Darrell O'Donnell

• Darrell O'Donnell explained that this option makes offline sync and verification possible while keeping the API very simple.

• We discussed what the EU is currently listing in its Trust List entries
• They are currently using entire base64 encoded X.509 certificates to identify issuers.
  • Drummond Reednoted that this works, but it is a very large, unwieldy identifier from a TR standpoint
  • Jim St.Clair pointed out the benefit of having a validity check on the entire X.509 cert.
• Marie Wallace pointed out that the EU's X.509 certificate does not contain a human-friendly identifier (or legal identifier) of the issuer.
  • This makes it difficult to display any human-friendly information about the issuer
  • This is different than Excelsior Pass where the identifier is a DID that resolves to a DID document that contains or has a pointer to the legal identifier of the issuer
• Italy example - https://github.com/AgID/eidas-italian-node/blob/master/examples/full-sp-metadata.xml
• Issac said that the TRAIN project in the EU does have an example of how to locate the trust list from a domain name using a Subject Alternative Name in the X.509 cert.
  • TRAIN is already working with GCCN on this.
• Daniel Bachenheimer explained how Smart Health Cards deal with X.509 keys: https://spec.smarthealth.cards/
  • Drummond Reed noted that this is essentially the same technique as the did:web: method, just without publishing a DID.
  • Marie Wallace pointed out that the SMART Health Card registry listing process does provide a very simple check of the legitimacy of the issuer organization—and a binding to a human-readable name of the issuer organization.
  • Marie Wallace noted that some issuers are not being compliant with the SMART Health Card data model

• Darrell asked if the current API was complete or more work is needed.
• What we need is more eyes on the current Trust Registry Protocol spec and the OpenAPI doc.
• Having them reviewed by GCCN to see if they meet all their requirements is a clear next step.
• Marie Wallace explained that IBM is still reviewing all the different TR approaches out there to determine what is really needed and what IBM should be implementing.
  • Marie said that there is a risk of oversimplification AND a risk of overcomplication. So the solution needs to be a Goldilocks zone.
• Darrell said that MedCreds is also at the review stage.
• Savita Farooqui asked Marie Wallace about how verification works for Excelsior Pass and whether this an OpenAPI.
• Daniel Bachenheimer pointed out the link to documentation for Path Check's universal verifier app: https://github.com/Path-Check/universal-verifier-app