Participants:
(PDFs posted)
1. Welcome and Linux Foundation antitrust policy
[Drummond] last week of drafting and we have to collect policies from other groups.
First principal of the GHPC trust registry is that each EGF is a root-of-trust with their own trust registry. This is same model that the WWW ended up with a set of ~500 CAs
There is work underway called TRAIN, we have looked at it and it might be overkill for what we are trying to do.
The Good Health Pass digital trust ecosystem will not be governed by a single EGF—rather there will be many
Each VC contains a type prosperity which we can use as the types of creds an issuer might be authorized to provide.
Each VC issued under a specific EGF will identify its type with a type URI
Triple framework:
With this architecture, all we need is a simple trust registry protocol to answer the question:
Verifier resolves the EGF DID using their choice of:
In the DID document, the verifier dereferences the trust registry service type to obtain the trust registry service endpoint URI
The $64,000 Question: Who maintains the top-level “trust list” of EGF DIDs?
Saveta shared some diagrams from the rules engine channel that would be good to include
https://essif-lab.pages.grnet.gr/framework/docs/terms/pattern-jurisdiction
Action Items
We need to discuss the options of how we would operationalize a Trust Registry
Continue the discussion about certification and the trust assurance framework.