/
2024-11-14 TRTF Meeting Notes

2024-11-14 TRTF Meeting Notes

Nov 14, 2024

Meeting Date

  • Nov 6, 2023 The ToIP Trust Registry Task Force (TRTF) meets weekly twice every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings for full meeting info including Zoom links):

    • NA/EU 07:00-8:00 PT / 15:00-16:00 UTC 

    • APAC 18:00-19:00 PT / 02:00-03:00 UTC

Zoom Meeting Link / Recording

  • NA/EU MEETING: 

    • @Subhasis Ojha

    • @Eric Drury

    • @Jesse Carter

    • @Tim Bouma

    • @Drummond Reed

    • @Dave 

    • @Jon Bauer

    • @Hadrien Seymour-Provencher

    • @Fabrice 

    • @Antti Kettunen

    • @Andor Kesselman

    • @Judith Fleenor

Agenda Items and Notes (including all relevant links)

Time

Agenda Item

Lead

Notes

5 min

  • Start recording

  • Welcome & antitrust notice

  • Introduction of new members

  • Agenda review

Chairs

  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

  • New Members:

5 min

Review of previous action items

Chairs



15 mins

Improving the TRQP

Andor

Trust Registry Query Protocol Improvements and Suggestions

Opportunities of Improvement 

The following describes opportunities for improving the Trust Registry Query Protocol.  

  • Abstract Data Model Formalization
    Introduce an abstract data model that serves as a foundation for formalizing implementations. This model will standardize core concepts and provide a consistent framework for compliant systems and variants. 

  • Clean the OpenAPI Specification
    Perform a comprehensive review and overhaul of the OpenAPI specification. Simplify and clean up the API endpoints to ensure accuracy, consistency, and ease of implementation.

  • Interaction Pattern Documentation
    Develop and include documentation on interaction patterns for working with a Trust Registry using TRQP. These guides should address common use cases and provide practical examples to facilitate integration.

  • Incorporate Data Models into the Specification
    Address feedback from implementers by defining data models directly within the specification. This will enable implementers to validate compliance more effectively and reduce ambiguities.

  • Reference Implementation and Implementation Guide
    Create a reference implementation of the TRQP to serve as a baseline for community evaluation. Prioritize simplicity and clarity to make it an accessible resource for developers.

  • Conformance Test Kit
    Develop a conformance test kit to establish clear criteria for TRQP compatibility. This tool will help implementers verify their adherence to the specification and improve interoperability across implementations.

  • Improve the Review Process
    Right now the review process is rough. We need it to be cleaner and have more formal reviewers/editors to the specification.

  • Add Security and Privacy Considerations
    Introduce a dedicated section in the specification to outline security and privacy considerations. This section should detail potential attack surfaces using the TRQP.

10 mins







10 mins







5 mins

  • Review decisions/action items

  • Planning for next meeting 

Chairs



Screenshots/Diagrams (numbered for reference in notes above)

  • Motivations and Use Cases: Timing and Use Cases. 

  • Interaction Pattern Documentation : Develop and include documentation on interaction patterns for working with a Trust Registry using TRQP. These guides should address common use cases and provide practical examples to facilitate integration.

  • Abstract Data Model Formalization Introduce an abstract data model that serves as a foundation for formalizing implementations. This model will standardize core concepts and provide a consistent framework for compliant systems and variants. 

    • Needs a simple and clear way to traverse trust networks.

    • @Tim Bouma Context. Represented by an identifier. Signature is applied to context. Tuple. 

    • @Fabrice Rochette: @Drummond Reed agree, that’s why we should keep it simple, and maybe focus on authorization queries first.

    • Has Z granted Y to X. 

    • @Drummond Reed: Context: Governance Framework. Authorization can expressed as an identifier in a way that other systems don't need to understand semantics.

    • @Tim Bouma : Simplicity of the spec

  • Clean the OpenAPI Specification :  Perform a comprehensive review and overhaul of the OpenAPI specification. Simplify and clean up the API endpoints to ensure accuracy, consistency, and ease of implementation. 

    • @Tim Bouma Focus on abstract data model first. 

    • @Tim Bouma wouldn’t it be easier to start from the required APIs and then build the model?

    • @Dave : Abstract Data Model and Motivations and Use Cases will improve gradient. 

    • @Jesse : Clarification of the abstract data model will improve the specification. 

  • Incorporate Data Models into the Specification

    • Blocked by Abstract Data Model Formalization but need to happen to bind spec to concrete data types. 

    • @Jesse and @Drummond +1

  • Reference Implementation and Implementation Guide Create a reference implementation of the TRQP to serve as a baseline for community evaluation. Prioritize simplicity and clarity to make it an accessible resource for developers

    • Learning tool.

    • @Antti Kettunen

      • Trust List 

      • More refined authorization query. 

      • More complex ones people will customize their work. 

    • @Drummond Reed

      • Trust List is a trivial form of the triple. 

    • @Tim Bouma:

      • Trust list lives in a context. Trust List can sign the context.

      • Recursive property needs to be built into the Abstract Data Model. 

    • @Antti Kettunen:

      • Asset test can be given. 

      • Consolidation happens. Commission : List of Trusted Lists. 

      • Can we model the EU Trust Model using Data Model and Implementations

    • @Drummond Reed

      • @Antti Kettunen might be able to help increase gradient to learn about requirements.

      • TRQP needs to be accepted to the EU. 

    • @Tim Bouma

      • Usually TL imply a hierarchical thing.

    • @Antti Kettunen:

      • Where do we anchor this?

    • @Drummond Reed

      • Requirements to traverse the graph in a Authority neutral way. 

    • @Dave Poltorak: 

      • Layer above the trust establishment to communicate. 

      • How does data move across the trust graph using TRQP? 

    • @Antti Kettunen:

      • Doesn't matter how you implement your trust framework

      • Common Data Model is requirement

  • Conformance Test Kit: Develop a conformance test kit to establish clear criteria for TRQP compatibility. This tool will help implementers verify their adherence to the specification and improve interoperability across implementations.

    • @Tim Bouma: Whatever we do needs to be machine readable.

    • Grant of rights. 

  • Improve the Review Process
    Right now the review process is rough. We need it to be cleaner and have more formal reviewers/editors to the specification.

    • Prioritizing the changes / implementer feedback 

    • Editors: 

    • Volunteers:

      • @Fabrice Rochette

      • @Dave Poltorak : PR Review Next week. 

  • Add Security and Privacy Considerations Introduce a dedicated section in the specification to outline security and privacy considerations. This section should detail potential attack surfaces using the TRQP.

    • We should evaluate Unlinkability

    • The whole point of a TR is for Linkability....but something to consider

Decisions

  • Sample Decision Item

Action Items

Sample Action Item