Page History

Updates of general interest to TATF members.

• Drummond Reed announced that Avast has acquired SecureKey.

Review Tim Bouma's diagram (screenshot #1 below).

• Darrell O'Donnell explained the rationale for Tim's diagram.
• He explained that W3C Verifiable Credentials only defines a credential data format and signatures, but not protocols or governance.
• He then showed screenshot #2 to map a number of other credential and key management initiatives into our four layers. This was a test of how well our four-layer model works across all of these different standardization efforts. 
• He pointed out how well the Apple mDL solution fits all the needs but also ties them together in a brittle way.
• Phil Feairheller explained that in screenshot #2, KERI itself does not cross all three levels.
• ACTION: Phil Feairheller and others working on diagramming KERI and ACDC across the four layers.
• We talked specifically about MDL and how it could be fit into the stack with "shims".
• Vladimir Vujovic explained that SICPA is currently using the Hyperledger Aries protocols and wants DIDComm to span all of it.
• ICAO/DTC is the Internation Civil Aviation Organization/Digital Travel Credential(s) - Guiding Core Principles - ICAO/DTC
• ISO/mDL - is International Standards Organization/mobile Drivers License - ISO/IEC 18013-5:2021 Mobile driving license (mDL)

A few new requirement slides have been added and comments have been made on others in the storyline deck of layer-by-layer requirements. Our goal will be to review and incorporate as many comments as we can. (All slide numbers are of 2022-03-23 22:30 PDT.)

Slide 26.

Slide 29 (new).

Slide 33.

Slide 35. Privacy

• Neil Thomson explained his concerns about Layer 3 and privacy. He has been thinking about it in the context of 5G and the way cell phones can be tracked around the world.
• Layer 3 has been treated as a "data exchanged" layer, but there may be many other activities going on in a communications session between two parties.
• Neil has been wondering if there is a separate version of the stack that deals exclusively with data and data exchange, because that's different that other types of data exchange.
• He gave the example of a verifier needing to know something from a holder that is not in a credential.
• Those types of other data exchanges may need other considerations around topics like consent, privacy, and data protection.
• Darrell O'Donnell asked if these considerations are "inside" Layer 3 or are they outside of it (or at Layer 4).
• Neil said it may be both.
• Darrell O'Donnell felt that it's likely that there are so many uses of Layer 3 and Layer 4 that it may not be possible for the ToIP stack to go beyond the common baseline interoperability requirements for both layers.
• Neil suggested that we might want to think about "primary data" and "secondary data".
• Drummond suggested that we should think about MUSTs, SHOULDs, and MAYs for each of the layers because the complexity will be increasingly higher at each layer, and especially high at Layer 3 and 4.
• Neil brought up the term "observability" and suggested that we should look at the stack that way. What information can and cannot (or should and should not) be captured or recorded. That information can be very sensitive but also very necessary.

Slide 38 — other L2 requirements:

• Encoding methods?
• Wallet backup and recovery?
• Multi-device wallet synchronization?

Darrell O'Donnell said that the last two bullets are out of scope.

Slide 43 (new).

Slide 46 (new).