2024-04-04 X.509 VID TF Meeting Notes

Meeting Date & Time

This Task Force meets every other Thursday (NA/EU) / every Thursday morning (APAC). There are two meetings to serve different time zones:

  • NA/EU meeting: 08:30-09:30 PT / 15:30-16:30 UTC
  • APAC meeting: 18:00-19:00 PT (Wednesday) / 02:00-03:00 UTC (Thursday)

See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.

Zoom Meeting Links / Recordings

Attendees

NA/EU:

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes

🎥 0'03"

  • Start recording
  • Welcome & antitrust notice
  • New member introductions
  • Agenda review
Leads
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members: None
🎥 0'55"Cancel next meeting?

Next meeting conflicts with IIW – move to cancel.

OUTCOME: 18 April meeting is cancelled. We'll resume as usual in May.

🎥 1'33"Review of previous action itemsLeads

PRs approved in previous meeting were merged. Other action items?

🎥 2'52"Readout on 2021 discussion on did:x509Follow up on https://github.com/trustoverip/tswg-did-x509-method-specification/issues/11: Review prior discussion and linkroll on did:x509. Drummond added comments in the GitHub issue (see link just above) and reviewed those.
🎥 19'03"Discussion on use cases

Follow up on discussion from previous meeting about use cases.

Eric Scouten : Given evolution of CAWG work on identity, it's unlikely that CAI/CAWG ecosystem will have a viable use case for did:x509. Long discussion on whether CAWG should have divergent paths for X.509 and VC (as it currently does).

Do we have other use cases? Do we actually need this DID method?

🎥 26'33": Charles Lanahan proposes a possible government use case.

 


(more to follow …)

🎥 29'58"Alternative did:x509 approach

Brainstorm: Perhaps a persistent identifier (SCID?) could be baked into X.509s by CAs as a Subject Alternative Name (SAN) or similar which would provide a mechanism to persist through key rotations and cert renewals.

Scott Perry willing to broker conversations with Digicert and CA Browser Forum.

ACTION: Eric Scouten to circle back with specific enterprise customer (sorry, can't name) and see if there's a use case approach.

 5 mins
  • Review decisions/action items
  • Planning for next meeting 
Leads

Screenshots/Diagrams (numbered for reference in notes above)

#1


Decisions

  • Sample Decision Item

Action Items

  • Sample Action Item