2024-06-27 X.509 VID TF Meeting Notes

Meeting Date & Time

This Task Force meets every other Thursday (NA/EU) / every Thursday morning (APAC). There are two meetings to serve different time zones:

  • NA/EU meeting: 08:30-09:30 PT / 15:30-16:30 UTC
  • APAC meeting: joint meeting with other TSWG APAC meetings

See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.

Zoom Meeting Links / Recordings

Recording link

Attendees

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
3 min
  • Start recording
  • Welcome & antitrust notice
  • New member introductions
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
2 minReview of previous action itemsChairsNone
20 minsCharter discussion

Chairs

  • We need to formally decide if we are going to revise the charter to specify that goal of the Task Force is a specification to standardize how to include a VID in an X.509 certificate. This specification would also explain how the CA signature on the cert creates a three-way binding between the VID, the public key, and the other identifying information in the cert.

ACTION (who?): Leave a signpost stating why we do not believe creating a DID from X.509 is viable.

Summary of recent discussions about how to express a VID in an X.509:

  • Cross-linking: Andre Kudra Working with GLEIF on how to link a DID to an LEI (and vice versa). How to prove control over an LEI in a DID. Potential methods:
    • Challenge the DID holder via credential issuance as this is most easily to be accomplished with existing agents.
    • ISO standard 17442-2 describes how to place an LEI into an X.509. Some CAs are eligible to issue X.509s that are thus annotated. 2 CAs are available in EU which can issue such X.509s.
    • Could put a signature from the X.509 into the DID document to link control. Put fully qualified DID name into DID document and sign with X.509.
    • Or sign (with the X.509) the DID document as a whole and put signature as a data artifact adjacent to the DID document.
    • esatus currently working with GLEIF on an experiment to vet the above approaches.
  • Cross-validation:  Tim Bouma and Jacques Latour worked with DHS and CIRA to vet high-assurance did:web approach using DNS-SEC. "2FA for DIDs." Striving to avoid dependency on specific CAs. Most important goal was to map a human-readable identifier to public key. Largely successful at layering higher security level over existing did:web standard. Could use did:web to map a URI to public key material. Paper released earlier this year that describes how to do this. (Quick version: Using DNS-SEC and DID document integrity standard.)

Rough draft of new charter: How to build a high-assurance, human-readable DID with links to existing infrastructure (i.e. X.509 / DNS infrastructure).

15 minsLeadership evolutionChairs

With the revised charter, Eric Scouten has indicated that the direct alignment with his work priorities does not permit him to continue in a chair role. However Drummond Reed is willing to continue as the importance of this new charter to building a bridge between the X.509 trust model and the DID trust model is very important to his work. 

So we would like to invite new co-chairs who would like to pursue this new charter.

Possible new co-chairs (each checking on availability, given other communities): Andre Kudra , Jacques Latour , Tim Bouma . Also, reach out to contacts at CAs.

10 minsTimeframe & meeting scheduleAllDiscuss what we believe is a reasonable target for a draft specification, and also, depending on the participants, whether we should adjust the meeting time(s), and also what our summer meeting schedule should be.
5 mins
  • Review decisions/action items
  • Planning for next meeting 
ChairsNext meeting TBD, tentatively on 25 July.

Screenshots/Diagrams (numbered for reference in notes above)

#1


Decisions

  • Sample Decision Item

Action Items

  • Sample Action Item