabbit hole.  NIST is dropping the ball on Identity Resolution (establishing uniqueness) and Authoritative Sources weakening IAL levels that is weakening Identity Assurance Levels." He provided this quote from the draft: "It is recommended that Issuing Authorities opt for a smaller rather than for a larger portrait image." 

Jim StClair Agreed — we have been providing the same feedback to NIST.

Jo Spencer In terms of the two-layer proposal, the key is that the combination needs to handle all phases of the lifecycle of a connection and the governance under which the connection is operating. Phases of that lifecycle:

  1. Establishment: discovery of the other endpoint, recovery/reestablishment of a previous connection.
  2. Operation: what is accomplished using the connection.
    1. Upgrade/downgrade: a change in trust levels depending on context
  3. Termination:
  4. Dispute: how to handle if something goes wrong.

Drummond Reed observed that we need to recognize the relationship of trust task lifecycles at the trust task layer vs. the connection lifecycle at the TSP layer.

5 mins
  • Review decisions/action items
  • Planning for next meeting 
Leads

Should we take a hiatus for the Internet Identity Workshop #36 next week?

There was no decision. Drummond Reed will discuss with the co-leads.

Decisions

  • None.

Action Items

  • ACTION: ALL TSPTF MEMBERS please complete this TSP Task Force timeline poll — ideally in the next 24 hours so we can review the results at the start of the TSP Workshop tomorrow (Thursday April 13).
  • ACTION: ALL TSPTF MEMBERS please add any other terms to this Github discussion thread (especially fundamental terms) that you would like to suggest we review in depth at the Terminology Design Training Workshop.