Page History

Updates of general interest to TATF members.

• Drummond Reed is speaking on a panel on the topic of "SSI and web3"
• Vikas Malhotra said that NIST has published a new document on "Engineering Trustworthy Secure Systems": https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1r1.fpd.pdf
• Tim Bouma pointed out that Apple announced their FIDO2 support for "passkeys". This includes device-specific keys that will manage the sharing of passkeys across multiple devices. So now you can use your secure enclave on different devices to do that sharing.
  • Samuel Smith said that the secure enclave can protect the keys on each device. Apple never sees the keys in the same way as password managers like 1Password.
  • Apple uses biometrics to unlock the passkeys on each device. This would be like Ubiqui moving keys across its devices.
  • Samuel Smith in the NA/EU meeting said he didn't believe the protocol used by Apple could be used across other OSes, however Allan Thomson attended the FIDO2 presentation at RSA from IBM, Google, and Apple did show passkey sync across devices on different OSes. 
    • What FIDO2 and WebAuthn does standardize is how each device talks to a website.
    • The main benefit to the business is increased security due to no passwords, and also reduction of phishing.
    • Allan said that there is not currently a protocol for sharing between cloud repositories.
    • Allan thought the demo did a good job of showing the value both to the consumer and to the business. ToIP should be thinking hard about how to keep use cases as simple as possible to minimize friction for adoption.
  • Tim points out that the EU is mandating USB-C for Apple, so regulators are starting to mandate more constraints on interoperability for BigTech.

•  ACTION: Allan Thomson to add a few additional high-level motivational use cases to his Interoperability Test Cases document. Added 2 additional examples (1 financial and 1 social network) on 9th June.
•  ACTION: Wenjing Chu and Drummond Reed will work with Judith Fleenor and Elisa Trevino to contact Kevin Griffin about setting up the repo.

Drummond Reed Neil Thomson 

The TSWG terms wiki and glossary has now been set up (huge HT to Daniel Hardman).

• https://github.com/trustoverip/tswg
• https://trustoverip.github.io/tswg/glossary

Drummond and Neil will discuss the plan of action to begin populating it.

• Drummond explained the work of the Concepts and Terminology WG

Discussion of progress on the working draft of the ToIP Technical Architecture Spec and work on issue resolution.

• Wenjing proposed to divide our issues into three buckets
• The first bucket is "meta-issues" about what the document should cover.
• We began with discussion about a diagram suggested by Tim.
• Wenjing proposed that this spec is a technology architecture spec that only covers that subject—it doesn't get into specific protocols yet (that will come in a subsequent spec). It also doesn't cover larger questions of how to explain the stack from a conceptual and policy standpoint.
  • Drummond agreed and described a way to think about three levels: conceptual, architecture, protocol specifics.
  • Tim agreed about the specifics of this document, and the need for a different document the regulators, policymakers and business people.
  • Drummond suggested that we formally name that other deliverable.
  • ACTION: Tim Bouma and Drummond Reed to prepare a proposed name and scope for this other deliverable and document it in a wiki page for next week's meeting.
  • Neil Thomson suggested that we start a "catalog" of our other deliverables. Drummond agreed that we should list them on the wiki page for this TF.
  • Allan had brought up test cases.
  • ACTION: 
• Wenjing also suggested that use cases need to be added. We have discussed passwordless authentication and other aspects of digital identity.
  • ACTION: All members of the Technology Architecture TF need to add their use case to the Google doc.
• Wenjing's second bucket is "intermediaries". His proposal is that we limit the term to the relaying of messages and not other functions that should be considered supporting systems.
  • Jo Spencer has expressed strong views about intermediaries. 
  • Drummond suggested that we discuss that question with Jo in the APAC meeting.
  • Wenjing suggested that the term should be defined that the role of an intermediary.
  • Sam suggested that intermediaries play no role in the trust basis.
• Wenjing's third bucket is interoperability.
• We also briefly discussed Kaliya's comment about the ToIP stack being very "Hyperledger Aries architecture focused" and thus not friendly to other "stacks".
  • ACTION: Drummond Reed to see if Kaliya would like to present about this perspective in an upcoming meeting.

APAC

• We discussed the proposal from the NA/EU meeting about three documents
  • Allan Thomson suggested that the document he started can be called the ToIP Interoperability Test Specification.
    
    • This document may have a set of interoperability test profiles. Drummond agreed with that approach.
  • The current doc will stay ToIP Technology Architecture Specification. 
  • Allan suggested the name ToIP Technology Introduction for Policymakers for Tim's document.
  • ACTION: Drummond Reed to work with Tim Bouma to start the Google doc in the shared folder.
• We then went into a discussion about intermediaries — see screenshot #1 below.
  • Allan (MORE)
• ACTION: Wenjing Chu to begin posting the first issues on GitHub to move the most active issues there—and then post a message to Slack once he has posted them.
• ACTION: Once Wenjing is done, Drummond Reed to send a message to the Technology Stack WG mailing list announcing the start of issues management for the ToIP Technology Architecture Specification on GitHub.