2023-05-02 DMRWG Meeting Notes
Meeting Date
The DMRWG meets bi-weekly on Tuesdays at 12:00-13:00 PT / 16:00-17:00 UTC. Check the ToIP Calendar for meeting dates.
Zoom Meeting Link / Recording
- Recording (Mtg Start - 4:45)
Attendees
Main Goal of this Meeting
- Open Mike/Discussion - Data Issues
- DIF Trust Enablement Work Flow & Documents: Proposal on the Trust Establishment Workflow using Trust Documents
Agenda Items and Notes (including all relevant links)
Time | Agenda Item | Lead | Notes |
5 min |
| Chairs |
|
50 mins | Trust Establishment Workflow & Documents | Chair | Trust Enablement Workflow using Trust DocumentsWhile the ToIP Stack defines the overall stack and component organization, it lacks a workflow for establishing trust between two Parties using those components and the Trust Spanning Protocol The Discussion presents an early draft of the workflow, which assumes the use of Layer 2 and 3 components (e.g. Wallets, Trust Registries), primarily in the Trust Evidence Request/Response interaction, but does not show that level of detail. Notes:
Meeting notes (not in any particular order. They are comments about the behaviour of the system and the requirements/properties of the components) Trust EvidenceTrust Evidence and the ecosystem system status (for both Parties and their ecosystems) need to be collected during interactions of any type, including pty2pty and any other ecosystem interaction prty2pty evidence about infrastructure components as well as high trust entities (Issuers, Verifiers, etc.) need to be shared for use by other Parties and the Ecosystem in general There is an issue with privacy and confidentiality about Entities: People, Organizations, and Devices(?). Trust Evidence, including Verifiable Credentials and custom presentation of claims, consent, etc., need to have lifetime restrictions. The default is that while the purpose and status of a trust workflow eventual status (Party X, trusted for the following context/purpose) may be persisted (Party X Trust State by purpose/context) during the trust decision workflow, the actual evidence collected should be discarded (default) once the trust workflow is complete. That trust may also require an explicit agreement on trust evidence retention such that the shared-to Party (Entity) agrees not to capture PII or other sensitive data through any means (e.g., notes made in a text file while interacting with another Party, screen/device recording, etc.) Trust History may be different from the Trust Evidence Cache for simplification of persistent trust information (purpose & context by counterparty) or "trust evaluation only" information.
Caching Evidence Decisions There are at least two options for Trust Establishment Workflows
Notes on the modellingThe current model only shows one side Alice's view of sending TERs to Bob. It also needs to show Req/Response for trust questions in both directions. There are clearly some collection of objects and workflows that need to be packaged as building blocks and shown in modelling diagrams. A Trust Request/Decision Block (TRDB) includes
Each Trust request
Decision Parameters may be a combination of system defaults, user preferences, past user decision responses, and ecosystem experience suggested values from composite interaction by many/all Parties in the ecosystem for that particular counterparty, context, purpose (or other combinations) It is not clear if the TER list from Alice to Bob has to be the same as Bob to Alice. Nor is it clear how to interleave requests (TRDB from Alice, then from Bob). The proposed default would be alternating by Topic/TRDB. It would be useful if Alice and Bob could exchange what the TRDBs were to see that they concur on which topics to request, which are common and which are unique to their side of the relationship. This also suggests needing to work out the ordering sequence. There are several motivations for how to order TERs
Particularly in each implementation for Trust Est Wflw, there may be the need for non-trivial negotiation on the order, type and specific trust requests that will be exchanged. Requirement - completely avoid exchanging Sensitive/PII information Use Case - women seeking access to abortion pills in areas in the US where women can potentially be reported and charged with a crime for seeking access or exposing themselves as being pregnant and subject to medical surveillance and medical restrictions. The technical requirement to establish trust and exchange data in an anonymized manner without compromising the security and authenticity of the TEWF Solution - Trust establishment via a trusted 3rd party - another variation on the intermediary/digital notary case. Each party establishes trust with the intermediary who acts as a broker for each party, who confirms to each Party that the other is legitimate and is authentic without revealing potentially compromising information. Need for a Trust Agent Assumptions:
Desirable features:
Party Roles for Interaction In most cases, in a 2 Party interaction, one Party is the initiator. It has been discussed (Trust Spanning Layer) that the initiator should be required to specify the purpose and context for the request. This emulates being cold-called in a phone, text or email conversation. The person receiving the "call" is most likely to reject the call if the purpose and context for the call are not offered. For a Trust Establishment Workflow, as in an interpersonal conversation, the details (and ramifications) of the purpose and context need to be established with the first request or very early in the interaction. More details will emerge through the workflow as more trust information is exchanged (although the correlation may not be 1-for-1), with full understanding not achievable until late in the workflow process and possibly not until well into application-specific interaction (e.g., discussing terms and conditions of a financial transaction or data exchange). The TEWF certainly supports that in all messaging, that purpose (simple phrase of intent) and context (details of the purpose and the circumstances/context under which the purpose will be implemented or performed. This should sync with the Trust Spanning Layer Protocol Additional Post Meeting comments by Carly Thinking of today's discussion and this ToIP paper: "Users provide credentials as an equivalent of filling in forms. Few realize that this is only one-half of the negotiation of a transaction and that users, too, might want to learn more about the party to which they provide their data to. If they can, they might be able to better determine whether it is a legitimate business or a scam, whether the party is |
Screenshots/Diagrams (numbered for reference in notes above)
Decisions
- Sample Decision Item
Action Items
- Sample Action Item