• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
• New Members:
  • Bart Suichies, former SICPA, currently independent
  • Dann Toliver, co-founder and Chief Architect, TODAQ

Announcements and updates of any kind that WG members want to share.

• Drummond Reed shared that Evernym was acquired by Avast
  • Darrell O'Donnell shared this podcast from Charlie Walton
• Tim Bouma is now Director of Verification Assessment at the CIO Council of Canada
• Antti Kettunen is a member of the for drafting a European Digital Identity Wallet interface for general purposes
  • "Establishment of a CEN TC 224 Ad Hoc Group on European Digital Identity Wallets
    TC 224 establishes an Ad Hoc Group on European Digital Identity Wallets."
  • Subgroup of ISO that is still in the beginning stages
  • Currently having meetings exploring what decentralized identity standards in this space should be included so it is not just focused in the ISO mDL model
  • Bart referenced: https://nextcloud.idunion.org/s/D2cbMi6w8t3nPYj
  • Daniel Bachenheimer is also working at ISO in SC 17 on identity documents
  • Antti said they are comparing the different efforts in standardization of digital credentials
  • Tim Bouma said that in his work for the Canadian government on digital credentials was more on the management than the technical side.
  • Daniel Bachenheimer said that the ISO work touched on a whole lot of areas, including security and biometrics
  • Darrell O'Donnell said that the security questions are very important and challenging
  • Tim Bouma said this is why the ToIP stack is important in terms of bringing this all together. We have moved from documents to instances to verifiable credentials. The Pan-Canadian Trust Framework tries to distill down the vital pieces. One of the big learnings of the provinces is that a holistic thinking is needed; fragmented approaches won't work.
  • Bart Suichies believes that the document paradigm is limiting. Certain credentials are special. So document-centric thinking is holding us back. Tim agrees that "the winds are blowing back in that direction" and we need to be careful about that. We need more greenfield thinking. For example, the question with driver's licenses also involves car registration. The document-centric paradigm is around establishing the authenticity of a document vs establishing an identity.
  • Antti Kettunen: eIDAS is a challenge to what Tim said earlier, because a lot of the role-definitions and requirements are now becoming part of the regulation.
  • Daniel Bachenheimer: that clerk is supposed to follow ICAO TRIP for issuance and Canada (IRCC) performs deduplication to establish uniqueness within the population (Identity Proofing)
  • Darrell O'Donnell recommends the Northern Block podcast with Phil Windley.

Trust Registry TF — Darrell O'Donnell

• Darrell has moved the specification into a private GitHub repo and next needs to move into a ToIP repo.
• ACTION; Darrell O'Donnell to talk to Elisa Trevino about that conversion.

ACDC TF — Samuel Smith Phil Feairheller 

• Phil said that the CESR spec is finished and ready: https://weboftrust.github.io/ietf-cesr-proof/draft-pfeairheller-cesr-proof.html
• This provides streaming of ACDC credentials along with anything else that needs to be stream.
• This also includes support for nested signatures.
• We are also working on the transition to IETF

Design Principles TF — Drummond Reed

• This task force is now complete update on the publication of the Design Principles for the ToIP Stack deliverable.
• Drummond said that the final PDF document following the ToIP Style Guide should be ready this week.

Technology Architecture TF — Darrell O'Donnell & Drummond Reed

• This task force is cooking with gas. The goal is to produce the ToIP Technology Architecture Specification by the end of Q1.
• We are down to the specifics of diagrams and protocols.
• Is there agreement this is our top priority for the quarter? Yes!
• Antti Kettunen brought up the "revelation" in the last meeting last year about reusable patterns.
  • Wenjing suggested that it should be based on reusable patterns.
  • Antti said that there is a reusable pattern around issuance of credentials that includes not just the signature but the process of issuance and how it is bound to the holder.
  • Bart added that how the credential is bound to a governance process or framework is key. The trend is that we're seeing the power being at the verifier.
  • Tim agrees about the composability of the full process. It can be helpful to actually separate the verifier from the relying party, and the issuer from the provisioner. So it's important that the ToIP model embrace the full holistic process.
  • Bart agrees: the cryptographic process is important, but the process of issuance is equally important.
  • Tim gave the example of an artifact that may be acceptable at the Canadian border, but not internally in the provinces. Verifiers need to decide what they trust.

Drummond Reed