Meeting Date

05 Jan 2023 The ToIP Trust Registry Task Force (TRTF) meets weekly twice every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings for full meeting info including Zoom links):
- NA/EU 07:00-8:00 PT / 15:00-16:00 UTC
- APAC 18:00-19:00 PT / 02:00-03:00 UTC

Zoom Meeting Link / Recording

NA/EU MEETING: https://zoom.us/j/99576264894?pwd=L0RQOXZtci83elJqY1o1dlZaTUx5Zz09
APAC MEETING: https://zoom.us/j/92238278364?pwd=bXJoNzltMDJFdWZKWnovUG5MZk0rUT09
(These links will be replaced with a link to the recording of the meeting as soon as that is available)

Attendees

NA/EU Meeting

APAC Meeting

Agenda Items and Notes (including all relevant links)

Time	Agenda Item	Lead	Notes
5 min	Start recording Welcome & antitrust notice Introduction of new members Agenda review	Chairs	Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role. New Members:
5 min	Review of previous action items	Chairs
30 mins	Update on Swagger & Requirements	Darrell O'Donnell	Major PR to accept (then review). https://github.com/trustoverip/tswg-trust-registry-tf/pull/112 UML Diagram Swagger Requirements (falling behind) EU/NA: API design: where do we use paths and where parameters? The path & parameter naming conventions: /{query\|lookup}/{entityID}/{querytype} Antti Kettunen RESTful best practices support roughly the same model. We should make sure we align and understand how TR's are used => has impact on design & scalability. One place for REST API best practices to review against: https://restfulapi.net/resource-naming/ Antti Kettunen volunteered to help on the design issues. What does it look like, when querying lists? Antti Kettunen Need for understanding the various use cases of using the trust registry. This will affect the design of the API. There is likely possiiblity to enable monetization through the private API model. Would they be for querying collections or browse the list? Tim Bouma How to do this without phoning home. Anything having personal data may be a liability Any new feature may also incur liabilities. How would / could one abuse or exploit this model? Tim Bouma agreed to help on think on the abuse/exploitation vectors sankarshan Adversarial impact and management of that impact is outside of our scope. It comes slightly later than now. Should we really need a way to query the collections / lists? Q:Antti Kettunen What makes trust registry different from any other type of data product API? A: Darrell O'Donnell It's not really any different. Trust registry protocol is really about how you get access to the trust data. Q: Marcus Ubani When would I know when I need a trust registry? A: Darrell O'Donnell When your information is valuable outside of your own org. Usually one may think they don't need a trust registry, until they suddenly do. (so prepare for it). Antti Kettunen What makes trust registries different from API products is the assurances and/or liabilities. For example, enabling value through liability statements / guarantees: E.g. "we guarantee this data is correct. If not, you're able to sue us for max $10K". The liability is what creates value.
10 mins	Schedule		The TSP TF is shutting down for remainder of 2023. Shall we do the same? EU/NA: End of the year is busy, but it was agreed that 1-on-1 or topical meetings at other times during holiday season may be possible to work on the topics above. Let's decide it in Slack.
5 mins	Review decisions/action items Planning for next meeting	Chairs