Review of all current Task Forces and planning for Internet Identity Workshop sessions.
Agenda Items and Notes (including all relevant links)
Welcome & antitrust notice
Introduction of new members
Antitrust Policy Notice:Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
Updates from TSWG members of general interest to the group:
Daniel Bachenheimer shared that the Biometrics Institute had their main event in London last week. Dan and his Accenture associate Kotryna presented on digital identity. Dan said there was a lot of interest in ISO mDL and ICAO DTC (Digital Travel Credential).
Drummond asked about the status of ICAO DTC's status. Dan explained that the only international standard cross-border credential is the ICAO ePassport. The DTC is based on that standard, so it is the only internationally approved travel credential. However it is very rigid in terms of issuance, extensibility and verifiability.
Dan also explained that the ICAO DTC does not specify an issuance protocol.
It also allows only proximity-based presentation.
Michael Palage agreed with everything that Dan said about ICAO DTC. He said that AMVA is rolling out their trust registry for mDL later this year. Michael himself has a Florida driver's license now. Michael said that they do envision an online presentation of how Florida is looking at doing this.
Dan is worried about the "phone home" component of the way ISO mDL verification works — to be able to request additional information from the issuer about the subject — is scary from a privacy standpoint.
Dan did say that the ISO mDL/mDOC spec allows for selective disclosure if claims are pre-issued.
Jacques Latour is leading the Trust Registry WG at DIACC. They are working on a definition of a trust registry, and it would be ideal if that aligned with ToIP.
Michael Palage said that both he and Jacque are going to be participating in an ICANN meeting on alternative identifiers. They will be sharing about ToIP and GLEIF LEIs and vLEIs.
@Drummond TODO about Bermuda.
Review of Action Items from the previous meeting
ACTION:Judith Fleenorto put the submission of a European Identity Conference presentation or panel proposal on the agenda for the next Communications Committee meeting.
ACTION:Judith Fleenorto work withDarrell O'DonnellandElisa Trevinoand the rest of the TSWG to define and put in place a process for how a Working Group or Task Force can transition fromearly-stage developmentusing lightweight collaboration tools like Google docs to aformal and rigorous system-of-recordbased on GitHub and pull requests (PRs).
Sandy Aggarwal said that he was part of the last meeting, where they discussed doing a POC on personas and how they would register with one or more trust registries. Each of them could tie back to a specific real-world person, but some of the avatars may actually be AI bots of some kind. So the question is how they can be registered for purposes of authenticating and establishing trust.
Sandy gave an example of Second Life, where two people are interacting, and they form a Second Life family that starts having "offspring" that do not actually tie back to any actual person. The "children" are just a process that is getting spun up.
This closely ties back to some questions about the OpenWallet Foundation and responsibility for payments from a digital wallet. What do you do about an avatar-to-avatar payments? How do you handle receipts and accounting?
Daniel Bachenheimer said that, at the biometrics meeting he mentioned (see Announcements above), there was a presentation by Meta about this same question about accountability. Dan was not very satisifed with the answers provided there.
Sandy said that is why he is doing his research about how this aspect of payments needs to work. Do all actors in a payment system need to be registered with a trust registry of some kind, but at the same time enable anonymous "cash" transactions?
Jacques Latour noted: "a persona would not register with a trust registry, the issuer would be registered in the trust registry... A persona would be registered in an issuer registry..."