Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
Meeting Date
Recording
- This meeting was recorded on Zoom. View the recording <here (placeholder until the recording is available)>.
Attendees
Main Goal of this Meeting
TBD
Agenda Items and Notes (including all relevant links)
Time | Agenda Item | Lead | Notes |
5 min | - Start recording
- Welcome & antitrust notice
- Introduction of new members
- Agenda review
| Chairs | - Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
- New Members:
|
10 mins | CheckTrustRegistry | Darrell O'Donnell | - We concluded that this should return the same info as CheckIssuer and CheckVerifier
- If the host TR wishes to keep private the existence of a trust relationship with another TR, then it simply does not list that information in its own TR.
|
10 mins | GetOfflineFile |
| - Darrell O'Donnell explained that this option makes offline sync and verification possible while keeping the API very simple.
|
10 mins | X.509 Certificates |
| - We discussed what the EU is currently listing in its Trust List entries
- They are currently using entire base64 encoded X.509 certificates to identify issuers.
- Drummond Reednoted that this works, but it is a very large, unwieldy identifier from a TR standpoint
- Jim StClair pointed out the benefit of having a validity check on the entire X.509 cert.
- Marie Wallace pointed out that the EU's X.509 certificate does not contain a human-friendly identifier (or legal identifier) of the issuer.
- This makes it difficult to display any human-friendly information about the issuer
- This is different than Excelsior Pass where the identifier is a DID that resolves to a DID document that contains or has a pointer to the legal identifier of the issuer
- Italy example - https://github.com/AgID/eidas-italian-node/blob/master/examples/full-sp-metadata.xml
- Issac said that the TRAIN project in the EU does have an example of how to locate the trust list from a domain name using a Subject Alternative Name in the X.509 cert.
- TRAIN is already working with GCCN on this.
- Daniel Bachenheimer explained how Smart Health Cards deal with X.509 keys: https://spec.smarthealth.cards/
- Drummond Reed noted that this is essentially the same technique as the did:web: method, just without publishing a DID.
- Marie Wallace pointed out that the SMART Health Card issuer listing process does provide a very simple check of the legitimacy of the issuer organization—and a binding to a human-readable name of the issuer organization.
|
5 mins | - Review decisions/action items
- Planning for next meeting
| Chairs |
|
Screenshots/Diagrams (numbered for reference in notes above)
#1
Decisions
Action Items