2023-08-24 GSWG Meeting Notes

Meeting Date

The GSWG meets bi-weekly on Thursdays at 11:00-12:00 PT / 18:00-19:00 UTC. Check the ToIP Calendar for meeting dates.

Zoom Meeting Link / Recording

Attendees



Main Goal of this Meeting

Understand the opportunity to create a governance framework for dual-stack interoperability.

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • Suggestion by Neil Thomson about educating Governance Stack Working Group on mature governance, compliance and accreditation models in the marketplace to help adopt new standards for ecosystems to adopt
  • New Attendees:
    • Ralph Claar: Senior Manager at Schellman working for Scott Perry,  20 plus years working for Commercial Certification Authorities, Department of Defense and Department of Energy Security contracting experience, Navy Veteran.  
5 minsReview of action items from previous meetingChairs
5 minsAnnouncements


30 minsUpdate from Attraction Pass Task ForceKabir Maiga 

Kabir Maiga from the Attraction Pass TF presented the progress made on the "Attraction Pass" where visitors can receive or purchase passes in the form of verifiable credentials (VCs) to gain access to various attractions in a city. These attractions could include museums and other places of interest. The focus is on implementing a ToIP stack and utilising SSI principles to ensure security and privacy.

5 minsAny other business



5 mins
  • Review decisions/action items
  • Planning for next meeting 
ChairsNext Plenary meeting Thursday September 21, 2023 11:00PT

Meeting Notes

[Generated using ChatGPT and meeting transcript)

Kabir's presentation revolved around the concept of a 'Attraction Pass' for accessing attractions. The main points of his presentation were:

  1. Introduction: Kabir introduced the idea of a digital pass that would allow visitors access to attractions. He highlighted the benefits of such a system in terms of convenience and data collection.

  2. Authentication and Authorization: He discussed the challenges of ensuring secure and interoperable authentication and authorization processes. He emphasized the need to prevent unauthorized access while ensuring visitor privacy.

  3. Stakeholder Roles: Kabir identified the various stakeholders involved in the system, including visitors, attraction staff, sellers, and resellers. He explained their roles in the process of purchasing, presenting, and verifying the digital pass.

  4. Process Flow: He presented a multi-step process, from purchasing the pass to presenting it at the attraction. He explained how IoT devices could be used for verification at the attraction's entrance.

  5. Verifiable Credentials (VCs): Kabir proposed the use of verifiable credentials to represent the digital passes. He explained that these VCs would contain necessary information about the pass holder and their access entitlements.

  6. Pass Structure: He discussed the potential structure of digital passes, whether they would be sold individually or as bundles for accessing multiple attractions.

  7. Interoperability: Kabir emphasized the importance of interoperability between different systems and stakeholders. He highlighted the need for standards to ensure seamless communication and operation.

  8. Digital Signatures and Audit Trails: He mentioned the use of digital signatures to sign passes and create audit trails. This would help in tracking the issuance, transfer, and use of passes.

  9. Benefits of the System: Kabir discussed the benefits for attractions, such as better visitor insights, as well as the potential for partnerships between attractions.

  10. Challenges and Mitigations: He addressed challenges including technical issues, privacy concerns, and fraud. He suggested mitigation strategies for each challenge.

  11. Future Scope: Kabir talked about the future possibilities of the system, such as integrating with accommodation providers or transportation services.

  12. Conclusion: He concluded by emphasizing the need for a well-designed, secure, and interoperable system to ensure the success of the digital pass concept.

Overall, the presentation outlines the conceptual framework of the "Attraction Pass" program and its key components, including verifiable credentials, agent wallets, offline capabilities, privacy considerations, and more. It aims to provide a clear specification for implementing the program while leveraging SSI and trust over IP principles.


DISCUSSION

Daniel Bachenheimer  raised several points related to authentication and authorisation for access control in the context of a digital pass for attractions. He emphasised the importance of both authentication and authorisation, particularly for scenarios involving children or specific age-related access. He also expressed concern about preventing misuse, such as using child tickets by adults, and highlighted the need for strong biometric authentication. Dan also touched upon transferability and potential scalping issues.

In response, Kabir Maiga acknowledged Dan's feedback and noted the relevance of integrating both authentication and authorisation into the access control process. Kabir also mentioned that interoperability through standards would be crucial in the design.

The discussion then shifted to the roles of various stakeholders, including Bob (the visitor), Charlie (an attraction staff member), Alice (who sells passes for the attraction), Steve (an authorized reseller), and Frank (who sells concessions within the attraction). Kabir explained the steps involved in the process, starting with Bob purchasing a pass, presenting it to Charlie, and the use of IoT devices for verification. The discussion also explored the idea of signatures and their audit trail for tracking who sold the passes.

Drummond Reed and Scott Perry  further delved into aspects such as the rationale for separate signatures by the issuing agent and the issuer, potential privacy concerns, and the tracking of sales. Savita Farooqui sought clarification on how passes sold by authorized resellers for multiple attractions would be structured, whether as a single verifiable credential (VC) for multiple attractions or multiple separate VCs.

Kabir explained that the payload of the pass would contain the VC itself, and Steve could bundle multiple attractions into a single VC or sell them as separate VCs. The conversation also touched on presentation formats, including visual, wireless, and paper passes. Overall, the discussion centred on authentication, authorisation, roles, and the structure of passes within the context of attraction access control.

Screenshots/Diagrams


Action Items