...
- Steve Magennis
- Eric Drury
- Carly Huitema
- P A Subrahmanyam
- Fireflies.ai Noetaker Mark
- Richard Zbinden (new)
- Vlad Zubenko
- Anita Rao
- Callum Haslam
- Charles Macpherson (new)
- Jason (new)
- Chi Hwa Tang
- dhoffman
- Gary de Beer
- Jacques Bikoundou
- Jorges Flores
- Ken Garner
- Neil Thomson
- Phil Wolff
- Richard Zbinden
- Savita
- Scott Perry
- Suma
- Thomas
- Tomislav Markovski
- Trinh
Presentation Files
Presentation slides - https://www.icloud.com/keynote/0d2cHno1_h4O899r_uOnpOTPw#Governance_SSI_Trust_Registries
Example VCs showcased during the Demo - https://gist.github.com/tmarkovski/a7ad694d271d3a87f9af8ee272841d0b
Trinsic’s open source implementation of Trust Registry with eSSIF Lab - https://gitlab.grnet.gr/essif-lab/infrastructure_3/trinsic/trust-reg
Recording
Notes
Agenda Items & Meeting Notes
...
- Tomislav Markovski presenting Ecosystem Governance and SSI - Trust Registries
- Importance of Governance in Identity - to provide a layer of trust in an open ecosystem
- need to protect authentic data
Multiple approaches to Governance - who provides the root of trust- First three - are fairly decentralized methods
- last two more decentralized model
- Trust Registry
- answers if an ecosystem participant has authority to act according to governance framework
- practical problem - how for all verifiers maintain lists of all authorized members in a given ecosystem
- cross ecosystem trust establishment - different ecosystems can identify other ecosystem's trust registries that they also trust
- Participants don't have to trust ecosystem itself, but that data providence is trusted
Types of trust registries- Thinking about them in term of technical solutions
- Not just a list of members, can be other types as well
- Trinsic has done work with centralized trust registries
- ToIP trust registry protocol specification
Related efforts- Trust Establishment currently under early development https://identity.foundation/trust-establishment/
- TRAIN- registering definitions of credential schemas https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/
- Trinsic solution
- the ToIP trust registry specification merged with verifiable credentials
- No information coded in credential how valid is the credential
- in an open ecosystem can have anyone issuing credentials
- add the governance information to the credential for referencing.
- Can validate the issuer ID but also the governance associated with it.
- Demo - no yet in production, CLI demo,
- two VC demos, good and bad actor issuers and with and without governance for verification
- Demo on good actor first confirms credentials are valid, not revoked, schema conforms, valid issuer, and signature verified for both good and bad actors.
- All the checks pass because there is nothing wrong with both credentials.
- How do you know? Trust Registry solves this.
- Issue a credential with governance information encoded.
- There is an issuer field extension to the VC ,in the credential - not just the issuer DID. It includes claims of which governance framework and trust registry it belongs to.
- Now verification doesn't work for the bad actor because the trust registry membership fails (an additional check)
- Is there a list of EFGs and how do you discover them?
- No list of Ecosystem Governance Frameworks that exist that someone maintains
- Presumably it would be published on the website
What controls are required to prevent bad actors from adding records to trust registries?
Depends on security and design of trust registries -it depends on who manages the registry.
How will a standard schema be adopted for a given verifiable credential? Who drives it?
- Community, adoption, large corporations, open standards e.g. mDL
- Schemas - will be interesting how communities adopt schemas. Centralizing and standardizing will develop
Q. What's next for your project? Where is it going in the next six months or so?
- Better management tools.
- Adding privacy preserving trust registries, especially based on accumulators (useful also for revocation)
- Q. What do you hope to learn early in deployment?
- How customers use the product
Q. How much do various credential ecosystem parties have to do to extend what they do to include the registry?
- minimal - current trust registry is membership based, just add and remove members
- extensions possible
- e.g. can be member of multiple governance frameworks/trust registries
- Concerns - correlation attacks, e.g. info leaks from the issuer identity
Presentation Files
- Google Slides
Recording
- Meeting Recording
Admin Reminder : remember to re-subscribe to new meeting calendar
...