...
- Member introductions
Orientation: mission and deliverables of this Task Force
Review of the Trust Registry recommendations from the
Good Health Pass Interoperability Blueprint- Key Deliverables - Darrell O'Donnell guidance via Loom video. Key Links for Discussion:
- GitHub Repo - https://github.com/trustoverip/tswg-trust-registry-tf
- GitHub.IO specs - https://trinsic-id.github.io/tswg-trust-registry-tf/
- NOTE: we need to move this github.io site under ToIP.
- Swagger - https://app.swaggerhub.com/apis/darrellodonnell/GHP.TrustRegistry/0.1.0
- NOTE: we need to move this Swagger under ToIP control, or find an alternative OpenAPI host.
- Real-world implementation community example: Global COVID Credentials Network (GCCN)
- Core goal: to provide a bridge between the EU Gateway (for the EU eHealth Network and its Digital COVID Credentials (DCC))
- Will serve the goal that Darrell O'Donnell described in his Loom message and the GHP Interoperability Blueprint section 7.2 on Trust Registries
- The GCCN is planning to start a directory of participating trust registries by the end of next week
- Most of the current potential participants are currently operating private trust registries
- John Walker is preparing a template for listing participating trust registries in a directory
- This could be maintained a GitHub file
- The goal would be to implement within a month
- Jim St.Clair raised the question of supply vs. demand
- Providence Healthcare currently serves 7 states and is working on getting access to the states’ IIS systems
- He is not yet seeing coordinated demand for access to a trust registry for verification
- Lucy Yang said that today most of the health pass solutions are implementing their own trust registry solutions, but that these are not interoperable
- She has been hearing some demand for accessing the US IIS systems in some coherent fashion
- Jim confirmed that if there was a solution for coordinated access to US IIS and COVID credential
- Lucy Yang shared that there are two types of implementers of trust registries
- The first type is for original issuers—in the health domain
- The second type is "reissuers" or "proxy issuers" like IATA
- Both are peers in the network but operationally they are different
- Daniel Bachenheimer noted this quote from the GCCN announcement: "GCCN will include a global directory of trust registries to enable cross-border certificate verification, and be a home for toolkits and community-managed support for those building and managing COVID certificate systems."
- So Dan asked whether there was any effective difference between these two
- Lucy Yang said that was in discussion — that the concept of a "pass" is foreign to the EU because they currently only recognize COVID certificates.
- Daniel Bachenheimer ask about the trust model — about who would trust GCCN
- Kaliya Young clarified that the GCCN directory is not designed to be separately trusted
- Savita Farooqui said that the trust decision of what issuers are trusted by a governing authority is up to the governing authority
- Jim St.Clair also raised the importance of the link between a trust registry and the associated ecosystem governance framework
- This is critical to enable real-world trust in each trust registry and enable peers to make trust decisions about which other peers to trust
- Drummond Reed strongly agreed and pointed out that strong binding is supported in the GHP Interoperability Blueprint, particularly in the Governance and Trust Frameworks recommendations (section 7.3)
- Technology approaches—we ended out with very little time to discuss thisTechnology approaches
- ToIP Trust Registry Protocol
- Swagger API
- Chained Credentials—see ToIP ACDC (Authentic Chained Data Container)Task Force
- DIF Identity Hubs
- CARDEA and machine-readable governance
- Meeting schedule
- One plenary meeting a week
- One or two other meetings per week to advance the spec
- Agenda items for next meeting
...