...
- 2021-07-01 10am ET
Attendees
- Drummond Reed
- Ken Adler
- Marie Wallace
- Mike Richardson
- Jim St.Clair
- Riley Hughes
- sankarshan
- Lucy Yang
- John Walker
Main Goal of this Meeting:
Discuss the primary deliverables and action items to be performed until the next meeting.
Agenda
Time | Item | Lead | Notes |
5 min | Start recording |
| Chairs | ||
5 min | Introduction of new members | All | |
5-10 mins | Report on action item from last week: ACTION: Drummond Reed to create the X.509 |
PKD interop wiki page and baseline proposal |
| ||
5-10 mins | OpenAPI in github and Trust Registry Relay decision | Darrell O'Donnell virtually Drummond Reed leading discussion |
15 mins | Discuss the GCCN Trust Registry Network Definition document | ||
20 mins | Other technology approaches and open discussion
| All | |
10 mins |
Review of action items & prep for next meeting | Chairs |
Recording
weblink<link to go here>
Notes
- Member New member introductions
NOTES FROM LAST WEEK'S MEETING—REPEATED HERE FOR NEW MEMBERS: Orientation: mission and deliverables of this Task Force
- X.509 PKD interop wiki page and baseline proposal - Drummond Reed
- This proposal is the beginning of discussion about how the Trust Registry Protocol can include conventional X.509 public key directories (PKDs)
- OpenAPI in github and Trust Registry Relay decision
Review of the Trust Registry recommendations from the
Good Health Pass Interoperability Blueprint Key Deliverables - Darrell O'Donnell guidance via Loom video. Key Links for Discussion:- GitHub Repo - https://github.com/trustoverip/tswg-trust-registry-tf
- GitHub.IO specs - https://trinsic-id.github.io/tswg-trust-registry-tf/
- NOTE: we need to move this github.io site under ToIP.
- Swagger - https://app.swaggerhub.com/apis/darrellodonnell/GHP.TrustRegistry/0.1.0
- NOTE: we need to move this Swagger under ToIP control, or find an alternative OpenAPI host.
- Discovering Trust Registries (TRs)
- We discussed different options for how a verifier can discover other TRs
- One option is directories that list the DIDs for TRs
- These directories themselves are not TRs, but are as authoritative as the directory publisher chooses to make them (and verifiers choose to use them)
- Interfaces for such directories are out of scope for this Task Force
- Another option is "super registries" that aggregate entries from other TRs
- We need to decide if this is in scope or not—this is potentially a LARGE increase in scope
- A third option is a "trust web", i.e., TRs containing entries (DIDs) referencing other trusted TRs
- Registry queries
- Vitor Pamplona asked if a verifier may need to go to multiple TRs?
- We did not arrive at any clear answer, however we agreed that the goal is to make it as simple as possible for verifiers
- DID-based vs. X.509-based TRs
- Savita Farooquiasked what we do about interacting with non-compliant TRs (e.g., the EU Gateway if it ends out using a different protocol)
- Drummond Reed explained that the Good Health Pass Trust Registry group recommended a way for X.509-based registries that could be supported
- DECISION: We will create a wiki page for an X.509 PKD interop spec
- ACTION: Drummond Reed to create the X.509 PKD interop wiki page and baseline proposal
Swagger API - ACTION: Darrell O'Donnell to move .json OpenAPI file into github as Swagger tooling is not free. ACTION: Darrell O'Donnell to move the Swagger into the GitHub Project.
- Trust Registry Relay
- ACTION: Darrell O'Donnell will create a Google doc and Loom video discussing the design options for trust relay
- Call for Developers
- Ken Adler is looking for Rust developers to work on the code base they are developing
- They plan to have their "thin slice" showcase ready to show by roughly this weekend
- They are looking for developers to integrate front ends, write tests, and get into containers
- Meeting schedule
- We will continue with one plenary meeting a week
- However we will strive to accelerate async progress
- Agenda items for next meeting
- Lucy Yang shared with this group the GCCN Trust Registry Network Definition document that includes the questions that we need to discuss and answer with the stakeholders and the community.
- ACTION: ALL: Read the GCCN Trust Registry Network Definition document
- ACTION: Darrell O'Donnell and Drummond Reed to figure out about reposting a fresh calendar entry for the Trust Registry Task Force weekly Thursday meeting.
Decisions
- DECISION: We will create a wiki page for an X.509 PKD interop spec
Action Items
- ACTION: Drummond Reed to create the X.509 PKD interop wiki page and baseline proposal
- ACTION: Darrell O'Donnell to move .json OpenAPI file into github as Swagger tooling is not free.
- ACTION: Darrell O'Donnell to move the Swagger into the GitHub Project.
- ACTION: Darrell O'Donnell will create a Google doc and Loom video discussing the design options for trust relay
- ACTION: ALL: Read the GCCN Trust Registry Network Definition document
- ACTION: Darrell O'Donnell and Drummond Reed to figure out about reposting a fresh calendar entry for the Trust Registry Task Force weekly Thursday meeting.
- (virtually)
- Discuss the GCCN Trust Registry Network Definition document - John Walker and Lucy Yang
- John Walker shared the strawman document Defining the GCCN Trust Registry Network
- Other technology approaches and open discussion
- Ken Adler - trustregistrynetworks.org
- This came out of an effort to expose cryptographic primitives in a standard way.
- The GCCN use case was a "deceptively simple" example of the need.
- So Ken and his team started an open source project.
- Requirements included: operating at the edge, low resource consumption, policy-as-code, describing governing authorities and digital trust ecosystems in a delarative manner.
- Currently several Thoughtworks devs are working on the project
- The hope is that the project can fit within various architectures that need these capabilities.
- Location:
- TRAIN - Mike Richardson
- ACTION: Mike Richardson to see if he can arrange for TRAIN rep to come to the July 15 meeting
- https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer
- Ken Adler - trustregistrynetworks.org
- Discussion of machine-readable rules
- Jim St.Clair is assuming that there is a need for rules for ultimately making trust decisions
- Ken Adler provided feedback that the baseline was just verifying DIDs and URIs
- John Walker shared that the rules about something like Good Health Pass travel requirements will be in a governance framework ("inside the trust diamond"), but that they don't necessarily have to be in machine-readable rules, but the different TRs can have different levels of support for machine-readable rules
- So the business rules reside at two levels - what are the rules of interacting with the TR, and what are the rules with the ecosystem for a particular TR
- We need to explore the machine-readable mechanisms
- Review of action items & prep for next meeting
- Darrell O'Donnell Focus on a definition of the MVP
- John Walker the set of user stories that will give us the requirements for the "absolutely bare bones"
- Lucy Yang will share a diagram of the user flow from a GCCN standpoint
Decisions
- None
Action Items
- ACTION: Mike Richardson to see if he can arrange for TRAIN rep to come to the July 15 meeting
- ACTION: Darrell O'Donnell to focus on a definition of the Trust Registry Protocol MVP
- ACTION: John Walker to define the set of user stories that will give us the requirements for the "absolutely bare bones"
- ACTION: Lucy Yang to share a diagram of the user flow from a GCCN standpoint