2024-12-19 TRTF Meeting Notes

Owned by Andor Kesselman
Last updated: Dec 19, 2024
3 min read

Meeting Date

  • Dec 4, 2023 The ToIP Trust Registry Task Force (TRTF) meets weekly twice every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings for full meeting info including Zoom links):

    • NA/EU 07:00-8:00 PT / 15:00-16:00 UTC 

    • APAC 18:00-19:00 PT / 02:00-03:00 UTC

Zoom Meeting Link / Recording

  • NA/EU MEETING: 

    • Darrell

    • Drummond

    • @Daniel Bachenheimer

    • Antti

    • Andor

Agenda Items and Notes (including all relevant links)

Time

Agenda Item

Lead

Notes

 

5 min

  • Start recording

  • Welcome & antitrust notice

  • Introduction of new members

  • Agenda review

Chairs

  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

  • New Members:

 

5 min

Review of previous action items

Chairs

 

 

15 mins

Issue/PR Review

 

https://docs.google.com/spreadsheets/d/1UTzCvFr8np652cnyt-WB3R3TjYjZdL0egw5wX5b5Pf0/edit?usp=sharing

9 Open PR’s, including a versioning change. Needs to be merged.

Drummond to point finding some folks to

 

10 mins

Previous TRTF Call Review

@Andor Kesselman

  • Triples Model → SOP is nice. Too abstract. Selling the TRQP as SOP is complicated. What triples models is doing is generally aligned even if expressed differently in the APIs.

    • Authorization Queries

    • Trust Relationship Queries

  • Which order matters?

    • [ DO ] Starting point is the governance framework.

    • Open object you are asking about is the entity you’re asking about.

    • Subject is the governance framework that is the authorization you are asking.

    • Subtle Point : bootstrapped process.

    • Same trust framework can manage 100’s of frameworks.

    • OOB discovery.

    • WHOIS queries.

    • Another lens : When he applies APIs.

    • Terminology Question:

    • What is the statement called?

      • Authority Statement

      • Authorization Statement

      • More accurate

        • seems like it comes from the legal world: "An authority statement is a document that establishes the authority of a person or entity to act on behalf of another party

        • Richness of statements

        • In OIDF : Subject and Predicates

        • EU

          • Query : Trust Service Providers

          • Are you a trust service provider?

        • Simple string.

        • Important thing to think about with merged ecosystem foundry groups.

  • Implementation Guides Not Necessarily Need To Here

  • GAN may share the yellow.

  • Red is out of scope.

  • Like the idea that GAN will pilot the yellow.

  • First do one and see if it is replicatable.

  • Don’t include in registry until it’s tested.

  • Want to bring things onto

  • Consumer Implementation :

 

10 min

Supplementary Assets

Andor

Need a spot to put supplementary assets.

  • Reference Implementation

  • User Guides

  • Profiles

  • Implementation Guides

@Drummond Reed : Raised that W3C Called Note : Published by W3C Working Groups. Doesn’t require. No official weight. No approvals. If no strong objections. Don’t get consumed with producing notes. Not the core work.

@Darrell O'Donnell : Notes might be useful unless we can point to real world use cases. ToIP group may pull it in.

@Eric Drury : Anything that can get traction.

@Darrell O'Donnell : Don’t want to burden ToIP.

 

15 min

TRQP Profiles

Andor

https://gist.github.com/andorsk/a7fcfa75d178f51cbe6dd9cc9224b772#restfuldid-based-trqp-profile

@Darrell O'Donnell : This is a note level thing. Acknowledge them and make them aware.

@Antti Kettunen : DID Methods. DID Core ( Base Specification ). Profiles are like methods.

@Antti Kettunen Base specification needs to be a real standard. Should eventually push to SDO.

  • Better traction in W3C, ISO, etc.

  • IETF is good but too engineering driven.

  • What SHOULD or MUST be in the spec.

    • V1 Must state the RESTFul HTTP

  • Drummond: Bindings belong in the specification.

  • What needs to be in the profile vs. specification.

  • Darrell : The call on the API side.

26th is off! 2nd off.

9th coming back.

Antti : Closer to business cases the more accurate/restrictive you need to be. Layers need to be understood here. Ecosystem specific profiles in between?

Andor : Closest is OpenID Stack and HAIP Profile

@Antti Kettunen 3 specification layers after the profiles

@Eric Drury : Question for use case

Examples of the 3 layers I mentioned (in EWC):

  1. EUDI Implementation of OID4VCI: https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/ewc-rfc001-issue-verifiable-credential.md  

  1. Payment Wallet Attestation: https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/payment-rfcs/ewc-rfc007-payment-wallet-attestation.md  

  1. (if VISA would implement this in their network): “VISA Payment Wallet spec”

 

 

5 mins

  • Review decisions/action items

  • Planning for next meeting 

Chairs

 

 

 

 

 

 

 

  •  

Notes:

  •  

 

Screenshots/Diagrams (numbered for reference in notes above)

Decisions

  •  

Action Items

Sample Action Item