2023-06-07 TSPTF Meeting Notes
Meeting Date & Time
This Task Force meets three out of every four Wednesdays (the fourth Wednesday is the Technology Stack WG plenary meeting). There are two meetings each Wednesday to serve different time zones:
- NA/EU meeting: 08:00-09:00 PT / 15:00-16:00 UTC
- APAC meeting: 18:00-19:00 PT / 01:00-02:00 UTC
See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.
Zoom Meeting Recording
- NA/EU Meeting: https://zoom.us/rec/share/gowfEErvVTbDgo49Gr7y_5SjcBbZAOILzbvg6Qgv0GVVcPOdFo6flL821TzP0yEv.Lmtj-_nsPtxM9a20
- APAC Meeting: No recording was made as only Drummond Reed and Daniel Bachenheimer were able to attend.
Attendees
NA/EU:
- Drummond Reed
- Wenjing Chu
- Sam Smith
- Daniel Hardman
- Darrell O'Donnell
- Antti Kettunen
- Clare Nelson
- Christine Martin
- Daniel Bachenheimer
- Jim StClair
- Keerthi Thomas
- Kyle Robinson
- Matteo Midena
- Lance Byrd
- Neil Thomson
- Oskar van Deventer
- Rodolfo Miranda
- Sam Curren
- Willem de Kok
- Steve McCown
APAC:
Agenda Items and Notes (including all relevant links)
Time | Agenda Item | Lead | Notes |
3 min |
| Leads |
|
2 min | Review of previous action items | Leads | None |
25 mins | Telcos, TSP, and Service Models | Oskar van Deventer | Oskar would like to explore what we see as the roles and service models for telcos in the ToIP stack, particularly with the design of 6G happening now. Please view his presentation: "Should 6G be Trust Spanning" and join Discussion #16. See screenshots #4, #5, and #6 below. Jim StClair asked what kind of TSP services that telcos might offer. Should it go right down to the handset level? Oskar said there are a number of questions about this. With regard to the handset question, 3GPP standards are required to be implemented. Jim wondered how much influence we could end out having on the U.S. handset manufacturer. Daniel Bachenheimer: "in ISO Security Devices for Personal ID separates MOBILE because of its differences - TRUST likely needs to follow this scheme and engaging GSMA on this topic is very much needed."
Antti Kettunen said it is a very important topic, and glad that Oskar raised it. ToIP is about establishing trusted channels of many kinds, so it definitely applies to telcos. It may also help telcos expand their services. Sam Smith noted that TSPTF contributor Daniel Hardman works for Provenant which is working with telcos in the area of signed SMS messages. Sam said there are many other areas where the telco industry could solve trust problems at different layers. Sam Curren: "Relevant here is the general trend to dumb networks and smart devices, as opposed to smart networks and dumb devices." Jim StClair: "+1, but there’s also some blurring with UWB and IoT and edge." Neil Thomson: "Suggest that to get attention w 5G (6G) would be to connect in Ottawa (all the major players have R&D labs here). However, to get their attention would need some prominent enough players (ToIP, DIF, etc.) to ask for a meet to get their attention. I have one strong connection into the funding for 5/6G that a delegation of SSI groups may have enough weight to engage." Jim StClair: "To Sam’s point, telcos require a financial incentive to deliver the value-add. For consumers, the value-add is invisible to the handset vs the network." Oskar said that it is not just about backhaul, but about multiple other layers where ToIP could play. Sam Smith pointed out that the question of authenticity can cross multiple layers, but it would be hard to explain to telco providers. The challenge of pipe to pipe is addressed at SA3, but some of it is at SA6. So the fit within 3GPP is not clear. Wenjing Chu appreciated Oskar's presentation and said that all 3 of his steps in screenshot #6 apply. Wenjing works in the handset manufacturer space, and he said it would be good to get an updated view from the telcos about digital trust and what the telcos would need. Is there someone we can invite to talk with us about this? Wenjing felt we need to do this across other industries as well. Oskar said that telcos know they have trust problems to solve, and that telcos are quite trusted by consumers. In the Netherlands, they have close relations with KPM, and also neighbors Deutsche Telekom and Telephonica. So it would be great if those who are close to telcos could check with the telcos they know. Wenjing Chu believes one topic that is universal across the telcos is authentication that is a combination of CallerID and voice recognition. Both of those methods are now under attack. Oskar agreed. Drummond agreed. Albert Johnson: "It would not be a waste of time to find a "primer" on relevant telco terms and review TSP to communicate it by at least in part leveraging that vocabulary. As you know, in 'adult education' you attach and relate the new information and learning onto what people know already. So since the telco people know that already, let's attach TSP to terms they 'get.'" Neil Thomson: "@Albert - +1 you need to talk their language." Judith Fleenor: "@Albert - are you volunteering to work on such education?" Albert: "@Judith F - thinking about it, might get interesting. Not sure I have enough of the right contacts but with a decent group we could pull it off - basically I think we'd be assembling a glossary for this group that spans the 'landscape.' So make that a 'maybe.'" Keerthi Thomas: "There is huge push from the UK government to promote 5G enabled creative industry. e.g. remote music events, remotely orchestrated music. This involves authenticating users and telcos are interested in providing low-level security. Oscar your suggestions in the telco space is interesting." ACTION: Oskar van Deventer to digest the feedback from today's discussion about engaging telcos in the work of developing the ToIP stack, and then continue this discussion in TSPTF discussion thread #16. |
25 mins | Next steps with the Layered Model design approach | At our last TSP Workshop (see the May 4 Special Workshop Meeting Notes), there was a consensus that we should pursue a layered model in which we consider not just the "spanning layer", but the layers above (and below? see screenshot #1 below) such that we get a full solution ready for the trust task protocols to be able to layer above it at ToIP Layer 3. One possible approach to this layering is a diagram (screenshot #2) that Drummond Reed developed to communicate this in the Trust Spanning Protocol panel at the European Identity Conference last month. Another approach is the "DIDComm V2 decomposed" diagram that Sam Curren showed in the May 4 TSP Workshop (screenshot #3). Regardless of how we might currently conceive it, the question we need to discuss is how we should proceed with actually developing this layered model such that the end result is the specifications we need for each layer. Sam Curren gave a summary of the outcome of the third TSP Workshop (May 4th) as illustrated by screenshot #7 below. Drummond Reed asked whether the four trust tasks at the top are currently specified within the DIDComm V2.1 specification. Sam Curren said yes. Darrell O'Donnell: "@TelegramSam - I presume that a base capability of a message-based format/structure allows for common error handling or do you consider that exclusive as a Trust Task?" Sam Curren: "@Darrell - The error handling is the top level resolution flow, which prevents each task from having to define their own error handling. Also handles errors not specific to a single trust task." Darrell O'Donnell: "TelegramSam - so that’s part of your Structure Layer right? Trust Tasks would then layer on top of the basic error structure?" Sam Curren: "The structure layer provides the necessary message information, the error resolution happens at a trust task layer referencing the information of the relevant messages." Darrell O'Donnell: "Agreed that error-handling is above, but the structure for error propagation should be common in my little brain." Neil Thomson: " It's be coming clear that interaction between parties goes through different states and will use the stack differently (which may bring more clarity to the stack). Example: KYC interaction and SPAC requirements are different than operational interaction (e.g., interaction to get known to a bank or other individual is different from doing a financial (operational) transaction." Sam Smith said that the layering needs to be structured very carefully in order that the ToIP principles can apply across all of the layers. He feels like the principles can only work across layers. Privacy is the key issue. Usage privacy can be handled at the trust task layer. But correlation privacy, based on the metadata at each layer, is a much more complex topic. He gave the example of correlate-able addressing. Sam Smith believes that authenticity and encryption can be layered, but privacy is very tricky. In his PAC paper (see discussion #33) he talks about his ESSR theorem. So we should apply the principles, then decide how functional layering works. Wenjing agreed that if we put the mapping, layer by layer, for the 3 key properties (authenticity, confidentiality, privacy), then we should see how they map. Sam Smith was willing to put forth a strawman mapping of the ToIP principles to the layers as his action item for next week's meeting. ACTION: Sam Smith to propose a strawman mapping of the ToIP principles to ToIP stack layers for next week's meetings. Wenjing Chu suggested that the other important task is to return to the question of use cases and decide what the canonical set is going to be so that we can test how those would apply to the layering. Drummond Reed agreed and pointed out this is still an action item that needs to be completed for the Technology Architecture Specification (TAS). ACTION: Drummond Reed to review the use cases that were prepared for the ToIP Technology Architecture Specification and compile a proposed list of canonical use cases for presentation at next week's meetings. | |
5 mins |
| Leads |
Screenshots/Diagrams (numbered for reference in notes above)
#1
#2
#3
#4
#5
#6
#7
Decisions
- None
Action Items
- ACTION: Oskar van Deventer to digest the feedback from today's discussion about engaging telcos in the work of developing the ToIP stack, and then continue this discussion in TSPTF discussion thread #16.
- ACTION: Sam Smith to propose a strawman mapping of the ToIP principles to ToIP stack layers for next week's meetings.
- ACTION: Drummond Reed to review the use cases that were prepared for the ToIP Technology Architecture Specification and compile a proposed list of canonical use cases for presentation at next week's meetings.