Time

Agenda Item

Lead

Notes

5 min

• Start recording

• Welcome & antitrust notice

• Introduction of new members

• Agenda review

Chairs

• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

• New Members:

5 min

Review of previous action items

Chairs

30 mins

Update on Swagger & Requirements

@Darrell O'Donnell 

Major PR to accept (then review). 

https://github.com/trustoverip/tswg-trust-registry-tf/pull/112

• UML Diagram

• Swagger

• Requirements (falling behind)

EU/NA:

• API design: where do we use paths and where parameters?

• The path & parameter naming conventions: /{query|lookup}/{entityID}/{querytype}

• @Antti Kettunen RESTful best practices support roughly the same model. We should make sure we align and understand how TR's are used => has impact on design & scalability. One place for REST API best practices to review against: https://restfulapi.net/resource-naming/

• @Antti Kettunen volunteered to help on the design issues.

Open

Open

Open

What does it look like, when querying lists? 

Open

@Antti Kettunen 

• Need for understanding the various use cases of using the trust registry. This will affect the design of the API.

• There is likely possiiblity to enable monetization through the private API model. Would they be for querying collections or browse the list?

@Tim Bouma 

• How to do this without phoning home.

• Anything having personal data may be a liability

• Any new feature may also incur liabilities.

• How would / could one abuse or exploit this model?

• @Tim Bouma agreed to help on think on the abuse/exploitation vectors

@sankarshan 

• Adversarial impact and management of that impact is outside of our scope. It comes slightly later than now.

• Should we really need a way to query the collections / lists?

Q:@Antti Kettunen What makes trust registry different from any other type of data product API?

A: @Darrell O'Donnell It's not really any different. Trust registry protocol is really about how you get access to the trust data.

Q: @Marcus Ubani When would I know when I need a trust registry?

A: @Darrell O'Donnell When your information is valuable outside of your own org. Usually one may think they don't need a trust registry, until they suddenly do. (so prepare for it).

@Antti Kettunen What makes trust registries different from API products is the assurances and/or liabilities. For example, enabling value through liability statements / guarantees: E.g. "we guarantee this data is correct. If not, you're able to sue us for max $10K". The liability is what creates value.

10 mins

Schedule

The TSP TF is shutting down for remainder of 2023. Shall we do the same?

EU/NA:
End of the year is busy, but it was agreed that 1-on-1 or topical meetings at other times during holiday season may be possible to work on the topics above.

Let's decide it in Slack.

5 mins

• Review decisions/action items

• Planning for next meeting 

Chairs