The ToIP Trust Registry Task Force (TRTF) meets weekly twice every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings for full meeting info including Zoom links):
Agenda Items and Notes (including all relevant links)
Time
Agenda Item
Lead
Notes
5 min
Start recording
Welcome & antitrust notice
Introduction of new members
Agenda review
Chairs
Antitrust Policy Notice:Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
New Members:
5 min
Review of previous action items
Chairs
Concepts & Terminology tools & guides to be included in TRTF work
Terminology toolbox. Required for final glossary but terms wiki can happen in parallel.
Require a mental model : Picture or diagram that shows how the group of terms relate and helps make terms clear. Drummond Reed added an example (screenshot #1 below) from this eSSIF-Labs Glossary page.
Neil Thomson TR: simple lookup list. Complexity comes in proving the trust.
Related Chat:
Scott Perry Mental models are not a trivial task to build. If this is a core requirement, we need a drafting session. Unless we have Rieks do them for every group.
Darrell O'Donnell : authenticity/provenance chain - to me that’s a post v2 capability. It’s helpful to back up the basic answers, but not required. Further for many systems it would be a blocker.
Vladimir Simjanoski +1 for mental model. not defining it explicitly doesn't mean we don't have one when designing the underlying spec / API. getting it right is difficult, though (agreed with Scott)
Neil Thomson @ Darrell - agreed on post v2. However, how do we gradually incorporate governance with that goal in mind. Separate discussion - will bring up in Gov Stack WG.
@Neil - I think we can get there relatively easily. When you ask “is this an Authoritative Issuer of credential type X, under EGF Y?” you may be able to ask “and how do you do this?”
The answer for many will be “because I am the authority” but for some it would be “see this chain of provenance”.
Over time I believe systems will prefer one or the other path. Less formal ecosystems will likely stay light, while more formal/regulated ecosystems would lean towards authentic provenance.
20 mins
Recap of discussions from previous meetings.
Chairs
Chairs will lead discussion on recapping & reviewing the various discussions happening in the TF meetings and Github discussions. This includes recap on Trust Registry component & Trust Task model.
Antti Kettunen descriptive work of what TR work looks like today.
Darrell O'Donnell discussed his concept of the TR framework as a way for governance and technical stacks to align across all 4 layers of the ToIP stack
Tim Bouma expanded on that model, defining Layer 4 as rights oriented, and layer 1 as commitment oriented. Is what I am relying on is accurate/legitimate and based on intentions of: 1) the rules of a governance framework, and 2) an authorized action/assertion of an actor based on those rules?
Andor Kesselman did some process refinements here. And Drummond provided a helpful link to relevant work happening in the TSPTF related to the process flow.
Andor Kesselman with a proposal last week around trust chaining and trust discovery. Neil added some helpful commentary about vectors of trust, with data chaining, data processing chain, signing officer, and governance process.
Scott Whitmire : Some concerns about "What is a trust registry?".