2023-12-07 TRTF Meeting Notes

Meeting Date

  • The ToIP Trust Registry Task Force (TRTF) meets weekly twice every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings for full meeting info including Zoom links):
    • NA/EU 07:00-8:00 PT / 15:00-16:00 UTC 
    • APAC 18:00-19:00 PT / 02:00-03:00 UTC

Zoom Meeting Link / Recording

Attendees

NA/EU Meeting

APAC Meeting

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
5 minReview of previous action itemsChairs
30 minsUpdate on Swagger & Requirements

Major PR to accept (then review). 

https://github.com/trustoverip/tswg-trust-registry-tf/pull/112

  • UML Diagram
  • Swagger
  • Requirements (falling behind)


EU/NA:

  • API design: where do we use paths and where parameters?
  • The path & parameter naming conventions: /{query|lookup}/{entityID}/{querytype}
  • Antti Kettunen RESTful best practices support roughly the same model. We should make sure we align and understand how TR's are used => has impact on design & scalability. One place for REST API best practices to review against: https://restfulapi.net/resource-naming/
  • Antti Kettunen volunteered to help on the design issues.


What does it look like, when querying lists? 

Antti Kettunen 

  • Need for understanding the various use cases of using the trust registry. This will affect the design of the API.
  • There is likely possiiblity to enable monetization through the private API model. Would they be for querying collections or browse the list?


Tim Bouma 

  • How to do this without phoning home.
  • Anything having personal data may be a liability
  • Any new feature may also incur liabilities.
  • How would / could one abuse or exploit this model?
  • Tim Bouma agreed to help on think on the abuse/exploitation vectors


sankarshan 

  • Adversarial impact and management of that impact is outside of our scope. It comes slightly later than now.
  • Should we really need a way to query the collections / lists?

Q:Antti Kettunen What makes trust registry different from any other type of data product API?

A: Darrell O'Donnell It's not really any different. Trust registry protocol is really about how you get access to the trust data.

Q: Marcus Ubani When would I know when I need a trust registry?

A: Darrell O'Donnell When your information is valuable outside of your own org. Usually one may think they don't need a trust registry, until they suddenly do. (so prepare for it).


Antti Kettunen What makes trust registries different from API products is the assurances and/or liabilities. For example, enabling value through liability statements / guarantees: E.g. "we guarantee this data is correct. If not, you're able to sue us for max $10K". The liability is what creates value.

10 minsSchedule

The TSP TF is shutting down for remainder of 2023. Shall we do the same?


EU/NA:
End of the year is busy, but it was agreed that 1-on-1 or topical meetings at other times during holiday season may be possible to work on the topics above.

Let's decide it in Slack.

5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

Screenshots/Diagrams (numbered for reference in notes above)

#1



Darrell O'Donnell presented the following.


Decisions

  • Sample Decision Item

Action Items

  • Sample Action Item