GSWG P&R TF Meeting 7 October 2020

Recording can be found here

Add your name to GSWG Process and Roles Task Force

  1. Welcome and Introduction
    1. Introductory notes from Scott
      1. Suggestion: GS1 Usse Cases can be used to pressure test
      2. Q. Do credential holders need to know the classification like x509 credentials, or something more industry-specific?
        1. A. It helps to understand and group credentials based on certain needs according to check-list but it's no mandatory to state which level they require.
      3. Q. What does an enterprise need from ToIP given there are so many existing frameworks. Is the value a risk classification process?
        1. A. See Master Credential Policy Template for Issuers of Verifiable Credentials
          1. Policies (requirements) are linked to Credentials
          2. Ecosystem policies drive requirements
      4. Q. Does ToIP have to incorporate other governing bodies existing documentation?
        1. A Possibly?
      5. X509 vs digital credentials
        1. Private key management is handled by Issuers in digital (listen to Drummonds comments at 50 minutes into the call)
      6. Q. How to prioritize which processes & roles need to be addressed first (55 min.s)
        1. A. Needs to be based on the Working Groups' Requirements
  2. Review the purpose and content of documents in work for Task Force
    1. Classes of Credentials
    2. Layer Roles
    3. Layer Processes
    4. Master Credential Policy 
  3. Discuss needs to move documents to next level
    1. Doc review
    2. Doc structure changes into ToIP design templates
    3. Doc editing
    4. Individual doc needs
      1. Classes of Credentials
        1. Research other generally accepted guidance 
        2. Challenge number of classes and their ratings
      2. Layer Roles/Processes
        1. Combine roles/processes by layer? TOIP Governance - Processes and Roles. V.0001.png Ken Adler
        2. Review credential policy and map to roles/processes
        3. Outreach to to ToIP and other groups for additions/edits
      3. Master Credential Policy
        1. Add current W3C thinking about verifiable credentials controls in place or under consideration
        2. Pressure test need for section for Class 3 credentials
        3. Pressure test need for section for Class 2 credentials
    5. TF Member task signup
  4. Should Identity and Verifiable Risks be moved to working draft AND added to the P&R TF?


GSWG P&R TF Kickoff Meeting - 30 July 2020

Presentation Deck can be found here

Add your name to GSWG Process and Roles Task Force

  1. Welcome and Introduction
    1. Introductory notes from Scott
  2. Reviewing the objectives of the GSWG P&R TF
    1. Walk-through of the objectives by Scott; leading to participants on the call providing input. This is an "action oriented" task force.
  3. TF member introductions 
    1. Scott Perry
    2. Scott Whitmire
    3. Chris Ingrao - Lumedic
    4. Drummond Reed, Evernym - working on governance and standards (launching a TF in Sep; see wiki page)
    5. Jim StClair (launching the PatientID TF under EFWG)
    6. Mark Lizar - OpenConsent group (Notice and Consent Standards)
    7. Steven Milstein
    8. Tom Smedinghoff - Open Identity Exchange (Drummond - "very few lawyers who know as much around identity as Tom")
    9. sankarshan (thanks Scott P for the introductions - flaky internet today)
  4. Recap of work done - From Concept RFC to Baseline Processes and Roles
    1. Need to identify an inventory of roles and processes
    2. Also have to validate if the inheritance of the roles and processes from Sovrin apply in the same form to a more generalized approach
    3. Roles acting within the Layers 4 (ecosystem) and 3 (credential) as well as Layers 2 (Provider) and 1 (Utility) (see wiki page for more detail in breakdown of the roles)
    4. Aries RFC 0289 (links available on TF landing page)
      1. the image is static; needs to be refined and improved to reflect roles and processes
      2. Scott has extracted the roles and processes to establish the foundation on which further work will be completed in the TF
    5. Similar to Roles, the processes have also been enumerated
      1. Scott aims to have additional processes added to the existing list and thereafter through discussion finalize the list
  5. Next Steps
    1. Drill down governance stack layers → improve the diagrams in context of roles and processes
    2. Call to action (Scott P)
      1. add your name to the wiki page; also help in outreach and encourage others to join
      2. review the concept RFC
      3. review the existing roles and consider additional roles along with comments
      4. Steven M and Scott P to review the roles in context of one line definition of the roles
  1. Jim StClair (launching the PatientID TF under EFWG)
  2. Mark Lizar - OpenConsent group (Notice and Consent Standards)
  3. Steven Milstein
  4. Tom Smedinghoff - Open Identity Exchange (Drummond - "very few lawyers who know as much around identity as Tom")
  5. sankarshan (thanks Scott P for the introductions - flaky internet today)
  1. Recap of work done - From Concept RFC to Baseline Processes and Roles
    1. Need to identify an inventory of roles and processes
    2. Also have to validate if the inheritance of the roles and processes from Sovrin apply in the same form to a more generalized approach
    3. Roles acting within the Layers 4 (ecosystem) and 3 (credential) as well as Layers 2 (Provider) and 1 (Utility) (see wiki page for more detail in breakdown of the roles)
    4. Aries RFC 0289 (links available on TF landing page)
      1. the image is static; needs to be refined and improved to reflect roles and processes
      2. Scott has extracted the roles and processes to establish the foundation on which further work will be completed in the TF
    5. Similar to Roles, the processes have also been enumerated
      1. Scott aims to have additional processes added to the existing list and thereafter through discussion finalize the list
  2. Next Steps
    1. Drill down governance stack layers → improve the diagrams in context of roles and processes
    2. Call to action (Scott P)
      1. add your name to the wiki page; also help in outreach and encourage others to join
      2. review the concept RFC
      3. review the existing roles and consider additional roles along with comments
      4. Steven M and Scott P to review the roles in context of one line definition of the roles
  3. Open Discussion
    1. Templates (of structures and definition) - for roles/processes
    2. Roles need to be defined enough (perhaps 1 line-r) so as to enable definition of the processes
    3. This TF provides the basic common understanding of the roles and processes; common nomenclature and definitions. This is the "cart before the horse" to enable the GFs in ecosystems
    4. Mark - From the — ISO 29100 / and in GDPR and other laws , there are a set of Privacy stakeholders ( in ISO) or Personal Data Recipients (GDPR), - we can start with the same set of stakeholders. Consider this along side the DSWG's OCA which enables the interoperability. The idea behind any unified language is that OCA can work based on contexts and get the specifics required
      1. would need to review the roles that are defined in the standards being discussed and assess if they align with the generally accepted roles which are available in the marketplace
    5. Scott W - This might be the place to address the question I raised in the Ecosystem Foundry WG: Is the governance framework the cart or the horse? That is, when developing a business or ecosystem, does one choose the TIP first then take the associated GFs, or does one choose a GF and select from a set of TIPs that can work within it?
    6. Scott P - to be able to, as a group, have a clear idea about the roles and processes and be able to communicate in a common set of terminology (aside from Drummond "who always communicates clearly!")