Zoom Meeting Link / Recording

Attendees

Samuel Smith Kent Bull Phil Feairheller P A Subrahmanyam Ed Eykholt Lance Byrd Steven Milstein Petteri Stenius Shawn Butterfield Kevin Griffin Charles Lanahan Fergal O'Connor Nuttawut Kongsuwan Trent Larson @Rubel Henk van Cann Arshdeep Singh 

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
5 minsReview of action items from previous meetingChairs
  • None
5 minsAnnouncementsTF Leads

News or events of interest to members:

  • TSWG Plenary after this call!
  • All members meeting Wednesday

https://canivc.com - List of implementations of W3C specifications and their current compliance status

5 mins

Reports

Open
  • KERIpy
    • Samuel Smith working on CESR versioning.  Can now create and parse version 2 messages of all events in protocols.
      • currently working on group counting codes
    • Minor updates to 1.1.x (currently at 1.1.8) release as we discover issues qualifying QVIs and working with existing QVI (Provenant)
  • KERIA
    • Minor updates to 0.1.x (currently at 0.1.4) release as we discover issues qualifying QVIs and working with existing QVI (Provenant)
25 minsDiscussionOpen
  • CESR Stream interop examples (Charles Lanahan )
    • Sample of generating dicts in python for testing `sizify`
    • Phil Feairheller to create repo cesr-test-vectors  to house these new samples
  • Idea of using a KERI based OIDC identity Provider
    • Why was OIDC created in the first place?
      • In support of federated identity
      • Convenience... let someone else manage authentication
      • It was deemed too difficult for individuals to manage their own key pairs
    • So now we have KERI that solves the hard problem...  managing keys for unbounded term identifiers
    • Once this hard problem has been solved, the reason for federated identity goes away.
      • While it seems reasonable to support OIDC for legacy reasons, you are mixing security postures and that is dangerous.
    • Daniel Hardman : What is the goal here for EBA with this new pilot.
      • Is it to improve the security posture of their infrastructure or to improve convenience of not having to manage accounts.
      • We can use this as a test case for explaining the improved security
    • DPOP - https://datatracker.ietf.org/doc/html/rfc9449
      • Public key in bearer token and then requiring presenter of bearer token to sign every request... sound familiar?
5 minsAny other businessOpen
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs
  • No labels