2021-06-17 TRTF Meeting Notes

Meeting Date

Jun 17, 2021

Attendees

@Drummond Reed
@Darrell O'Donnell (virtually!)
@Lucy Yang
@Kaliya Young
@John Walker
@Daniel Bachenheimer
@Ken Adler (Deactivated)
@sankarshan
@Savita Farooqui
@Vitor Pamplona

Main Goal of this Meeting:

Introduce this new Task Force, introduce members, establish a shared understanding of the mission and timeline, and agree on a meeting schedule.

Agenda

Time	Item	Lead	Notes
5 min	Start recording Welcome & Antitrust Policy Notice Agenda review	Chairs
5 min	Introduction of members	All
15 mins	Orientation: mission and deliverables of this Task Force Review of the Trust Registry recommendations from the Good Health Pass Interoperability Blueprint Loom video (@Darrell O'Donnell recorded) -	@Drummond Reed
15 mins	Real-world implementation community example: Global COVID Credentials Network (GCCN)	@Lucy Yang @Kaliya Young @John Walker
10 mins	Technology approaches	All
10 mins	Meeting schedule and next steps	Chairs

Recording

link to the file

Presentation(s)

link to the file

Documents

File 1 - link

Notes

Member introductions
Orientation: mission and deliverables of this Task Force
- Review of the Trust Registry recommendations from the
  Good Health Pass Interoperability Blueprint
- Key Deliverables - @Darrell O'Donnell guidance via Loom video. Key Links for Discussion:
  - GitHub Repo - https://github.com/trustoverip/tswg-trust-registry-tf
  - GitHub.IO specs - https://trinsic-id.github.io/tswg-trust-registry-tf/
    - NOTE: we need to move this github.io site under ToIP.
  - Swagger - https://app.swaggerhub.com/apis/darrellodonnell/GHP.TrustRegistry/0.1.0
    - NOTE: we need to move this Swagger under ToIP control, or find an alternative OpenAPI host.
Real-world implementation community example: Global COVID Credentials Network (GCCN)
1. Core goal: to provide a bridge between the EU Gateway (for the EU eHealth Network and its Digital COVID Credentials (DCC))
2. Will serve the goal that @Darrell O'Donnell described in his Loom message and the GHP Interoperability Blueprint section 7.2 on Trust Registries
3. The GCCN is planning to start a directory of participating trust registries by the end of next week
4. Most of the current potential participants are currently operating private trust registries
5. @John Walker is preparing a template for listing participating trust registries in a directory
  1. This could be maintained a GitHub file
6. The goal would be to implement within a month
@Jim StClair raised the question of supply vs. demand
1. Providence Healthcare currently serves 7 states and is working on getting access to the states’ IIS systems
2. He is not yet seeing coordinated demand for access to a trust registry for verification
3. @Lucy Yang said that today most of the health pass solutions are implementing their own trust registry solutions, but that these are not interoperable
  1. She has been hearing some demand for accessing the US IIS systems in some coherent fashion
4. Jim confirmed that if there was a solution for coordinated access to US IIS and COVID credential
5. @Lucy Yang shared that there are two types of implementers of trust registries
  1. The first type is for original issuers—in the health domain
  2. The second type is "reissuers" or "proxy issuers" like IATA
  3. Both are peers in the network but operationally they are different
  4. @Daniel Bachenheimer noted this quote from the GCCN announcement: "GCCN will include a global directory of trust registries to enable cross-border certificate verification, and be a home for toolkits and community-managed support for those building and managing COVID certificate systems."
  5. So Dan asked whether there was any effective difference between these two
  6. @Lucy Yang said that was in discussion — that the concept of a "pass" is foreign to the EU because they currently only recognize COVID certificates.
  7. @Daniel Bachenheimer ask about the trust model — about who would trust GCCN
  8. @Kaliya Young clarified that the GCCN directory is not designed to be separately trusted
  9. @Savita Farooqui said that the trust decision of what issuers are trusted by a governing authority is up to the governing authority
@Jim StClair also raised the importance of the link between a trust registry and the associated ecosystem governance framework
1. This is critical to enable real-world trust in each trust registry and enable peers to make trust decisions about which other peers to trust
2. @Drummond Reed strongly agreed and pointed out that strong binding is supported in the GHP Interoperability Blueprint, particularly in the Governance and Trust Frameworks recommendations (section 7.3)
Technology approaches—we ended out with very little time to discuss this
1. ToIP Trust Registry Protocol
2. Swagger API
3. Chained Credentials—see ToIP ACDC (Authentic Chained Data Container)Task Force
4. DIF Identity Hubs
5. CARDEA and machine-readable governance
Meeting schedule
1. One plenary meeting a week
2. One or two other meetings per week to advance the spec
Agenda items for next meeting

Slides

#1 —

Decisions

Sample Decision Item

Action Items

Sample Action Item