• Start recording
• Welcome & antitrust notice
• Introduction of new members
• Agenda review

• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
• New Members:

News or events of interest to Governance Stack WG members:

• -

A key requirement for Verifiable Data Registries is an audit trail of all the processing and all the people (producers and governance stewards) who touched the data from the point of data creation/capture through a published dataset. This includes the following requirements:

• Verifiable proof that the data/data set has not been tampered with
• Verifiable proof (and identification) of the person responsible for:
  • Processing the data (including collection, clean-up, aggregation or other analytic processing, testing,...) 
  • Who audited/ensured governance compliance for data collection and processing

Today's discussion is to look at a model of how that could be implemented in exploring the functionality and data (and data structures) required for Verifiable Trust Registries and their listed trusted entities to be trustable in a robust and secure manner

Risks

A core principle of Governance is to prioritize based on risk for an application, service or data source plus the organization, its personnel and financial/legal state/reputation.

The current state of cybersecurity points to a number of key risks to which SSI is (also) vulnerable:

• Message interception and decoding
• Message and service hijacking (imposter, identity theft - personal and organization)
• General impersonation, including falsified credentials/claims, etc.
• Capture and exploitation of data (undetected) 

Some examples pertinent to SSI:

• Review decisions/action items
• Planning for next meeting