The OpenID Foundation has published OpenID4VC High Assurance Interoperability Profile with SD-JWT VC. Jo Spencer has suggested we review this to see what bearing it might have on our work.

From the ZPR.org website (first spotted by Darrell O'Donnell):

Zero-trust Packet Routing (ZPR) is a new approach to network security that enables enterprises to enforce security policies uniformly across all their systems and users. ZPR does this by creating an identity-aware network security layer, called a ZPRnet. It can work in the cloud, on premises, and in distributed environments, bringing the promise of fully authenticated network communications into dense multi-tenant environments.

Also worth discussing what bearing it might have on our work.

Provided Wenjing is able to attend (he's at a Linux Foundation event in Shanghai), we will review more of the Working Draft.

The section 2.1.5 is where we need to do the work to describe appraisability of a VID.

Samuel Smith: The OIDC and ISO mDL specifications have some assumptions related to PKI and key verification. It needs to be in scope for our TSP spec. Both of those specs are not built on the basis of assuming decentralized PKI.

Wenjing's drafting assumes in section 2.2 that the spec will provide examples of how specific DID or VID methods can meet the requirements stated in section 2.1.

Tim Bouma shared his view of the different approaches for DIDs and VIDs and the process of verifying them. He also compared them to UUIDs and the benefits they provide.

Wenjing also suggested that timing and duration of a VID can be a factor.

Samuel Smith pointed out that native KERI AIDs are not technically DIDs. So it is up to us to say in the spec that it does not have to be a DID. Sam Curren has suggested in the past that we only use DID syntax.

Sam wants to keep the VID types constrained. His proposal is to constrain the qualified VID types and put the burden on new types to be registered.

Tim Bouma advocated putting the decision on the governing bodies about what to accept.

Wenjing's thinking is that the appraisal framework simply provides a set of inputs to a policy engine.

Darrell O'Donnell agrees with Tim's concern that we don't want to specifically exclude specific DID methods, but we need to figure out a way to describe them.

ACTION ITEM: ALL TSPTF MEMBERS review the minutes and decide if you want to volunteer to contribute to the appraisability framework in section 2.1.5. 

Wenjing next went into section 3 on Messages. See screenshot #5. That's the whole next section.

Samuel Smith asked if a specific pattern is supported: applying a source signature on the plain text first, because that is the way to make it legally valid. ESSR does not cover that use case.

ACTION: Wenjing Chu to include that use case in the next section on nesting.