Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Meeting Date

Check the ToIP Calendar for meeting dates.

Zoom Meeting Link / Recording

  • (This link will be replaced with a link to the recording of the meeting as soon as it is available)

Attendees

Robert Sherwood 

Callum Haslam

Neil Thomson 

Scott Perry 

Salvatore D'Agostino 

Bree-Ann Blazicevic

Agenda Items and Notes (including all relevant links)

General Comments

Review Comments on Credential Policy Template

Scope of Key Management question - limited to Issuer or not?

We must establish baseline requirements for the protection of private keys

The issuer is generating a private key? Only their own private key.

Refer to ecosystem governance guidelines for requirements.

There should be requirements for both Issuers and Subjects 

Scott disagrees - once the issuer has issued a credential, issuer requirements are done.

VC Holder accepts responsibility as part of an agreement on the issuance of the VC by the Issuer.

Applicant can submit requirements to the Issuer.

Scott will provide the policy templates for higher levels of assurance.

The Issuer should assert the level of assurance at a minimum.

Levels of assurance identify countermeasures but do not identify the risks.

Transparency will be difficult for commercial providers to accept.

This will be a great focal point for all entities playing in the trust stack. LOA may play at different levels for different use cases.

We will identify the issues that will be out of scope for the issuance question and address them later.

There is some technical progress in interacting with the trust registries. This work will be relevant to that discussion. 

There is an over-focus on trust registries, which doesn't cover the entire trust stack.

Request to tackle today

  • Identify the framework of the group deliverables
  • Determine the meeting cadence

We will be able to make some progress via Slack and other channels, but having a regular technical team meeting is beneficial, and an hour may not be enough time for the discussions.

Question for GLEIF - can you provide us with requirements for due diligence on the LEIs, leaving aside the VLEIs - this is a good basis for policy

GLEIF governance documents - Governance - GLEIF – GLEIF

Scott to follow up with them to see if they will brief the group next week.

We should ask them what they need to see to address their concerns.

A document in our folder contains links to important documents - please provide any relevant links there.

Registries will have codes of practice - 

A metamodel would be beneficial - something to guide folks to understand the required elements of a governance policy.

What to do with comments on the template?

Large focus on human interaction in governance, but infrastructure and other elements must also be quantified from a trust perspective.

The meeting cadence will be weekly.

  • No labels