Thursday, 25 June 2020 — 11:00-12:00 PT / 18:00-19:00 UTC
Send an email to governance-stack-wg@lists.trustoverip.org to request a calendar invite (you can subscribe to the mailing list at lists.trustoverip.org).
- Welcome and Linux Foundation antitrust policy
- Introduction of new members
- Deciding on chairs, vice chairs, and terms
- Presentation on machine-readable governance frameworks—Daniel Hardman
- Next steps on Governance Template Task Force
- Topics for Future Meetings
- Scott Perry - Trust Assurance 101
- <your topic here>
Thursday, 11 June 2020 — 11:00-12:00 PT / 18:00-19:00 UTC
Agenda and Notes
Meeting recording
- Status since last meeting (Scott, Tom, Drummond) - 5 minutes
- 29 attendees
- New Introductions
- Scott Whitmire IEEE - Standard for medical Imaging
- Gena Morgan - GS1 - Standards in Supply Chain
- Will Groah IEEE working with other ToIP groups
- AJ Finema - Bangkok, Governance Blockchain Decentralized identity consultant
- Gene DiMira - Manulife - AML Compliance Officer
- New whitepapers, templates, thought leadership documents should be sent to Scott Perry scott@scottperrycpa.com
- Templatizing a Utility Governance Framework based on Sovrin Governance Framework (Drummond - 15 min)
- Google Slides are here
- Sovrin Governance Framework - started in 2016, now at V2 including GDPR conformance in December 2019 - working group of over 50 members
- Modular Framework of documents including a Home Page, Master Document, Glossary, Legal Agreements, Controlled Documents and a Trust Assurance Framework
- Key best practices
- Modular design
- Must include legal agreements and legal teams
- One glossary for entire framework
- Roles and responsibilities
- Affiliated trust assurance framework
- Non-normative but accessible framework
- Tour of the Sovrin Governance Framework - available on web at sovrin.org
- Templatize the Sovrin work
- Tailored to Layer one but structure can be used as an overarching model for ToIP GSWG
- Example templates from the Brighthive Repository (Tom - 10 minutes)
- BrightHive has focused on Data Trust (aligned to Layer 4)
- Governance established through a data trust agreement (DTA) - on web at github.com/brighthive/data-trust-legal
- Roles and responsibilities - Better when there is a strong central authority
- Brighthive has examples in gitHub
- Framework adopted from the Intelligence Industry, Canada efforts
- Good examples from Goodwill Industries and the Commonwealth of Virginia
- Open Discussion
- Don't Boil the Ocean - Tackle progressive steps
- Next Steps - Establish your own task force
- Start producing Tools
- Standard Specification on Governance Framework Template Model
- Not Layer Specific - At an Architecture Level
- email soliciting interest in framework architecture design
- email soliciting other areas that members want to tackle
- Topics for Future Meetings - Contact Scott Perry, Drummond Reed or Tom Plagge
- Daniel Hardman - https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0430-machine-readable-governance-frameworks/README.md
- Scott Perry - Trust Assurance 101
Thursday 28 May 2020 — 11:00-12:00 PT / 18:00-19:00 UTC
Agenda and Notes
See this Google Slides presentation for the full agenda. Summary:
- Welcome from the conveners (Scott, Tom, Drummond—5 min)
- Introductions (15 min)
- Natarajan (Nat) Chandrasekhar – Cambridge, UK – individual contributor
- Dan Bachenheimer – Washington, DC – Accenture Digital Identity group
- Stu Vaeth – Boston, MA – Mastercard
- Bryn Robinson-Morgan – UK – Mastercard
- Arjun Govind – Philadelphia, PA (Bangalore for the moment) – Digital identity at R3
- Catherine Nabbala – Bangkok – Finema
- Dan Gisolfi – New York, NY – IBM
- Elizabeth Cronan – Washington, DC – Geoguard
- Eric Welton – Northern Thailand – Individual contributor
- Gregor Jehle – Stuttgart, Germany – P3KI
- Jim StClair – Mississippi – Dinocates
- Jan Lindquist – Stockholm – Hyperledger
- John Jordan – British Columbia – Province of British Columbia
- Mark Lizar – Toronto, Canada / UK – Open Consent
- Mark Scott – San Diego, CA – Individual contributor
- Mary Lacity – Fayetteville, AK – Sam Walton College of Business
- Matt Davies – Salt Lake City, UT – Finicity
- Paul Knowles – Switzerland – Human Colossus Foundation
- Robin Alexander – Vancouver, BC – Geoguard
- Steve Magennis – Seattle, WA – Polywug
- Steven Milstein – Montreal, CA – Collab Ventures
- Sankarshan Mukhopadhyay – Bengaluru, India – Dhiway
- Vinod Panicker – Kochi, India – Wipro
- Vipin Bharathan – New York, NY – dlt.nyc
- Wenjing Chu – Santa Clara, CA – Futureway Technologies
- Will Groah
- Xinxin Fan – San Francisco Bay Area, US – IoTeX
- Chris Ingrao – Seattle, WA, US – LUMEDIC
- Mission and scope of this WG (Tom—10 min)
- Real-world example of a full-stack GF (John Jordan—5 min)
- British Columbia government challenges include digital identity of individuals, corporations, legal entities, etc. Many times, when an online service is offered, the identity field is simply treated as a freeform text field, creating serious issues with misidentification, fraud, and others.
- BC may lay out a set of policies at the Layer 4 level to make it clear who the recognized authorities are, in BC and elsewhere, for issuing identities (like drivers licenses).
- At Level 3, BC could also recognize registries for verified person credentials, permits, licenses, etc.
- BC might also recognize software solutions for citizens at Levels 2 and 1.
- Discussion of potential initial work items (Scott—15 min)
- Survey of existing governance framework models
- E.g., FATF, Pan-Canadian Trust Framework
- Classes of use cases and boundaries required for governance
- Levels of assurance that drive decisions along the stack. For example, government clearance may require high quantity and quality of sources, while employment confirmation may require less-strong assurance. Scott suggests:
- Untrusted class – no governance at all, status quo for the internet
- Internet Grade – a minimum standard of assurance with governance, a key missing piece
- Asset Grade
- Classified Grade
- Need to understand use cases that government bodies might be asking of organizations such as ours. FATF example: is the digital ID system authorized by the government for use in customer due diligence (CDD)?
- Levels of assurance that drive decisions along the stack. For example, government clearance may require high quantity and quality of sources, while employment confirmation may require less-strong assurance. Scott suggests:
- Architectural Model for ToIP governance frameworks
- Required, recommended, and optional components at each layer
- Templates at each layer
- ToIP stack and verifiable credentials risk model
- See Confluence page that Scott has set up: Identity and Verifiable Credential Risks
- Contributions to ToIP glossary
- Survey of existing governance framework models
- Logistics (Drummond—10 min)
- Mailing list: go to lists.trustoverip.org if you need to be added
- Wiki: wiki.trustoverip.org. Need Linux Foundation account
- Github repo structure (repository of best practices): github.com/trustoverip
- See organizational proposal from Dan Gisolfi
- Task Forces
- Lightweight collaboration mechanism. Can spin up at any time and last as long as necessary.
- Minimum requirement: a wiki page.
- Can also have mailing list, github, etc.
- Chairs
- We elect our own. At least one, up to three (at least 2 recommended), can rotate.
- Volunteers? (Conveners volunteer; no additional volunteers on the call, but welcome over mailing list)
- Meeting schedule: discuss over mailing list, watch for possible poll
- Alternate US/EU and APAC? Or two calls?
- Weekly or biweekly?