Attendees

Agenda Items

Time ItemWho
2 minWelcome & Antitrust Policy NoticeTrev

Discussion topics:

  • Updates to group draft
  • Privacy notice
  • Scope of usage for credentials
  • Governance scope
  • EU COVID-19 Certificate
Everyone
3 minWrap upKen

Notes

  • Did the antitrust and IP announcement.
  • Had a discussion regarding the what needs to go into our document (i.e., separation of recommendations and supplemental documents).
  • Chuck gave a brief overview of the discussion he and Jan had, which included providing a preview of how the credentials may be used.
  • Drummond showed and explained the thoughts with the Ecosystem Governance Framework diagram. He also talked about verifying the verifier.
  • Chuck noted that the new EU certificate is only to be used for travel. This led into a discussion on the disclosure of purposes at the point of issuance.
  • An issuer can preview, but can’t definitively state all of the downstream uses.
  • Chuck is suggesting that there is an ecosystem-level of notice about intended use, not just a notice from the issuer. Jan suggested that this would fall into a code of conduct.
  • We had a discussion around the scope of usage.
  • We talked about some of the aspects of the EU COVID-19 Certificate.
  • Drummond would like our group to write the MUSTs, SHOULDs, and MAYs for the governance framework regarding the scope of usage. How do we want to enable privacy by design.
  • Jan noted that it’s important to make sure that we have a user-centric design (e.g., what are people’s rights and how the data will be managed).
  • Chuck said that he would take a first pass at writing a list of things that a governance framework would need to consider in terms of the discussion we have been having.
  • We have rounds of review where we will get a lot of feedback.
  • Trev noted that he’d like it “baked in” that data is ephemeral on the verifier side.
  • Jan noted that he and Chuck had discussed some type of “badge” system that could provide information to users about levels of adherence or usage for disclosure purposes 
  • (e.g., this transaction is using ZKP, no PII/PHI is retained, etc.). This would be a trust driver.

Chat Log

00:08:28	Chuck Curran:	https://www.europarl.europa.eu/doceo/document/TA-9-2021-0145_EN.html#title2
00:12:25	Drummond Reed:	My suggestion is that it is fine for this group to publish either appendices or separate documents as part of our recommendations.
00:28:07	Kaliya Identity Woman:	isn’t it up to the holder
00:38:24	Kaliya Identity Woman:	that feels good
00:40:08	Andrew (Amex):	Trevor, so you fear verifiers over-reaching in their request for info?
00:41:22	Drummond Reed:	See the anti-coercion section in the Trust over IP RFC: https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md
01:00:26	Trev Harmon:	Drafts open for review:
https://drive.google.com/drive/u/2/folders/1emrHhP2GvtmG9pI9wkmnYZqM4_V1AEk8
01:07:03	Andrew (Amex):	Thanks. Nice meeting everyone


Action Items

  1. Everyone to continue with the review process.