2021-06-17 TRTF Meeting Notes

Meeting Date

• 17 Jun 2021 

Attendees

• Drummond Reed
• Darrell O'Donnell (virtually!)
• Lucy Yang
• Kaliya Young
• John Walker
• Daniel Bachenheimer
• Ken Adler (Deactivated)
• sankarshan
• Savita Farooqui
• Vitor Pamplona

Main Goal of this Meeting:

Introduce this new Task Force, introduce members, establish a shared understanding of the mission and timeline, and agree on a meeting schedule.

Agenda 

Recording

• link to the file

Presentation(s)

• link to the file
  

Documents

• File 1 - link

Notes

1. Member introductions

2. Orientation: mission and deliverables of this Task Force

   • Review of the Trust Registry recommendations from the 

     Good Health Pass Interoperability Blueprint
   • Key Deliverables - Darrell O'Donnell guidance via Loom video. Key Links for Discussion:
     • GitHub Repo - https://github.com/trustoverip/tswg-trust-registry-tf
     • GitHub.IO specs - https://trinsic-id.github.io/tswg-trust-registry-tf/ 
       • NOTE: we need to move this github.io site under ToIP.
     • Swagger - https://app.swaggerhub.com/apis/darrellodonnell/GHP.TrustRegistry/0.1.0
       • NOTE: we need to move this Swagger under ToIP control, or find an alternative OpenAPI host.
3. Real-world implementation community example: Global COVID Credentials Network (GCCN)
   1. Core goal: to provide a bridge between the EU Gateway (for the EU eHealth Network and its Digital COVID Credentials (DCC))
   2. Will serve the goal that Darrell O'Donnell described in his Loom message and the GHP Interoperability Blueprint section 7.2 on Trust Registries
   3. The GCCN is planning to start a directory of participating trust registries by the end of next week
   4. Most of the current potential participants are currently operating private trust registries
   5. John Walker is preparing a template for listing participating trust registries in a directory
      1. This could be maintained a GitHub file
   6. The goal would be to implement within a month
4. Jim StClair raised the question of supply vs. demand
   1. Providence Healthcare currently serves 7 states and is working on getting access to the states’ IIS systems
   2. He is not yet seeing coordinated demand for access to a trust registry for verification
   3. Lucy Yang said that today most of the health pass solutions are implementing their own trust registry solutions, but that these are not interoperable
      1. She has been hearing some demand for accessing the US IIS systems in some coherent fashion
   4. Jim confirmed that if there was a solution for coordinated access to US IIS and COVID credential
   5. Lucy Yang shared that there are two types of implementers of trust registries
      1. The first type is for original issuers—in the health domain
      2. The second type is "reissuers" or "proxy issuers" like IATA
      3. Both are peers in the network but operationally they are different
      4. Daniel Bachenheimer noted this quote from the GCCN announcement: "GCCN will include a global directory of trust registries to enable cross-border certificate verification, and be a home for toolkits and community-managed support for those building and managing COVID certificate systems."
      5. So Dan asked whether there was any effective difference between these two
      6. Lucy Yang said that was in discussion — that the concept of a "pass" is foreign to the EU because they currently only recognize COVID certificates.
      7. Daniel Bachenheimer ask about the trust model — about who would trust GCCN
      8. Kaliya Young clarified that the GCCN directory is not designed to be separately trusted
      9. Savita Farooqui said that the trust decision of what issuers are trusted by a governing authority is up to the governing authority
5. Jim StClair also raised the importance of the link between a trust registry and the associated ecosystem governance framework
   1. This is critical to enable real-world trust in each trust registry and enable peers to make trust decisions about which other peers to trust
   2. Drummond Reed strongly agreed and pointed out that strong binding is supported in the GHP Interoperability Blueprint, particularly in the Governance and Trust Frameworks recommendations (section 7.3)
6. Technology approaches—we ended out with very little time to discuss this
   1. ToIP Trust Registry Protocol
   2. Swagger API
   3. Chained Credentials—see ToIP ACDC (Authentic Chained Data Container)Task Force
   4. DIF Identity Hubs
   5. CARDEA and machine-readable governance
7. Meeting schedule
   1. One plenary meeting a week
   2. One or two other meetings per week to advance the spec
8. Agenda items for next meeting

Slides

#1 — 

Decisions

• Sample Decision Item

Action Items

• Sample Action Item