2025-11-12 GATF Meeting Notes - Americas
This TF schedules meetings as needed. Each meeting will be announced on the #toip-governance-architecture-tf discord channel.
The meetings (and Zoom links) are available on the ToIP meeting calendar:
LFX Meetings
Zoom Meeting Links / Recordings
Video and Transcript:
The LF Zoom account is now generating AI summaries of the recording, however the summary below was produced by NoteBookLM.
Attendees
@John Phillips
@Neil Thomson
Kevin Triplett
@Drummond Reed
Agenda Items and Notes (including all relevant links)
Time | Agenda Item | Lead | Notes |
3 min |
| Chairs |
|
2 min | Review of previous action items | Chairs |
|
| Topic #1 |
|
|
| Topic #2 |
|
|
| Topic #3 |
|
|
| Topic #4 |
|
|
5 mins |
| Chairs |
|
Summary of meeting:
[generated from the transcript and chat]
Meeting Minutes: Governance Architecture Task Force (GATF)
Date: November 12, 2025 (Called the 12th as per US time zones) Location: Remote Meeting Chair: John Phillips (Sezoo) Attendees: John Phillips (Sezoo), Neil Thomson (QueryVision), Kevin Triplett, Drummond Reed Source: Excerpts from "GMT20251113-000009_Recording.transcript.txt" and "GMT20251113-000009_RecordingnewChat.txt"
1. Welcome and Introductions
The meeting opened with John Phillips confirming he was the chair (02:08). Attendees were reminded to adhere to the meeting agenda and comply with antitrust and competition laws (05:30). It was noted that minutes would be generated using the meeting transcript, maintaining a "lazy as possible, but no lazier" approach (03:31).
2. Discussion on Governance Architecture and Metamodels
Kevin Triplett, present to observe and contribute from his background in decision making, structure, and governance, inquired about the working group's definition of governance (07:25).
Key Discussion Points:
ToIP Governance Metamodel: John Phillips explained that the original work of Trust over IP (ToIP) identified governance as equally important as technical implementation. Approximately 2–3 years ago, a meta model for governance was produced and is available on the ToIP pages (08:01).
The metamodel has been applied to the Bhutan Digital Identity System and C2PA (08:39).
The primary architect is Scott Perry, who has extensive experience in auditing and governing CAs (08:53, 10:57).
The model is risk-based, recommending that governance work begins with a risk assessment to determine necessary mitigations (10:10).
The metamodel requires a declaration of who the authority and governing body are (10:45).
ToIP Stack and Governance Cycle: The Governance Stack is often depicted as an infinite cycle, moving from risk assessment to determining governance requirements, establishing a framework, defining governing parties, certification bodies, and auditors, and continually reviewing if the context or risk has changed (27:32).
Governance Principles vs. Instances: John Phillips suggested focusing on the core principles that led to the governance metamodel, as these principles would remain true across various implementations, such as governing a trust registry or issuing a driving license (13:23, 13:42). The metamodel is an instance of this thinking, and other instances might be warranted, such as for AI governance (14:14).
Technology vs. Governance: Neil Thomson asserted that there is "no technical way out" of the personal data leakage problem; the solution is "all governance" (16:41). Technology without governance is not trustworthy, as users need assurance regarding appeals processes, legal basis, and accountability (42:57, 43:16).
3. Technical and Ecosystem Challenges
Zero Knowledge Proofs (ZKP): Drummond Reed noted that ZKP (or ZKZP) is only useful when the service does not require sharing personal data, such as for proof of personhood or age verification (17:09).
Batch Issuance and HSM Costs: Batch issuance of credentials is being used as a short-term fix in the EUDI (EU Digital Identity Wallet) due to the lack of a generalized ZKP solution (17:42, 18:01).
The requirement for hardware binding necessitates issuers provide Hardware Security Modules (HSMs) for all credentials.
The cost and supply chain logistics are immense; one estimate suggested that large-scale issuance could consume the entire supply of HSMs in a couple of months, driving demand for acceptable ZKP solutions (18:11, 19:23).
Post-quantum resistance is a key factor in current ZKP math approaches (22:40).
Ecosystems and Interoperability: Trust over IP defines the technical and governance models for interoperability but does not define the digital trust ecosystems themselves (31:42).
Ecosystems are sets of actors that choose to interoperate, while networks have defined membership (32:08).
ToIP is focused on making the trust layer interoperable, similar to how TCP/IP enabled local area networks to interoperate (35:52).
Neil Thomson emphasized that interoperability requires agreement on the "minimum standard" for trustworthy communication (37:45).
4. Supply Chain Work (UNICC)
John Phillips detailed his work with UN/CEFACT on supply chains (38:09).
Global Registrar Information Directory (GRID): The goal is to create a system called the GRID that recognizes authoritative registrars (legal authorities, not moral) for supply chain-relevant entities (38:52, 39:22).
The GRID solves cross-border issues by providing a way to verify if a company is genuinely registered in a specific jurisdiction (e.g., Bolivia) (39:38, 40:02).
This work moves away from platform ideology toward a protocol ideology, ensuring interoperability without requiring platform reinvestment (46:48, 47:05).
5. Specification Governance
Kevin Triplett clarified his interest lay in the internal governance of specifications (e.g., how decisions are made about updates) (49:59).
John Phillips noted that standards development inherits the lifecycle management processes (governance) from the standard's curated space, such as the Linux Foundation's processes (50:22, 51:59).
Trust over IP is not a formally recognized standards body (55:53). Once specifications like the Trust Spanning Protocol and Trust Registry Query Protocol (TRQP) mature, they will likely be moved to standards bodies like DIF. DIF often serves as a pathway for specs to eventually be pushed to W3C, providing market credibility (56:25, 57:00).
6. Decisions and Agreed Actions
Action | Description | Reference Time |
|---|---|---|
Kevin Triplett | Research the ToIP Governance Metamodel materials. | 09:24 |
Drummond Reed/Team | File an issue regarding the missing time zone in the timestamp on the Trust over IP glossary. | 04:25 |
Drummond Reed | Provide the link to the metamodel content in the chat. | 09:44 |
Kevin Triplett | Connect with Scott Perry (suggested by Drummond Reed) for a one-on-one discussion on governance if interested. | 28:59, 49:35 |
GATF Leadership | Continually assess whether the Governance Architecture Task Force needs to revisit or refine its tools given current industry developments. | 57:44 |
7. References Shared in Chat
Description | Link/Information | Reference Time |
|---|---|---|
Meeting Page |
| 00:04:51 |
ToIP Governance Specifications Release |
| 00:09:57 |
ToIP Governance Metamodel Specification |
| 00:10:31 |
YubiHSM2 Product Link |
| 00:29:44 |
Ciros Website |
| 00:23:18 |
IETF Mailing List for ZIP (ZKP in Practice) |
| 00:24:37 |
John Phillips' Mental Model Presentation |
| 00:44:43 |
UNICC Global Trust Registry/Grid Work |
| 00:48:22 |
I recommend reviewing the ToIP Governance Metamodel and, if the risk-based approach aligns with your strategic needs, connecting directly with Scott Perry to understand its practical implementation.