Agenda Items and Notes (including all relevant links)
Time
Agenda Item
Lead
Notes
4 min
Start recording
Welcome & antitrust notice
Introduction of new members
Agenda review
Chairs
Antitrust Policy Notice:Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
New Members:
5 min
Announcements
All
Updates of general interest to TATF members.
Drummond Reed announced that Avast has acquired SecureKey.
1 min
Review of previous action items
Chairs
ACTION: ALL to continue work on thestoryline slide deck(Google Slides) to see if we can complete the storyline narrative for the entire document within the next two weeks.
He explained that W3C Verifiable Credentials only defines a credential data format and signatures, but not protocols or governance.
He then showed screenshot #2 to map a number of other credential and key management initiatives into our four layers. This was a test of how well our four-layer model works across all of these different standardization efforts.
He pointed out how well the Apple mDL solution fits all the needs but also ties them together in a brittle way.
Phil Feairheller explained that in screenshot #2, KERI itself does not cross all three levels.
ACTION: Phil Feairheller and others working on diagramming KERI and ACDC across the four layers.
We talked specifically about MDL and how it could be fit into the stack with "shims".
Vladimir Vujovic explained that SICPA is currently using the Hyperledger Aries protocols and wants DIDComm to span all of it.
A few new requirement slides have been added and comments have been made on others in the storyline deck of layer-by-layer requirements. Our goal will be to review and incorporate as many comments as we can. (All slide numbers are of 2022-03-23 22:30 PDT.)
Slide 26.
Slide 29 (new).
Slide 33.
Slide 35. Privacy
Neil Thomson explained his concerns about Layer 3 and privacy. He has been thinking about it in the context of 5G and the way cell phones can be tracked around the world.
Layer 3 has been treated as a "data exchanged" layer, but there may be many other activities going on in a communications session between two parties.
Neil has been wondering if there is a separate version of the stack that deals exclusively with data and data exchange, because that's different that other types of data exchange.
He gave the example of a verifier needing to know something from a holder that is not in a credential.
Those types of other data exchanges may need other considerations around topics like consent, privacy, and data protection.
Darrell O'Donnell asked if these considerations are "inside" Layer 3 or are they outside of it (or at Layer 4).
Neil said it may be both.
Darrell O'Donnell felt that it's likely that there are so many uses of Layer 3 and Layer 4 that it may not be possible for the ToIP stack to go beyond the common baseline interoperability requirements for both layers.
Neil suggested that we might want to think about "primary data" and "secondary data".
Drummond suggested that we should think about MUSTs, SHOULDs, and MAYs for each of the layers because the complexity will be increasingly higher at each layer, and especially high at Layer 3 and 4.
Neil brought up the term "observability" and suggested that we should look at the stack that way. What information can and cannot (or should and should not) be captured or recorded. That information can be very sensitive but also very necessary.
Our stated goal from the last meeting is to have a first full Working Draft of the spec by Internet Identity Workshop (April 26-28). This agenda item is to discuss a POA (plan of attack) for achieving that. Note that we also need to prepare a slide deck to present the spec in an IIW session.
5 mins
Review decisions/action items
Planning for next meeting
Chairs
Screenshots/Diagrams (numbered for reference in notes above)