2023-05-18 GSWG Meeting Notes

Meeting Date

The GSWG meets bi-weekly on Thursdays at 11:00-12:00 PT / 18:00-19:00 UTC. Check the ToIP Calendar for meeting dates.

Zoom Meeting Link / Recording

Attendees


Main Goal of this Meeting

Understand the opportunity to create a governance framework for dual-stack interoperability.

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
5 minsReview of action items from previous meetingChairs
5 minsAnnouncementsTF Leads

News or events of interest to Governance Stack WG members

  • Daniel Bachenheimer attended European Identity and Cloud Conference
    • at least half we were decentralized digital identity. SSI
    • ToIP had panel focusing on Trust Spanning Protocol 
    • Judith Fleenor
      • polled the auidence before presentation & no one had any awareness of protocol
      • polled afterwards indicated everyone then saw value in it
    • Will assemble notes from EIC conference
  • @Scott presented at the Digital World Conference presented by Information Systems Audit and Control Association (ISACA) 
    • Information systems auditors
    • Conference had about 1000 attendees
    • Discussed the journey to get decentralized identity and and verifiable credentials, and talking about audit and accreditation, and the roles that auditors would play
    • No awareness in the profession of Self-Sovereign Identition (SSI) but believes that's going to change
    • Had 60 attendees which is pretty good for the last slot of the conference
    • Schellman colleague presented on auditing blockchains 
    • Schellman now has a formal relationship with Digital Governance Council of Canada
      • Auditing digital identity standard just released
      • Potential for other governments outside of Canada to use if it for mutual recognition
      • Tim Bouma and group are working on getting ISO standard certification
  • Savita Farooqui
    • & another IEEE member presented oni new governance standard for blockchain
    • Worked with Lucy Yang & Kaliya Young on California Department of Motor Vehicles (DMV) & Mobile Drivers' License (MDL)
  • Neil Thomson
    • Mentioned that mathieu of Northern Block & Jacques Latourof cira.ca put together a very interesting demo integrating Trust Registries & DNS 
    • Noted from other sessions with John Phillips, Jo Spencer & sankarshan 
      • There's a separation of governance from operations & autrhority
      • It's been easier to sell Governance, verifiable credentials and digital identity when it's presetned as an extension to existing systems, not something completely new

30 minsPresentation of Rosie system

For Decentralized Identification Ecosystem Stakeholders concerned about potential barriers to entry, our new managed service enables your Governance, Risk and Compliance Team to create agile, structured, Lego-like policies and processes to jumpstart adoption.


Furthermore, members can extend it for their needs and share it with their ecosystems, creating growth.
And unlike a folder of static PDFs, everyone can benefit from upstream changes, continuously reducing the gap between policies and processes.

Continuous Governance: Stay in sync. Jumpstart adoption.

  • 22:22 
    • Agenda
      • Definition
      • As-is & To-Be
      • Ecosystem Use Case
  • 22:30 
    • Definition
    • Designed to keep governance frameworks, organizational policies, procedures and ecosystems in sync where the gaps represent risk
    • Most organizations use MS Word and Excel which is fine if timeliness is good enough
    • For example, in many jurisdictions demonstrating that you're trying to adhere to privacy laws is good enough
    • As Timothy Ruff said: "The problem is the solution." 
  • 24:05: 
    • As-Is Happy Path writing policies & procedures
    • Typically a smooth process for those using Word & Excel
  • 25:05
    • As-Is Not Happy Path
      • Non-conformance means there's a gap between policies & procedures
      • Greater the gap, the greater the risk
      • Root cause may be human error executing process, the process itself, the policy governing the process, a change to the framework or, needing a new framework
      • At this point Word & Excel are not your friends anymore
  • 26:24
    • Use Case:
      • Problem: Policies & procedures use the Term/Role Contract Lawyer which is ambiguous with Commercial Lawyer
      • Solution:
        • Create a new Term/Role for Commercial Lawyer,
        • Update Contract Lawyer
        • Update related policies and procedures
        • Word & Excel 
          • Use Find/Replace to search through all documents Find all the documents, maybe spreadsheets that may use "Role" because there's no assurance Contract Lawyer was a valid entry. It's unstructured data.
        • Wholesale changes required - like renovating an old house.
        • Editors need domain knowledge across frameworks, policies & procedures to understand how to implement changes
  • 28:45
    • Use Case continued
      • To-Be 
      • Structured documents are like Lego blocks
      • Using one or more blocks to construct a document means you can change one document and all the documents that use that one get updated automatically. Like a robot does it for you.
  • 29:50 
    • Ecosystems Use Case 
      • Standards Development Organizations (SDO) create many standards
      • Standards are adopted & implemented by many ecosystems
      • Ecosytems' members adopt & implement those standards
      • Each node (SDO, Ecosystem, Member) deploys & publishes its standards (policies & procedures) to their own Rosie static website
      • Rosie can share content across nodes: downstream & cross stream - more Lego blocks
      • Creates an opportunity to grow the ecosystem by allowing potential business partners or, service providers to create context-specific content along the generalized to specialized continuum
      • Not implemented yet, but content can be monetized like a publication/subscription or, Intellectual Property (IP) licensing models
      • Upstream or cross-stream changes trigger new content.
      • New or updated frameworks down to changes in processes
    • 32:41:Demo
      • Intro
        • Site structure
        • All content is in markdown stored & versioned in GitHub
        • Users do not have to know they're using GitHub
    • 34:49 Demo 
      • Building Blocks
        • Basic Term
        • Actor referencing a Term for a Role in the Editor
        • Where Used Map
        • Actor, Role, User Stories, User Journey
    • 41:50 Demo
      • User Journey - Update Risk Assessment
      • Walkthrough use case of adding a Risk Treatment option to the ToIP Risk Companion Guide & Risk Assessment Form
    • 50:00 Demo
      • Context Switcher
      • Same document can display Term definitions and even labels for different Contexts
          • Defaults to "my" definition
          • Can switch to an arbitrary number of Contexts - like W3C, NIST, ISO, eIDAS
    • 53:24 Q&A
5 minsAny other business

Savita Farooqui Asking for suggestions for upcoming agenda items

5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

Screenshots/Diagrams (numbered for reference in notes above)




Action Items