You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Meeting Date

  •  

Recording

  • This meeting was recorded on Zoom. View the recording <here (placeholder until the recording is available)>.

Attendees

Main Goal of this Meeting

TBD

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
10 minsCheckTrustRegistryDarrell O'Donnell
  • We concluded that this should return the same info as CheckIssuer and CheckVerifier
  • If the host TR wishes to keep private the existence of a trust relationship with another TR, then it simply does not list that information in its own TR.
10 minsGetOfflineFile
  • Darrell O'Donnell explained that this option makes offline sync and verification possible while keeping the API very simple.
10 minsX.509 Certificates
  • We discussed what the EU is currently listing in its Trust List entries
  • They are currently using entire base64 encoded X.509 certificates to identify issuers.
    • Drummond Reednoted that this works, but it is a very large, unwieldy identifier from a TR standpoint
    • Jim St.Clair pointed out the benefit of having a validity check on the entire X.509 cert.
  • Marie Wallace pointed out that the EU's X.509 certificate does not contain a human-friendly identifier (or legal identifier) of the issuer.
    • This makes it difficult to display any human-friendly information about the issuer
    • This is different than Excelsior Pass where the identifier is a DID that resolves to a DID document that contains or has a pointer to the legal identifier of the issuer
  • Italy example - https://github.com/AgID/eidas-italian-node/blob/master/examples/full-sp-metadata.xml
  • Issac said that the TRAIN project in the EU does have an example of how to locate the trust list from a domain name using a Subject Alternative Name in the X.509 cert.
    • TRAIN is already working with GCCN on this.
  • Daniel Bachenheimer explained how Smart Health Cards deal with X.509 keys: https://spec.smarthealth.cards/
    • Drummond Reed noted that this is essentially the same technique as the did:web: method, just without publishing a DID.
    • Marie Wallace pointed out that the SMART Health Card issuer listing process does provide a very simple check of the legitimacy of the issuer organization—and a binding to a human-readable name of the issuer organization.
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

Screenshots/Diagrams (numbered for reference in notes above)

#1


Decisions

  • Sample Decision Item

Action Items

  • Sample Action Item


  • No labels